fantom | f4234a501edcd30d3bc15c983692c9450383b73bdd310059405c5e3a43cc730b

Resubmissions

21/02/2025, 20:20

250221-y4r9yszlfj 10

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
21/02/2025, 19:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Fantom.exe
Size

261KB
MD5

7d80230df68ccba871815d68f016c282
SHA1

e10874c6108a26ceedfc84f50881824462b5b6b6
SHA256

f4234a501edcd30d3bc15c983692c9450383b73bdd310059405c5e3a43cc730b
SHA512

64d02b3e7ed82a64aaac1f74c34d6b6e6feaac665ca9c08911b93eddcec66595687024ec576e74ea09a1193ace3923969c75de8733859835fef45335cf265540
SSDEEP

3072:vDKW1LgppLRHMY0TBfJvjcTp5XxG8pt+oSOpE22obq+NYgvPuCEbMBWJxLRiUgV:vDKW1Lgbdl0TBBvjc/M8n35nYgvKjdzi

Score

10^/10

fantom defense_evasion discovery ransomware spyware stealer

Malware Config

Extracted

Path

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\DECRYPT_YOUR_FILES.HTML

Ransom Note

<html> <head> <style> body{ background-color: #3366CC; } h1 { background-color: RGB(249, 201, 16); } p { background-color: maroon; color: white; } </style> </head> <body> <center> <h1><b> Attention ! All your files </b> have been encrypted. </h1></br> <p> Due encrypting was used algoritm RSA-4096 and AES-256, used for protection military secrets.</br> That means > RESTORE YOU DATA POSIBLE ONLY BUYING decryption passwords from us.</br> Getting a decryption of your files is - SIMPLY task.</br></br> That all what you need:</br> 1. Sent Your ID_KEY on mailbox [email protected] or [email protected] </br> 2. For test, decrypt 2 small files, to be sure that we can decrypt you files.</br> 3. Pay our services. </br> 4. GET software with passwords for decrypt you files.</br> 5. Make measures to prevent this type situations again.</br></br> IMPORTANT(1)</br> Do not try restore files without our help, this is useless, and can destroy you data permanetly.</br></br> IMPORTANT(2) </br> We Cant hold you decryption passwords forever. </br>ALL DECRYPTION PASSWORDS, for what wasn`t we receive reward, will destroy after week of moment of encryption. </p> <p> Your ID_KEY: <br> </p> <table width="1024" border="0"> <tbody> <tr> <td><p>Av/BRpoyW8yQzuhA36uUy4vJ59P4C/pjr1Sw5eqT5AK2Yd8qJbcV+Je1jyKmhBbBw7xYE4kX8Q0cPLJVZm7yh8AJBXxI+feVincMe+ySc6JOhOgb3kcqLl9yyWcN0/CSAtthuz0BZWZy+j9pEpdmSVBcOig8IhvMRxS4EYNTyv8IWF8NRscoxGLRt9eClL9D/COrvjlLsNiz3K7taRRvTWQKAArbsICoNviNB8UWOWn56+G6Q6b8RIB1sqWnrrfoQ8CqUY4lU1V+wcOLgQSAEDuuzy4E3kI48Pll/BzA0ieJ6Y9M66uhpdGU6brS9MqodzDDZ6+4lOumrqv6pVUl4Q==ZW4tVVM=</p></td> </tr> </tbody> </table> </center></html></body>

Emails

[email protected]

Signatures

Fantom
Ransomware which hides encryption process behind fake Windows Update screen.
ransomware fantom
Fantom family
fantom
Renames multiple (3053) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware
Disables Task Manager via registry modification
defense_evasion

Drops file in Drivers directory 29 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\drivers\UMDF\es-ES\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Windows\SysWOW64\drivers\UMDF\en-US\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\SysWOW64\drivers\gmreadme.txt	Fantom.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\SysWOW64\drivers\UMDF\es-ES\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Windows\SysWOW64\drivers\es-ES\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Windows\SysWOW64\drivers\it-IT\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Windows\SysWOW64\drivers\UMDF\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Windows\SysWOW64\drivers\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\SysWOW64\drivers\UMDF\en-US\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\SysWOW64\drivers\UMDF\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Windows\SysWOW64\drivers\en-US\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Windows\SysWOW64\drivers\UMDF\fr-FR\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Windows\SysWOW64\drivers\UMDF\ja-JP\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\SysWOW64\drivers\UMDF\de-DE\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\SysWOW64\drivers\UMDF\it-IT\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Windows\SysWOW64\drivers\fr-FR\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\SysWOW64\drivers\UMDF\fr-FR\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Windows\SysWOW64\drivers\de-DE\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Windows\SysWOW64\drivers\UMDF\de-DE\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Windows\SysWOW64\drivers\UMDF\it-IT\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\SysWOW64\drivers\en-US\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\SysWOW64\drivers\UMDF\ja-JP\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\SysWOW64\drivers\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Windows\SysWOW64\drivers\ja-JP\DECRYPT_YOUR_FILES.HTML	Fantom.exe

Drops startup file 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\DECRYPT_YOUR_FILES.HTML	Fantom.exe

Executes dropped EXE 1 IoCs

pid	Process
2760	WindowsUpdate.exe

Loads dropped DLL 1 IoCs

pid	Process
2420	Fantom.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\gameport.inf_amd64_neutral_fe5c4f29488f121e\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmsupra.inf_amd64_neutral_c4fe81ea47c6df87\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnky309.inf_amd64_ja-jp_afbb421e3dc1cb6b\Amd64\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\SysWOW64\migration\it-IT\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Windows_PowerShell_2.0.help.txt	Fantom.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_jobs.help.txt	Fantom.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netrtl64.inf_amd64_neutral_0383c5de75359695\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\_Default\HomePremiumN\license.rtf	Fantom.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\OEM\ProfessionalE\license.rtf	Fantom.exe
File created	C:\Windows\SysWOW64\ja-JP\Licenses\_Default\HomeBasic\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_functions_advanced_methods.help.txt	Fantom.exe
File opened for modification	C:\Windows\System32\catroot2\edb006D3.log	Fantom.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnok302.inf_amd64_ja-jp_708c81a8b0ad8846\Amd64\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\OEM\ProfessionalN\license.rtf	Fantom.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\OEM\StarterN\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\SysWOW64\migwiz\replacementmanifests\FailoverCluster-Core-WOW64-RM.man	Fantom.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_operators.help.txt	Fantom.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\_Default\EnterpriseN\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\SysWOW64\ja-JP\Licenses\OEM\EnterpriseN\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\SysWOW64\migwiz\dlmanifests\wsinfra-upgrade-dl.man	Fantom.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Windows\SysWOW64\el-GR\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\_Default\StarterE\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\SysWOW64\ja-JP\Licenses\_Default\HomePremiumE\license.rtf	Fantom.exe
File created	C:\Windows\System32\LogFiles\Scm\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\SysWOW64\migwiz\dlmanifests\TerminalServices-RDP-WinStationExtensions-DL.man	Fantom.exe
File created	C:\Windows\SysWOW64\migwiz\replacementmanifests\virtualdiskservice-repl.man	Fantom.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\TroubleshootingPack\it-IT\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmc26a.inf_amd64_neutral_547edd894d7c19d9\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnhp003.inf_amd64_neutral_4480210763997eb4\Amd64\hpoa320t.xml	Fantom.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\_Default\UltimateE\license.rtf	Fantom.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\OEM\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\SysWOW64\migwiz\dlmanifests\msmq-triggers-DL.man	Fantom.exe
File created	C:\Windows\SysWOW64\migwiz\replacementmanifests\nfs-servercore-repl.man	Fantom.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Windows\SysWOW64\InstallShield\setupdir\0404\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\System32\DriverStore\FileRepository\msmouse.inf_amd64_neutral_7a5f47d3150cc0eb\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnhp002.inf_amd64_neutral_04d05d1f6a90ea24\Amd64\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnlx00a.inf_amd64_neutral_a89d2c01c0f43dfd\Amd64\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\_Default\HomeBasicN\license.rtf	Fantom.exe
File created	C:\Windows\SysWOW64\ja-JP\Licenses\eval\HomeBasic\license.rtf	Fantom.exe
File created	C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-IIS-ISAPIFilter-Deployment-DL.man	Fantom.exe
File created	C:\Windows\SysWOW64\ras\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hiddigi.inf_amd64_neutral_12aaf5742a9969da\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmzoom.inf_amd64_neutral_dd07287cee791f3c\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnts002.inf_amd64_neutral_ad2aa922aa11af2c\Amd64\tsmpu002.xml	Fantom.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\_Default\Enterprise\license.rtf	Fantom.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_scripts.help.txt	Fantom.exe
File opened for modification	C:\Windows\SysWOW64\0410\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Windows\SysWOW64\Msdtc\Trace\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnlx00a.inf_amd64_neutral_a89d2c01c0f43dfd\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\eval\HomePremiumE\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\OEM\HomePremiumE\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\OEM\UltimateE\license.rtf	Fantom.exe
File opened for modification	C:\Windows\System32\catroot2\dberr.txt	Fantom.exe
File created	C:\Windows\SysWOW64\es-ES\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\SysWOW64\migwiz\dlmanifests\terminalservices-licenseserver-DL.man	Fantom.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\_Default\HomePremiumN\license.rtf	Fantom.exe
File created	C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-IIS-HttpTracing-Deployment-DL.man	Fantom.exe
File created	C:\Windows\SysWOW64\migwiz\dlmanifests\Unimodem-Config-DL.man	Fantom.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_If.help.txt	Fantom.exe
File opened for modification	C:\Windows\SysWOW64\Setup\es-ES\DECRYPT_YOUR_FILES.HTML	Fantom.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\7-Zip\Lang\sa.txt	Fantom.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ie\LC_MESSAGES\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\de-DE\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Fonts\Perspective.xml	Fantom.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_Medium.jpg	Fantom.exe
File created	C:\Program Files (x86)\Windows NT\TableTextService\TableTextServiceAmharic.txt	Fantom.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_right.png	Fantom.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\next_hov.png	Fantom.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_LOOP_BG.wmv	Fantom.exe
File created	C:\Program Files\VideoLAN\VLC\lua\extensions\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightYellow.css	Fantom.exe
File opened for modification	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Module.zip	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.commons.codec_1.6.0.v201305230611.jar	Fantom.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\44.png	Fantom.exe
File created	C:\Program Files (x86)\Windows Defender\en-US\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-impl_ja.jar	Fantom.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sk.pak	Fantom.exe
File created	C:\Program Files\Microsoft Games\Purble Place\en-US\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\VideoLAN\VLC\locale\mk\LC_MESSAGES\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\mobile_browse.html	Fantom.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_MCELogo_mousedown.png	Fantom.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\shuffle_over.png	Fantom.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Americana.css	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\dt.jar	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-io-ui.xml	Fantom.exe
File created	C:\Program Files\Microsoft Games\Chess\de-DE\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\js\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Lime.css	Fantom.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Templates\1033\ContemporaryPhotoAlbum.potx	Fantom.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\7-Zip\Lang\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-border.png	Fantom.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationLeft_SelectionSubpicture.png	Fantom.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.beans_1.2.200.v20140214-0004.jar	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.app_1.0.300.v20140228-1829.jar	Fantom.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\css\settings.css	Fantom.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Search.api	Fantom.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\css\settings.css	Fantom.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\SignHere.pdf	Fantom.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\Presentation Designs\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\square_m.png	Fantom.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\service.js	Fantom.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\gadget.xml	Fantom.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\gadget.xml	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-swing-tabcontrol.jar	Fantom.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipssrl.xml	Fantom.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_SelectionSubpicture.png	Fantom.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.update\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding_1.4.2.v20140729-1044.jar	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.repository.nl_ja_4.4.0.v20140623020002.jar	Fantom.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\14.png	Fantom.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_selectionsubpicture.png	Fantom.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\15x15dot.png	Fantom.exe
File created	C:\Program Files\Internet Explorer\it-IT\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.base.nl_ja_4.4.0.v20140623020002.jar	Fantom.exe
File created	C:\Program Files\Microsoft Games\FreeCell\ja-JP\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Swirl.css	Fantom.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\fr-FR\calendar.html	Fantom.exe
File opened for modification	C:\Program Files\7-Zip\Lang\gu.txt	Fantom.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\twain_32\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\Logs\DISM\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\Media\Calligraphy\Windows Critical Stop.wav	Fantom.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.Ink\6.1.0.0__31bf3856ad364e35\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\assembly\GAC_MSIL\Policy.6.0.ehRecObj\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Printing\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Serv14b62006#\2c7e795fb7d690d3b8931d360e4ce7f5\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\inf\MSDTC\0410\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\Media\Savanna\Windows Critical Stop.wav	Fantom.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_fr_31bf3856ad364e35\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.Security.ApplicationId.PolicyManagement.XmlHelper\6.1.0.0__31bf3856ad364e35\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\assembly\GAC_MSIL\system.management.resources\2.0.0.0_fr_b03f5f7f11d50a3a\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\diagnostics\system\DeviceCenter\fr-FR\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\Media\ir_inter.wav	Fantom.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.7.03062\1032\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualBas#\684eae3bcd28cb6d1e6997e6497056e2\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\Media\Calligraphy\Windows Battery Low.wav	Fantom.exe
File opened for modification	C:\Windows\DtcInstall.log	Fantom.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Man#\ee28a075665b6bc23b6dae56903d431d\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\inf\.NET CLR Networking\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\Media\Delta\Windows Logon Sound.wav	Fantom.exe
File created	C:\Windows\PLA\Reports\it-IT\Report.System.Performance.xml	Fantom.exe
File created	C:\Windows\assembly\GAC_MSIL\System.Data.Linq\3.5.0.0__b77a5c561934e089\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.188dd00b#\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\dfsvc\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\Help\mui\0C0A\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\assembly\GAC_64\napcrypt\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.GroupPolicy.Reporting.Resources\2.0.0.0_de_31bf3856ad364e35\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.UnmanagedMemoryStream\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\servicing\de-DE\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\assembly\GAC_MSIL\MMCFxCommon\3.0.0.0__31bf3856ad364e35\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\b1c511d8fad78ad3c5213b2b4fb02b8b\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\Boot\EFI\el-GR\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\diagnostics\system\Performance\ja-JP\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\Microsoft.NET\Framework64\v3.5\fr\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\AppConfig\SmtpSettings.aspx	Fantom.exe
File created	C:\Windows\PLA\Rules\ja-JP\Rules.System.NetDiagFramework.xml	Fantom.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.Office.InfoPath\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Presentatio1c968d57#\39da27a6333ea6aee676db5138131c67\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\inf\TAPISRV\0000\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\servicing\Editions\UltimateEdition.xml	Fantom.exe
File created	C:\Windows\assembly\GAC_64\System.EnterpriseServices\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\assembly\GAC_MSIL\System.XML.resources\2.0.0.0_it_b77a5c561934e089\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\Globalization\MCT\MCT-US\Wallpaper\US-wp2.jpg	Fantom.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\AppConfig\DebugAndTrace.aspx	Fantom.exe
File created	C:\Windows\PLA\Reports\fr-FR\Report.System.Configuration.xml	Fantom.exe
File created	C:\Windows\PLA\Rules\es-ES\Rules.System.Wired.xml	Fantom.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Comp46f2b404#\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\System.IdentityModel\0a637affd530a4ee90f0ed36c3febc79\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\Media\Quirky\Windows Hardware Insert.wav	Fantom.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\WebAdminHelp_Provider.aspx	Fantom.exe
File created	C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_de_31bf3856ad364e35\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Ifcaec084#\a5a02115bca628275789e09ab82e0d6f\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\Boot\EFI\en-US\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\DECRYPT_YOUR_FILES.HTML	Fantom.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Fantom.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
2776	chrome.exe
2776	chrome.exe
2420	Fantom.exe

Suspicious use of AdjustPrivilegeToken 45 IoCs

description	pid	Process
Token: SeDebugPrivilege	2420	Fantom.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe
Token: SeShutdownPrivilege	2776	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe
2776	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2776 wrote to memory of 2664	2776	chrome.exe	31
PID 2776 wrote to memory of 2664	2776	chrome.exe	31
PID 2776 wrote to memory of 2664	2776	chrome.exe	31
PID 2776 wrote to memory of 2236	2776	chrome.exe	33
PID 2776 wrote to memory of 2236	2776	chrome.exe	33
PID 2776 wrote to memory of 2236	2776	chrome.exe	33
PID 2776 wrote to memory of 2236	2776	chrome.exe	33
PID 2776 wrote to memory of 2236	2776	chrome.exe	33
PID 2776 wrote to memory of 2236	2776	chrome.exe	33
PID 2776 wrote to memory of 2236	2776	chrome.exe	33
PID 2776 wrote to memory of 2236	2776	chrome.exe	33
PID 2776 wrote to memory of 2236	2776	chrome.exe	33
PID 2776 wrote to memory of 2236	2776	chrome.exe	33
PID 2776 wrote to memory of 2236	2776	chrome.exe	33
PID 2776 wrote to memory of 2236	2776	chrome.exe	33
PID 2776 wrote to memory of 2236	2776	chrome.exe	33
PID 2776 wrote to memory of 2236	2776	chrome.exe	33
PID 2776 wrote to memory of 2236	2776	chrome.exe	33
PID 2776 wrote to memory of 2236	2776	chrome.exe	33
PID 2776 wrote to memory of 2236	2776	chrome.exe	33
PID 2776 wrote to memory of 2236	2776	chrome.exe	33
PID 2776 wrote to memory of 2236	2776	chrome.exe	33
PID 2776 wrote to memory of 2236	2776	chrome.exe	33
PID 2776 wrote to memory of 2236	2776	chrome.exe	33
PID 2776 wrote to memory of 2236	2776	chrome.exe	33
PID 2776 wrote to memory of 2236	2776	chrome.exe	33
PID 2776 wrote to memory of 2236	2776	chrome.exe	33
PID 2776 wrote to memory of 2236	2776	chrome.exe	33
PID 2776 wrote to memory of 2236	2776	chrome.exe	33
PID 2776 wrote to memory of 2236	2776	chrome.exe	33
PID 2776 wrote to memory of 2236	2776	chrome.exe	33
PID 2776 wrote to memory of 2236	2776	chrome.exe	33
PID 2776 wrote to memory of 2236	2776	chrome.exe	33
PID 2776 wrote to memory of 2236	2776	chrome.exe	33
PID 2776 wrote to memory of 2236	2776	chrome.exe	33
PID 2776 wrote to memory of 2236	2776	chrome.exe	33
PID 2776 wrote to memory of 2236	2776	chrome.exe	33
PID 2776 wrote to memory of 2236	2776	chrome.exe	33
PID 2776 wrote to memory of 2236	2776	chrome.exe	33
PID 2776 wrote to memory of 2236	2776	chrome.exe	33
PID 2776 wrote to memory of 2236	2776	chrome.exe	33
PID 2776 wrote to memory of 2236	2776	chrome.exe	33
PID 2776 wrote to memory of 680	2776	chrome.exe	34
PID 2776 wrote to memory of 680	2776	chrome.exe	34
PID 2776 wrote to memory of 680	2776	chrome.exe	34
PID 2776 wrote to memory of 1792	2776	chrome.exe	35
PID 2776 wrote to memory of 1792	2776	chrome.exe	35
PID 2776 wrote to memory of 1792	2776	chrome.exe	35
PID 2776 wrote to memory of 1792	2776	chrome.exe	35
PID 2776 wrote to memory of 1792	2776	chrome.exe	35
PID 2776 wrote to memory of 1792	2776	chrome.exe	35
PID 2776 wrote to memory of 1792	2776	chrome.exe	35
PID 2776 wrote to memory of 1792	2776	chrome.exe	35
PID 2776 wrote to memory of 1792	2776	chrome.exe	35
PID 2776 wrote to memory of 1792	2776	chrome.exe	35
PID 2776 wrote to memory of 1792	2776	chrome.exe	35
PID 2776 wrote to memory of 1792	2776	chrome.exe	35
PID 2776 wrote to memory of 1792	2776	chrome.exe	35
PID 2776 wrote to memory of 1792	2776	chrome.exe	35
PID 2776 wrote to memory of 1792	2776	chrome.exe	35
PID 2776 wrote to memory of 1792	2776	chrome.exe	35
PID 2776 wrote to memory of 1792	2776	chrome.exe	35
PID 2776 wrote to memory of 1792	2776	chrome.exe	35
PID 2776 wrote to memory of 1792	2776	chrome.exe	35

C:\Users\Admin\AppData\Local\Temp\Fantom.exe
"C:\Users\Admin\AppData\Local\Temp\Fantom.exe"
1⤵
- Drops file in Drivers directory
- Drops startup file
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2420
- C:\Users\Admin\AppData\Local\Temp\WindowsUpdate.exe
  "C:\Users\Admin\AppData\Local\Temp\WindowsUpdate.exe"
  2⤵
  - Executes dropped EXE
  PID:2760

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef76c9758,0x7fef76c9768,0x7fef76c9778
  2⤵
  PID:2664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1108 --field-trial-handle=1276,i,11195273030666877516,2368415580428176352,131072 /prefetch:2
  2⤵
  PID:2236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1504 --field-trial-handle=1276,i,11195273030666877516,2368415580428176352,131072 /prefetch:8
  2⤵
  PID:680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1564 --field-trial-handle=1276,i,11195273030666877516,2368415580428176352,131072 /prefetch:8
  2⤵
  PID:1792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2300 --field-trial-handle=1276,i,11195273030666877516,2368415580428176352,131072 /prefetch:1
  2⤵
  PID:972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2308 --field-trial-handle=1276,i,11195273030666877516,2368415580428176352,131072 /prefetch:1
  2⤵
  PID:852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2636 --field-trial-handle=1276,i,11195273030666877516,2368415580428176352,131072 /prefetch:2
  2⤵
  PID:696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1324 --field-trial-handle=1276,i,11195273030666877516,2368415580428176352,131072 /prefetch:1
  2⤵
  PID:2748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3464 --field-trial-handle=1276,i,11195273030666877516,2368415580428176352,131072 /prefetch:8
  2⤵
  PID:2184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3484 --field-trial-handle=1276,i,11195273030666877516,2368415580428176352,131072 /prefetch:8
  2⤵
  PID:2812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3496 --field-trial-handle=1276,i,11195273030666877516,2368415580428176352,131072 /prefetch:8
  2⤵
  PID:2832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3456 --field-trial-handle=1276,i,11195273030666877516,2368415580428176352,131072 /prefetch:8
  2⤵
  PID:2576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3532 --field-trial-handle=1276,i,11195273030666877516,2368415580428176352,131072 /prefetch:1
  2⤵
  PID:1436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3812 --field-trial-handle=1276,i,11195273030666877516,2368415580428176352,131072 /prefetch:1
  2⤵
  PID:2712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2496 --field-trial-handle=1276,i,11195273030666877516,2368415580428176352,131072 /prefetch:8
  2⤵
  PID:1788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3896 --field-trial-handle=1276,i,11195273030666877516,2368415580428176352,131072 /prefetch:1
  2⤵
  PID:2440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2388 --field-trial-handle=1276,i,11195273030666877516,2368415580428176352,131072 /prefetch:8
  2⤵
  PID:912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3772 --field-trial-handle=1276,i,11195273030666877516,2368415580428176352,131072 /prefetch:8
  2⤵
  PID:968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3944 --field-trial-handle=1276,i,11195273030666877516,2368415580428176352,131072 /prefetch:1
  2⤵
  PID:1044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3620 --field-trial-handle=1276,i,11195273030666877516,2368415580428176352,131072 /prefetch:8
  2⤵
  PID:2880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3680 --field-trial-handle=1276,i,11195273030666877516,2368415580428176352,131072 /prefetch:8
  2⤵
  PID:3012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3788 --field-trial-handle=1276,i,11195273030666877516,2368415580428176352,131072 /prefetch:8
  2⤵
  PID:1016

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2004

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\DECRYPT_YOUR_FILES.HTML

Filesize
1KB

MD5
5aac1fb72ccb83c49e4c8032db9e5ffd

SHA1
bcc4314ab1225c6b12cd92e62c5cb232e955a465

SHA256
236e5326a74700c198d91700eb86d47bf09a87dfd164dd88e835478db3483dc8

SHA512
ad158b1372a05b372a85d455c6f74e336dbe45cb12d1b549555164a4d44ec0ed0c2dfa2b311d943dd61ba378bfef7256889a1f8ab41f615a5ab2f26d3bece7dd

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif

Filesize
352B

MD5
ad4d5700f144388a617042318eb1dd0d

SHA1
3a14c2dab6f25b3012c1b06de71cfb99cfac2a44

SHA256
80d7aedb178a2a1fcf9e2aedbb64a5646b12363cb38c4e7247983e4c75ced1ae

SHA512
d255e62937281192af1099032e7385ed41d825d31d0fe6080e2f0e82b12bd047229e5a8182fa47ebd5b6177f87363c31af69c594410da77b0cd53645ff81d6e3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif

Filesize
224B

MD5
11483cbd4124df3c969611d85706f62e

SHA1
3ef8816085b0e11933f5690cc8099985489f4aba

SHA256
af61571390e9cc804f23ac793aa950c4fec99f5a33d8a7d1e56b39383eee808e

SHA512
688cfc70fbb8d35b5230faf8ae9c41bcac92dd6ebf4b26bbaf49445160f3a3628ec6ef838ced28b5c4f730c6e815406623eeb9c0c0d6b1ea8766763d9f8fa14a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

Filesize
5KB

MD5
b931753a38de3488bb56dac9912fb0f0

SHA1
edc965f770cb550f974a768365e6a60b53c526b3

SHA256
acb8ba508a0f7026b4956990d98426c51a298b6c512896f17e31bc9567e405e9

SHA512
37bd55c629db9dbdf16cbe0222a0392e7e598ee72ab458541c406b1dd55b83c731e51732452c28d9b28a6b8c9b3b7e478de4c113859963728b41f128b728fcf5

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

Filesize
31KB

MD5
820df0507fcdb7fb6daa16ac29c804fa

SHA1
0936585b7df125e8ad706c5ad95ee970cfce45d0

SHA256
cb74921a9152b861dbfe7255c05b613bc93921f6589e1521889ae6c0a4fee522

SHA512
0aeb36322e91d0009734d11387faf51c381aee22efc572a1bdc247771cca006ec4209e2ed373f609609d673c3302ef5040c8266dc95faa963b9d7786e9022983

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

Filesize
4KB

MD5
3bd0981a8f93317b5fdc20833b9445e0

SHA1
1441a304fd0b417cd013e0bc9aee4c70656702d1

SHA256
57a4bc075a5d97eed5abadc3387b4ac753266ca5bb8d636eafc3896834d5b086

SHA512
f31b6cf50287968a2bb910df69e6ef6cd6dbbcf41cc16b1985cf313fafa45620be6fe14a10c2983c6b9d7aefbcd1d5f3b66e4b275666bc828b897c504ee405ea

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

Filesize
21KB

MD5
2cf2e3abc875920e7f7599774581f158

SHA1
e2329d9b5144a33dc43f840fae6f7e9d7c0e8408

SHA256
fbb0ddfcbcd0165d5f3abff8cb914d7271e2815a5f2935340470200f4a4ceeca

SHA512
abad06ec2f43733f6567309afd81bcf10fdbba99e89dc528cf63be9f94f0081c7a93d704c678250172cc8fed449631ec84ed558562cc434b42fb87cb47d1858e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

Filesize
112B

MD5
1fbd870f6121d3725d2799f107f2fb3a

SHA1
c3848aa9e8b74c9ff57e8ac092f43cfc18850944

SHA256
149e965749bfd6fd34baeb2c7c1632aeb9863cf9651aaf373024451a90a30ab4

SHA512
26ab9384b0266104466281181f3083f3664f71b52e1e646533f781e28b2b6e1997a90c41a5d70e2fe54c9703222a1b7125a3b153df13ce7d52618f0fc06dccbf

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

Filesize
8KB

MD5
50fd211a8d84e8494167c0f078fe7c3b

SHA1
d13c6c75fed3a059ec9b74863ff32f05bb5d8b0c

SHA256
58f7181eb4b7c45b12e1d7b6315c766aba0f31d6a621196c77a4f168218726fd

SHA512
ebd73abd21d7cae08fc514309bf20089c33bda67f641dd7f75f9c4fd09152bfcf9b20eac438977be946ec8943fa7bcc02b898a780237dbcebc1da32ba3942c88

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

Filesize
15KB

MD5
014455a4b31f82352e69152cca275915

SHA1
8b6d6f93ced3440d08b6823f716200eed4ab4078

SHA256
f5f7921b4b2795dc12597a5dc33bce02ceed7295a9f418dba402a08f7033abf7

SHA512
0b116a1c629ffddc67b155a5e2c12ab1d935f02888abacd164ee9b6d804d6873cb158bce0fcc60fe46c75f4f51b50e37c804640b3b2b7b0b260e8b0cdf242b51

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

Filesize
6KB

MD5
ed7a3c3d43db349898427d51b63de73b

SHA1
8a2f2131d176053d0c835232ebd3d9294093c784

SHA256
83d55de42430a7089d5fe179c548d58e2beec53b7d7abf1cd1503eb644b3789d

SHA512
af1d5b5375d81742ebc081a6aedceea3380720f87c39ad2d8cc65825e8711070b0b985f89ceafb7bc65f00c166e89ec53504c294582bda77c8429bb5cf6a5d39

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

Filesize
20KB

MD5
84d592a953ce6e21d9b6f92c87416ca7

SHA1
0cf9d00492f9ba2651a2f5a46e7dc24653baacb7

SHA256
02123028454463cb157529281158481b2feb1da44eccc8423ee3073671b2ca0c

SHA512
84d41cbc74e6fd1dc0f05ed6980716a0f4b698eb958019a20ec4bd058ccdcb798468814698169c23e317e823f95d15232edd239ddfc8e4cabcde9c4dede4b875

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

Filesize
6KB

MD5
de91c70820e7451429036ba785a2ee3a

SHA1
db51c96fb642f6fa918bffc318d0d4a18ec99311

SHA256
2e84a22fe8a0ac5bb2375ab80ec982da32fa3b0c16be6fc9a034f71b47948441

SHA512
45f009c931291dfcf0067e00efae173b8e8c1ecb1d3ef46373cba314058f6e06f37d76affae4f8aaf80497ba99884d5352c210cb055149467239fb13b4457ba0

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

Filesize
15KB

MD5
85e038715695c1bf0ac7d28abc63d497

SHA1
71835e8e5a2b9edf91d9e62d88285cdc8862caf7

SHA256
f0bd61041509fa2052f4db2b7dff7fbd7107597b1a955d565672b0c3fe4895c0

SHA512
38d8d93b87b56161e9e2041e40a3cf92f437e2960751b69dc1150e3f01561392dffe05c3fd3ebf113eeef26a88383921374d1ad3cfac041d5600b8038478435a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

Filesize
2KB

MD5
3227554ac1c427d24f7a9e85101bc7e2

SHA1
db9e69dc49221ec3ef5e25adcc3f95ded7ab63ad

SHA256
ac0a4dcbecbf9f6b7787fca96fefa7a436b0ed075998869bf9fb18cb5171f5ae

SHA512
fcdbdeaf974f616f8221147983dee99ead9bd19b56e85eccce7f1f7a6a28d6649e8506674afec1ee59c1e23a2ce938c37cce161a23eb5bee14a4bbafb410f7b9

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

Filesize
2KB

MD5
76e0fbafb092b53afef90953f730cd5a

SHA1
755ecc919aaa58a9c01727e1fd2bb2483dc42c68

SHA256
e9bebcc7d76cd6f008eecff8cf908ab4063a4a0304405f422486a130a161142e

SHA512
7f6a72b332e8d04d7f53773590f32ec2feb401e1ba076a86932c9801bd1a17918cc8087a839c194c4df751229e26c039591705e828de513b35397dc706bbbf81

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

Filesize
7KB

MD5
b65174a22f15f94d622c474176a992be

SHA1
7dfe82ffb191281588372f89fdee01b03ced4a07

SHA256
f1a012d5b1694cfa210bd83fc692d2f436a1b4f539210479cccbbd5e3a91c43f

SHA512
806576c6313426a69eb2b957740100bdd087bc3a80d87e71f3c9ad8ae13ac249f72000b15bbe15908e15cee56ebf2fc6a654e43daf32a7d103a58ac6b01eb13d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

Filesize
336B

MD5
4e5f5195f4c7db8b2c680775e383cc62

SHA1
2ab6228f01678b574cd9caee7bf34136f31a1f0f

SHA256
5bdfcd92ac3dbdc1bb7fc53c6cdb75ccd29c44e7b169e230f5c9ef5759207e4c

SHA512
bde4df7746720e2bd85e2986dcce6fd22fa7a9210f37c9e899ddb385416d37cf62b485d7dc132bd2106a6f56bddf198c2bb5251810317625e2a8928b962c39a1

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

Filesize
240B

MD5
89acc71e5850ff9e69dc26a9af5ab5fb

SHA1
afae483fde3f4cb8e6461d11463981f25124a120

SHA256
b2d57cca0f8b692fefa77bf14a735fc758a67c40203826590bb5927ad07fd5fd

SHA512
d106b2f2c2a835db0004a8acc982e77dbb5cfd4c7c1ddf115b73117332aaf1d0002b7fc03084b1d41df1b79918dbbd9a289a8943121d86fd327e3fdf6f76d3a7

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

Filesize
6KB

MD5
170a0e16474611e058f7822ac1bff839

SHA1
0fad35a3fdd721fb61530670276c9f76f6d52b30

SHA256
44ac8e7c96312faf6fec1a1572048576640aa6ca61e4c4509e923a8c169e3d1e

SHA512
26ff2064ab14c27742117c3b8932304880b908e700f30697326f30464d6eca24eb39993d924374f24678f9a6e2efa70afbb2fe61d4e7ce761111cbcafe445822

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

Filesize
816B

MD5
841ff2ff54f2d8a998733ad66e1c4068

SHA1
a5aec9bc18764343005720dab8dfed708f98bc85

SHA256
eab332b0795671fdfbc44b5ddc6df67330f7dc6146b989e7cceb6fdca1797875

SHA512
b10c0b8d67daf58759f5288f177f0b4110d701846da1cb5d229ee05037feec293d94f373d7e43f56ffa12fd2b11a18764689903d07017c5bf8ddf53fd7cd4dc4

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

Filesize
3KB

MD5
2f775f50178f783bcf4eff22d156fb44

SHA1
394a65ace26788eb6c642621e096b5bf411ec935

SHA256
c2aa992d1ec9c989f919fc85b3054707420b6d4c9b640b29c4d0ac15ac8e78a0

SHA512
7d44ff2e49e2e0fdf78b55eec65e98ef32b152f9874255631a81b7a442150bc953174913d27786fc56171954fe15cb8d15e4123396889c4dd86aae1b5c3c1d67

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

Filesize
2KB

MD5
0604177b23a3cab9a1ed0c6c08323fa4

SHA1
ad8606e9f00c2c990a1978bd07235fd29aec01ae

SHA256
429178e098117ae9584cd5755715651d15b0c496085b42ede7d797931856bfb4

SHA512
aa9ee83164f1ee5227611ea7702333c47ddc6f248a86313f3f064b0261598183847f9b8e4bcaf688cd396e05184f59907886e6b3b69107709bbe91417e1b51d5

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

Filesize
19KB

MD5
8143b5191bfdab59e3a480c29365fc00

SHA1
0c608439ad800523e8b408a6c8b169aa6cc72446

SHA256
457568ae4390ed0b7ad14754e9bb9721fdc224f86fc686951daefa787610a2c7

SHA512
48b0a6113428e0fc7278e84bf1aa5a208a08867c5c29ca70c6486f89adfa6a193b01b211f580af3704e05bb879556869920ea3f71fcf36f64e8eca19f70d3291

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

Filesize
896B

MD5
7ca698a4cfcb531cb3906225fe776a5e

SHA1
3454d1801962361e5535f1e01038483c5d6b8552

SHA256
44c5cd44f23852e1426cb42fc8501d971ba31946c4504c7c714a7124690e5d1e

SHA512
977cd999be1deff67f5354a95d3645e5a5e10a3b51f5b2537a278a13208b28ac334f6eff75433bd89da2cbb0132feabaa1707f61f7530b538440140c9b430bb2

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

Filesize
864B

MD5
dc802d02e3994a6936069bc89738bbff

SHA1
5a2eccae4d8ae01675bbe577d8399cbd8f879d4a

SHA256
9205602b6f2630f69dab2e2b4c73c39387262e26a04310fbe15c9156402d08b2

SHA512
313c9e062d147224841048b662e5de398f7fd77f2c1078c28d659a00db2d04c9c609d1850ca4556a455739f4eeb1d16a5a0fd93b8a98bf04b55c5c5e6a6532cc

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

Filesize
864B

MD5
c3180ee722274c97e536e73f5c004c9f

SHA1
4407779b7e2f6ac40c988b0652df812a8b4c4681

SHA256
9ddd14f27506df0d70c9e75441aa9d5dc3419ec8deccab83211f0136a7422203

SHA512
1491263ecb5809f219f624e6110411062da6fb09191bbc1588bf30613a3390eefc45e41af93e54b03f1d00be24cd848096b68e7ddbe0a042816b8c533c8dbc73

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

Filesize
5KB

MD5
1c077559f7fcfd4ccd7fee0146cf4ca0

SHA1
bb62575e59e97c5c7639ca7fa5679611c550653b

SHA256
9fca32a338726ba274087393cee42e6ed69cdc5725e21e7738b4d251421cb42f

SHA512
517643443f8d3ef3ed57e6bc3d8fd6a56760f6bef118f6650d67b3f59dfaaee886d798da3b457b695bf8c4d5d502019bd45bbb9cc2433e3eba3bcee3631713fe

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

Filesize
1KB

MD5
c163eb98581c4a4cfcd2831bf86c7588

SHA1
2260201963b27becc72a7bcf8b73ff499421befd

SHA256
6787bd28dc05d89214be8509ec4452951dccbaf5ff15c5179bfe03fb27c5275b

SHA512
a007c1e9cb7941893579d554f2d00eb315f877e1d78af4ede95b2bbb6ed5b528d69ac52d328fcedae52c44ddeb9e03497b233823bbbee2cb793790a2f17d96cd

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

Filesize
864B

MD5
8c9ca1f52c0e40bd72a154bc965823c1

SHA1
8363c43774935904baf0fa7d459bbde14c804d21

SHA256
8b4b5af869366a403c506fe64aa6571202d20fdb17e3b832ede250cd835a0549

SHA512
399fee57c8f4b0ac28d406e8eaed0cc00ada10b361ba370819e7d43f53b6753afb0e40c3723782f8a71f3cbcb1136fc24b623e8066a78d32a8a0176cf533b324

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

Filesize
848B

MD5
7d0eb260c83612623974fd5a891b1478

SHA1
5cec5985670e6edee2f253700fbec8de2d8611ee

SHA256
b72bf789d4f1faf1051573582635dad0acf2f8b929ffad83f1206f83d2f79353

SHA512
24ee26f1a20903d81247fe7b7095f145ed98341ff549d975ee1ecfa89b45c30b86250962f4335f97ca605356c4ef38c18ce1cd9deea9574aa066170295e5f561

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

Filesize
880B

MD5
b26191d9a37fc8930716d91a39de4168

SHA1
b156a5180393ce04f813d0447ddfe22c4dc84d2e

SHA256
949ca5fab253d43c6e1bb54805906f863a37e5bb4ebd1ec0bde8e6daad4f10ee

SHA512
8017175980f489dc76ddce2a5784fed3a3a0809953165f07316bfa8a3975fee0d4a06990fe7f978e89cc59a44ae03e77323e186304b3461fce3254397f07ee0a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

Filesize
848B

MD5
2c203c63b9638301a95b8b0f4d83c227

SHA1
be65c925c47be7822f8a243ab1376c8de75f7448

SHA256
7cf3edf73708e7d2e8ac642f0b114fee55f4d0b7d2b643224a74a4fb8d433fd1

SHA512
71dd42835c13960317e27a7b3c09c8311f4ed9db6bd3386a06d1608d6bc959d3264b8396fc7cc944fcbe6e377e119c47ada877373e9d61a6d2d40d44d4edea6f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

Filesize
864B

MD5
03f70f9f2ed84ae2aac1ce37fb7cd009

SHA1
3907e618d521922ca657c899404df824bfa322cc

SHA256
97a676fe7b80ac463bfcfa3da05a12d60881e782aae6cf6555f53e1422fbc950

SHA512
f47c9f8407cf50e6b8e24eaef8ddf7de2cb0df0651d3b32ef11c87e56b854ff3077bc66298e0648e1de62e97d0a4bffc742ff6b05dfa95a92f76279f0c867601

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

Filesize
864B

MD5
b8eeafd7e2f0d43f7e2aca34c07b75a0

SHA1
fabb78442c978114a4ad4f0ee0aa51535d940e1b

SHA256
1a65e60ba1b12c914182c133dab37a704360412efb9892ed45bcaab58a0afb54

SHA512
a825ea50a0255fdc10c61a146bf8c1c2c8106c5ad602a3b3bcfc44a6da23666a6872b2de09605747b851e9b19e2f37f2218f56ada299bc1bf6718ab452257d66

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

Filesize
864B

MD5
c7751a326c4420577e84dca8b395ff46

SHA1
559892cd37b29a16ce5398c6b1001e71d72263ec

SHA256
71fcf36a3258d61a31c99023485eebc9d558d61eae1abe9fc59ae49f246625ca

SHA512
026f373ef6b38d79efd5bb7e6f76881576843df46062d7ccbd33d873bf98bfbab592c84a787b895a5ca8c4679f288cd4b82c2bce498fc2fd09fb225d959691f3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

Filesize
896B

MD5
47583ab5aab0a9fb3c040013db722ba2

SHA1
54f2a835d2967e752555138b206dfb5533b40d54

SHA256
8f9ade01ab289b0b43990aee033c0d846fc12f4e6e09e53eb4c55ef5f52663c7

SHA512
659e0217cb7952b34abad53a5d6c314753ed04c0de10ddafab111f9fa444ec6f29e903ffc04ce084245378ea0f5b6d820a607740e0c91563fb74d6c0b9a1848c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\InfoPathOM\InfoPathOMFormServices\InfoPathOMFormServicesV12\Microsoft.Office.InfoPath.xml

Filesize
247KB

MD5
7bcff4bf1f395d147d698faf66f444b3

SHA1
63b41e00ac79e9199da3c40573fff98c586171df

SHA256
3744539fa0f62c6d5c97bfacd7645e3677fe1795474c0c57ef94af614ac3cb16

SHA512
950bc1f06579399c5c3fe949c793e31df465cb2457c5cbc77c39f5bf310b0a8f7ec18f53b41e8274372ee1ee9bd60df2c263c85cf5e5e9a425ba100d45174e8f

Download Submit
C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif

Filesize
160B

MD5
1f1489472481e7cd487de13dcbce609e

SHA1
649672824e5c3ed30850411fcbb96abd9c12fd66

SHA256
d1e7d1c14e0cd617426254ea5be51487d366a6677044d9dbedb8cfc725e17866

SHA512
9923d41267e7519ca3ba6b1d27fd7fb10739c3461c9b7c327b0032e405af0b452843d4eb50cac9d55baa81151cfa48efa9da4109e953e845c2ebab4ca76ca174

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

Filesize
12KB

MD5
2fce168c7b1b4a88d3e88467edc8fe7a

SHA1
2a7df3ccd399653112c24cc6f4b0c3c094b92b66

SHA256
17692134b8e4e250f1c39e4ed8eaa39266cfc91120ab09d4367deecfca63a52b

SHA512
1a918916d81ff0bbac6fb8b3974c0e32545fee2e17dab096b00522051f129fb4ade81c30e7be9b61bf7f0b2f77fb6e976436581651016f49a79f58b02d4edb3b

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

Filesize
8KB

MD5
a656d001a2724134f70fa6e179be223c

SHA1
63ab832af3683ce91ea22530d78071b61598d92c

SHA256
959f7799ff62789028f2961a590fce24b839b4a24eaa92a8764fbbf4c152127c

SHA512
7e821c1e541c3381fc8a81f34a444e3c261957f654b3e1ede1d551cb255753d0279e46d536fa8ca157420a1f0fabbd471d4063489b361d8a26e41e24548dfb46

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

Filesize
11KB

MD5
4321de77e9e794d6d3baa311d618e88f

SHA1
f5d700a752f490f5f7a6b27741fa30f5fcf1b987

SHA256
0662b2980d0487a2ef4e9e9dec2acc9a3b31d11731d3d72397caa2ca225b24de

SHA512
eab1ffe64bfbfd9ca7103cd3318da7571cd54455f0f96dc8a23452feeb5f59943a47cc27ac398bcdac7b5f286e279063c3bb9bbf12f639f55d52df30b2814dd7

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
109KB

MD5
6e439a3e2bdb908ff99ee483e030dd18

SHA1
21ecbc7692cfd22b05613b14e6fe54f8b314e3f6

SHA256
59660e40bb39dec84777b39da177e16c3718cba58e9f3bed4663c092786eafd4

SHA512
9fccf859c7a685852504339b3320c4b7983967c161c8c4c5993bcf7561d0e423660bdc04fec16fa2aa157cd895b050d7925c465751040821e91f2a3c142d3d9b

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

Filesize
172KB

MD5
a8709a709253bb15c22337f81ad20420

SHA1
fce922363b99e39e273dc178ebb691872d89c63e

SHA256
90230c93b43fb8714cd2f1e99ee9beb5d8e4b991676ff883c9f42eaff1317f6c

SHA512
da0d684bb16847b6bc5781f5446c20983b09d0fe725f138692dd1246200d9d6b602609106062162c2f6ef11ae6530d2ef519b2e2e0cb3099a730ba78502208e3

Download Submit
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAB0002.001

Filesize
16B

MD5
1a56241e0decfb0345e3f0e189713199

SHA1
4c44a6747c072e8b53ed924866a07ba6cb98f371

SHA256
ef7ec3206b47fc4a06696adc488c9cd4c6c03f993ad182b8eda7ddbc1b58f6d8

SHA512
80db2351ee270f9c66dd5bc143e672aa46ea918e966dd0925c0ba754761ea0ddae41e81dac3de19dd37c9c3c30d71dfdf146d345ccfd6a9ca01e19ede9243d5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\0cc01741-f7e9-4a11-ae9a-10709ab609ff.tmp

Filesize
348KB

MD5
33675f6ed45a65aff5bb4fad01e947d8

SHA1
543ce851cf882d7ac88d06ae28ee964530812263

SHA256
c896faf3dc85ab827cc842a8dd396454bc306f4ac9725a7804c8e915bc2625fa

SHA512
e7c6623e330e7bf90df92095c80bcae87e7d3ab427337d13857f3a2bb48c30746efde774015927556d52742af380460cb06ab3afffe300e4c373ad8a2e13d207

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000029

Filesize
24KB

MD5
2b77b2c0394bfd2a458452006e617f96

SHA1
11eff89a8e3e64401818f81a02bdc84e8ecc4325

SHA256
c46f001852fd8e16bb731f21cadcfa0cda8e7d064e11b0faa18d6bb8325acb1f

SHA512
21dd89b9d6874539477e8b8dc8d98877c86595a8b0b8deb624547c3f407fb41550f65ff744c22f25c574994414a28e73f4d0794c5bd49be890fdac7906f0ba30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
853B

MD5
8271a4003ba2263f42d7bbc20124bf28

SHA1
fc31db45411abecb8dfddf3e605015daa025baa0

SHA256
c1994fd91d8ee2a4d688149205df4808fafa0ef21f80950c423527267023d350

SHA512
373f199c83a02ff3d877f4fb592431cb657ff908d304f2741f4adeeafe773d360469213af7abdf83b059054a32b0769f2fb82250f7c82c706b78da674cd33e5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b1a2d5fc2b963db1fceb3228bf6afc9f

SHA1
923585656f77f49d7e81879f0ec63278d87ee190

SHA256
97ded77825496a24d0d5c1a4367b9efd187ccb443c78f4c3eccd66e29d080123

SHA512
89bf008fdafff0b5600465b3d76628a3ccbfdc97f0c2292c143b2cfedcf18d6917c3e75deb00a0c25f08713fde87e4fc37600a6172141c77f6462449e8dd0529

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000009.log

Filesize
509B

MD5
d754a6f8ee394ee1de3f4952eea23554

SHA1
310faa451e5472653598afd98ce2f1fdff11de8b

SHA256
8fab2e601bbd7c3196d899d988aab5d05a8d95cf6bd7b0b9279c558239909c85

SHA512
047338aefa916d57f639cf94aa25d5c13258b6371e5c52105d566406dcbe0b22a97aafe7276d489fa7ee555222d68a08e16db4de3f690295057199d8b08cebe2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000008.log

Filesize
72B

MD5
a182c75489884a6e801a02cbdb90e34f

SHA1
ef777495317c9e4e4db75bd55eb4ced8ce2162d7

SHA256
18b29c6fe90ac2bdfa4d80577d80599bdd9d4e6783e51ef073920692f42129b1

SHA512
fb58b2a9ccd8541c29c0b5e6ba33618ae66df3a2149963ede7a13adefde9d0d247534b6420f7e00d25c5cebd51eb15c6f456e78894368347be4217d6a20c894e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000008.ldb

Filesize
1KB

MD5
b598df23549718d247a3b994e466a285

SHA1
e01c4faca55b1a8edfcbf6451f1d1fc12c65b984

SHA256
de8696de18260272e6a37e4f80bc00cddc34f4bc7835c9ecc5dd4e9ba096b50d

SHA512
b5985edbf24623d4356ee157aae6bb43b7412dc2221bfb214756050f3be001cc528a2ce16740d7e8b6a5383530bb83fa414cbaaef428e413c6d954baf974f6d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000009.log

Filesize
2KB

MD5
95414a5209f87e66d276e533a0d6494c

SHA1
acaa7564a4951debdfc72e60cbccf9967ae14bb0

SHA256
d1defc1ba88cbb0fbea24378710e04d03f364523bca580ff2aa8da923edd3096

SHA512
09c0bae1343e1480edd2d6d921a54b346c7e5bed12ccf86f4e112eb300d6095e448c340aead92477d5c0a5122628ff66128b17184a489ad6748fd66b8d4f6735

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000008.ldb

Filesize
485B

MD5
947282d3b8753b78ab3c589980ffd8e1

SHA1
b47438d6068f2c3e2da5e1dc1a055ccd30538d98

SHA256
213583377c5ba9f1fbe6bb91795d6ba9d702b141a623134148ccf7782db3d40d

SHA512
4aaa6b77feb798f27d2a1ce34c94a2c73bac6f73bb86d48fb3274075e372b7e9653f00f834a777bc3a49c13d46a0701e791dd38c215b9f230dc516cf191baf55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000009.log

Filesize
124B

MD5
321f6b7f2df3539592a9510f735da6a8

SHA1
25aaa1b04a792a32417575b51ebc522b26f7ca83

SHA256
c7748c8d17427c387929c25d169d47d3fba6c4a0f8e3705fa2470bfe2116ad39

SHA512
8d52ae7a23bf4e6e75ef6ff25af73cc348b342dace8704704643074dcbddab268397b62150d7ceb65b4b330aa35c28df93d12aca0789fd6a922cf23e5884c2b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000008.ldb

Filesize
318B

MD5
873b01c8e735d7dc8437594cb05b5dfe

SHA1
cf35cdcce85091727ceb9123a379359e5b5103f0

SHA256
f02a70c24f4daf8d5112f148c8ae2fd21b9961a2b1037bd95f32366034b5b205

SHA512
e162fe685e5b6f51f2ef941a11a8905eb4e6fc51d32824bd6333821dbdff13c01b73fc954dc2258c9ace07db5ba32c4da5ce529c400d490c5073f4566e2fefe0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000009.log

Filesize
34B

MD5
fe62c64b5b3d092170445d5f5230524e

SHA1
0e27b930da78fce26933c18129430816827b66d3

SHA256
1e1a9ca70503efd8c607f9bc7131f08aba0476d75f2586dadb4da5485a5315d4

SHA512
924daccfbfb0c0464b4c5fd769e01a8f2e96fe28b635aa27ab4cd91766b05b03bbf941af14c017436107673f01bad815ce1fac2a649e745c76b3c736994b4fd2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
348KB

MD5
c2e6bd1440157da57360ee5eed34df20

SHA1
c01cffd4dcd55239a6c04be2deb7f3f6abf9a094

SHA256
ba930a15e5d695243fa91832cfc598368cdeacbbf56b6036a39bd15aedabb374

SHA512
b0b02b6d4d4e4c1d41880afad84af9221dce9b9297b5e41602a4bf1f95bf375e8817f9bd227b02e64cb4b12cede57f6670de82057ce28e83e5b4b66ed18abf03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt

Filesize
4B

MD5
07a77f66f051d3830a3f2d6cfd53fbb3

SHA1
3c50c19bd482364e44912ad59d9c8e78723fb1fd

SHA256
00b75761e10706a7e21ebc4c87361cf1126fe6f5b10a70e9caf530ff83a0bb62

SHA512
361915167ac9e4534d21063a13c94b7ab085681c5d6eb151f33e2834a6e5adea1df5317abb2fb00aa23a35d32aab357fae2bc06ea8424650b8fdd72be310eb43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft .NET Framework 4.7.2 Setup_20240903_051533842.html

Filesize
1.1MB

MD5
fcdf06a268cade4fef792781c0b4bfa8

SHA1
ceb4d4f7272bc416748505cf4655044307413c50

SHA256
ec2f5409dfc70fe5f49cbab507781d76b364cfc87d25483431dbcf07863e6c6c

SHA512
e829489b6e5762df0f53bae7777b68e7ff7e383170b156e624c0a72bcb7d00c826a0af90456462525b167438bd6d91e98091266dcd91a08c44629be8de6b2866

Download Submit
C:\Users\Admin\AppData\Local\Temp\WindowsUpdate.exe

Filesize
21KB

MD5
fec89e9d2784b4c015fed6f5ae558e08

SHA1
581fd9fb59bd42fbe7bd065cf0e6ff6d4d0daba2

SHA256
489f2546a4ad1e0e0147d1ca2fd8801785689f67fb850171ccbaa6306a152065

SHA512
e3bbf89cc0a955a2819455137e540952c55f417732a596ef314a46d5312b3bed644ac7595f75d3639ebc30e85f0f210dba0ef5b013d1b83bafd2c17a9d685a24

Download Submit
C:\Users\Admin\Desktop\OutUse.xlsx

Filesize
11KB

MD5
b921da67680ac67c29f8c6b2ec340913

SHA1
179a7dc59f0b3979f0574ea9c40d6c5c6836a7c3

SHA256
0e1104da7db44d3e2b4ca44285eb3c5074914bc9a30e96e1b68ab67db8afec16

SHA512
15f2c5eb7ccc9c8f8743aa5ce6fb2ab0dc598b99009a1ba34ae3559257810061262cf158e17ea6b7d736b3aba459afe35ba2376492bc7e4159e7bce87fbb7c49

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_sml.gif

Filesize
64B

MD5
b6f720e4d579bedcdee92fbe841de292

SHA1
1fb86baf2cafe5650076147fdaf9de7ece0f4a1f

SHA256
7f6eeba55347fea2c0da43ef840905808da94485c1f4c80ccc4437ab80070bda

SHA512
a03455c8579a69b7f484e3bd7e4fa645431c8d8e9f0288fa2562544bef5b0a3fa8fc6c9cf85d1cb044d3e662a8b4054bf08604f9816f36a2281b096fa37bf4ae

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

Filesize
80B

MD5
17457cee1f88e7016358e56327035d00

SHA1
711dc9fc6d867cf22e2e91604f9f3f5f5b98b8ee

SHA256
464df7b25e563a2bcd34282f643a62b507252415a961f98d572e57d58476592a

SHA512
e5bc623032fdb1d94c7b05a8a9cfcb19c48478eaa7a76723e9f7b5c3fdaa7053f589ccb20bdd537ae7cab8457894735a00359275f19d3b3d9b2973fb03fe3255

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

Filesize
80B

MD5
00b976a539c9597ce6211f0a7c1cbe39

SHA1
bcb664847ae74e1cfbc3fcf6c75d60e78768581f

SHA256
35b0166fadc6dcf8782f4a58404439c6743790e310e89e3341afc537274dde6d

SHA512
4815512bb1796f2b640e2bd12ebabc522ac91f0549956e653d802d03b9a589196c740cc2801db9a3dcea0bee046dea7a268fd6ac9a27303f066163125b4c7d48

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\WebAdminHelp.aspx

Filesize
6KB

MD5
91eea2c8deaf2befb136656d3a25afbd

SHA1
66fc9589c282868a5f392ec7cae802d94b66e676

SHA256
0b3948f8290eb2ba52dd4fe87f0d2d02ba2312da27d475c1546b6c5822ca34db

SHA512
5c90cae513be6270cef11edf8288ed4599e5a6cfccf724510c593e54e1c202d87203a730de6e81952cf8b6998ebc6995999674d8266be8b764ef7751e553f622

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\WebAdminHelp_Application.aspx

Filesize
13KB

MD5
50da495d65c3f3148813ce00246aea93

SHA1
58bf6d113cb7378311a7e8b5846e08c81e13ed05

SHA256
d712b092b6f099a168311895a43e588b1420b2c46015ab54cf34d92979c80785

SHA512
b577a72d178a864dd9eb6b5f4a32a1d13c0d15f49373f97345cfabb876647c5ca22465f4d2e946b897b763315fd4561914f616659391e9e31110e599e45ff708

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\WebAdminHelp_Internals.aspx

Filesize
3KB

MD5
0291544551322ce67dc3dcc2cadea7e8

SHA1
1dcf5f4c756d78119dddd36473cc376218a60cf7

SHA256
b36241c1d0769e63425460f4e1cbb5484d25a268f920362e01ebc7c8954f7624

SHA512
b2a88db1017e1dda492f1ca74d32ba3316da14cdf04cc062e9bfdeb0a9edd6df8c2c2c257b586d45f3f090370f3609565956e26e009b958c16f9089d7169648f

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\WebAdminHelp_Provider.aspx

Filesize
6KB

MD5
c68a7c757947a3d73f3a801ade49f1ce

SHA1
d6202299bf16f23d241e797ceeed5b047e09df0b

SHA256
50dcd8d763a510fcb2bf12d6f89e008f3ea031222aec8cc5b685e4c1cd2cdc16

SHA512
2ab0b5abf59f4936c4dc1842f9b0db26d271b6dc0be1bf20c6e6c05e936d441ffff7bead647ee5d1d9c0503e8835f68d91f3c353ba8e3de7365410e91822aa7d

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\WebAdminHelp_Security.aspx

Filesize
10KB

MD5
81d64144adeb85cc5d1a02e3c134bdc4

SHA1
f4b64544ac74c23ea401251cf7b244a30d12a522

SHA256
65ec30c9cbbd6aa9cd1c9eac331f7a4e034e377181f48ecb418196242afe5862

SHA512
454252f5ce5068e572ff1cb67bd9e0146f1f66ad0287a874cbbadc48d793a64b3fe90e2a727ace4618620decfca85be4c8358d5ac6fce334f9e65ef188fd0292

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\DefaultWsdlHelpGenerator.aspx

Filesize
68KB

MD5
e57975d924da596be34bdf7899ae2ebe

SHA1
69a9cfc20441e4bbc753e88e3f91e3dada082f11

SHA256
0718554ef9bf4cb4577ea0e99097e918713df673f0132dc1ded62c8875a65db7

SHA512
1b243a31402e720000731669a0b66c5366bd7768230762c66cc6dd49e435f09bf5b546af0ee877dea31dbcdb86ab23b737612a780b92afe254fbac258a5c20bf

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallCommon.sql

Filesize
24KB

MD5
084b5f822f7860ed577b71e87e624c2d

SHA1
9263cecd58b127663e18c137406acc6005eea678

SHA256
cd617dff730475ec3448934723ac4517ec172b5657b631e05bc6a6e17dfe47a3

SHA512
429cd82f10c56883fe35920d1bc1d521367cbdc8655ae8ded3df4d4f2745f5acdfbd5378113b6670feab5943f12976397442eb1c5b02c8589ca1db9b54e11632

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallMembership.sql

Filesize
54KB

MD5
12e5bbc9f029c1e2317e4f856f20a2a1

SHA1
2ba0872090a0aef9a123ac7eb762e6ce9ea0f5d6

SHA256
e33db393e0f7b014caaad2eedd225104d0a1bb0a96765039f7717a366a714e7b

SHA512
39f38df6a284e94c5e1b7ae863c9f4bc8ab85ca6b50a8f3d03cd021504a74a7049bd16e80d65d7ccfa7caca625196c7f4ef87192c4222b42df945cc06f425ec7

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallPersistSqlState.sql.fantom

Filesize
51KB

MD5
8f0422b310fbbb6f95a6fdbc2ac39a01

SHA1
ada5df0d9aea1f8f5adbb4e65ad418756942deb8

SHA256
40c5fb115bf9dfc972d419369857d7464c3b9f1ec2c12693df1b62d4ff91af01

SHA512
0cf8a7c65dc3377170a02f59d93cc17c42d45934dfb9096c44cd7f461c9270eb7e8e48d6718ed2413aead372ef64ad077c0b00761b086a2d868857717abfeef5

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallPersonalization.sql

Filesize
34KB

MD5
853300adbdf05ff9aea479ed8c450de5

SHA1
6cf826b4403d80ad628e33063100e84e4020ac20

SHA256
841344e9bda4eaff231720ac99276192c8c89b6576d6be57d9d3a47ab6da6141

SHA512
5742e27d3d4d8b1331163bfbc766ef70114fb649e83f446fbe82d342612667a8fa0de3808e9e92e3aeaf7510f3069009154ab069e7f019c812cac4ec8c10d2aa

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallRoles.sql

Filesize
33KB

MD5
d6df8326a7b7cbe3aa740c5f88cf18e9

SHA1
8920a53b1211f0b8e042ce2a8706ec8fbf1b6faa

SHA256
4652904cf8154d9ae6f70749da446d2d44c292777b974e0044ba9d1451159505

SHA512
bef40550181324f1de95b4c99119f0e63120bf608f9043332f9e461ea456edfdba438e0b1f1da89d428e2e124bc82dabddfc03e217b5f30b15eb14fd2c266d99

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallSqlState.sql

Filesize
50KB

MD5
7d84786f44655cfa4cc85b53feb23507

SHA1
94882f53362197f17df253c23b68c5073248c107

SHA256
a5e6466eb6a2aa81b250770dd81f40a6fb3a6d2c6eaae103ec7a2060f9eb9230

SHA512
101120b23b390b1e416b41a4011e4e7d1ae03056e0b1584e8113c07242125d45cb3af54b357352ab0bbfb80d7a2f12cdc6ce51a057a5ee84fb270b125e08071b

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallSqlStateTemplate.sql

Filesize
52KB

MD5
78d3bc14ae0f9f56b4c923fdfa47f39d

SHA1
5ef93fd15b1299eb30c920248e52ae684a45d8bb

SHA256
4fb7911865aa9c805cf125e2fe6af0d125b2b85f6433decc257caee5de7787ac

SHA512
739bdd75665d8a08f5e00335e6a173bb9b6a64e92fb036b6f033cc9ab1510115e9a5bf19e43f6dd7d04999696d2b74c09eb63f87d2a64a1430ba25cebb50ec8d

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallWebEventSqlProvider.sql

Filesize
6KB

MD5
e4a65c8707f1fb09bb9b9d32188b25d8

SHA1
be117078c1e2edac662066e5fb712a41ffeabc29

SHA256
68d3db2f321b7e7cd0820dc8cde800f4c524cd2cc2a82073bb0b908e11042298

SHA512
744731c60f38013303616c700b54f048bb7b050bef428a7965429b1b17e8b4534bf92912a8f8c1951d2360126574afdb929ce175032cde5a068e211a3d2301ad

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallCommon.sql

Filesize
3KB

MD5
ccc63e4e042ef61d2a053795c3606423

SHA1
3542b4a725affe6af3f172d19e2956a9a5c9d70e

SHA256
7d24b955af3db79dd28588b61b6f38d9e09dc354b845fd9ec78f9e99e7a7a422

SHA512
8b5836dca06a0913f47eef04210773db3de24e0c75be47786120d376bf0c8d914e31de23926741df0625359275348c0aa92fe73ccb9a195cfdc21778278c17da

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallMembership.sql

Filesize
6KB

MD5
b336d8fa8ec8625846676ae1f5314bc0

SHA1
7951899e5a1e51fc5cadf0010aa1c119189985b4

SHA256
95c89f12e670fe41fdd10acd0743d16c6b5860ad6589c50b396d3ee08d11a5e3

SHA512
3825119647ce03dacf1d6c7e919ca491a71cb1de4ae7b4a76d308354dc570f1615576ed4b021219d8cd0d45c33f422a0933fd2e9cc4227123fa8f22d83b56762

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallPersistSqlState.sql

Filesize
9KB

MD5
8fd4620ecac4949d653ab98eac602e78

SHA1
ef3379f0ca08bf74231411bf8035c4e557859330

SHA256
fb9660d073721a97b38b1e84500d5f962c3ec8f7a732021413f172a53ba1d793

SHA512
efcf78daba31bba96d1883e2ccef09fe857d012c895757438941afcaa6e0cd9a0e18011ddc367be365d3baedb794f5cededdd65e7b7c2529163b01d40d71f2ce

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallPersonalization.sql

Filesize
7KB

MD5
a94907110d93a7453d4194160e3cefbc

SHA1
23b90e5c6f79600bf4324db7204eabcfe6f121be

SHA256
f4cd1e4d21d5a4567b319b12896a00c4658066e3b8f481de86d9a43d5a179e2a

SHA512
1bd67e36806de89bd808d5f8f8e0c0d65a009150e3d8684917f13f853676335675de64da79bda1616e195c999884c4ba5078e8d6b341e538f69be41634ddbfb5

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallRoles.sql

Filesize
5KB

MD5
a32f092da2db6bbf621ae3ef670bfbf0

SHA1
3307ff6e7ee89b219ea6d7b37efd06bafb7bd5a9

SHA256
9dc4d5d7eda70036954510dcbddfd24f780687fc365728dd77d08231003b81c8

SHA512
6a2af0760a9e0996fb7132d507d2c1953be26279c70ef66cdc763bf5d839df4c473637ee3979ea792563d59375a82f627c149b340de2a419fedb7a605e310534

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallSqlState.sql

Filesize
9KB

MD5
46e108f041848eee1664d7e9fa78bf72

SHA1
94863a03b21f1618c155e7d438384886e6c4aa85

SHA256
84bd76f1b7b823e3228a05411edbf4f6d37c594f99506d74b4ba50e47f515859

SHA512
d123d46151b49eb9095008a3153d9934e3440e75de8f26bec15af7f4db7b51ca4787dc6e3272e097122905aae901e01dabae1b047a04d3dae8c8f3c301678ff9

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallSqlStateTemplate.sql

Filesize
11KB

MD5
0aaf2dcb5119d31c6883608c67f27869

SHA1
bad29ba0a0ae775c6a5cec08b1dbaa5b41a8676d

SHA256
678051a4bcb6efa97ec6d67e38a6f56799325cffb5046247093464af92fbf98f

SHA512
7f6a4cd4aec442d07d35c8d3c5dd5543e1e6e579401ea562de1e8473612dbabdb7033ef7721ab6b445b0fc5dde3a89c8eea84af12db4cb58d3ba67cdf3083feb

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallWebEventSqlProvider.sql

Filesize
2KB

MD5
b982f4a72c58b5f966647974fba5056f

SHA1
49fdb72230a5f6421259fd4c4571431e3c4f8aab

SHA256
ed52d226f321fff995b02fc4af14f556a2ebf879e1c19118ffdfe469ee4c90de

SHA512
fa7c5575d2dc28d14e4ae318fcd45494e0fb17549f4c8856f638f4e6415c074a72b371fda31ad728539704fccb671a477374818a4d42a01a7bb4eba779f31b4a

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\AppConfig\CreateAppSetting.aspx

Filesize
3KB

MD5
f350eb2db704b7ea37192f4ac65c44c0

SHA1
c261960475bba33ff4739f3292913b19a0cef6d1

SHA256
da7bde925b864140f20d6d967cbdd35c64451744178096181cb6d1a1c868ad08

SHA512
198e4b3a2d1e9c9643558027d2208cdc8f99346c7bca9e464045247b6b805645c7fab7c07727ad6c9079cc779b5fc27fccf58c6d267fafe93a5f0c87864d326b

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\AppConfig\EditAppSetting.aspx

Filesize
2KB

MD5
8cbbc183297bdb9061531f0045aec526

SHA1
a67cd299cb9e60c22444699184a8acccbfd33500

SHA256
74a608ab2eecb1c780d21b616d269131adb8c12e452f75f929121bb647c3f6c9

SHA512
068309ba607def4b79995e2f08cf1320cdd7acef085f0d653842793190e838b17b9c5d88f0a69c4c43197c5c63b1290a3ee73b03cd395d336cb0c4f631966f55

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\AppConfig\ManageAppSettings.aspx

Filesize
14KB

MD5
eaef77d1db37241b718a959d65845286

SHA1
cebe100fbca00103b6dc5f9f6737206e33d4779c

SHA256
e2813c26a1bc1b39aa55b05aea8250e347cc94452fca11f5e0b2f8d1d090c676

SHA512
d29953487669d37ea7910e895356a837306bdcc16835d304645b65261c043fea3eee76ab19f5db97309f4ffab9b17c1a767145e72c5a06e17f7797f0a5628b4c

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\App_Data\GroupedProviders.xml

Filesize
320B

MD5
27e67ea3cb8a3fcaed43b7990793addc

SHA1
03a5db5d524b55901e794b3f610093358ca3f28e

SHA256
1a49e3d77c13f7ca67054087233965e7777e245445c7ba9541e1e389afe46454

SHA512
257f27d3fae7cb6eb9712e0eef7d64bc3a5601c0013c436a7e538c97b90b5f9ff58b90912fbda71d8365096722f812b3690a03562a196c6e9e5df08aa1f1f519

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
1777121080291d28ffa4be0efc63f029

SHA1
4c0b801ed0404b59e734bbc05f45b660a1bf2b6b

SHA256
2d5246ba8280e291ba0e0a1939f43da80d3b21079da27ddb2a33161340a1a9ba

SHA512
7f52f0915f7fab7161767ca7f03830e3cdc2bc2921d1e23e659d62c74d81299bb0224b6bc7083e414d27bea46843dc25f797b4cfa2de559cb18abfc0058a595d

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
0af8c006bff7e414f1353058fb88c4b0

SHA1
7acecf0f68ead15208944537735c63bf99948519

SHA256
399228bcd586d33e88d51b8d24fb525245320868b4cc3b83f4216af419456b00

SHA512
0c6644ac6c911d2a9e2851385a9532d8975bc8940468a479967b7a8dcbe0e00b9458c1a034f00e2541cb7d17f0c7f8d4fa4c4f7fcbaf0b9dffdbe0a3686358bd

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
960B

MD5
896ce6aa3310a47b444495d8ea8f6192

SHA1
b115e817a797e5896d05e3b9910c832ccd8ba741

SHA256
7bb64dd12cea55e257f19cafe95399652aed2beb38d6c34fa2e60aa9793d6769

SHA512
f7ca966e70e92e080da9bf0892281f6f3f966eba35502a484934d7e35873ec858b6e8b089a4d255570271cd4865420d2692b2b1f83aae996aed751b5724696b7

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
128B

MD5
d5d65cc298a5c83392393b36c55a486a

SHA1
3ca1277f0f626db7d4e6c7f0c6f977a1aca86fc3

SHA256
3b32ba283edc1eef956b066cbe96c12dbb8b0a0b37c2b6b718f46db953452a1c

SHA512
c762c5191842b4db1dc1fbb683b0a20b54ee718677776b684dee1e40c6c7b9cf4408a9e3be25408b44d94d83d766b3ff3d4f493a40141f14f5fc0f3f32467503

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
d193bd5997f3bd84885e8f0e15a63084

SHA1
ba87fc4e30e48b64685d0c2dcff20eaba2d39406

SHA256
5dde11554b14444d81d546f6fcac6c41be02cf903a4eea523d0d277891901c45

SHA512
483920a8c762b562c22142b0284aee624f37a5808fe4f240ff87f7340e0e07380f766a4cbe59aeac6feca155a2fe5202440a1e522d3ad3df06bacb42b0330efd

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
3e28528112b1b434e2ee28ef72604460

SHA1
9d2f73874fc361922fb8c2082cb25a82484753c4

SHA256
f0d76b25563dbfae3b8b9366f50fa596075d3d495f3092155e0e194fb40c2eb6

SHA512
19796c371be7df7c685f8b3a376046ce2a55eeab2381b16b364730797ce120871231ebff2ab7fe2ac1ffdb31c8fd2b24c02780c8afe85ad477415c6587c7a0c8

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

Filesize
64B

MD5
1c720205e55ca38f43679219286b63d8

SHA1
785b52604c3967d7dabf83bdfd27151f073725a8

SHA256
af3020e487e94c61e3b5d5a5bf38496c03aa86fdbf0a262cf40884ee9df27e0c

SHA512
d9a92aabafa46534d2cfbf09b685d170091bcd52f7c811ef0b82579e03d4fb4aceaf694025aee6202f8feffef9470beddc5132f6aaa7c316a3164197cf54f5f7

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
928B

MD5
0be0e2d272c88c56c35c371ecab7f46f

SHA1
7d70089fac382f9fdda0bb9a7000069c29b6a3cc

SHA256
395dd90b893c2b7f8b9510249afc555a375c32eeeda53cd583d083e7718e05f0

SHA512
779359ed32f7571c1d24b1b0285dfe4504610c8cd9e76e900362d4be017056f1d0c806ead8f6eac866408c70c989f37e2e2bfb0c81ce7d37b7b0efc8db0169c2

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

Filesize
96B

MD5
ee0859b4d9ff80b5defbbda2e363a14b

SHA1
cda133dd72df57e1e41e32de817c3b0c9c0a8eea

SHA256
0c21e4b427daffe8867ace5461df0a35e3104ed96aa283729fb25877a20560a3

SHA512
a46c087fe8d3aa83c8992e214d2c1629cb48490cd18c48fbd29f6c7c028e9966896ed392123d28fc6cedb04558b71b036dac89c97eede4f556a93ca8e9cd5f1a

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

Filesize
96B

MD5
544d964a707078a6ae950eb980f268c6

SHA1
3e9629f9f9fae086b333c1622f7af67abb20fbb0

SHA256
8ad6ee1543f9c8862cf6fed980cfc50bf176fff40a61b90cf62dffedc4446990

SHA512
63d310f2d2ae688acd329ccdcf5a128f26c9555fe6b7913c639d13059d147344390498748c9ff6d8a162860a66c91a1f998aff2285256bebdfa760284c03bd2d

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
336B

MD5
0a5b913cbd4dda5d7a92f1aa8a2bdebe

SHA1
bb76a3ba2a3419b7677fc7e5057728ed388cf66c

SHA256
93ebe368b073b7ce9a9ab5fa69d7ef74e8cc09f240d6bfacc1f70d4ccde71b6c

SHA512
5f09c7c0e4d4f4d9c9558c7819d57587c3fa41bcae62dae87697df350eb1806e444cc7840be098297c4f5c1a9d38ba13be39a7e16212f5a13f70900925769094

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
f6bb4d428c42a9182193f20f7f3a3f24

SHA1
d33ed03fe97278e271d4471efddad7a00655cc12

SHA256
943c5f5a900775e9b1ee03afdaf3974b24ff6e8505bdd3cd79dd0afdcb0201f4

SHA512
9a101d1b8c5cc17c8c30e78ffe7567c47732c0fdb708fbeac4b87b5903cbcb79fea92511c5fe36b5333461411b43a6b1b144854cf71ff3e1171ed282b892aaa1

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
176B

MD5
d1677b0ea1f1b270dd2b36c77b3d9a39

SHA1
e7a89ed7c2cd7ce5aad9140aac24e5a3c84f0729

SHA256
56195b2a9fa4bc580ab8e3bf7138debfcc0f80b92e9ccd373b8c5744a2b86f6d

SHA512
47203734b7bd5b9bb8d97590f81f5ee19c5ec0ac5ec6f197abc6b57b10fe3bbd5d719aeb886f60baf2d8366eb16b67cd19d95a70cf86668089ed8ecdf41bdae0

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
592B

MD5
7a4bc67c1309f9320115ab7e2a3aebad

SHA1
fc4e247e2a7777bb87a9516da327c8dbac29f978

SHA256
3729f5b8d8ec2cae54933097df4c5c1d12d10d77328f0911cf31ae10a24dbf3a

SHA512
72d9522ea9be55fea5428d3a49cd88733288e9d436bda2d5de46fc8d0faf50ddcb80bd97c07541e6b6587c09154916686c622f773458bc082ddd003dbef281ef

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
128B

MD5
927ade98fe23358be39d658f2b156fbf

SHA1
35e1ac54b6249c76557b3f3373d19e250bb30c33

SHA256
7557da8f3befb295cebceda392179e9477460243a2b7be2e82458e166a9e1bd1

SHA512
a69724381b5149e9604b275737f52bfdac437ffdedc8a2cda419ba8d77034771c6fcfcb5937a5b2c7904011ca78944a627b82e973d7d17ed45a44e637ee83622

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
a219b390a64be8dfcd6dcc4de630f3de

SHA1
570c840b6be1d0a34c72fc17674ec70b2d69cf7c

SHA256
e91c1b7cdcfa25ebe65fdabf7c8b5a45ece799d6b486ebefa0b367977ad5ab21

SHA512
a9965c86c81a37010621e91567494a2c9cd33a9ceed411cc199dcd3f06f9b29f1d9c3361b715a331dc0ce1ade9e2e339bbc22dc0cfaf32bab64f4e262af2682b

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
896B

MD5
405f6a42943606b0006e1cde5bf6e3ff

SHA1
5807d796b70e61b41260c79d6fce48e1680b41a2

SHA256
c7bef2ec522e05f027cdf131fc0bc89ad987cf4d1b9731318d35ab01a3426904

SHA512
c99c41b3687b31e6b7569edd61a1957d4c1e8a9d476c48db38c0bacf749fde35bc636bec847e379ed5ad7d96a0db20241f28098996b37fe1f868a69cfb420c10

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Providers\ManageConsolidatedProviders.aspx

Filesize
12KB

MD5
b367e7b85ffed06040584e264c7edd67

SHA1
a424c1cd1e0c65bae18f9ae73d5fec2a967157b4

SHA256
d82b96058c75e255f2087b8ff09744df290457bcd61e43503a4fa76098e0d682

SHA512
587bcc45e92d4542919fc748049028d40704d3b54d30bd1a37345e441acb877a0ae1565bb4840524e7273f837a4690f62eef8ef1d6a6bd494078b48ad78ec4ec

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Providers\ManageProviders.aspx

Filesize
9KB

MD5
4b3be27ba0f69bdb63972fd6d4005ff5

SHA1
66df3aa61477b94291785ea8f8ed06aef8bf0a7f

SHA256
507cf92bdd641369cb547a79ffdf9e691a8a1100d43c9b93cdfb6b4db6d9f4dd

SHA512
ad8c614e7c01475ece3e2effd53fc8719e93ca18895513eb34fa484243fae7bc2e892a3da612df7fcad13d46532f800d753546b2e201a12bfcfbcac35d94596e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Providers\ProviderList.ascx

Filesize
9KB

MD5
37c3be892371c98d00957bd01d5d3348

SHA1
656e3ce1cfd8048d27d6394c3950fac760b09dbc

SHA256
4a04a59806b70f3386bd7e11ab88eb7109ccad14c3b8b7b30b4d511a8f6858d1

SHA512
5de63f3bc950d00524e82a590fb00cc96f37e7c96f20752dc8f33845b38cfe16f832d2e35a0adf605fa00eaca8dae37ea74020f7d12f63303b17a295481696c7

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Providers\chooseProviderManagement.aspx

Filesize
2KB

MD5
1c2c1a6aefd4f5d34be2d36c1b882fd0

SHA1
78c6f13b323099ce7c4a379e3f586fa0e4eb8683

SHA256
6c42c24331bdb71e49e8069a13d5f45424b12189cdbdaa36ed2ba3f2a0e5e586

SHA512
0edd918d1f8f37bcd5a6449732a6fe4ca2915d46cb463c6ddfae4061da56a5bf90a3ca2cc197d0facdfdfe41d64d00a66e803d5bfcc625576a1ac03e38bd8d05

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Security\Permissions\createPermission.aspx

Filesize
10KB

MD5
ab2d7d22a0e280b7c1b3df3890330a26

SHA1
d0570cff817762605cadc6b4872b72fcf9807129

SHA256
5d3f82f6a0ecbb4b416d7830f1a3479d8ce75ecfa095a2246d501944ba716d6b

SHA512
ef5cee769b0b5a394114bc893b515524514cb8bf136e922ca2ecec8fd735c13fdfb87f7234d63f024ab094116c96b72a216737bebc60016ad10e7b867d3d4833

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Security\Permissions\managePermissions.aspx

Filesize
21KB

MD5
aebb3c6d6d785129c7f31875983442ea

SHA1
b5691705a712bbcac47816c9d5bd842d3b6fafa4

SHA256
102983a29e0a00df42168e375c591eeaef8c44cebf868eeb7dffbaf5350de65f

SHA512
9022d1435971475b3019ac5b0a22edfb09d9b6fb6fd20636410c335011acf8eeb8a3750397967b0b77139f25093c80924a3b2763a1c8d9748cb110ee06ee8f2d

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Security\Users\editUser.aspx

Filesize
11KB

MD5
81a2d362741a771b944a2b49a2e73f5a

SHA1
a683f8d07e8d531bbd580c15f42608476a6de87d

SHA256
aac970a168111b325dcef1bcd73a540d990f17db36c35996a63d36a99b4cc526

SHA512
ab50e3f3d0231979d0c14d4ccc1f1eeb7e59b6d2ebe92dc0f7ab6bb11430ef39096853c0ae4cac3a8babf958998d7e95a618867c3116dd76e42e091271752058

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Security\Wizard\wizard.aspx

Filesize
10KB

MD5
3ea532b07f9a412684bdf80366bae420

SHA1
92416f8207fd4200871ef99f9180fc3c8d85ce0b

SHA256
4f6d1516881b03bf5dbd89e281ffb7651a3140fd3221ed4eaac46d8041920878

SHA512
fac7dcda102bc3eacc8145f7f4afe04622ef8958bb3d4ebcf06a7128ffbe1c5f1cff4e264c0e2897c83648814775d0ff4d437b7cf59e2a428f11a37061c3045d

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Security\Wizard\wizardAuthentication.ascx

Filesize
2KB

MD5
3925a38d68c5b721c288d784adc1a767

SHA1
ee5aaf6f06701956c578849fdfd41ba8f7df22f9

SHA256
cff876a1030a113da211636df7282618d161c216b94d57b4dc8c92eba159cc4e

SHA512
898f8af87dfd7d2ae512a6ad98b83d59d6b8c1cbba3a4529cad7b771d9a9347a81d1930e98d385cd0be35c5979874e785b550b2292af4e936e7bb9f492d55109

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Security\Wizard\wizardCreateRoles.ascx

Filesize
7KB

MD5
1f0534b74d78ab5d87a4b71a667c65f3

SHA1
754c0804482425f1c4150a1e0944f871d483a7e8

SHA256
02cd82847ef59c9ac685d63b1e66b7287c070da9600c708a0cf032cdc163357b

SHA512
6c59b6a6ac764dd75e492f09f013900c01a50300f6d50e3542272a6111680440d23a5ee4cdc309cd2f074a8712f4a03a20e7a26c4a5a6f29f365e29c3116e635

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Security\Wizard\wizardFinish.ascx

Filesize
272B

MD5
6d3d7762cba496d16f2cd20aa91c2a51

SHA1
5ab6f7d68839fc6fed5126f7e6ed24613a4b19b0

SHA256
d922cc10afb601124fcfe8d61679ec447fd54db6de0e49ad766ad9d0404de3f6

SHA512
dde697729438068db0eae0001646c758aad4723067bca7b713d2c68f5e62b250de06071465a9d5ec9a9c4791d7e2b200629f2991d8a3622a0f9400822fbb8ba7

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Security\Wizard\wizardInit.ascx

Filesize
496B

MD5
f9b2e5f3d38367f996cd1d2185dc64a6

SHA1
c8a66b53cd7e4d112d405717934cd90d12f1b0a5

SHA256
2288ab0fe1da10042124319c7fdfaf44aa208aa4159bcf9bbe3ceab9794ec39a

SHA512
0bf1f968862d40591183dde70e80823b445324a3a627cb112bfe07066458a2fc30c7323ed5ea6f72c07b47098f1e4796cb7a311016d3ccd368877c1028d4084b

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Security\Wizard\wizardPermission.ascx.fantom

Filesize
24KB

MD5
a51a44056fe4b6949ef10c55e61afcd1

SHA1
5e1e0d265ad18448889371b9ad84542cf4477407

SHA256
92e9461ca6b751a48086e90a48185a94be328b303af752ef6df81788bfcd4936

SHA512
5ec9e40a2e063efb764dcc0f6dbaf20c2c15d3c70085b7f58a804938ec81ce9cd3b5dcce66bbbb9030888f878f94bd86d96d50d6772de7f2c51782e677189a78

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Security\Wizard\wizardProviderInfo.ascx

Filesize
1KB

MD5
be43bbb9aec41283af9c18869db4ce82

SHA1
0420cf8fab5dc3ccca1a4a4e3ddac49e1ada9c1f

SHA256
7cb817f1767b5286f78698998b732bfa6cb3d70104adce8c9b6c44554f00c003

SHA512
6d141458c5a9708cfc910efd1e20e92ae0658aaa894e6a95543c4743a3de1b91c407c7b46c66690a55f409f370cceca38fcd51af0ee8ef121ca972ba38e233f7

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Security\security.aspx

Filesize
9KB

MD5
7ec5a916468db9d3beb78f6ad79d218b

SHA1
d4fcda706e5bbb64fa6c7809b2cc2837d2ef95cc

SHA256
fb0682e672fb02210abdbd9b54fe83b5a43f3fa96cdcd3087b7862cc475f6353

SHA512
f683b6bbd303981d2110f90bd0dc47a200bd1d9567fed213e3cf6e9aaa14d25651da1154c4a7a9f6a0eb74aae840887d6dd415fdc25b463fca6b4068f0715039

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Security\security0.aspx

Filesize
1KB

MD5
5490de2981e261a896483b26bd0f338c

SHA1
6968c06fd0baf94f673eabb62ba9f2960f6a9b48

SHA256
5032fa615e5d1192b42a5413416e648136f95ad21c9a75abab37cefc031a1e34

SHA512
e329078c8a72e7758cb2ba436a9107a003838399db27394911ec447b42dc89ea6ffb198bd848dc0a848b832b4af797f3cbde065288f655fdb11342a106652447

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Security\setUpAuthentication.aspx

Filesize
2KB

MD5
71a89e4a8fef6f2a8b0708649ec5ac6d

SHA1
77b2790ae05508abb177c8466502a3923433e1ea

SHA256
4389e0ab9635de5abc28a357ba857fd74968f4f7d9c7c03f33e573273ba30cce

SHA512
d484fefc9270aa8c53bec70214dd31071d2d3bd9e488d61a6e0f1b5bbac30b8c61252e804c07c2c1d75c3e6c8241131368155d86cdfeef6fff8b4c24a0369177

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\default.aspx

Filesize
4KB

MD5
4822a450f19bad864b7d4bacf7f39f3f

SHA1
d906baa7bfa0d63ad008d823dc7dc11f4b29b3a4

SHA256
8affaa90da7270e3419fbf1409f95d3033c6cdac0145e2423e1615bbe3111422

SHA512
79782707747d4b81832727402eb1676d511a3e9c9fb09a8c4dd6befca9319550b46bf918d51d3aa32b62bb68472b515f952e03a1110b82b8871590f586730eca

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\error.aspx

Filesize
6KB

MD5
f5c6df3e795e7b0446169ebb5660ec74

SHA1
06516f820264871d3fb4639179d3be4b7e887309

SHA256
5e3622db094665398fdceaa881de73334ba2aca415450a35a0835f8ec343b439

SHA512
35654e99e3c43ae61681f5225b67ad7020aa7a4ffa601805cdb9d1a183d482ea5c1376fe0a029a3f16defcd7d573a8b160c18eaa5f5c319775ea1e759e31a609

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\home0.aspx

Filesize
1KB

MD5
43ce00e59eec7f97300fdd24df8f0cb1

SHA1
e14ce076bcc7ff508fa5448cc82ae055014b45b6

SHA256
164cecb23be9f9c3938823664a0c5445729210bc2de661905718ee82012bc1fe

SHA512
d5ed951b36d9d15bbe35abb5dd0ae27dbf6b7d9b96f531a8e378218f2e0edcfc0482d1215bab7ee2556c5da0840dd16634cbceb8d61aa63120a133b1988a153f

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\home1.aspx

Filesize
752B

MD5
a9754aacbf4a8f14a27ef7c61c536605

SHA1
32cc2403c2b92fa469c59802b0a0a1e621db8c2d

SHA256
cd7746cb00f25be4fbebead6f460e9ab9aa8e4e2044ceb2d7a4ac23b94340412

SHA512
f477fc7a111dfb70934363efdbe1ea16abf9489c9f9de5da0578bc46d3fe7cfea5468829938fc9c0fbcee28af86fd444282226a45d686cde1e32d5469735f426

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\home2.aspx

Filesize
1KB

MD5
772dce28dd20dab94effab21b235913f

SHA1
53d77bb99997bccdc963c0580b8cade3dc8b8100

SHA256
648b817b83a5582a5eb6a1df414e4cfea7c5ec449c70fba53a0a3c361a4520b0

SHA512
f20bb9d902e572e51ffd5f98f510e497ce1a6007db437ec12c1151ed2d7572c3a72136b53fba1c86b05fa7944096782c5aa24275cae25cffe26419c30be43727

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\navigationBar.ascx

Filesize
8KB

MD5
7fe2e557a48f69153c291c8e607b6d41

SHA1
bee35bc0f5ea52cf763cd780d594b067103448c2

SHA256
977fe7d2b0bd66cc04d22960f7ee2df0851c7b1a9c7c95490a50250c5cfabe45

SHA512
bee7e1a2d9e8b553e8e196073ad418b3a2689bcbc35e0ce7f3965520d72829398c29572eb8afc76b96cf7d7dd773888478327a35de1fb8e93b7aa478dd85c9fa

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SQL\en\SqlPersistenceService_Logic.sql

Filesize
23KB

MD5
2266b11c06e993c572e9b3f894be150d

SHA1
f6033b1678c6b981716b144c3cbc78e1608c3f1d

SHA256
cc119ee13175e0d1c4f5186828a61dbce8e3f8a3107befef6d46bb4a2e38dce9

SHA512
8838777136a5757a82c7804bfdbd70e028ec35935d7c6a0903c83fa550ed1354c55729aa34edafedb4c0c4ee0297ec98fb180cd50bb9bae6e5d056e3b9f22edd

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SQL\en\SqlPersistenceService_Schema.sql

Filesize
4KB

MD5
db8328243b9f7e73eb97765ccb7cd0dd

SHA1
dabc063bc07fbfcf9898c0de7a637a8b8d7718bc

SHA256
81c0c57322835a9959c50cdaa5e1456862bd8ac0952c8d1697751f72a85dcc23

SHA512
a68570c39210d6ac686fb7388cfeabd28b3897463c9a15b8620505e01eda8759acfe3b972abe640c4f0514e2d93cfa3cd08e89adeab09a60e34201b051cc96c6

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SQL\en\Tracking_Logic.sql

Filesize
372KB

MD5
e6fb6201f3a99ec1053a9c49a3fdff6a

SHA1
8b5340808bf98d489ffae8bc079b598db2e8b338

SHA256
2dc31f3d4abbe8362273d9002a287ccdaef7c2a523f083518c07ea2d25cb1ceb

SHA512
cb09f6e399c74ea5cf210b31b4228bbc8b9b03672ec9473c7f918ccb9849f0dc4ff3dad696fb87dc4bdfbef585211256e060ecbe1f087a8cfdd2ba4e7cf222c9

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SQL\en\Tracking_Schema.sql

Filesize
49KB

MD5
60909b1140dc1b65c488f3c2811cb8f2

SHA1
2e85c40045b50e56fa326b123d528064aec7ebec

SHA256
23e63df9727f554b088d210d24b4a9f973e7c8c09ab96feb748f29dfa5a3cc07

SHA512
7552c2e7339afed9a58c8b556afd43567e91d0a9397bc0ac821ed7404abfd9ecd0325e70b4ab10a3a723f32fad538acc9e45f52f780dadc0f6111b5244644d1f

Download Submit
C:\Windows\Microsoft.NET\Framework\v3.5\SQL\fr\DropSqlPersistenceProviderLogic.sql

Filesize
2KB

MD5
43c6b195417614c6cceb515c67af224e

SHA1
068458504d2d5fa927ed7bd489663fc91b8e77ba

SHA256
b6800c784098a0c039d3f98c0b5337b173fd575be5045cde71527a0a504d7c0a

SHA512
3ba879dd7daaccf89dcebf3a05a67ab0793d61ce3e7e8ed520a00099b102a06120cd6399588099cd3829df23338a5bafef46a90d8272b7f3be543a8c42e26389

Download Submit
C:\Windows\Microsoft.NET\Framework\v3.5\SQL\fr\SqlPersistenceProviderLogic.sql

Filesize
13KB

MD5
82a2b3f4724770b66d3f548a25383515

SHA1
a8c358386ce13d478743ad919bbe2aa0fdbd99ac

SHA256
a044e3f7d35eb51c310c7f8b317e21deb877eb8147c538fcb59a632ee66c1b58

SHA512
bfee354ae5355640b8c5b902db5adb51cb1b9dc9d45b904cd2d8f4a388081861bc4bf0511bc57a5c9784dae3179ae121ed0d0b98d3f1eda87a9c2c19b5c83071

Download Submit
memory/2420-38-0x0000000001EB0000-0x0000000001EDB000-memory.dmp

Filesize
172KB

Download
memory/2420-54-0x0000000001EB0000-0x0000000001EDB000-memory.dmp

Filesize
172KB

Download
memory/2420-1-0x0000000001E80000-0x0000000001EB2000-memory.dmp

Filesize
200KB

Download
memory/2420-26-0x0000000001EB0000-0x0000000001EDB000-memory.dmp

Filesize
172KB

Download
memory/2420-8-0x0000000001EB0000-0x0000000001EDB000-memory.dmp

Filesize
172KB

Download
memory/2420-131-0x00000000742EE000-0x00000000742EF000-memory.dmp

Filesize
4KB

Download
memory/2420-132-0x00000000742E0000-0x00000000749CE000-memory.dmp

Filesize
6.9MB

Download
memory/2420-24-0x0000000001EB0000-0x0000000001EDB000-memory.dmp

Filesize
172KB

Download
memory/2420-18-0x0000000001EB0000-0x0000000001EDB000-memory.dmp

Filesize
172KB

Download
memory/2420-0-0x00000000742EE000-0x00000000742EF000-memory.dmp

Filesize
4KB

Download
memory/2420-16-0x0000000001EB0000-0x0000000001EDB000-memory.dmp

Filesize
172KB

Download
memory/2420-516-0x00000000023B0000-0x00000000023BE000-memory.dmp

Filesize
56KB

Download
memory/2420-30-0x0000000001EB0000-0x0000000001EDB000-memory.dmp

Filesize
172KB

Download
memory/2420-129-0x00000000742E0000-0x00000000749CE000-memory.dmp

Filesize
6.9MB

Download
memory/2420-130-0x00000000742E0000-0x00000000749CE000-memory.dmp

Filesize
6.9MB

Download
memory/2420-32-0x0000000001EB0000-0x0000000001EDB000-memory.dmp

Filesize
172KB

Download
memory/2420-34-0x0000000001EB0000-0x0000000001EDB000-memory.dmp

Filesize
172KB

Download
memory/2420-36-0x0000000001EB0000-0x0000000001EDB000-memory.dmp

Filesize
172KB

Download
memory/2420-20-0x0000000001EB0000-0x0000000001EDB000-memory.dmp

Filesize
172KB

Download
memory/2420-14-0x0000000001EB0000-0x0000000001EDB000-memory.dmp

Filesize
172KB

Download
memory/2420-40-0x0000000001EB0000-0x0000000001EDB000-memory.dmp

Filesize
172KB

Download
memory/2420-46-0x0000000001EB0000-0x0000000001EDB000-memory.dmp

Filesize
172KB

Download
memory/2420-48-0x0000000001EB0000-0x0000000001EDB000-memory.dmp

Filesize
172KB

Download
memory/2420-28-0x0000000001EB0000-0x0000000001EDB000-memory.dmp

Filesize
172KB

Download
memory/2420-56-0x0000000001EB0000-0x0000000001EDB000-memory.dmp

Filesize
172KB

Download
memory/2420-58-0x0000000001EB0000-0x0000000001EDB000-memory.dmp

Filesize
172KB

Download
memory/2420-60-0x0000000001EB0000-0x0000000001EDB000-memory.dmp

Filesize
172KB

Download
memory/2420-62-0x0000000001EB0000-0x0000000001EDB000-memory.dmp

Filesize
172KB

Download
memory/2420-22-0x0000000001EB0000-0x0000000001EDB000-memory.dmp

Filesize
172KB

Download
memory/2420-10-0x0000000001EB0000-0x0000000001EDB000-memory.dmp

Filesize
172KB

Download
memory/2420-64-0x0000000001EB0000-0x0000000001EDB000-memory.dmp

Filesize
172KB

Download
memory/2420-66-0x0000000001EB0000-0x0000000001EDB000-memory.dmp

Filesize
172KB

Download
memory/2420-68-0x0000000001EB0000-0x0000000001EDB000-memory.dmp

Filesize
172KB

Download
memory/2420-42-0x0000000001EB0000-0x0000000001EDB000-memory.dmp

Filesize
172KB

Download
memory/2420-44-0x0000000001EB0000-0x0000000001EDB000-memory.dmp

Filesize
172KB

Download
memory/2420-50-0x0000000001EB0000-0x0000000001EDB000-memory.dmp

Filesize
172KB

Download
memory/2420-52-0x0000000001EB0000-0x0000000001EDB000-memory.dmp

Filesize
172KB

Download
memory/2420-6-0x0000000001EB0000-0x0000000001EDB000-memory.dmp

Filesize
172KB

Download
memory/2420-5-0x0000000001EB0000-0x0000000001EDB000-memory.dmp

Filesize
172KB

Download
memory/2420-4-0x00000000742E0000-0x00000000749CE000-memory.dmp

Filesize
6.9MB

Download
memory/2420-3-0x00000000742E0000-0x00000000749CE000-memory.dmp

Filesize
6.9MB

Download
memory/2420-2-0x0000000001EB0000-0x0000000001EE2000-memory.dmp

Filesize
200KB

Download
memory/2420-12-0x0000000001EB0000-0x0000000001EDB000-memory.dmp

Filesize
172KB

Download
memory/2760-523-0x000007FEF4F63000-0x000007FEF4F64000-memory.dmp

Filesize
4KB

Download
memory/2760-524-0x0000000000940000-0x000000000094C000-memory.dmp

Filesize
48KB

Download
memory/2760-1031-0x000007FEF4F63000-0x000007FEF4F64000-memory.dmp

Filesize
4KB

Download