Analysis Overview
SHA256
5d0083f61a95508aeac3d37fbc1f21260ab09e2bf79f469feb93790bd201e5b4
Threat Level: Likely malicious
The file 2024-03-21_96b8036f361b0d093394bea6e30fbe40_termite was found to be: Likely malicious.
Malicious Activity Summary
Renames multiple (8372) files with added filename extension
Renames multiple (2575) files with added filename extension
Possible privilege escalation attempt
Modifies file permissions
Loads dropped DLL
Reads user/profile data of web browsers
Executes dropped EXE
Deletes itself
Adds Run key to start application
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
Unsigned PE
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Modifies registry class
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: RenamesItself
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-03-21 01:05
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-03-21 01:05
Reported
2024-03-21 01:07
Platform
win7-20240221-en
Max time kernel
151s
Max time network
124s
Command Line
Signatures
Renames multiple (8372) files with added filename extension
Possible privilege escalation attempt
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Termite.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Termite.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Payment.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Termite.exe | N/A |
| N/A | N/A | C:\Windows\Termite.exe | N/A |
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Windows\CurrentVersion\Run\Payment.exe = "C:\\Users\\Admin\\Desktop\\Payment.exe" | C:\Windows\Termite.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Windows\CurrentVersion\Run\Termite.exe = "C:\\Windows\\Termite.exe" | C:\Windows\Termite.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\system32\mswsock.dll | C:\Windows\Termite.exe | N/A |
| File created | C:\Windows\SysWOW64\mswsock.dll | C:\Windows\Termite.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0105234.WMF.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02134_.GIF.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD21413_.GIF.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_MediumMAsk.bmp.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\DvdStyles\scene_button_style_default_Thumbnail.bmp.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH01035U.BMP.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Colors\Thatch.xml.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-previous-static.png.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\feature.xml.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Windows Media Player\it-IT\mpvis.dll.mui.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AG00090_.GIF.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18255_.WMF.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\SCDCNCLS.ICO.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\en-US\css\settings.css.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\41.png.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AG00004_.GIF.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099162.JPG.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\DGDOTS.DPV.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\system_m.png.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\41.png.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\Stationery\Soft Blue.htm.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\skins\fonts\FreeSansBold.ttf.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\DD00413_.WMF.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\EN00006_.WMF.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0295069.WMF.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\NA02423_.WMF.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationRight_ButtonGraphic.png.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Antigua.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-editor-mimelookup-impl.xml.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Microsoft Games\Multiplayer\Checkers\es-ES\ChkrRes.dll.mui.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Windows Defender\es-ES\MpAsDesc.dll.mui.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\tile_drop_shadow.png.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\HM00426_.WMF.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0309904.WMF.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCalls.c.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AG00037_.GIF.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02740G.GIF.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files (x86)\Windows Mail\en-US\WinMail.exe.mui.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_plain_Thumbnail.bmp.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Mozilla Firefox\dependentlibs.list.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_top.png.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\FD01657_.WMF.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0105294.WMF.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME40.CSS.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Baghdad.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\com-sun-tools-visualvm-modules-startup_zh_CN.jar.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AN01039_.WMF.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\feature.xml.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-threaddump.xml.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\it-IT\js\cpu.js.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1258.TXT.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\PS9CRNRH.POC.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\1033\Access\Part\Users.accdt.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Common Files\System\msadc\en-US\msaddsr.dll.mui.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\System\msadc\ja-JP\msaddsr.dll.mui.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0101863.BMP.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\STORYVERTBB.DPV.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\mip.exe.mui.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui_5.5.0.165303.jar.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.ui.zh_CN_5.5.0.165303.jar.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PARNT_03.MID.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18222_.WMF.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\css\settings.css.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.security.win32.x86_64_1.0.100.v20130327-1442.jar.Fuck you | C:\Windows\Termite.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Termite.exe | C:\Users\Admin\AppData\Local\Temp\2024-03-21_96b8036f361b0d093394bea6e30fbe40_termite.exe | N/A |
| File opened for modification | C:\Windows\Termite.exe | C:\Windows\Termite.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Fuck you\Shell | C:\Users\Admin\Desktop\Payment.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Fuck you\Shell\Open | C:\Users\Admin\Desktop\Payment.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Fuck you\DefaultIcon | C:\Users\Admin\Desktop\Payment.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.Fuck you | C:\Users\Admin\Desktop\Payment.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.Fuck you\ = "Fuck you" | C:\Users\Admin\Desktop\Payment.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Fuck you | C:\Users\Admin\Desktop\Payment.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Fuck you\ | C:\Users\Admin\Desktop\Payment.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Fuck you\EditFlags = "2" | C:\Users\Admin\Desktop\Payment.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Fuck you\Shell\Open\Command | C:\Users\Admin\Desktop\Payment.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Fuck you\Shell\Open\Command\ = "\"C:\\Users\\Admin\\Desktop\\Payment.exe\" \"%1\"" | C:\Users\Admin\Desktop\Payment.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Fuck you\DefaultIcon\ = "C:\\Users\\Admin\\Desktop\\Payment.exe,0" | C:\Users\Admin\Desktop\Payment.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: RenamesItself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-03-21_96b8036f361b0d093394bea6e30fbe40_termite.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-03-21_96b8036f361b0d093394bea6e30fbe40_termite.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-03-21_96b8036f361b0d093394bea6e30fbe40_termite.exe | N/A |
| N/A | N/A | C:\Windows\Termite.exe | N/A |
| N/A | N/A | C:\Windows\Termite.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Payment.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Payment.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-03-21_96b8036f361b0d093394bea6e30fbe40_termite.exe
"C:\Users\Admin\AppData\Local\Temp\2024-03-21_96b8036f361b0d093394bea6e30fbe40_termite.exe"
C:\Windows\Termite.exe
C:\Windows\Termite.exe
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysNative\mswsock.dll"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysNative\mswsock.dll" /grant administrators:F
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\mswsock.dll"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\mswsock.dll" /grant administrators:F
C:\Users\Admin\Desktop\Payment.exe
C:\Users\Admin\Desktop\Payment.exe
Network
Files
C:\Windows\Termite.exe
| MD5 | 96b8036f361b0d093394bea6e30fbe40 |
| SHA1 | 117ea2ef8c960c86eb829ce3b937307a0964bd68 |
| SHA256 | 5d0083f61a95508aeac3d37fbc1f21260ab09e2bf79f469feb93790bd201e5b4 |
| SHA512 | 47dc01cbe0e800d9ffbb738398af84388efadec99d1123dea247527c0afd5ce0bffa4c87b4399bd45aad8739015c34d87a5f0dfd6ac991493acfabd7034ad9c3 |
\Users\Admin\Desktop\Payment.exe
| MD5 | f9011216b0769cfc500cefb76265a987 |
| SHA1 | 0dd725039e730097d1fd67b2b72dd51b7d0d10e0 |
| SHA256 | ecb514b9c4149ee1b184c23bbab756fdf647e50e78413c0ec00abb88ac52eef7 |
| SHA512 | 90e41ea42b83ddc1e22050b0b731cf0f32dcf45db44affc29eeffcd5d9131a83711f96330c5faac7b5c3547f9b4419464681a585ac37af737d939842d330fb16 |
\Users\Admin\Desktop\Payment.exe
| MD5 | 9f9bb9ee4952cb514089910e19eac5c4 |
| SHA1 | c57f604e8eca50df40df93a6b0c3d65ab8d3b198 |
| SHA256 | 0c9844f11b7b57547891b3cec86bd3468734a990768dd9f7a9a72cf6a908b17a |
| SHA512 | 8661c46618d0f8454a278d6a4e1b85fd9c9656c2e59feb6851087bfcdb53bba5015ce023cf6d0504dc899ae6fbbd4f413b45228eb2c8eb6965912cb32482d14f |
C:\Users\Admin\Desktop\Payment.exe
| MD5 | dc3c37d05a489897de5553ea79cf504e |
| SHA1 | 39a80df90b366462956d9b8e81318a2bdfc4f055 |
| SHA256 | 6f993a2df54f0a79b88440c9267b669a7e42d132e18ae88717eea13d0bdb6e54 |
| SHA512 | 5ff3c35348f492214496472a58aef2529c161bb7cc7e9a7a9e896cbcf7fcee57283a7bd70d4f4cf21d1428f3e2b012e8e35037f0b3d611ca1792157f5078bfb4 |
C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_ButtonGraphic.png.Fuck you
| MD5 | 331a3aa97ba4cc7f4da6e7a0f496fea8 |
| SHA1 | fdd62853cfaec89fe37472cd24efeae7fca8d6c5 |
| SHA256 | 3efee8365679007805f20fa82dbce9413398cfb9ac858f91ea1b05c9f76a3b65 |
| SHA512 | adc88700bb297249732c08f3110c459cabc0eeb9d63bde235ae061bcf9957febcc87c1dbc359c770961fd36a4029954d470dd9654ab675fbf96dacbcd363ac70 |
C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_SelectionSubpicture.png.Fuck you
| MD5 | 70b74657f84b94d3cf6a87c095fe14e6 |
| SHA1 | 2f762391f74525526c1d012ce0bc78c2a3fe54e6 |
| SHA256 | e81da398dc1a4247686c2d7fd17b250a6b42c80a85474e4909199dcc4717db54 |
| SHA512 | ca2e63423fa9f5da006ed40c529443ccbeba9b59234670eeef3bb253ea7ecad5b750630e5608e9b67e97c07307bcc180da2eab1b75f8a9f293265bcfcbfbe3a2 |
C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_ButtonGraphic.png.Fuck you
| MD5 | f2483547d4c12eadff408d02abf2bb9a |
| SHA1 | a8ab4fc0c0a265d4333a16f491780bf43bfd2ae4 |
| SHA256 | a9089bef26556ca5cdc4d94282193e4802700dba5e82a3911c320e58a3e73d5e |
| SHA512 | 8aa11aa82f98c55873022f17a4ac1087716d079703ec9bcee6ef7f57d4cd48e4450a6d9179a4029b30570a856456652023b0af51fc38ef1f54236c52ce3cc978 |
C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_SelectionSubpicture.png.Fuck you
| MD5 | bcd50099a7a4f64861f4f92efd50902f |
| SHA1 | a072f0f9734296e74bdff9b8d3b79de81b0659a7 |
| SHA256 | a3bb1dcf5b68849df55ee290eb5006849896d26d964c1b598e45658a9b2825fc |
| SHA512 | 62925a63740ff807b51cdefe8ae3725fe164a7f631ab72bd47d6acb55ba189751cfa465ab929c0669859572b127f11a9c70cdfac61ea9f439298f075fc3b33d4 |
C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationUp_ButtonGraphic.png.Fuck you
| MD5 | f3b84995dc1e54408cb7e01b2722fdfa |
| SHA1 | 19bc3bab2a606a2ba821ba591a86df988b297b0a |
| SHA256 | ea108d9015f72dee7ccf6374b3b9a5a41ddb37d3e6208ede761d74c28318b1fa |
| SHA512 | aaf738a05f30693758c4df606bd11049d7ca1e4e15cf1dd8775d33a33a24ea17be5d67ae6ddbba3efe360837d84d89161f097f1ca5d42aa13bdf0c07c177b2c3 |
C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationUp_SelectionSubpicture.png.Fuck you
| MD5 | c531b7534b6825868289e5d89f390acd |
| SHA1 | 5fbcd20a51f6f2fc30d73b4cfe41018fffc99751 |
| SHA256 | 144e6f6990e95d13ae8f998d4b0d0c8ea27bfe894a9a7866988d0cb82035c593 |
| SHA512 | 3d73ef1b9b0bc41d9d317f5b7cd3f4de83f18ac0d0bf130ffbc11183cd37152d0472af88988009922c462a74692b2accdc2585d9af714ec91db4917c9ee630ee |
C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\1047x576black.png.Fuck you
| MD5 | f86900097caf3dcea0f076a3a4ab5c3d |
| SHA1 | bc9430da502d051bfec0278b804e7733c894c317 |
| SHA256 | fa1b0e9eea91bc4877300c16cc47666f2fd6c088b1d6d5c63e0f102aae5d5ad2 |
| SHA512 | 3a8b60ddae6c127133e5fe09cac410ed2b3923b037be03cddb1d4874a9f43fdae2e2e9103579bc51bb78592ff394d73a5c9f86003bbff6675ff1f59efd91a21d |
C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\15x15dot.png.Fuck you
| MD5 | 66281a8ed8a23966a4b8f9d7a2acec0f |
| SHA1 | 5c67cd89572da5aeb47fcb2e18c0d167e12197ff |
| SHA256 | dbfbdb468e0b1fff8a8a1a3714d97a3c2517d4a88e69473ed30f09813ef2fda1 |
| SHA512 | eaa3e82c606fe8fd34ce8dad6483c83f89fac25a37ac6e6b855cdb7bf51ffd0e50d9213c1db2cfa863c2c9e373147df260d1c1a81c6a64f9f8118f441d88a096 |
C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\203x8subpicture.png.Fuck you
| MD5 | a8579c4e48293d99d2cf1d3ad8e0c0bb |
| SHA1 | c88b20f78db2938de277217e50c601837ec54b40 |
| SHA256 | 3d8060eee26ff6f6130f178ed58f632f6ec31895fcbef873b6fdff0217cfdd90 |
| SHA512 | a20b08896a26966498eb551fe423cedc21277e177ba925e57249c0f4469b64fe9ece2aecf9e296bbfaa1e1932edf7866d231ce71ef95ade48981abe55c257163 |
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\epl-v10.html.Fuck you
| MD5 | 6a1307af8f55a3b825a9f035db13d9ac |
| SHA1 | 4da3233163cc467104836a9ad7a39a0f3d1eab85 |
| SHA256 | 75bdebb1ec246920a3bf651a6bcc64bc875a681a209e56c1dae187dfb2d4761c |
| SHA512 | 8c3ffdfffd622becc14bddb358696d06162a2fcb7025aba0d58757998b930195b5b5f1416a3b4a7036cc12167bda92c7bd73cd36070a74b2858b859d3dac6e00 |
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\license.html.Fuck you
| MD5 | f949a3c2cb5147c5facaf3c9bbb793b4 |
| SHA1 | 44127e82a2c5be0202f354995c02736411bde239 |
| SHA256 | 9f344e896dc24e309e896c02cf58d34dd8f163618a7ca33fd2088ad5081ff6d4 |
| SHA512 | d06293e6be691ea78ed3d22ea1c92086e8ca758a924c31203fc22133768827c9e497556e70c26f882a20d2955c601493bd9074a1ecf1770efa95cc93e94e6acb |
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf.Fuck you
| MD5 | 257bb4e65ab29b16df59d0b0e3761b94 |
| SHA1 | 8f961b9a60df3e39519d936c5bf523f44b25779a |
| SHA256 | fd693657d82331c2360ff41910f0d0fda98279dcbdcaa3be367f67edd1ac58c3 |
| SHA512 | fb7a9aac562272acc566bfc5eaecece1e5557f1f5b7d999ea4a79151a12eac8836dbc92be7307853f794df080d4de9156928470635aea090f565e6719beb1330 |
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\ECLIPSE_.RSA.Fuck you
| MD5 | 31d5b42e12e4339a90449106849d633b |
| SHA1 | eaf2321ee7186e4b2a7228f9091bd33a3bcef9d0 |
| SHA256 | ea5678ced3e060c6c856cb8f65a9bf1367ef68e73d543a5c9707bf64ffdbe124 |
| SHA512 | f88d907427023de13e362af60ddba09235359e8d84afa3f9f5d97929e2d018c4772f95eff1691eefe3ec82585a9a9d1c7452cddd9f76c76a64809a49a57ea7f2 |
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\.lastModified.Fuck you
| MD5 | 8e7399dc89c087a7a9765b72667e777a |
| SHA1 | 7b92bfaebcbd31ed338ced9ef0c5d1f734d82e0e |
| SHA256 | 5c816f0a996de607ea63d9ff65f9e559a6f18591baca2f85f12563f0c8336c36 |
| SHA512 | 8d9558cb1fce883f0e54248cbcac1655e07b5e93de4b54d32a9b3571fcbf81ec9d2d04999dd01dfc2012f188151aec396f03f08366a5d706f7f6671f784b6a52 |
C:\Program Files\Java\jre7\lib\images\cursors\invalid32x32.gif.Fuck you
| MD5 | c636a07477a11b9d7f16630a19a3cda6 |
| SHA1 | c29cf8d773ef1e317c6ea89fd8474c91ddf3fc5c |
| SHA256 | 5c1d397d14fecb955315e2ceba5cc7e6025556374577c8bcffed5c670a92907d |
| SHA512 | f22e162d0b8a52fa6faeb91070cdba82de385c85a3571cfda5a5dd4f533f06940b158ea021649251b44ab2c900e531f629151136520209b7078b2482c26b6187 |
C:\Program Files\Java\jre7\lib\zi\GMT.Fuck you
| MD5 | d2c1f0600efe6412e41f9ff9705a6b69 |
| SHA1 | 006bd2499b1d8d9f1ca72d1ac1ae13c94735106a |
| SHA256 | 3475610f34097ae3acc4f949e44ca9183ff2e6b62f79e8343f921e67cbe888ea |
| SHA512 | 15b41240ab27ac377b75968d9814c0cfc8c16221c96e9a0c1407bc2fff0f837c3211e28deb5aa32732ab4c960b7cae9e4e397dec83280df72f914b6d0dc4477a |
C:\Program Files\Java\jre7\lib\zi\Etc\GMT+7.Fuck you
| MD5 | 20735005d2187caff8fcdbad4d5defba |
| SHA1 | 218944adc6e8b43a56970925a7a1e6e15bfab0fb |
| SHA256 | 6eeb412903f209d480167ff5b3a6cf5cea58a60338617972cfa4832576349cac |
| SHA512 | 1e60195bb0635e94f42ffd3fca419a8ca47e3773c9541153e5dd67e4f6dbb044ed6d4b89dfff50c5a078e47e2dd8dab9e4030e2a7ff8e49899350c674d021e61 |
C:\Program Files\Java\jre7\lib\zi\Etc\GMT+5.Fuck you
| MD5 | f3ee9924d975e6c0fc840fdfbfb6571e |
| SHA1 | 2bf453983b98d4d77272abd1e898bff1ea30215e |
| SHA256 | e1bb6105a256fdd1da6a0dc994c73e2380fcd2ec4a514f2299120c3dde5edf7e |
| SHA512 | 78bd6bcc874d09c911a68389b13c91f09aec4cd53b22a7a4ba423258953614e8aeb4de13032d85bef3ede882d4c41f1d4eb2ec348cd26d22f1789dcf0a5df97e |
C:\Program Files\Java\jre7\lib\zi\Etc\GMT+10.Fuck you
| MD5 | 90b212d372e46e9d6ed0483dc8903ec3 |
| SHA1 | 64f5e835c18ef7e71be0dccc24d7358c842532d6 |
| SHA256 | 114181a828436f3f37dfbdcc29f73fb7337dfbd023c6e1c45485a09480500347 |
| SHA512 | 5732ac6745ef9c1d393df74bced74084224d595dab20590020e6e44980ee19bc56752777e9bf9593f48abefd9b9b54499dd441d9eb971c682d74536eafec4d3b |
C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\it-IT\css\calendar.css.Fuck you
| MD5 | d3b5f71e253291d4c135f0e9b4af8a73 |
| SHA1 | 06c0d576084887852fa9b9abc09ed7aee66e8fb5 |
| SHA256 | 966c268ee2b02e10ce73dda8b35ec20fc8464139cd95cfbed5c364a795b42083 |
| SHA512 | eef1f0175ac8f09ac3af9e7edda86b0c1a98d17a0248127c2b763f238f7647705f30e7e9ee1ce90e9a54f7f5fcabb01fb5a2871834d10d7255ed7386ebedf45e |
C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\css\clock.css.Fuck you
| MD5 | 7abf17cad5415effb62015ace88759c1 |
| SHA1 | d54da5822f9f19ee81683516aed9faa8bc9afcbc |
| SHA256 | 988eff76d0e6c9118b5011b514c16828c5ab5dee26c27cd8affed5a41aa4544f |
| SHA512 | b2f1c8e165651a0e3011107636cd283f01ffb92040e4afad3e8b36864d13aaa1c27654e63caf2dd541d91e6941133b02ae269fb18a50c44b5443f47b50e7eba0 |
C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\css\settings.css.Fuck you
| MD5 | 5669a48c8c81cc018439b6c3e5641ea5 |
| SHA1 | b9a6bcc37dd918d1b1fdfa271316bdf2eef370e2 |
| SHA256 | 6fba0c4e0e9bc23f48154179373a31db1316b94f3541bf5edffda322598e3e8b |
| SHA512 | 806c1d14a4c8a15caea7a6de1f911e8432e48b782db3f656f1170eecf6e7c2fa8fc43b4a2781beef3cb3d3e77a059c90a2bbecb59916658cd6789fcfd177c4be |
C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\js\clock.js.Fuck you
| MD5 | 1d40cc9e40bc27935e388a4f0e15f526 |
| SHA1 | c21f7e7159bb65f5afcc1360bed5b17452e75c9e |
| SHA256 | 1249791c89ba10f7fa5880600854ef6954b2769368af4a3f418aabc8dd73fd83 |
| SHA512 | eb00621afa20160f117c6ec06641cf2d330e167610d11dc89d3c006d9220762435f1f91c34cfe5b10f27c3fb92de2b1a49dff9f42467e736bc42b797faaf7e17 |
C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\js\timeZones.js.Fuck you
| MD5 | 62003756082263c0d9c8a97de3197960 |
| SHA1 | f37f12be1a9d2c60920a7654193c3423773f79d0 |
| SHA256 | 06272d09c3d64915a2a1da1f77e105d83bf3927f37f3cac0b600a88be44e6979 |
| SHA512 | 6befae93e7c5dfa2b670a13d61671fc8672c45076b8215d21401c20730f87a1f545198fe125a48e1ad5cd97b10408ce3df28b71e18cfa51f1278033c0a0e1b93 |
C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\it-IT\css\cpu.css.Fuck you
| MD5 | c3057af5dc7ee32f650eb47584e0cef0 |
| SHA1 | 35e5f8d68d3b7382640212310cb0c7f0cb9526ab |
| SHA256 | 084f63ffd667862938e46eede92a42a324ca125afd7b097db7981aaa69bb9dab |
| SHA512 | 070edd98f21074dc32880395cec0f68e00e2751b549aea3d5d42656238d95b601fb2fa800acd22e76a29960dafe9003446584b091dcb5ca614414f1c325a8cfd |
C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\ja-JP\cpu.html.Fuck you
| MD5 | 7f148be61fe09a5f8fef43b477f68677 |
| SHA1 | 5666fc13c4bb2a9242a83f7208811df7e1c38fa8 |
| SHA256 | 3435b71fca6d703cf24c3c8b6a44ef9b283f090637db35e86c3a069b03adffa9 |
| SHA512 | 7e18b8cbb147677a130def84a170b2aaa308ce178542be62080f0f3a549807bdf2514553357c26197c50194d1bab3a8455a5a6aa88bb2b7bb233f9ba3bedd810 |
C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\currency.html.Fuck you
| MD5 | 53e6fe3c9e1583f8620f64d83c1fa16e |
| SHA1 | 7747d69c3fb2e4fd10dfde101e730ff1ac2c4b92 |
| SHA256 | 5562bc164f37e46e7a77f873dce69aa9507840e66677bdd8cbf04dbab6abdbb2 |
| SHA512 | d7dd055dee676df4c15d00bdd1f5e88ab63fa4c8c5617bf3209aee79e63c141a85364e5476eccf9092ea49daeead5c37256e51b356638fd861409b44a0caee3a |
C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\currency.js.Fuck you
| MD5 | 768f771937511f365f14fc12fba9f6f2 |
| SHA1 | 155236a7e32ecd383d12842654ed7eda40c2f3e9 |
| SHA256 | 1857f02efedf3b7ae058a5b8f147e0899fd898906f441d9ef12946f9896cbd8f |
| SHA512 | 9928ac44c13b57117fd2088463f12e83f74f06ee833dbfba50873db12f3ceccf1665e44808f0f78d87e205f7356631905e72f4d296421f2df311f3c3f16e628c |
C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\init.js.Fuck you
| MD5 | 81c70e158232f9e0fb754e7c3497277b |
| SHA1 | 6b7190991ecea17a8aeb6d6745fc2d238baaca5b |
| SHA256 | 414b5557ed7d594c1eb8391cfaf34989f804faa161292783b727bb143c9079e9 |
| SHA512 | bd8e002b7e531170452e0229d60a710e2be29b0237cb49d6537713df2d3ec93c2caa1f6466549dc02963e1e7ec84c0a8551511a216eef14bd18172aa1061935c |
C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\library.js.Fuck you
| MD5 | e91b2b8720131b2dbc284a44a9c3f1e2 |
| SHA1 | 0270b2ef31d66fd50b797fc6bd2d68eb9f87630f |
| SHA256 | 575b051e929cec5dd393f640b186b7a5df87dd1f9d7d7167152b22705a75ec89 |
| SHA512 | 71e9713ddda7ccfab7f2ee1be860b7f5900c915437bce1a841d8a99b42c5c86324754e82da72173a88a9374b12e94307296880993ee3f31500ceab3588b143ab |
C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\service.js.Fuck you
| MD5 | 19f1f88a36e142c81a5162657b046f3e |
| SHA1 | b5856171ee29caeb1fbfd162f88fdadff9bb53ff |
| SHA256 | 5ea741b7936e4cbe976be9fe207a5554d8e9d7072e1cb1e872599883cd19b9c8 |
| SHA512 | 968e70bd7ead494682b167571e418d59b5489aa44bb4a32a1b9195dbf63fccaba6b735370c0614bce4b650adc90782d3859ad6c1abd32cb570a63f94e4bfa56c |
C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\css\picturePuzzle.css.Fuck you
| MD5 | 4cf7073324e837d0711a94aadc8929bd |
| SHA1 | 1bdcd8988fa584d756f6fdb12a4f82d2bd4b718e |
| SHA256 | 18dabbf29084481b2c968ccf998182fc890f0f93883bb3514eed5a7efbd4d8f2 |
| SHA512 | 3b58e82989b67f4f70cdfef28033098e926779db3d40b3f2f4245098108a4b336ae7fcebde963258b917cba8889272bc14d0b78ecdc345fe62a91860ac4a5332 |
C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\css\settings.css.Fuck you
| MD5 | 26911e2482a24a75db8d7fe3c219e174 |
| SHA1 | 4938fe3bbb3af0bf61ef3c222fe7becd9bafa131 |
| SHA256 | d3b98639efbb7fe4a989c26da7f73850451da64082d28ad867e47df43d2611eb |
| SHA512 | 59f5a5d3c522472e2e1f1b1268951bff59a2406eccada158ec2f853dbb35c2e78ec9feda4fd6812b1f9a319750cc38e806daeb494d7cfd89260de8f9e617a28e |
C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\logo.png.Fuck you
| MD5 | b630256b142a90b578bbae87a4c3ff71 |
| SHA1 | cf6f29ef49ac92b6cd3620ac29f5a6de9f9a2b1d |
| SHA256 | 8c1d69feab50f044c731fdbf55037d029011870496388b556a2b489e8b126285 |
| SHA512 | e77ebaec039570b5a98ebcb2eb90966ff98b95f452e6fedc7006d3e743777d93a4fbc83b87621eda0a911be3056075a394187b47093d630c9d7d3bafd953c813 |
C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\css\flyout.css.Fuck you
| MD5 | 7d72c50dd76c4cc5443b75382ee3f6d3 |
| SHA1 | 955174e7eaac4167a235795a3c294c2bbe99152f |
| SHA256 | 39cf29925d3685123b9114b8e57424c9915bd003f1a529640c49f38c1a4aea65 |
| SHA512 | be50e640044f631247215b92b1ecf4f33ab2bd69c5e5f07752ecf2a5dc5c8b171682b6c4c287b40b00b362ee3eb70ffd6c6e698f3f83e85757ee6acd77c8083a |
C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\css\settings.css.Fuck you
| MD5 | 96fc4a8033d99fc075de351cb111e329 |
| SHA1 | 27a9f2f1396d32df89c29b0acac73144c14b19a5 |
| SHA256 | 77916888e7b2213b26aab45483b5b6198a7d341809281d39c082e386f2b193ef |
| SHA512 | 3acf9d68514514d8886814a3e05b51a2120916f0806d6ecca0912c61d61fda9c956804560142ff9e6586fa8f4c7fe82b71d7a0a964b0c67a402e2aac31d274ae |
C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\css\RSSFeeds.css.Fuck you
| MD5 | 81c27fad2f461562abd11dfa4f0c73e6 |
| SHA1 | 3f3d2c4cf56ae87ca80419e264828c8f91abfac9 |
| SHA256 | 0a5f65fd2d36d101d1b7e60f37a482e831e2c53b72876ddc5741ba354e5bcd9b |
| SHA512 | 8bc3db94430dfb6456d1239104ca6654d673da01402191aed955a323fefd3d6feb8a0e3f1b72324c9a65b238ab7d6a5b6d5a99ec47e2dd36903079f20c154da1 |
C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\js\settings.js.Fuck you
| MD5 | e12227303296d7da29ebe4e4a430f73c |
| SHA1 | cc69eec150247d22c71dd0050c783364a91ff977 |
| SHA256 | d3bd42dcbb0004ef1c24317897d5b3032337b8c11e948e63128ada10e88c8ce2 |
| SHA512 | 94bc1f374d13fc2e257d442132237606a3f41029e1b61cd2c70fa9da9988374e00a2b23b8ced4aa36b20449c9e61fc380a66efd9416be6287108cdfaed98fc0b |
C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\css\settings.css.Fuck you
| MD5 | 7fc8874101e82306ae7ad6a560e02bb8 |
| SHA1 | 5b661edadda3a380fbeb2e820ac741bfc124e3ac |
| SHA256 | fbb717f2d7a0578610fa3cd966b36e944b3320bba10bb4ee51ebeaa21cbc19f2 |
| SHA512 | d1fce7dc651df28d9835c3af5d5b646c71f3fd363453fe86640df7ba4e2b7de1502c23b5c18f657db47244039541e9558afccf61a6c23b52453ce6ecb1f290bf |
C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\css\slideShow.css.Fuck you
| MD5 | d8b3a79e7bed8e0596209c103449cc05 |
| SHA1 | eee0ca768b875fc2954a5d24ff739dedb308dba4 |
| SHA256 | af57822ee2002d21a18afa5330a6ac233804a3294843f8b3b9d50f807cde6655 |
| SHA512 | c6136b8aa6b7b3b693c6cd8c0e469fb7069585da2d6c3186dfbe70efebd703499ec688b4e147f08ffb3d59a48077ec918520a9923e5f1c7d0b636ecdb1577a8b |
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\38.png.Fuck you
| MD5 | 0a57bf80d86aae4188232e07e496fc95 |
| SHA1 | 12b787ff809676f442a9fc2a44b1eeae26673105 |
| SHA256 | 854dac764b6830a436c31021dea750e10e4c4624b4dbcb74326cf151d2d3cbad |
| SHA512 | 7fb73d483e0bd0905345878d2476cebda910ed8b573e50eed86db676e5b78473ea37aa989295cd99c74f05f4cf55515ec8c79f9515943a8781dec76c5e047327 |
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\39.png.Fuck you
| MD5 | acf790013e8b5b21bb8f515ab6f5e886 |
| SHA1 | 2a0d96ab28c617c73822b31439df082d286d23e2 |
| SHA256 | a7870683aa70ae1b1d4ef0175d3fd07ca59fba0475039b3f14b31c9720b68b2b |
| SHA512 | 9a8744563b418b91834838d23d9c29bd30a9a1a68387aef28ba76d52d55eaf429a46724a3529b9fb822998335fe625dba538e584c9bf991009e85b17fca8a716 |
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\41.png.Fuck you
| MD5 | 0b921e41706fb198ead98805f5ecaa65 |
| SHA1 | 1305e79d72b90b41a8fdc1fc3c97fcc487fbb54c |
| SHA256 | 65c352f56e73a0ff34b3196e0e994207bd6ba2c936f4501d5261e399b2c71a45 |
| SHA512 | 8b06b612701dd13adbc1a4ece5a92b2590f2ad884440bda6c0b98fdc8984306ee2488a3c98ba29d0cfa20084aa927354dee0be7a698cdaf51d5d5d5c0e03d8dd |
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\settings.html.Fuck you
| MD5 | 08c809a2d789c67341a4051bab453fc5 |
| SHA1 | 27c58942817da31a72fc9c6846523cf397fdb4be |
| SHA256 | 574e6ea04b11ee08d8b8026a81858bb7b2a8db46b63e6877cbfe8e7389f7f277 |
| SHA512 | eeb09cf28e1b9a9785d21c7e71d6b79148c2e576608fdc82f4bed51ea31a8fdbc3522baea23e336449cbc19138b9e44f1ac43445168fe9041380511a73bf0469 |
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\css\localizedSettings.css.Fuck you
| MD5 | 94483d81d0627bdf018e8989b3be147a |
| SHA1 | 606aa3206b4db78598d621a2774c150348bd9fb5 |
| SHA256 | 0b8b36c8eb2740871f7ea48d4ad9b7f9071f6de906e23b2c0688fffc4cd6529e |
| SHA512 | 261cbdf84e6057583db6de398d7f1734ae04baae20e5c8a1439ce5d3e65c58b969034da52f3ae4cc952621d9ab4226a2c07f0994315c3e13ba8bc595f5716b5e |
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\weather.html.Fuck you
| MD5 | 37d03eb43c31ae9523de9ea3acff9bb2 |
| SHA1 | 2b6929501b318326133f9906e8647b2d70850e6e |
| SHA256 | 5917b7a6110b0f0320cfaeadf72715332bbbd7f07db0f27d44196de139a4025c |
| SHA512 | 0224158958f8f3ba0cc168439b5dd5d7296f636820151a08c51e390820b578af5f4fbe19d02db2e8ec7588f2c593d101588c1319d4060224481496835a860069 |
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\css\settings.css.Fuck you
| MD5 | e5349186c7ba6f643c6593fdb887f0bb |
| SHA1 | 41e4b233fb54c14cbeafa03337bd032cdb78bfa4 |
| SHA256 | 3b8b16a446940f7e3eaca92f94a8bd49775a43ccde1f165ce75cf1ea7e94c34f |
| SHA512 | f0bec322ae6261eb25cc583a00d1ddcd4fd7f27676941ed558d0ba7b6f636d74624f371acff14436c7a361c9958f4131f49493cadf95fd38f4ffdf583a30a344 |
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\css\weather.css.Fuck you
| MD5 | 3d592e46f2181e837e2c069da58cd174 |
| SHA1 | 720cd98746844ed98fa3fe80873f3ef7d42afd5c |
| SHA256 | 93c596e74fe19c8e797d02f3904dad057033375822bb9ff6f545c887f9a7dd0f |
| SHA512 | 395712b20fafd93fcb2f1b08158e3e7b578560fbb95841643b1713b71dfe3eabb8af545d9172496d97966915536488e07956d81cc12d5d9e0919c949da8c3f08 |
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\highDpiImageSwap.js.Fuck you
| MD5 | 33206cdc9dce04864311c453016354bd |
| SHA1 | 4ffce2c0aac7779b566c627ad6902f8fb7390b36 |
| SHA256 | 9098e793147df26b5a5b893fe39802d441dc06df1322e5a1e7e2b139897ee4a8 |
| SHA512 | 07e2380d7d628576e4833662f2f7c991700e64a6c32271a58d9ee893bddd4b4f5d18dd479a0fa3893ce50245edcbbc09f83f18ace1a9c0f9c03278537f63140b |
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\library.js.Fuck you
| MD5 | b1ac3b34a2a3b32c1c1cd86498879401 |
| SHA1 | 131b2607093e27348ec88aa58ccd1bb1ef9fdbfa |
| SHA256 | 061ba27765fe8754682e0f832a8af79a63ffcb56d10b936665cf097659f777ae |
| SHA512 | 78ca1cea40398c942f2380eab0ca29be7608c94bcf7915799f4be3181dd005cd41f879202f905a9f27bc21fba4fad46693ecd86e8f7b02041a07938743e9f4fb |
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\settings.js.Fuck you
| MD5 | 8466a73753b7e15db6e9be68324daab4 |
| SHA1 | 4d04c4d5dbd7ac7aea17b0c666f64977ba807b07 |
| SHA256 | 964660ff371a9bc85f58d6d57eb1be577b605845e038b18234f2b707e56f54a4 |
| SHA512 | f7735efb13e0e0bf8ddf51ea3de561fe6ba287f18b5f88102d4a6ee10edfeba162b1f5b4487d1f0db4ea8117c7acd48b2743bd9d16657c463e5d018068421e89 |
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\weather.js.Fuck you
| MD5 | 0de6056a58506ded4fc72923762589e5 |
| SHA1 | 934978fce6b045297a8162c70828a0ad76752976 |
| SHA256 | 205f74b34ae25adf4b02c4adfd6a3724f8fe2af2e14698dfd95a4afd4386228c |
| SHA512 | 28ed996abca975b9ddfcf1d08b1a333e4b2937fe8b0fe8a0d17470acd7ad0ee3ed34fd58302ffb17d7956e228be00c92466ef4301190dc8f5fd521a66d08345f |
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.Fuck you
| MD5 | b3cc5c62684af983a7cef0e62d4c6ccb |
| SHA1 | 4500c78fcf444e7b8f85a38feb554c9ec99f8473 |
| SHA256 | 83c7bc2cc6464c4009affcb8c91a84d91a1237e97125175f4158a348829f382a |
| SHA512 | 82549dbf4f95b362661d0386f432b3e78c80e09e4a6db35cf89b3c1a817af7c5eab896838b78662dc82eb6511f357f9634359805de5206c8175e53fc553ea657 |
C:\Program Files (x86)\Microsoft Office\Office14\1033\INFOPATH_F_COL.HXK.Fuck you
| MD5 | 2eec9db222794adac142c4b8f6752ca2 |
| SHA1 | 2a5a0bba79c89f05e21383fd37f6283294fbe673 |
| SHA256 | 2203487e586a54746a1b819161d51fbba388af44bb22e67537591f8e6adc2ca6 |
| SHA512 | 5e8b561d320502b33cdf3e0e27a9bb09abf2e591d2fe58193f1b7211ed6180855dfa64ec6b3b3fbe16f6944a3ea3a41069a0b16c53ca4169946e046c7f6597a0 |
C:\Program Files (x86)\Microsoft Office\Office14\1033\INFOPATH_K_COL.HXK.Fuck you
| MD5 | cefa484ab0dfc86ab1f11b77eb0e2b52 |
| SHA1 | 4cfbb072d83d0dfffab83592ed2fba1becfb3a17 |
| SHA256 | 3ab48112bad28776fbdd3bcae44063de147c8f71bfc2813e7011ea0f3713f522 |
| SHA512 | 45be0467b20966c1fbc31a86ad0a62b33b8544740f1ef2e57e4f0f206360ec8c0a96f4e34017ec9351135ed8c251da1fd3e72fd11e346962a793334d0e505863 |
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightYellow\TAB_ON.GIF.Fuck you
| MD5 | 4bfec07229f8d10237ba2b3a5af709b6 |
| SHA1 | 865f64de77913e04b71b27c69a0fe91b52035b87 |
| SHA256 | 9503032cb9074851c8bfe9da748a345168b8edc0ca6618a16b32480fe8f4f56e |
| SHA512 | 2c5a87f4d781b61f8f231029ec53579f0911c61ea92649ce573c9bedab1c5f1170e67db04ac827643009a0176d46762658c35d1e849c4c58d20a7540985f4ac0 |
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightYellow\TAB_OFF.GIF.Fuck you
| MD5 | 90179e1ad2228ad22aa394dd04ff684c |
| SHA1 | d5dd8572e6ef8c39b0d7899617d95a2ea81035cf |
| SHA256 | 655169b77f851e0803e24dcbd72a294a26c7e5333a4088eaa898e685b5196b59 |
| SHA512 | 0509d570454e9f83a284b5ab149d7784e1e9bd4055ad2da7153eff54be9e8c44c3725b79b3d56f02e2d39a232fe35d541fc14cbac928a95b5f73e5c2c21dff59 |
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\BUTTON.GIF.Fuck you
| MD5 | f5eaeed9d0b2d44982ffe9bdcb88ab42 |
| SHA1 | 4e626c1cbac60637c6818d13f47dd13b58bb89d6 |
| SHA256 | f2b01f191a8fde9220ef1a399b7b185eccd6580c387545790d939312f773a11a |
| SHA512 | ffcbb7b54a2e914a4e7361eac024896ac89c0d9a64db92f154a85daa2550acc7d517f1adf90b2fc820026de8ef802c14d09652e0b4460ae07cfe7411ba59f587 |
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\TAB_OFF.GIF.Fuck you
| MD5 | 116bdfdf8989c292d0620412bb9cd7b0 |
| SHA1 | 65e823bfc2e21a6f54a743e492060bf8aaa9db4a |
| SHA256 | 76b67908698f4f44bf5112668be69b6be4ae3b9a09467e36913ca717b7d6eceb |
| SHA512 | c5f88fc94bc6d91d437c7ffe181475da0cbb098481421c8eabac1cfc85a19fb23324aa5773869ea3efa99ba87909673b531ae821abc1c6e6c40f97b9b78e4191 |
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\TAB_ON.GIF.Fuck you
| MD5 | fd995de86764cf4d15e1cbf3d473364b |
| SHA1 | e6a8ec77cb5c8e5b0d17a2ca06d0d2a94813cb1d |
| SHA256 | 6a7b81d58745e74ea0dc5f04c279a805548a51653fe7c922d2ce8d9af7a83aa1 |
| SHA512 | 074d0f804b0e3d1b36f506f5ac5b7122a6152752bbf6d5ef2045519d278adc8450c157f586b7d44af6b0bd588879f94de2ceb187e30d21ba7f9e7c9fb5514a4d |
C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.NO.XML.Fuck you
| MD5 | 596d84d2d743805765344dab32198cac |
| SHA1 | 9b86d88ee6b63b01ac353f0b5d2b268b86faa193 |
| SHA256 | d7e0cf96844a18fd12d7f872d296fffb10c54e3861a8f61510fa975bb8fd3a20 |
| SHA512 | 174f6fb12c18bf731a8e04576df5916d9bbf71455cab78672570cb6950bcc012574b502cee8629c1a05e67f7a3b55662bbc6435230035538ecf0d3dc78da2d2f |
C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\css\currency.css.Fuck you
| MD5 | 07508bde5d09f941a70f0bfecab44ae8 |
| SHA1 | e8bb6bfd5676028d1deef3d76c32de3c0f7030f0 |
| SHA256 | 2ba3dca4190e0b84c95e8c9c445c62b54ea6cf5d48048c455125558babc69020 |
| SHA512 | ebed159045b790a5663adeb820f5bb40dc5528822fd2ed42638e520dec56e6e44e5b273c88035eb5df2ae5d027bc4b1cb0a3e8534ae58e40a31cb23795fa49be |
C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\19.png.Fuck you
| MD5 | 920627df0f5bd4f36b3f6b1c365d2bf6 |
| SHA1 | ca1b93c111f26b785ef498f6ba55ee50d869c730 |
| SHA256 | e8c2d0242745479127d977c03fdb33d34f222844ffa15f346e6ad5ebc4918dec |
| SHA512 | ed7614f43e57cd3702eef8de1b9529c0a106c8fb806a51c001d617a83e4713c78f85a9b9ed5220a9507fc94e93aebd08b05212e892e8d20a06b4cb78a245b8db |
C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\24.png.Fuck you
| MD5 | 9bfc405b90abed00e29c992ec681e422 |
| SHA1 | e05a3c61336c14c6b955cf91c2de677c1778a6da |
| SHA256 | c0a4f31545e4e5a7ca0e4f2ee4444c2b852cc78c58bf3121954a871e82bfe6d0 |
| SHA512 | 09812146f4e0f1b04acd9c34f775259852a70e1cd5495a22191bc7e053d1cd97cb1859dcb66769f45144e64d03e9644f2d969b9a2f80adb3b7eeede064bbdd8a |
C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\27.png.Fuck you
| MD5 | ef0436ba7b22c399775099980341f9c5 |
| SHA1 | 1bb248334d723b9476132daa6375d7fd720a6731 |
| SHA256 | a6d6c2cf99cc75e3b9d7b39118281c2c0085e3962427b8c9d647e5abfdff0500 |
| SHA512 | ab685c1b40ff95cf5cd47276bbad2638606f185f7ef474d4c889e6ee418ec13734ef304dd1e03389b54abdb4cd3f82b77d29ab9ae2e85ae7d12879f39c62526d |
C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\29.png.Fuck you
| MD5 | 77c58931ab36836dc70a3fadd1075fbd |
| SHA1 | 2c1558b05f6ee8527c5e4b007378da16f1416818 |
| SHA256 | 925e4892354f7ccd8f8865bf652dbee8d14fc0818fd14cb948a97988158b4e3c |
| SHA512 | 8043ae34c02996629a9a34756b4a7ca054e6cad8be02062350c7c68ebebae3d7ccb9413e31eba8959d06b0963ec8e85ac85759103b719f02d0ef5f8b6d01c641 |
C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\32.png.Fuck you
| MD5 | e6aabc67d72163ba964865cee381fc19 |
| SHA1 | e538137e840f21320673fd16527b8807b1264bf0 |
| SHA256 | 733db7532e36ef97e47c61802c27bd7de75e7da124514e295b8ccc7a6d9e9259 |
| SHA512 | 926a5ce508584a741c78a16fc8f49e7f4eeacda356016c0b5fce60c75c872784b97bb041b50efd16e1075d4e5704acd7626b6580f937646065fba6f88bebf815 |
C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\6.png.Fuck you
| MD5 | 49f710c4e939ed2ec18ffd20ec95609d |
| SHA1 | b983e82c682d0555ebd764f1e7062f6c0544250e |
| SHA256 | 3115b0e508d5ac4e7b39419189782043917095edc7269b1c4997c751e352f4bd |
| SHA512 | fb439d2b8d4dc6117e9325064164c86fbc223830c94453ec57c16408f7980f92bba01a65b3fe586fb3c1957b02a7ffc1b45971e38232ea3b393c47c9dc856e5b |
C:\ProgramData\Microsoft\Assistance\Client\1.0\it-IT\Help_MValidator.Lck.Fuck you
| MD5 | 9facbcc1531f6f51a63ca8a5239d16ca |
| SHA1 | ed8dbd007206965a870b5c336d157df9263d2bdd |
| SHA256 | 94156deee2c5252e30cf390d23e8f29885ae5647d283c481a5c322efc11aeec5 |
| SHA512 | 83a5d25335f6e6e4664a3d200d3be9a894bc28eb5eb4d70a7aea249f636440e78316766583230dc066ed53faa64a0a3472bb3ad794ec07e1697fdae8637b2e79 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\CURRENT.Fuck you
| MD5 | 6fcd9f4b14c39d39ed9939c5ff2143be |
| SHA1 | 171ab7b2876958184fdf9c1c06e6912dc60456f0 |
| SHA256 | 855081c987da40d85853199d16a4478ad44959d5ff7aacbae3e1596e40444b71 |
| SHA512 | 695f826cf07ee8a006b8e7dc5555275914a14646c0da778c23ddf1f3012fb2dfc1121c3f337a742039c60a4970fd5085ec78099cceec8760eb545ec856db7e67 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_2.Fuck you
| MD5 | abb3192098a75c4466a7bbb91b751f74 |
| SHA1 | 5c8e759d3f1908e0137b1d1f77944990bc9d4f7d |
| SHA256 | 3d10f60581582056791ada9cb000c5627312f4c33ea0bf09a34bc0d61e0b35f6 |
| SHA512 | dd0ac5ccf21024a63c777d201a82ad4df2ca23e1f211e812356bab38a6622fb29ad67d2bcdb75e015ac51826e29296bc0524c9489b710d984fab5f93ba38fb39 |
C:\Users\Admin\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\MSNBC News~.feed-ms.Fuck you
| MD5 | 6fc1b9cef750b7d4c75958276cf12f28 |
| SHA1 | aba37e2f5104c84ac21e9a6ad200eb2fd1d39033 |
| SHA256 | 1c443d1f970a5cb4b541fe65ac66864e420a98893d792b89f9e5042721569501 |
| SHA512 | 7e87768c1f799d574a6fd587ca346c23a54e479469d693c8e92ef0770dbaf53973deac4c2b3b66c014e5bac0acb05e3cd43d2c56f362b0c799661545107f5d4b |
C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery\Pretty_Peacock.jpg.Fuck you
| MD5 | cba4994891636e6d16a484dee6efe3c5 |
| SHA1 | 936af9d467feeb11eae6d6e6c4a02af50c9e35db |
| SHA256 | 550039a034daf35d8daf6ed8798447d01e657e871da639f8baf9156906c0e328 |
| SHA512 | 7e3a6d40b937ec6b641a2269c8b75d6ff69bc711e36e22da116ff7c282321ce12eea09f1d1872573fbcc9b20042ff2b8245a37f23531dc30c1a88877202485e3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\m9nu9nej.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite.Fuck you
| MD5 | 2e911f895b8a5ef2f9d621b28839f931 |
| SHA1 | ec0cacf2c3c2d7c1ebc46e97ca3723aae9200501 |
| SHA256 | be564d42ff71af84decdd05fa6190664a1f873d88935905f612b92c966f644f2 |
| SHA512 | 6a43f9ede24356be3398fbc27f7f26ecbe8ca0dda278435f642cae9197969ab5773736b9162bf3dc58e71c4f3497479fdfcf2c5c3d85e9a5dff037d01c1bef0b |
C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\folder.ico.Fuck you
| MD5 | 6ac9d4735e2b77c2b55e47587b4d2303 |
| SHA1 | feb0d79fe49b1e803bfbffe8f197a3431842405c |
| SHA256 | 2f54e9bd5d3b1950db33b3de5e9b7a6d85cb8c10244c86c5b6d22bfaf6ca391c |
| SHA512 | 17f6385ffc3bd9c7fed3185fab4b8ff4defc0d06af14731214da9db77c584a48eec08785e7112e4f10c1095771f9004c6d4ab6579f27c55d60cdbb250ad1d0b5 |
C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\resource.xml.Fuck you
| MD5 | 95cdbce34d501e245114e35e968cdc74 |
| SHA1 | 2f05aec351f0d9c929d459661cae91ac78987cdd |
| SHA256 | 9bf88f04cf681d973f39b04e89a5ca8aebd6a6b586cd3d79bfe490c8ef383ee1 |
| SHA512 | 07ad5c5ed2c6ad6567f59cbb7c8c20925a674eb8c38bbab8806670ab2e2684f4d7f0e7308ee09d826d9862a05265c4a659457455f7431e306eb11020c5013717 |
C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png.Fuck you
| MD5 | 7ddb3bba5fef1481080d4d1ee8e51cc3 |
| SHA1 | 05a5102556e96e8ee437d2422396f8109c2e7723 |
| SHA256 | ec6bd88dbafcec985d91db43009b9e9bdc9eee34fe243e0ee3f0f57d3c68cfb8 |
| SHA512 | fb3c174c870204cfeada7caf60fb683703a9dbe70e96cb77e282544511703043376d07bc56c354a68c97cbd0923b3ea64f9cf30cfcf6715703ef8f294a777a56 |
C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png.Fuck you
| MD5 | 72ca9fee5463c2bd659d3db885682942 |
| SHA1 | 50effd260b7e29eb651f633854740b77f98824da |
| SHA256 | 37662f12636069774745f9e3c0502c16792ec21299b126ff8debe99e9d426174 |
| SHA512 | 8d6adfcf7e9c897f1cb001ea20627160bb010f2165790eae8eedb5f652a1b786cf650f33088591f2815b10f06a6b635c121b6694654b9543b7e48b620a26a4de |
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAB0002.000.Fuck you
| MD5 | 2646ce284e24e9317c1d778120fedcc2 |
| SHA1 | 20057a84ae18417872c76b392a40fd4f1d9577fc |
| SHA256 | 653588bbe0493f23a1b0db185217f9b9b312fef36c949db6fc9f86680078727c |
| SHA512 | 313d71b3504d615dbb2f8f3fcf956fcbe2d411ceaccea83d2526e58da9aabe53f620b2856c3a19a8678e639024a9d1ea585ed75b77e67150b772ba731bb1fa93 |
C:\ProgramData\Package Cache\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}v12.0.40660\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.Fuck you
| MD5 | 01f100b261d2c29875872ee11b6eebc9 |
| SHA1 | 794fa99900f9d5ac1968502cfc6cf4a0adc76c96 |
| SHA256 | 63e0e381a1d9910dae0297d16b27d0e8c189b3bb4d23fb2c37406214d29ca03a |
| SHA512 | fa3fc70ecedfb731031f48a21e0262921c5f7e72983a70b53ad500800c18276040beed98d5f98dfc7901652c9e894e96dafed3c8c8115c3922b9e809e35f5ff6 |
C:\ProgramData\Package Cache\{662A0088-6FCD-45DD-9EA7-68674058AED5}v14.30.30704\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.Fuck you
| MD5 | 9bc0e4fe1ccce38608d7d64ea850303e |
| SHA1 | 39929aab5e69d2396f6900e80e5976c469096b2c |
| SHA256 | 6486afdfe5a34aedbc23bf55e35a32b06c91fd02050b75f492207eafb218ba75 |
| SHA512 | 8264c51f4544f64a3d39fc5a110b903d7e7da1c0d96101f5548284c377ba1d3cfbc5d7054f4a442b8d4aa5cb96095d631a5af96abfb5aab807e2e1eb2da1f035 |
C:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.Fuck you
| MD5 | d9838a736619bf237726cfb934f205da |
| SHA1 | de579826cb09b06e448728c797e06ad5bc9788f4 |
| SHA256 | ea8113fd03d08155a78248d915ce719dd29331e2f979b41b3634132c09830e20 |
| SHA512 | 6240e027056e1f86aa52b094ec41401c51fb87939a072f60ff239937e708a4c5056b7e1cfc02ac3ee28c24970ae3904435a138ba80e100b54bfc50ae32ec9bb1 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-03-21 01:05
Reported
2024-03-21 01:07
Platform
win10v2004-20240226-en
Max time kernel
152s
Max time network
144s
Command Line
Signatures
Renames multiple (2575) files with added filename extension
Possible privilege escalation attempt
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Termite.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Payment.exe | N/A |
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Termite.exe = "C:\\Windows\\Termite.exe" | C:\Windows\Termite.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Payment.exe = "C:\\Users\\Admin\\Desktop\\Payment.exe" | C:\Windows\Termite.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\system32\mswsock.dll | C:\Windows\Termite.exe | N/A |
| File created | C:\Windows\SysWOW64\mswsock.dll | C:\Windows\Termite.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_MAK-ppd.xrm-ms.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_MAK_AE-pl.xrm-ms.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\1033\CT_ROOTS.XML.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-white_scale-180.png.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ink\tr-TR\tipresx.dll.mui.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pt-BR.pak.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Retail-pl.xrm-ms.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Grace-ul-oob.xrm-ms.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_KMS_Client_AE-ul-oob.xrm-ms.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-black_scale-180.png.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ink\de-DE\TabTip.exe.mui.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Java\jdk-1.8\legal\jdk\joni.md.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\lib\ext\sunjce_provider.jar.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail-ul-oob.xrm-ms.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC_K_COL.HXK.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\MSIPC\ar\msipc.dll.mui.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL044.XML.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\fre\StartMenu_Win8.mp4.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_EnterpriseSub_Bypass30-ul-oob.xrm-ms.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Trial-ppd.xrm-ms.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_KMS_Client-ppd.xrm-ms.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.scale-140.png.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Constantia-Franklin Gothic Book.xml.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp6-ul-phn.xrm-ms.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Retail-pl.xrm-ms.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLN.PPT.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Document Themes 16\Wisp.thmx.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_OEM_Perp-ul-oob.xrm-ms.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\7-Zip\Lang\sk.txt.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\excelcnv.exe.manifest.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\7-Zip\7-zip.chm.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\lib\deploy.jar.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-bridge-office.xrm-ms.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Grace-ppd.xrm-ms.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_MAKC2R-pl.xrm-ms.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\mscss7wre_fr.dub.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_altgr.xml.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessDemoR_BypassTrial365-ppd.xrm-ms.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Retail-pl.xrm-ms.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Retail-pl.xrm-ms.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\7-Zip\Lang\en.ttt.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Java\jdk-1.8\jre\lib\deploy\splash_11-lic.gif.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\COPYRIGHT.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_MAKC2R-ppd.xrm-ms.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_KMS_ClientC2R-ppd.xrm-ms.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\WordVL_MAK-ul-oob.xrm-ms.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-black_scale-100.png.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\MSIPC\it\msipc.dll.mui.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\7-Zip\Lang\hu.txt.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ink\it-IT\tipresx.dll.mui.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ink\sl-SI\tipresx.dll.mui.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\lib\fonts\LucidaBrightDemiBold.ttf.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\MSIPC\lt\msipc.dll.mui.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Trial-ul-oob.xrm-ms.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ink\ja-JP\tabskb.dll.mui.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Java\jdk-1.8\jre\lib\management\jmxremote.access.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Trial-ppd.xrm-ms.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail2-ppd.xrm-ms.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Java\jdk-1.8\legal\jdk\unicode.md.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_MAK_AE-ul-oob.xrm-ms.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\MSIPC\sr-Cyrl-RS\msipc.dll.mui.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\hive.xsl.Fuck you | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.sig.Fuck you | C:\Windows\Termite.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Termite.exe | C:\Users\Admin\AppData\Local\Temp\2024-03-21_96b8036f361b0d093394bea6e30fbe40_termite.exe | N/A |
| File opened for modification | C:\Windows\Termite.exe | C:\Windows\Termite.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Fuck you\DefaultIcon\ = "C:\\Users\\Admin\\Desktop\\Payment.exe,0" | C:\Users\Admin\Desktop\Payment.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.Fuck you\ = "Fuck you" | C:\Users\Admin\Desktop\Payment.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Fuck you\ | C:\Users\Admin\Desktop\Payment.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Fuck you\Shell\Open\Command | C:\Users\Admin\Desktop\Payment.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Fuck you\Shell\Open | C:\Users\Admin\Desktop\Payment.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Fuck you\DefaultIcon | C:\Users\Admin\Desktop\Payment.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.Fuck you | C:\Users\Admin\Desktop\Payment.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Fuck you | C:\Users\Admin\Desktop\Payment.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Fuck you\EditFlags = "2" | C:\Users\Admin\Desktop\Payment.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Fuck you\Shell | C:\Users\Admin\Desktop\Payment.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Fuck you\Shell\Open\Command\ = "\"C:\\Users\\Admin\\Desktop\\Payment.exe\" \"%1\"" | C:\Users\Admin\Desktop\Payment.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: RenamesItself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-03-21_96b8036f361b0d093394bea6e30fbe40_termite.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-03-21_96b8036f361b0d093394bea6e30fbe40_termite.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-03-21_96b8036f361b0d093394bea6e30fbe40_termite.exe | N/A |
| N/A | N/A | C:\Windows\Termite.exe | N/A |
| N/A | N/A | C:\Windows\Termite.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Payment.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Payment.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-03-21_96b8036f361b0d093394bea6e30fbe40_termite.exe
"C:\Users\Admin\AppData\Local\Temp\2024-03-21_96b8036f361b0d093394bea6e30fbe40_termite.exe"
C:\Windows\Termite.exe
C:\Windows\Termite.exe
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysNative\mswsock.dll"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysNative\mswsock.dll" /grant administrators:F
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\mswsock.dll"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\mswsock.dll" /grant administrators:F
C:\Users\Admin\Desktop\Payment.exe
C:\Users\Admin\Desktop\Payment.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4092 --field-trial-handle=2276,i,11674642242468042059,14711253743544118298,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 2.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.141.182.52.in-addr.arpa | udp |
Files
C:\Windows\Termite.exe
| MD5 | 96b8036f361b0d093394bea6e30fbe40 |
| SHA1 | 117ea2ef8c960c86eb829ce3b937307a0964bd68 |
| SHA256 | 5d0083f61a95508aeac3d37fbc1f21260ab09e2bf79f469feb93790bd201e5b4 |
| SHA512 | 47dc01cbe0e800d9ffbb738398af84388efadec99d1123dea247527c0afd5ce0bffa4c87b4399bd45aad8739015c34d87a5f0dfd6ac991493acfabd7034ad9c3 |
C:\Users\Admin\Desktop\Payment.exe
| MD5 | 9f9bb9ee4952cb514089910e19eac5c4 |
| SHA1 | c57f604e8eca50df40df93a6b0c3d65ab8d3b198 |
| SHA256 | 0c9844f11b7b57547891b3cec86bd3468734a990768dd9f7a9a72cf6a908b17a |
| SHA512 | 8661c46618d0f8454a278d6a4e1b85fd9c9656c2e59feb6851087bfcdb53bba5015ce023cf6d0504dc899ae6fbbd4f413b45228eb2c8eb6965912cb32482d14f |
C:\Users\Admin\Desktop\Payment.exe
| MD5 | 3a02b00cd0ef8b5e75214128319eef9e |
| SHA1 | ddce633fed2f4d620c73f5c32942f6687da7285c |
| SHA256 | 8ea4ebd4a36ec0433abe2c91d1ed5785fd63eb0e3c19706d161562cafd28f84f |
| SHA512 | f74ba3564b2a2c1a6a5ffe9218ffeb2d4860ab07acc187dbf8de9eb2f6290eeea73a6789d07465fc6287acfa67e75c9a924ca895a708205d740442ac0160c9fd |
C:\Program Files\Java\jre-1.8\lib\images\cursors\invalid32x32.gif.Fuck you
| MD5 | c636a07477a11b9d7f16630a19a3cda6 |
| SHA1 | c29cf8d773ef1e317c6ea89fd8474c91ddf3fc5c |
| SHA256 | 5c1d397d14fecb955315e2ceba5cc7e6025556374577c8bcffed5c670a92907d |
| SHA512 | f22e162d0b8a52fa6faeb91070cdba82de385c85a3571cfda5a5dd4f533f06940b158ea021649251b44ab2c900e531f629151136520209b7078b2482c26b6187 |
C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_F_COL.HXK.Fuck you
| MD5 | 2eec9db222794adac142c4b8f6752ca2 |
| SHA1 | 2a5a0bba79c89f05e21383fd37f6283294fbe673 |
| SHA256 | 2203487e586a54746a1b819161d51fbba388af44bb22e67537591f8e6adc2ca6 |
| SHA512 | 5e8b561d320502b33cdf3e0e27a9bb09abf2e591d2fe58193f1b7211ed6180855dfa64ec6b3b3fbe16f6944a3ea3a41069a0b16c53ca4169946e046c7f6597a0 |
C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_K_COL.HXK.Fuck you
| MD5 | cefa484ab0dfc86ab1f11b77eb0e2b52 |
| SHA1 | 4cfbb072d83d0dfffab83592ed2fba1becfb3a17 |
| SHA256 | 3ab48112bad28776fbdd3bcae44063de147c8f71bfc2813e7011ea0f3713f522 |
| SHA512 | 45be0467b20966c1fbc31a86ad0a62b33b8544740f1ef2e57e4f0f206360ec8c0a96f4e34017ec9351135ed8c251da1fd3e72fd11e346962a793334d0e505863 |