f40b99d2552ecb56d072caa1b94185ae5874b86c2b6d9166f0225ad9be46ada9

Analysis

max time kernel
150s
max time network
117s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
27-04-2024 00:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-04-26_760668c1961f3b473cc0046981d4b21e_termite.exe
Size

1.9MB
MD5

760668c1961f3b473cc0046981d4b21e
SHA1

932cee12df51acdc8e9e614e39b0a3d7c1fe6766
SHA256

f40b99d2552ecb56d072caa1b94185ae5874b86c2b6d9166f0225ad9be46ada9
SHA512

1a1b99ba2b70ac159b2219fe6bb13cfe1932d7c82fbd846b776791882d382983f51b019dfa87eb1f2641cf80a36977f00a194b5866264c52c24e953fd81428d4
SSDEEP

24576:tnxLSUXY7WSIGgjxvYaxKMiZA+yH6uw1ECvGX6H7O3YpPNaG:txOUpSIZtv1xim+y6HLOO3

Score

9^/10

discovery exploit persistence ransomware spyware stealer

Malware Config

Signatures

Renames multiple (8473) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware
Possible privilege escalation attempt 4 IoCs
exploit

Processes:

takeown.exeicacls.exetakeown.exeicacls.exe

pid process

2892 takeown.exe
2512 icacls.exe
2608 takeown.exe
2676 icacls.exe
Deletes itself 1 IoCs

Processes:

Termite.exe

pid process

1616 Termite.exe
Executes dropped EXE 2 IoCs

Processes:

Termite.exePayment.exe

pid process

1616 Termite.exe
2308 Payment.exe
Loads dropped DLL 2 IoCs

Processes:

Termite.exe

pid process

1616 Termite.exe
1616 Termite.exe
Modifies file permissions 1 TTPs 4 IoCs
discovery

File and Directory Permissions Modification
T1222

Processes:

takeown.exeicacls.exetakeown.exeicacls.exe

pid process

2892 takeown.exe
2512 icacls.exe
2608 takeown.exe
2676 icacls.exe
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

pid	process
2892	takeown.exe
2512	icacls.exe
2608	takeown.exe
2676	icacls.exe

pid	process
2892	takeown.exe
2512	icacls.exe
2608	takeown.exe
2676	icacls.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

Termite.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Run\Termite.exe = "C:\\Windows\\Termite.exe"	Termite.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Run\Payment.exe = "C:\\Users\\Admin\\Desktop\\Payment.exe"	Termite.exe

Drops file in System32 directory 2 IoCs

Processes:

Termite.exe

description ioc process

File created C:\Windows\system32\mswsock.dll Termite.exe
File created C:\Windows\SysWOW64\mswsock.dll Termite.exe

description	ioc	process
File created	C:\Windows\system32\mswsock.dll	Termite.exe
File created	C:\Windows\SysWOW64\mswsock.dll	Termite.exe

Drops file in Program Files directory 64 IoCs

Processes:

Termite.exe

description	ioc	process
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Yerevan.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465	Termite.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\FRENCH.LNG.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465	Termite.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\MENU.XML.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465	Termite.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\css\RSSFeeds.css.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465	Termite.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\stopNetworkServer.bat.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465	Termite.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.historicaldata.zh_CN_5.5.0.165303.jar.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465	Termite.exe
File created	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\NA00396_.WMF.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465	Termite.exe
File created	C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02218_.GIF.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465	Termite.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\RESUME.XML.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465	Termite.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\FlickLearningWizard.exe.mui.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465	Termite.exe
File created	C:\Program Files\Java\jre7\lib\zi\CST6CDT.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465	Termite.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\gadget.xml.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465	Termite.exe
File created	C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\J0205466.WMF.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465	Termite.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychart.ui_5.5.0.165303.jar.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465	Termite.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page_PAL.wmv.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465	Termite.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\7.png.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465	Termite.exe
File created	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0107744.WMF.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465	Termite.exe
File created	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\SO02958_.WMF.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465	Termite.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\1047x576black.png.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465	Termite.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.ecore.change_2.10.0.v20140901-1043.jar.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465	Termite.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-templates.jar.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465	Termite.exe
File created	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\BS00443_.WMF.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465	Termite.exe
File created	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0195254.WMF.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465	Termite.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Maroon.css.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465	Termite.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\play_hov.png.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465	Termite.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationRight_ButtonGraphic.png.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465	Termite.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setEmbeddedCP.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465	Termite.exe
File created	C:\Program Files\Java\jre7\lib\tzmappings.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465	Termite.exe
File created	C:\Program Files\Windows Mail\de-DE\msoeres.dll.mui.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465	Termite.exe
File created	C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Colors\Essential.xml.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465	Termite.exe
File created	C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Effects\Apothecary.eftx.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465	Termite.exe
File created	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18187_.WMF.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465	Termite.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\Certificates\Verisign\Components\VeriSign_Class_3_Public_Primary_CA.cer.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465	Termite.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\babypink.png.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465	Termite.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-dialogs.xml.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465	Termite.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.DE.XML.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465	Termite.exe
File created	C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\J0300520.GIF.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465	Termite.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\css\settings.css.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465	Termite.exe
File created	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0106816.WMF.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465	Termite.exe
File created	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PE05930_.WMF.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465	Termite.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465	Termite.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.core_5.5.0.165303\feature.xml.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465	Termite.exe
File created	C:\Program Files (x86)\Microsoft Office\Document Themes 14\Thatch.thmx.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465	Termite.exe
File created	C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Effects\Opulent.eftx.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465	Termite.exe
File created	C:\Program Files (x86)\Windows NT\TableTextService\fr-FR\TableTextService.dll.mui.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465	Termite.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host_ja.jar.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465	Termite.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-backglow.png.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465	Termite.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\es-419.pak.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465	Termite.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Maceio.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465	Termite.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ql.nl_zh_4.4.0.v20140623020002.jar.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465	Termite.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\browse_window.html.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465	Termite.exe
File created	C:\Program Files\Windows Defender\ja-JP\MpAsDesc.dll.mui.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465	Termite.exe
File created	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0291794.WMF.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465	Termite.exe
File created	C:\Program Files\DVD Maker\bod_r.TTF.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465	Termite.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\1033\ReviewRouting_Init.xsn.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465	Termite.exe
File created	C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.VisualBasic.Targets.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465	Termite.exe
File created	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\NA02400_.WMF.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465	Termite.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color48.bmp.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465	Termite.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\fr-FR\js\calendar.js.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465	Termite.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\VIEW.JS.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465	Termite.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipBand.dll.mui.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465	Termite.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\buttonUp_On.png.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465	Termite.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\EDGE\PREVIEW.GIF.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465	Termite.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\FREN\WT61FR.LEX.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465	Termite.exe

Drops file in Windows directory 2 IoCs

Processes:

2024-04-26_760668c1961f3b473cc0046981d4b21e_termite.exeTermite.exe

description	ioc	process
File created	C:\Windows\Termite.exe	2024-04-26_760668c1961f3b473cc0046981d4b21e_termite.exe
File opened for modification	C:\Windows\Termite.exe	Termite.exe

Modifies registry class 11 IoCs

Processes:

Payment.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465\Shell\Open\Command	Payment.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465\Shell	Payment.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465\DefaultIcon	Payment.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465\EditFlags = "2"	Payment.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465\	Payment.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465\Shell\Open	Payment.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465\Shell\Open\Command\ = "\"C:\\Users\\Admin\\Desktop\\Payment.exe\" \"%1\""	Payment.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465\DefaultIcon\ = "C:\\Users\\Admin\\Desktop\\Payment.exe,0"	Payment.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465	Payment.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465\ = "trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465"	Payment.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465	Payment.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

Termite.exePayment.exe

pid	process
1616	Termite.exe
2308	Payment.exe
1616	Termite.exe
2308	Payment.exe
1616	Termite.exe
2308	Payment.exe
1616	Termite.exe
2308	Payment.exe
1616	Termite.exe
2308	Payment.exe
1616	Termite.exe
2308	Payment.exe
1616	Termite.exe
2308	Payment.exe
1616	Termite.exe
2308	Payment.exe
1616	Termite.exe
2308	Payment.exe
1616	Termite.exe
2308	Payment.exe
1616	Termite.exe
2308	Payment.exe
1616	Termite.exe
2308	Payment.exe
1616	Termite.exe
2308	Payment.exe
1616	Termite.exe
2308	Payment.exe
1616	Termite.exe
2308	Payment.exe
1616	Termite.exe
2308	Payment.exe
1616	Termite.exe
2308	Payment.exe
1616	Termite.exe
2308	Payment.exe
1616	Termite.exe
2308	Payment.exe
1616	Termite.exe
2308	Payment.exe
1616	Termite.exe
2308	Payment.exe
1616	Termite.exe
2308	Payment.exe
1616	Termite.exe
2308	Payment.exe
1616	Termite.exe
2308	Payment.exe
1616	Termite.exe
2308	Payment.exe
1616	Termite.exe
2308	Payment.exe
1616	Termite.exe
2308	Payment.exe
1616	Termite.exe
2308	Payment.exe
1616	Termite.exe
2308	Payment.exe
1616	Termite.exe
2308	Payment.exe
1616	Termite.exe
2308	Payment.exe
1616	Termite.exe
2308	Payment.exe

Suspicious behavior: RenamesItself 1 IoCs

Processes:

2024-04-26_760668c1961f3b473cc0046981d4b21e_termite.exe

pid process

1964 2024-04-26_760668c1961f3b473cc0046981d4b21e_termite.exe
Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

takeown.exetakeown.exe

description pid process

Token: SeTakeOwnershipPrivilege 2892 takeown.exe
Token: SeTakeOwnershipPrivilege 2608 takeown.exe

description	pid	process
Token: SeTakeOwnershipPrivilege	2892	takeown.exe
Token: SeTakeOwnershipPrivilege	2608	takeown.exe

Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

2024-04-26_760668c1961f3b473cc0046981d4b21e_termite.exeTermite.exePayment.exe

pid	process
1964	2024-04-26_760668c1961f3b473cc0046981d4b21e_termite.exe
1964	2024-04-26_760668c1961f3b473cc0046981d4b21e_termite.exe
1616	Termite.exe
1616	Termite.exe
2308	Payment.exe
2308	Payment.exe

Suspicious use of WriteProcessMemory 24 IoCs

Processes:

2024-04-26_760668c1961f3b473cc0046981d4b21e_termite.exeTermite.exe

description	pid	process	target process
PID 1964 wrote to memory of 1616	1964	2024-04-26_760668c1961f3b473cc0046981d4b21e_termite.exe	Termite.exe
PID 1964 wrote to memory of 1616	1964	2024-04-26_760668c1961f3b473cc0046981d4b21e_termite.exe	Termite.exe
PID 1964 wrote to memory of 1616	1964	2024-04-26_760668c1961f3b473cc0046981d4b21e_termite.exe	Termite.exe
PID 1964 wrote to memory of 1616	1964	2024-04-26_760668c1961f3b473cc0046981d4b21e_termite.exe	Termite.exe
PID 1616 wrote to memory of 2892	1616	Termite.exe	takeown.exe
PID 1616 wrote to memory of 2892	1616	Termite.exe	takeown.exe
PID 1616 wrote to memory of 2892	1616	Termite.exe	takeown.exe
PID 1616 wrote to memory of 2892	1616	Termite.exe	takeown.exe
PID 1616 wrote to memory of 2512	1616	Termite.exe	icacls.exe
PID 1616 wrote to memory of 2512	1616	Termite.exe	icacls.exe
PID 1616 wrote to memory of 2512	1616	Termite.exe	icacls.exe
PID 1616 wrote to memory of 2512	1616	Termite.exe	icacls.exe
PID 1616 wrote to memory of 2608	1616	Termite.exe	takeown.exe
PID 1616 wrote to memory of 2608	1616	Termite.exe	takeown.exe
PID 1616 wrote to memory of 2608	1616	Termite.exe	takeown.exe
PID 1616 wrote to memory of 2608	1616	Termite.exe	takeown.exe
PID 1616 wrote to memory of 2676	1616	Termite.exe	icacls.exe
PID 1616 wrote to memory of 2676	1616	Termite.exe	icacls.exe
PID 1616 wrote to memory of 2676	1616	Termite.exe	icacls.exe
PID 1616 wrote to memory of 2676	1616	Termite.exe	icacls.exe
PID 1616 wrote to memory of 2308	1616	Termite.exe	Payment.exe
PID 1616 wrote to memory of 2308	1616	Termite.exe	Payment.exe
PID 1616 wrote to memory of 2308	1616	Termite.exe	Payment.exe
PID 1616 wrote to memory of 2308	1616	Termite.exe	Payment.exe

C:\Users\Admin\AppData\Local\Temp\2024-04-26_760668c1961f3b473cc0046981d4b21e_termite.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-26_760668c1961f3b473cc0046981d4b21e_termite.exe"
1⤵
- Drops file in Windows directory
- Suspicious behavior: RenamesItself
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1964

C:\Windows\Termite.exe
C:\Windows\Termite.exe
2⤵
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1616

C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysNative\mswsock.dll"
3⤵
- Possible privilege escalation attempt
- Modifies file permissions
- Suspicious use of AdjustPrivilegeToken
PID:2892

C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysNative\mswsock.dll" /grant administrators:F
3⤵
- Possible privilege escalation attempt
- Modifies file permissions
PID:2512

C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\mswsock.dll"
3⤵
- Possible privilege escalation attempt
- Modifies file permissions
- Suspicious use of AdjustPrivilegeToken
PID:2608

C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\mswsock.dll" /grant administrators:F
3⤵
- Possible privilege escalation attempt
- Modifies file permissions
PID:2676

C:\Users\Admin\Desktop\Payment.exe
C:\Users\Admin\Desktop\Payment.exe
3⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2308

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

File and Directory Permissions Modification

T1222

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465

Filesize
27KB

MD5
8041b13898e2ca361485dd41a82922e4

SHA1
01e09ab379e99fc78a147d1e881cf9e6c5cbd02c

SHA256
83d4d3be95a7c2e5513d36a4fc9c2e7e92dfd2b583c72444debdb43f552b061e

SHA512
5ab21a3ac1a2f969adeb9a7b28b5b6a36f41427430e202ee90cb41cb1164bf01ee0b197a5d3e5c1fa0d412148681c86496fbbd2a607c29eea32e6ac4a0cece62

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightYellow\TAB_OFF.GIF.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465

Filesize
406B

MD5
b953edc5cca7a0a1cb6db1895ef6531c

SHA1
7822326a96793300c6b002207b10ae80692fecfd

SHA256
a5e2afb2d060f5f627b39a17b86acff468a269d4e698c95430efcdfd3f951a56

SHA512
c227659bf9a69bc31df97bff85ef285f1f2d9b13cc2f119ef4d385e8273223d7af987334db7de630dbc238effed2563dabe9f4749edbb2f3fce88b84954fdc6f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightYellow\TAB_ON.GIF.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465

Filesize
286B

MD5
381f9e7cff54dbc3e4bb87f426377727

SHA1
9134f6da83f688212b97af136ade02787eb7eafc

SHA256
534f38e6597e9bb073f4cf3af3d7adeb2194fd08923a12d2f4b712716ef2958e

SHA512
33caabdc9b2e474a669f5dd8d6569faed47b2376e7719b4271c97a565cf8cfc781d33acd47f29ca6ac5a6e17f2eaf59bfbc973d262afb8bf574ba4d64a84355c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\INFOPATH_F_COL.HXK.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465

Filesize
174B

MD5
89421bedbde5b362bb286457f8d4c3e8

SHA1
5030c1470b8cdb13f28ea6d9e871947c6546c0fc

SHA256
6da97ccd3b82972d58650e1bade3f99628169b472a0a1e19f6cec5ff9f9f03e7

SHA512
4aaa742e31f606e8940c0598069821409b637f3804581b0d2a7661ec033a9b2e1bcdc917da390021bc33561a8b796952fa1c2aa7b4935ae10f4e1bbdc7b09162

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\INFOPATH_K_COL.HXK.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465

Filesize
174B

MD5
ba5d19310850507934732a99516067a1

SHA1
d7a219eeccd42a72679cf164b60ea7e033bc7b99

SHA256
50dbae37472148a1d0fcd1b28cef35576bb138c815797128f54be926c9b13a89

SHA512
32f515a36e3d2e1cf41539976f6bd4bb75e97d9343a58df8123e68c42f9ae7b24833e8b16e99daa470cf0b09a83b114eba1108a1a9377b5b43a1c52445fab0f8

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\BUTTON.GIF.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465

Filesize
246B

MD5
ea5b5bffd2a2c1ebbdf397c2b94c4dbf

SHA1
9c1cd34f8b77b41db4871a59955dc4db39594699

SHA256
f23b93c8e22af1f65777d379110e886305ec549445542d8ed9da04ebd1832bb0

SHA512
f2cdff6df1fbe064a6234c8d99306f451e9348249f5ddc5438ae7fdd8031301b294426188e7ca548387aef11f6e4d5ad281a238f6a218e36d5eb5a74bd4e4db1

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\TAB_OFF.GIF.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465

Filesize
558B

MD5
9068c83a3e6f283d87e0fd82577d0196

SHA1
d1a32cce08e14f091dbe21fe8bc2a43290316521

SHA256
69f3187b8b2336408fe3bec8232a8557a092eb808848007c2dc6c82ae9292cbc

SHA512
1c522bb7ef28c1d3fe51eff603cfd56624037cce78fdfd00d487aae0f14a2e99c761b6c734574bfa0c0f4318fedd2e58e55a7d8144890c383b48e249a16527aa

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\TAB_ON.GIF.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465

Filesize
1KB

MD5
390fca1c90fb5bb24c820d7e1a0b0b67

SHA1
01d20fc049d961f8d09e117e5b0e5dbafc5eecd9

SHA256
86872cc88d2702e0447f52c6b1aa0729f07746b8f6f37644a1fbb225f93c91c7

SHA512
6487d89a1d274e49762f03ae5164957ccce0845a39683b03c86903faab2833ba51101f013283d1dad024323a39f6c6d5de1784dd54c15ebac7a50ea2c7ac901f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.NO.XML.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465

Filesize
870B

MD5
afacdab2c4b0af6e9b05490292c6ab4a

SHA1
e53115edaf58e5e856821e515209426d85c36d98

SHA256
4803f41fa2b9d1865c44e6f56ee24157b8489e4234866b6455d59d1ef3a87ac7

SHA512
eb4b59bd74fabf1d581bac1b24f54e6808b1c22d1b2c4a252a6d438c8d04210b73b1c5dfe0de5fb37c6d08c11226159c0284b53d259c1dea6ef6e2ce717ebd21

Download Submit
C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\css\currency.css.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465

Filesize
19KB

MD5
0622118388f6e18bc20184c2137404aa

SHA1
9eb96b0e50b792c246f2e03e835c7d7e303d1b4b

SHA256
24229be0f243b43cedb754f3aa5730350d31b5bb36a5e0a1e7809a83be690277

SHA512
43c2933e84a08f2f4b08f536a4b40470f70fe2bb048a90a92c36721fd973a6266d13c30b006221f0deda1d2ae1e84dfab2b134662229efa9b8fd0ba10ce08d8d

Download Submit
C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\19.png.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465

Filesize
5KB

MD5
18583263035c3d26d3ed7e2bf621c95c

SHA1
04210279537522f49da1fd403be7954a59ad6714

SHA256
7624be55d35b3d954063b204475e6dc9af1a18923ba3fb9d8a033a25aed16edd

SHA512
b6c68d7bb9b5490fc2af371ad6929af331b9c033def1817a118ed45e7c0a5190f2bcb70cc94f748d45c346201c20309f5171498f4a41c5aaf7c319f74263b598

Download Submit
C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\24.png.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465

Filesize
5KB

MD5
7372b052261742ff1fbad741206dca72

SHA1
6ca6984fa8a0796719b79440c0cb039d7b7626d0

SHA256
19e3da55948861b2eba0274d069afeeb5f792bc6fa5196a44d3ebbfc2ca18e28

SHA512
fe590c146c7278d915c7b89a4a26a0ca751e27e49c8e4ab41258f421e2d5e93e1aca62765e84bfd6f70b024c1b1c6f59ce7fdbd3f91565eec4042e40a148368a

Download Submit
C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\27.png.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465

Filesize
5KB

MD5
9bda63eb37b1776f39f89bed9dffa533

SHA1
dd544dbe13ad39869d5b7d91fd7b28e8b200e782

SHA256
be2e48b6dd48c8cd9294b50121e796823d6a9a39240583589e7732fa33e47afa

SHA512
50d0f605cbe45389e0f8fe65123b0754f7e565abba1bcbf10a9890cff6b4f4076d46017d67020c3899de2ed173e33536c37d6c4ec7ba769fd115f86394c44112

Download Submit
C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\29.png.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465

Filesize
4KB

MD5
e77ed296ad891a942ddf9294711639d8

SHA1
088a96e5988a238c8970561be484e7be1ce49480

SHA256
b70ea4f810112e533ecbb5cf683c1e01687c9eef2a18536db3c772cf5e5d6e7d

SHA512
7a1591ed1a93af77a1f0481704b4cec1411058e0ac7e58761bda8602a128d2627a431c0107f1fb1c758392a716f160dbb09706d96438b945f86b87e0d2e39173

Download Submit
C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\32.png.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465

Filesize
5KB

MD5
39d6bb39fd2e6e69f4f72e696f5ead2f

SHA1
52375fd30b847d58238dc98804724a9dc463c584

SHA256
5dba5008f48fe11e9b690e8d320d20a231d733c06475f703b7636aa03d4bdc93

SHA512
dff612b2ea8a68fa5ebf3fc2a4ec389f8594f359e7ef24db812de1c1f706459901e55dea3b421888b7fe72f1b708186166f756bd5aebf619cc66eb8cb1606f4e

Download Submit
C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\6.png.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465

Filesize
5KB

MD5
a8356253f585d2293a3726038b8cc55b

SHA1
55c6b852cbaf752eecd4ab97a1c62851fff84581

SHA256
f6a51092a7c67df4d618c261854f0c8805e4306b48ff60b89549e19004c73c22

SHA512
267954c7194e6dbc29c8397809dedfce07e40c7e4dc37613534655fd8f18f7daab15fa22db6d0c72c36e990fe189275fe1a4675d0c2f5c787f62c992cc3969b5

Download Submit
C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_ButtonGraphic.png.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465

Filesize
5KB

MD5
f4012296c5815538c81a5d185dc0a29d

SHA1
4edd8edfac451cc3ff6bc84dfe22d50650088cfa

SHA256
0a6dda5f3a7a406ba4125a1f60fc97520ee396da561d1c62b4cd3831d393daa2

SHA512
cfbea420d4709a317ca7750b8e38647d849041b9ee5278faee24ae321ee510fdc8e43e56f22092a1a1887e8027d2a01c4fdd0f7617f0604d1f9b59fec287eaa9

Download Submit
C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_SelectionSubpicture.png.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465

Filesize
3KB

MD5
bc1207500757444f987162a2adc8646c

SHA1
5146fc9bb771bf3d742954a773b26c8ce938c3da

SHA256
92e0ce3790ca5e90d4977a924b531352661e9fcf7a0b7c447904eff1d6983c6f

SHA512
e962da8a6ce6995bd79682be67ad81d87f4799b45a3941af11abc77064531841d3afe36f7823c65924cacb7780fc4f85088d1406bbef668b071be3e499ad4aa4

Download Submit
C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_ButtonGraphic.png.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465

Filesize
4KB

MD5
d561efc87e5706031306dce235b64a2f

SHA1
3e5d1f378abf30ce6535ee761c0f4650a0f73c62

SHA256
40693fd4ddfe8bd2d232930192f9cb7b0011137deb4d2614d373bb367d50affc

SHA512
49a7fc1c2ae03628066f4a93215492961c47976a6fb283d00221746ce46195b77edff2e4d1bf4d68435a353697efdb3d2f0feb802af0e13dd2bee5b21857237f

Download Submit
C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_SelectionSubpicture.png.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465

Filesize
3KB

MD5
8121512c6c2ff7d6b8925b46c8396f23

SHA1
3aeccb4ec9fee225b22a8af8c2cb94574e47df4b

SHA256
f0a469462395ad0e720fe471af534408ace8f1af0031a86dd7b2647ac933c148

SHA512
5e5cd3debde7fdfb4be559d01df25f85c70c4d423531b1bf56cf0de209f68ecb514ac226c9556eb6495aa913e68c3e8ea3dc5d1429c662369b89cfac8b0d2a75

Download Submit
C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationUp_ButtonGraphic.png.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465

Filesize
4KB

MD5
6bfbba5c25fcbfb8029ab67fdd039fcf

SHA1
db11fb9b9304d36afa6632dade68a086f83d461c

SHA256
5f16f19da7516e08e817a77e2df53b05e792c68c8c02522f2555c14c9a3935d5

SHA512
8385d240e70d3763248466f013f04f67301f4862528b22b701d965b020c9a5f11b446ebe8baaece8af26073cf4a38c67cc2aacc8e0eaa775d6c1450818249899

Download Submit
C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationUp_SelectionSubpicture.png.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465

Filesize
3KB

MD5
50580b3b8fff6b343b79958f6f7665f3

SHA1
301af18094cbf9b12ef178d7c402eee8bf76340d

SHA256
fef78c50e57bd42e5376dca4b773f3cc01d5de2a7f051e29ca532268f21aa1cd

SHA512
8c8a9ebf1a906605dd25e5e93673770f40eb21202aca5e13ec82cf0b23e3e29b46311ea3b6656b89e7d457fc684a714168ba17c3109f3a1685cafe929d3fe426

Download Submit
C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\1047x576black.png.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465

Filesize
4KB

MD5
0856bba783f2cac759df1065402376aa

SHA1
6a090ecb65e907fce5617682c9116053b17ee10e

SHA256
742580d7a1fa6c3e06de215976b940f50fe05640cab0374bae61c4d95dcc5b7c

SHA512
ba567c531621fa6c428d6277663f4923be39fed23493f7cf95d2d1f2347cd82eedd72d67ff5d2d7579ab9971d3168eb09465fd767a3990c1034cfdc1f98e37eb

Download Submit
C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\15x15dot.png.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465

Filesize
2KB

MD5
9c9f61058ebdf39bb0b40b7d623724f8

SHA1
af785836280cd2b253bc577c133b495f480c12fc

SHA256
86f517f6e80011ecdbdc63122161789b9912c24863e1460bf03fa5bddc5a6cdf

SHA512
37e1f36b7c4e2be7fe0035e5d36f00edd35cfa07d0d88b1c08598ac514c443e35cb90c7178725f480189ac958afdc062c2fb0adbde42706e7efa2ac6a8f981bc

Download Submit
C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\203x8subpicture.png.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465

Filesize
2KB

MD5
208e657c64bba83d1af9a5f457e22575

SHA1
b464c3d07beb8b42ec62f2ff67484a1714d731f2

SHA256
4e2e188bda2de981e1d89496a030ae497cf363a27021a75e6345161e67f63421

SHA512
248621fb3035967008a77405d6535cb50a03b6dc8005306ce7d440278021c778d681ef381a3acf221e8b18630df10a0cb86ddb1f3cda0d94635c845069c6d12a

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\epl-v10.html.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465

Filesize
12KB

MD5
46e317cea96b8f1cfd72eb10663cbc3f

SHA1
da04122b77d945fb8bb0b25026c1c932024d8d1e

SHA256
465779ddabaccbfdba150b33dd1a0bf5de0217e0b534a7f97b6181d2ad4c3bf9

SHA512
23fb73b69e800668285ab7c62bb965925c4093f6b2dfe76fba1bd14acfe7df9d01363245f7b9cf22c80195a1d4321df6252b916f664e930d8f33683c6ad2c66e

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\license.html.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465

Filesize
8KB

MD5
1aaa596bc7f6c013642e628f07d76a93

SHA1
68d4a8d0b15593d83e03eb693667e80ddde21b81

SHA256
cf199a97f319ab944a68ffec20ff9e1f347591394de36f8c31718a328f20054f

SHA512
e1edf5d5c4153148f526bf38aaee124654aa091ab984ded8071acc0e7e4f6c69c545640e6251a4a89d859c67f3ad2f139968e564f18a6f00d4101e33011fb0f8

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465

Filesize
118B

MD5
790ab65051e68d3406c79c77cddcfc3a

SHA1
002b06005652131d059e7342bd5e264e520329ac

SHA256
5da09b09b8afbd42d0fd1fd673290c15419ce76edcdc8f5b4924a9c3026b899e

SHA512
c98de1ed4e41054494042e164dacb0c8e6cb7905dcf3c34abfbe9676e5ec4c25bc1ba5a6c9d367338946adf4b9da2e45511ee0ff0b7b2a6faf717032615f8504

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\ECLIPSE_.RSA.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465

Filesize
7KB

MD5
5e086ad3c0dd3959ee77fd693b07cb8d

SHA1
2da69aae8fe827158e66b234c401847036d4f8fd

SHA256
0408f1a2e158a2a23bd751a159d4190268a97fd2db9a40a86d46752caddf1c42

SHA512
1d8566807a1b69b4b17a56d8595da8aec043c432d5663cbc9835c25600d6b8a0bdd02e489c9d619a764b2305973a59150d1d19d07c5eb40fdd9b9624dd48223f

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\.lastModified.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465

Filesize
54B

MD5
3df8a1345e483cfb190e98fcbe3d53f8

SHA1
0b2795e034cf36533b53202847e23a11b12c3313

SHA256
9b2ece02a33766dc9ea002a1782f071f2d42b0d0c2f4a3650fb4c9464c194060

SHA512
3dfaedb496282361a5e8d0060cb7a1b69c4b63daa539449ebe90105bd80e8153d4cfeab0eb83d1ff53a31917496c15e5a98a245bb82d967224fa003630bf2e96

Download Submit
C:\Program Files\Java\jre7\lib\images\cursors\invalid32x32.gif.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465

Filesize
214B

MD5
4cddf649f4f9fa990bc4b7c1f331d3e1

SHA1
a70735b9148d396718454633939d37858f5ce33e

SHA256
dd6799708b5c3fa7a00685a7b43aa742520b40886ffd5d1058ca9cc1d7afb5fc

SHA512
b8b79b09b12c11279064acac33b8c7c51c60ca9990bc7845c1958b1a8c4c4f629607d11d368519b67f72e15e35ee16fe84d29ca9997ecd20ce03ab2ff27445d6

Download Submit
C:\Program Files\Java\jre7\lib\zi\Etc\GMT+10.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465

Filesize
86B

MD5
7b1bb1773deb9b6b8e7321ddaf00be91

SHA1
71ae337248294e310fec381cf141837b022d27c3

SHA256
8c44a33d0fb5ed200f61f5ec4e4080c6ec4013d4a473027c7354b81bcc3dc6c6

SHA512
0eac33225ea93439f1abaf16ebb7962f18b4e3ddc4359a52cb688b04c99e1308b1a1b075ef40410e32f1c1d4797c70471e8c8b5d294184b1e5a20182c9392ed6

Download Submit
C:\Program Files\Java\jre7\lib\zi\Etc\GMT+5.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465

Filesize
86B

MD5
bb9341b2836e17ab9d842159512c1434

SHA1
0b2ad0b29d1821ff7b030dc61fdd4753056c6a69

SHA256
87bda1983797cc29e61754a83e9e367afa2631174ea9e0ddae135380d061489c

SHA512
182d3e232587ed45f4f60b2cdbd17d20c583acd99a48f6bb9f03011d25710aa2d6bca64e3e8c3757194b3524bc03c214a4cbbcd28e43a88e10a953f42689045c

Download Submit
C:\Program Files\Java\jre7\lib\zi\Etc\GMT+7.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465

Filesize
86B

MD5
ce17f5f28582292a3a51b7b0f17333f9

SHA1
118989dcf462e2d63e3ecc23a4e307f0f7f39799

SHA256
153b480b24e990e2e4c32d38afc3d2066d25790c59ec8ed03417ddf34b098fd5

SHA512
6b6927650a1ed319bade413cafe460835875d3127723537061964e7704f7b5e224f3630541bb6a797341a16b0cfb153928e1527713266c3c734dc4cc9ef83349

Download Submit
C:\Program Files\Java\jre7\lib\zi\GMT.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465

Filesize
86B

MD5
015ae7d6454f26f1ab15441bdae57b27

SHA1
ee7d1fa415f3fc3b9ec2762ac1fdf3bc544921ec

SHA256
7f790348a19ccad1eb9aa312f3b179050897af52c53ebfecdca137336fc42445

SHA512
96d1cc91f4ac15eac9af51ac0089094b29ab05d5adc2b26257634213507d2850d119abbfe876efb0b7f1246ba7b2701c0033fd3f2ffe4a85c87d0579caff4a9a

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\it-IT\css\cpu.css.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465

Filesize
1KB

MD5
7cc604872a6f91e14f195d33896cfa81

SHA1
bec47947e316ee96cb2e1f1b18fd3b054de84002

SHA256
4e06a09dd3a46f5704c9b9fa853f9eaec9b1fa2a38bf0de5e24c65acb757eab2

SHA512
3cb0b4484fb593758d5f8cf0c9bf57bf927bc8b72974ef5a84b0eb42e36729e559b430528d5471c8622067146ad046f3be608acc5e50022f2cfa3d82a2e1d116

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\ja-JP\cpu.html.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465

Filesize
4KB

MD5
7da95d10df6305c7bfe39a00c80866d4

SHA1
8f16fdefcb11eead631f0632702422681d667a32

SHA256
34bf64829fe7445a0031039ad173f1a2216ceb2ad47b32dc2940bfbf258d4a6e

SHA512
8b7891c83a206f75edb20e9e22685fd3906999e588b84fbe9002d26e6b82c01d8d9a53a05b501c533abf1da3fb60e6d8d1420101eeb8a5cb0da8e35f98b557fe

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\it-IT\css\calendar.css.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465

Filesize
4KB

MD5
52a8c02cb7a7d7cafb032ef9b0a2d323

SHA1
f2a6a30ffd6968398f5466f3e5b37f8c341b0add

SHA256
d61aafcc7793b513883dc20dd91a341beb10a5586b6dcf9038a48862f4a24029

SHA512
52ff860292ca06b6b0d74bf22146cc7f08318d089bc4edbebe29cee929a61f84428cdb681dfd731702b7f7c66a0f37566eb17b04f3c5621007b94078573f7053

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\css\clock.css.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465

Filesize
734B

MD5
dacd8d830b28c3255f962c7088f3895e

SHA1
574df1a66cc51ccb57bff4c9a9e43e43b2335dcd

SHA256
783ad53c3d2ec612f219ed0ae640a13c4da908c445b1357e3d73d845bd11b346

SHA512
6caa8fa1a445ef7970e68f594a428194efe0664df322fc239a99b560efddffbba955b3708ea0d1b1ec28d4607886602dfadcc9e36f58bc4eb8186eafc18c88f3

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\css\settings.css.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465

Filesize
1KB

MD5
18c3af5b39f65b64b82d99212303e042

SHA1
39022d7c8a3b28ba403cb54ea5a90a548b103a43

SHA256
e30d5ad645c36fcc989be3b72e846ddc05e9b23aca116dbda109fcf7985fc21d

SHA512
bb2c7f6be58bba8c665fc38fdf488cd3b59fac47f9c613a30c31660610a69843345317141941d22a24159e5901c0217bd8d517ee3114077ba8f3fda6de1f5774

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\js\clock.js.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465

Filesize
17KB

MD5
5b340e88d77c8b58e9431005114f8a3d

SHA1
5c77aec9174e6a1bbd8b6ffb87a87dd872f77606

SHA256
f4c4ece5f7164bdaa17ddb8d726502a0b91ecb9aa681748f5c31498b3256e778

SHA512
fecf72a1434aa769d24904147307c7ace749fc7073e6d9e31dfd8ac0df7c964beb4bd3e89e471212adbc6db134f78703b64035882e4c6359f60fee16d5fd8846

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\js\timeZones.js.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465

Filesize
9KB

MD5
2a8dc037e647e593ef8486a995147031

SHA1
cd2b72f7f0fc1ed1560c8500690a3032ec21a8c2

SHA256
a36c0a9ec72128897913fb3fb769e20da019df39e2290ba340d40c0aa6d6a277

SHA512
c86dbaff85802d3f850f0d5e810dafb2f5772f7136fa3b3c31f4355922919adf3ec79e1512495967bd74130cb772f4e7cc8131a6844f89c8511bf066d7551c5d

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\currency.html.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465

Filesize
5KB

MD5
cfa94a35b9cccd57b52f0402bcbb3e61

SHA1
7da6914825cd7dd55dd760e8c76e10660b7cf590

SHA256
a9ed569ed68b4be3748474425bcf7509f12ea6999b2a7edfa12f6d07875ee56a

SHA512
0e9d7a889e88572eee5b7c2ae696b794628ed05c07c1c97233ef96f24bee113ac99bbe123b94ba4132465e66ed8b4b0e64f1d0b66e988715a897c9480f563bc4

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\currency.js.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465

Filesize
65KB

MD5
2c92a6cf7e71755232d191576bf0ac88

SHA1
506e5a36a1862458a153052c2181bbd190a625fb

SHA256
c2efda05d7cf7cf14d17d9d8f5891b205b714051754d64fb5e77860314e5ce59

SHA512
82e387a8e16785e4937738ffd9e75a1601f7179d7c76efd76b20a9ac67dd22afe456d84d6e390bfe077fd082138c6fdd0ecc6795d5884a6edfa69a5fe93987e1

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\init.js.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465

Filesize
782B

MD5
adb6702cebdf8bb4c6d8d866ce9929e0

SHA1
0ff877fd4f57fbbf9f83dbddff13db78e24aa773

SHA256
ab6770c8a7f0f7e2f5a2e379560ce47b9db82f719fb5c93fd095be4945690e36

SHA512
8896bcfef349b917c11e5510666e6b4c93d35a4bc29c7430013f6298d3cdd59d31e5ff47e58ab4c7b69f40c3b9da3f96ece7d196b8df9427227f8b58e9b8bf6f

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\library.js.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465

Filesize
5KB

MD5
5171fbb4215c36ebe3860cd5ada85ab9

SHA1
aa30e1c89edb04da3f5c24810b1b92072ab7c240

SHA256
f5f5f99a0e395441cf974bc89727d7a3b1d00cff17c722db270626c1d7a44341

SHA512
c82acc506ebe1adffa4ef3d33b3822cd29bb1b1aa9e08ad19a2c3d16654f22f363b07aba22398eb7dd54266aa08c20546c39b3a56ba703e99ed46d2fbfcae925

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\service.js.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465

Filesize
7KB

MD5
63435e91ad779ef3d6e0b935846b367c

SHA1
3a81cef5a9a6c04d7f94e0a595620bacbf9074cc

SHA256
5a891fa4340640202cc98aba71e1afd437facf481a7c127273b72593fd8adab7

SHA512
724b67db9d3076ac49f227bccfbb27b15e2220221faa986fe1ea435ba3605bcacffbf2a10f0da462a496208a32d66b33741ec7ef760b1aa075fa069b6cb71e25

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\css\picturePuzzle.css.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465

Filesize
4KB

MD5
e118fbf36cd4dfc9dd97fcc659ee721a

SHA1
65c100811ec07d04854c7c1e6cb58909d26c8729

SHA256
4e8f8ad763019df2e10028154f4fa5a09e1549362320e73b8d06f83a47ff4b41

SHA512
529ae84949d259a453c0dc7f0e9080f333ed7b29224f1b87a2d21be8ffbab96c47e82e451d2ba0d30750d279180d13f305608b7eaaffef09db072892d876a024

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\css\settings.css.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465

Filesize
5KB

MD5
cd05c4b86b40252d1c78f7954c0479a5

SHA1
f61471ee4afaac01c3d0983ddb6d20cc989adf03

SHA256
92f6af9e457d393edf197d87c6b3948a2495bc6e2f1b3808e7d190f528c0ce00

SHA512
7b67729de8e38143b980884ec0750c91b2c52b99366f25b9effa0a33defaa86c6a7637f632cb7894c40e79e7fad32434c0aecf8912768109389c74575800d5c3

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\css\RSSFeeds.css.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465

Filesize
3KB

MD5
6157f8141e8c3f2fcc0715218c0cfb35

SHA1
491363573afd2471c4c54d88fd7ab9749021de09

SHA256
507294de3f41ab924928a90867101385b3eb2797f5920ecff975211e6b226507

SHA512
9ee39a6651c36c6bbf8f1d8dbabec4f55175eed6c18b400085c830ae7af20c912cdc245977960e2473f621a693e4f24355bc77c21bf5ae397db8ae277b1e30ca

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\css\flyout.css.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465

Filesize
2KB

MD5
252828083af597d325b75988a91cff5d

SHA1
628492718c7f6dfab4de8077c18d0f68c3ad8279

SHA256
8dae04268064408cac71c0901e80c25c6185473bf28acba8042058d8b835e948

SHA512
03a8a6915713ff101eaa4b8f7437043f7bf636f46b5a607436d083086bccfc7a12b6c17123cf367a02f8e39b8424eb0a6f095bd48bec5b625a585b088f68ab7f

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\css\settings.css.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465

Filesize
1KB

MD5
b3d483e83d63116fea533b159c4f28b6

SHA1
a5e839318ebf3d5349278e2b7c103dfb5eec9cdd

SHA256
21fe70629d037a6ef8a1ccc20fc817173fececcdfe7e12eede717db31579290e

SHA512
d9d675c93aef848627c1881a5efa082ed8a6a7b7fcda74bfb48b55e269327e63aafa487fd14ad1b2eb8f2b70dc38e51231a8127854d5c649b48ee8cf96283cde

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\js\settings.js.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465

Filesize
5KB

MD5
f7957be6758a644490420766ea10c62d

SHA1
3c2e03deccaf23da58f7034578d6dc38d0004bb9

SHA256
f2ba4406e999acd4dee68a509fe853dbaf5a26b068f2d7d4061f860889e4b0b3

SHA512
cf2994a72e80c306f7998d3e43bc4ce532af5a6eb75c0199ad703ddf6a353f61be4d16421ad3f83da2edab680348d72725f6027e5f4576e30300e88d58d02661

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\logo.png.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465

Filesize
6KB

MD5
974e5d786029ca720f8d71cd56cdd9be

SHA1
55113ea307eba475b9edacf9112422310c2dc8b1

SHA256
2fb6ec1360af701db00ee1ba2c6110399db37003dab25673424cc95f278dc217

SHA512
e1c31d844e34966d037ce9c1d5b33929ed25a00859d82af550696885117560ef3fce69153cb9655644ba985a278699ebbb3f1a6c256ba7acd8724726675c1886

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\css\settings.css.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465

Filesize
1KB

MD5
315347dea4c11bcb72d312ad6ece6780

SHA1
7e5ca018de3ac4e846bf6b5b0247f6bd2727bdc6

SHA256
4270630d8e99c98cd7a881d8ec5d720d1b59969306f3dd4fc581f16e6811b5cc

SHA512
8cf77a01c806a55460173e4bd6d6939dac7b486e56929d383792d9b23a085d9042d88f853eff6efd3f9b0c30503d2ffd59e6725f58de1d7b2f22abcb7868c4ac

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\css\slideShow.css.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465

Filesize
4KB

MD5
2f46f0623e2356c1598ca88afef6de34

SHA1
68be31764140196b229ab796c3c58129a168848d

SHA256
9cf59613cb3d6bc3386023b95892befb46850ee3428161d1a30c1b3fccb5718d

SHA512
184188959f26d22b22fe385e40fe2db4ef9819f81d9a4a7f4eff47fbe7810fda3d049064bc14178c176b30be0424f08dea832c571d7557acc1affca13efa1b52

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\38.png.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465

Filesize
5KB

MD5
47426be4c486e40d281b9b957e4fed42

SHA1
87465b3eb92b9db04bc06eb36e054c7d877784fe

SHA256
47c0ce597573bcc4497e1a7c449896676001631f0f7a0e978ba3d222931461c2

SHA512
4659cd0306bb5edb86bd16b31a233ec8aa364dc56b108d917ddf1999a506b7cd51d25feb32ec64aef49daafab10a7a8799db1b364e035ac8f783475630d07be3

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\39.png.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465

Filesize
5KB

MD5
b7a30d052f52800566c7302b49a5c73c

SHA1
ce4b0714d53a377a2701692182883a9cef86cdcb

SHA256
bdccff4897d65a6fed35fa5da730212e7185e5f14788108e5bc659e3a31c0d03

SHA512
9f078ec22d1cbcc773a896d86d4775ef37ab0c42ef2f300fc705f3ffb74c07f1a6f946234e9a5032073dec1f1acf8e12957612bb5aaf0d132f8c4c51cc15b48e

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\41.png.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465

Filesize
4KB

MD5
7d947129522a7516aa03de300cef4b47

SHA1
77334768c939b844a97e1d7f889d175bb97d6d80

SHA256
8ff52f872723041ac058838d6c20d37565bed63e636e6d8a2e027ad8f4b4a0b8

SHA512
510ac03bac19335fd5a26723cf2f836a86a1076e2bbdfa318f51ccc5207d8d07d83647d4af3085bfff9862554a7eb948df521528b9bb895fe4c68ac220475117

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\css\localizedSettings.css.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465

Filesize
1KB

MD5
9b73f76dce657fe87e06075a3a56e459

SHA1
aa7a5b555a6b1c215cd1aff6f3438875779852e8

SHA256
97b853a73453de105e3b41bdabd833419e3071b4153dd64f61a3c9a5753a2a00

SHA512
342020c1af857e0c5494cc78466745c833e1a6b4e65907d0497202c8c84bffacc404340e9eeab6166b4ff073fcf23e10fae1432ba262ab0e99f59e2f8d202128

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\css\settings.css.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465

Filesize
9KB

MD5
1c8ddd6a7120a548092cff8094a724ff

SHA1
2b632098362c30c38348aaa50c00041028d8584d

SHA256
8d8023123be817792d6587eec628038c0a76b72f80bffd36638ccfa4f9cc7848

SHA512
52bb6a7db056b009a4589eae0bbb08c0d09139115421edbf7e25ffd5fac5921114f9d7dca695957e889b470b45c86de9a571ce988d6cb6273d29150b8a0bf799

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\css\weather.css.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465

Filesize
24KB

MD5
f1591ad1f97688ce1d0925a8c87fe916

SHA1
d638f2637aea297260fd9a60261737e10166241e

SHA256
657b87a41b0d66f354b275bf1bbd437987e0fb0e69034b9c6ba16180e2933b10

SHA512
131be03081160210c2a1d84607f20a091724a4ffe65bfd02449ab825d0ba782fd53271067ce5dc412142e7f8c3a91e6f67108fdf3681a4929abbf2f761ca683b

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\highDpiImageSwap.js.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465

Filesize
1KB

MD5
57c1654b4ed032be417f40c3dab59231

SHA1
db5ba9e0e3db426f14acac49e07f309d5b95db9a

SHA256
0121fce5dd431ce737fd0048346a7400bc7a756f6bc312bce2dec7971c6a945d

SHA512
2042d269f22eee19abca95d679b26d70f76a0dbf966c94909a7c90c6ce86f3bcfe50b356dae598de08c35d60557a1bb149d3caaad8f30daaed769ea825c2c768

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\library.js.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465

Filesize
42KB

MD5
c69aaa18edd8e7b560fbb178f41b0747

SHA1
cdd52787bae5a6415e00af50e06e43111493fda2

SHA256
1de1eff73056a9a5fdccb6a2b31867824ef55b703cac60159b59eeedd259c914

SHA512
07b33338a3c843cc71a7624bbfd673019f420176ce5ac8a6b21d714f4371d3c9e549320bfea4600dc406aefb1d96dfadd3a10acea836332ec34cf53e1d700d5e

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\settings.js.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465

Filesize
56KB

MD5
124ee54a90ff7a5ed31074d4c493c7d2

SHA1
d2dda96afeba027ef47a32509c6cb1886607260b

SHA256
96a8b532fc43eabbda791c6cc5687394c289783245d8f4a1ef0aee6539857d6b

SHA512
3c4917fa69abcd64c4d27711b989b7ad66c005c10ae13dfa93fae3dec671bc84e126a53315aa479a72fbd72be63a169b25bb740e7b2f286718cca4aa7d0b35e1

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\weather.js.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465

Filesize
132KB

MD5
c565a0643e33f9647239d60426a930a8

SHA1
413eb44f4ce5135dcd058b51431630e2e86e5484

SHA256
1e37ed2772a6de6a0cb41b27ff511f4bb7864b4ff25a3fad7d076fb284326b43

SHA512
bf03d3a33d03f9faeb4ba0efafdfe4d16dcd8f6434704fe14ebd6241b0e8c9a439cfef66919080b4b67293b9ea06a9a96f54785da205d4c50fcd7ba629ff95d0

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\settings.html.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465

Filesize
8KB

MD5
6d0fb1771ac175734db8a86b7381d384

SHA1
45c50f492f7684b9f571df4d9047241295281e6f

SHA256
7aa9528040573139ec6579415ad774dae079223ab454f992f8ba159030a420a6

SHA512
6ea76b6dd00b011c73129615345896074b161c6409db685df42fcd98487694e836e82e597d9c0029e39af870adb09c781fc2a80ee34cf1b18bfd58f930bf6052

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\weather.html.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465

Filesize
15KB

MD5
44a0d53cfeb3cfcb6996d6301dc8e0f8

SHA1
d5571215abd3e012f4b1293f1de5dc162610ab5d

SHA256
07ab95059ec006ca80703992ec997129a6af16e9e9a93aca660f25595eb9eda0

SHA512
17b11d1ead60170ed23c04016827864f6350c2263ec1c036eb35a80883bd8e60387d489fe554da7d63cd13c6f3e08087cd5db549dfc0ca6405b24f41e04a0b70

Download Submit
C:\ProgramData\Microsoft\Assistance\Client\1.0\it-IT\Help_MValidator.Lck.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465

Filesize
62B

MD5
9ba2ab748eb198f2a0f244887cdffca4

SHA1
626b42804f3bb617de65b88a5c422e5c4603df73

SHA256
49324575daf9ee79d8d16a68a8006a6b255ceb18e1f645ad36e348be547e5e04

SHA512
9f7fb9f07d5e5f1d3333d33c90835a15515fd8d5241e392e6f772929e65f8dc71ba066d89030daaafa71a9e666b06827ba91584ab5a271a4e9bed4376a42f722

Download Submit
C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465

Filesize
126KB

MD5
2501001a1f776ac3eae8349797f7c9c4

SHA1
92702fa2bda7b50c8a816632004efac0b82513f5

SHA256
374b1bae803d4ccdd5644d57e590b28de6b915973c0745c8f2528a044a4efba4

SHA512
62be6b0aedd382f4d117acaa89fe551288d2fec8074d71fb2aa653f47c7ed0c5db841dde84faa253502aa2f5c845038259e06e96ef119033771a72840f34ac7f

Download Submit
C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465

Filesize
28KB

MD5
b6185c4e29735b9708db10b59770d03a

SHA1
c0db6288ec1fe2eb3c13ff68978f403de30f4eb5

SHA256
d6d7fab5b3d25d0c7b14e0140a9697e15cfdd2bd4b06f0fff094cfaeb765c12d

SHA512
95cfaf41a10c1948a8b63c031e529b85e72682a3d12e42c626106400b546b2e14f40d291608b55a2128ceac0ed222be8e8680fe86306e0b4a17c5953bd3fe0e3

Download Submit
C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\resource.xml.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465

Filesize
1KB

MD5
3892653d566f80342afeb3dadf94db2c

SHA1
d1c354712c8f69351601f599b6273f866632dc6f

SHA256
5988e1bbfbf22728ffe278fe25199b449ecf0e29e1aa267d8587ad245692757d

SHA512
0fc54515439debdf4f21ba6a2abcbb2a30d2f5cd0b55ddaaf60f7f1a155aebf2c2c138e9f05dbf922d0cd810285211c4dd8bde9afead6f444bcc7552293524f5

Download Submit
C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\folder.ico.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465

Filesize
52KB

MD5
983203daf0d0514fad79b237b3da5715

SHA1
2a085fa3de2e1d41cdde6f8113147c2d7a7fcc90

SHA256
f2a431de61daab7cf2f0f5c1e71718f96d0545d6aa87a846c3c524d909d4867f

SHA512
429ebaa90b471d41777a37d4bd95b8db325e3ad2e0f1609e6904cf096fedf88924b722509b941d385f77fc981c64e8e2e623158a13c9ae0ba00b890ba026116b

Download Submit
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAB0002.000.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465

Filesize
302B

MD5
b2056d441f52f3b3501a3b445eb7e4a0

SHA1
a143a29c04761649cbd1ba8c8e505d3f7ba337c2

SHA256
fe2558c182835ef3141a934818693f8223f1e1b22f7502e2ddfff48e26df1164

SHA512
72d2a48ecba8d7865ac22c7ffca27de700ee5118cdcd1a9d70374de2a12193a42651b13e7ec1b56944aa3e4f5b4f477469ece10d034e2eba6919d73dc53000bf

Download Submit
C:\ProgramData\Microsoft\Windows\Caches\{6AACC95A-C739-404D-A1A4-5EC176D4BFA6}.2.ver0x0000000000000002.db.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465

Filesize
1KB

MD5
e23d5faf7c2f4d68a27423a98f6ba091

SHA1
b4683c180a515aafbc163970d46670365f1bc40b

SHA256
940c42cd83f272ab6b50c7a1350040a1cea220ef970be67972b249703080d8e8

SHA512
1edc5776b2c001b6252015bb019c79097e5d19203dee76d2f9eb14242471d53317ae8b1385f17bb6bfe5868d2a735a27ea686affd44feb197c3cf9989048bc83

Download Submit
C:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465

Filesize
148KB

MD5
04ee1c1c4a772884baf50a6942c43a5c

SHA1
02833609fa83e4d9d6ad96300c8daa1a649ba096

SHA256
79ae524f7988a36ca00aeb20c19087b2a6b444d966aed2ad2958067b53d69d48

SHA512
5652eb7bc379bc4070de7a54d15e67b72b53b0d5001cf0d06bc7ec07ff3495ebcd1c039757477509e2f09210bb65a2ff91049ca50c5f0458376fe417dc703b4a

Download Submit
C:\ProgramData\Package Cache\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}v12.0.40660\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465

Filesize
140KB

MD5
b20a703a509c8e798d8d84aa6c0c11e6

SHA1
ffc08f67061c66879687d206112c639df17c2804

SHA256
981f5d3a619ceda4d5e151644af97f9c68789604543fbfd0a5125a5a267c3631

SHA512
5114148842d265617ab8b1a1f0469c9b4af03e42e79fc3a773923ee413aba73f7dab7cbc8baca3b8b50d942017e60394682cf0a95cbc14db9e59c26dadcb0010

Download Submit
C:\ProgramData\Package Cache\{662A0088-6FCD-45DD-9EA7-68674058AED5}v14.30.30704\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465

Filesize
180KB

MD5
1236eb37d3bed5c562b6f6add6330d5c

SHA1
934de43cf26c583482a9bca0a303a1e3c5c0163a

SHA256
e7c0b7e7e27a5bf8de436dfd75f777bb2ef38b44688efd6bf87ba2a0911a8295

SHA512
dfdc61772319a5f9ca618132196c0a8ba89ff0539ac40d13d4d8be9f2e7cde3976221dc437d87d4f72c9a391f064859b28a59b3e479e537a01f343db898aa25d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\CURRENT.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465

Filesize
78B

MD5
578e21d09e21ee763a1012deced4cbc2

SHA1
33af8a40f6e31cf05b002d397de350c221db7d86

SHA256
d4903f497269a0f1ed5161398d769484cd366a3c0f42e47c1682d82f102cfc8d

SHA512
87d5e87d9dd082eca3ee25f52af4358c5f517d15a41342e5e6a0dca7fafc3aa3930eb5f67817efac7bf38278a86142c9e16a3a44a7f010c09dfe9aaddeb147e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_2.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465

Filesize
8KB

MD5
1b2771ac4656c6b993e0f352a164e308

SHA1
53bac00663629646fa523d905e9b8da20e695d0a

SHA256
32ef44d3c25da691a4342c22cbfbf8715aa1741ce6083ffdd8b99a0ee45374d3

SHA512
e33f01fd89ecc3121879c30a79a5afd3e4e3cd445c7031efd379190bb94833f4b8f8669b349ccddf4aed8d6a6c453a1a1772d7ff8778a10b35e615456094e3d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\MSNBC News~.feed-ms.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465

Filesize
28KB

MD5
3532ea6c24520150b4e7ffecfad593e1

SHA1
1cc2fcbdaad36654e6ce9d5c73ebd0b58f16aa4a

SHA256
9098ae5746f70a94317c7a13e41fd7fa3223590a991ebf711bb934cd77483562

SHA512
da02f6e6cc49b4efdc5cec63be54c7cd9d52c8bc637d736ce33ba54945db68c2edd510cf5cd94500656a53d95659d5176f0cec2ab61e83b7f63299c9c7d83c5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery\Pretty_Peacock.jpg.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465

Filesize
5KB

MD5
be758c293c816ab4ba02b7e42ec9f503

SHA1
d1f697dd13ae22b3d9817220c8388e1e0c1f1c7c

SHA256
e78a61865ab7a501c28d93eafaaf24a06f0f824dc6b564cebfad3160b6c39980

SHA512
7ee2a92514ff4eb9b895ab74f7c5d8c8b4d5c0c6ce95757e8f42a567828a98223a268e844658580fba8e117722bb7bafd36d41be21952bc2ddce50cacada48e4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite.trjhskjdghtsjkkrtgr790503840232497567820-1-4723815465

Filesize
48KB

MD5
28b82853214e5b626e855242c25a522a

SHA1
3b96e9d6c12ab187e98efbb1afb7180c3fc6f582

SHA256
21037c8dc7626d257b654e51be2865acee9979eb507f051ef23fdcdd16404bf3

SHA512
42062e4f6fa016cfcc8fe38b3b123918947478103d433a0a983282e24cc9d6e95b8a3386b6669cd00f72e3668d12fa5bb98badeffb6ff9e5398e5c7321c96684

Download Submit
C:\Windows\Termite.exe

Filesize
1.9MB

MD5
760668c1961f3b473cc0046981d4b21e

SHA1
932cee12df51acdc8e9e614e39b0a3d7c1fe6766

SHA256
f40b99d2552ecb56d072caa1b94185ae5874b86c2b6d9166f0225ad9be46ada9

SHA512
1a1b99ba2b70ac159b2219fe6bb13cfe1932d7c82fbd846b776791882d382983f51b019dfa87eb1f2641cf80a36977f00a194b5866264c52c24e953fd81428d4

Download Submit
\Users\Admin\Desktop\Payment.exe

Filesize
1.1MB

MD5
9f9bb9ee4952cb514089910e19eac5c4

SHA1
c57f604e8eca50df40df93a6b0c3d65ab8d3b198

SHA256
0c9844f11b7b57547891b3cec86bd3468734a990768dd9f7a9a72cf6a908b17a

SHA512
8661c46618d0f8454a278d6a4e1b85fd9c9656c2e59feb6851087bfcdb53bba5015ce023cf6d0504dc899ae6fbbd4f413b45228eb2c8eb6965912cb32482d14f

Download Submit
memory/1964-53-0x0000000000400000-0x0000000000601000-memory.dmp

Filesize
2.0MB

Download