buran | 9c49b8cd781dbb67a14859e7024f137537780a599beb1ce710e6880c8221aa0f

Analysis

max time kernel
142s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
19-07-2024 22:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
Size

214KB
MD5

2f1ecf99dd8a2648dd013c5fe6ecb6f5
SHA1

121c377693b96eef8e84861f091ef47e6fb6cae5
SHA256

442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024
SHA512

793eb6a3f3d0323b0749a35e372c9fcde15a912f32d74fc5fa0fc104c32d8348f431347fefd1c34e3d51d9b20432f8e66b9ae3b9523b4b4b21e76b6fd2ae8219
SSDEEP

6144:eyJE1brNNDw7AE9kgH16LGv2J4DQFu/U3buRKlemZ9DnGAeDMK3ITyw+c:eUqNNDwpRV6LqM4DQFu/U3buRKlemZ9W

Score

10^/10

buran zeppelin defense_evasion execution impact ransomware

Malware Config

Extracted

Path

C:\Program Files\Crashpad\!!! ALL YOUR FILES ARE ENCRYPTED !!!.TXT

Family

buran

Ransom Note

!!! ALL YOUR FILES ARE ENCRYPTED !!! All your files, documents, photos, databases and other important files are encrypted. You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key. Only we can give you this key and only we can recover your files. To be sure we have the decryptor and it works you can send an email: [email protected] and decrypt one file for free. But this file should be of not valuable! Do you really want to restore your files? Write to email: [email protected] Reserved email: [email protected] Your personal ID: 80B-732-48F Attention! * Do not rename encrypted files. * Do not try to decrypt your data using third party software, it may cause permanent data loss. * Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.

Emails

[email protected]

Signatures

Buran
Ransomware-as-a-service based on the VegaLocker family first identified in 2019.
ransomware buran

Detects Zeppelin payload 11 IoCs

resource	yara_rule
behavioral2/memory/2320-20-0x0000000000A80000-0x0000000000BC1000-memory.dmp	family_zeppelin
behavioral2/memory/1488-25-0x0000000000A80000-0x0000000000BC1000-memory.dmp	family_zeppelin
behavioral2/memory/2320-3296-0x0000000000A80000-0x0000000000BC1000-memory.dmp	family_zeppelin
behavioral2/memory/636-4411-0x0000000000A80000-0x0000000000BC1000-memory.dmp	family_zeppelin
behavioral2/memory/636-9427-0x0000000000A80000-0x0000000000BC1000-memory.dmp	family_zeppelin
behavioral2/memory/636-12931-0x0000000000A80000-0x0000000000BC1000-memory.dmp	family_zeppelin
behavioral2/memory/636-15082-0x0000000000A80000-0x0000000000BC1000-memory.dmp	family_zeppelin
behavioral2/memory/636-19618-0x0000000000A80000-0x0000000000BC1000-memory.dmp	family_zeppelin
behavioral2/memory/636-24338-0x0000000000A80000-0x0000000000BC1000-memory.dmp	family_zeppelin
behavioral2/memory/636-26051-0x0000000000A80000-0x0000000000BC1000-memory.dmp	family_zeppelin
behavioral2/memory/2320-26083-0x0000000000A80000-0x0000000000BC1000-memory.dmp	family_zeppelin

Zeppelin Ransomware
Ransomware-as-a-service (RaaS) written in Delphi and first seen in 2019.
ransomware zeppelin
Deletes shadow copies 3 TTPs
Ransomware often targets backup files to inhibit system recovery.
ransomware defense_evasion impact execution

File Deletion
T1070.004

Inhibit System Recovery
T1490

Windows Management Instrumentation
T1047
Renames multiple (6091) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Deletes itself 1 IoCs

pid	Process
1500	notepad.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\Q:	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened (read-only)	\??\H:	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened (read-only)	\??\E:	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened (read-only)	\??\B:	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened (read-only)	\??\G:	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened (read-only)	\??\S:	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened (read-only)	\??\O:	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened (read-only)	\??\L:	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened (read-only)	\??\K:	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened (read-only)	\??\J:	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened (read-only)	\??\I:	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened (read-only)	\??\N:	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened (read-only)	\??\M:	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened (read-only)	\??\Y:	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened (read-only)	\??\X:	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened (read-only)	\??\W:	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened (read-only)	\??\U:	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened (read-only)	\??\R:	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened (read-only)	\??\P:	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened (read-only)	\??\Z:	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened (read-only)	\??\V:	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened (read-only)	\??\T:	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened (read-only)	\??\A:	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
31	iplogger.org
33	iplogger.org

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
3	geoiptool.com

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\MapsAppList.targetsize-80.png	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\apple-touch-icon-72x72-precomposed.png	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\progress-indeterminate.gif.80B-732-48F	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial3-ul-oob.xrm-ms.80B-732-48F	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\FPA_w1\WA104381125	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Resources\1033\msolui.rll.80B-732-48F	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\Weather_LogoSmall.targetsize-16.png	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_x64__8wekyb3d8bbwe\Assets\tinytile.targetsize-16_contrast-white.png	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\legal\javafx\directshow.md.80B-732-48F	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.scale-100_contrast-black.png	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailAppList.targetsize-40_altform-lightunplated.png	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-96_altform-unplated.png	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\ExchangeMediumTile.scale-400.png	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\models\en-GB.PhoneNumber.model	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\tesselate.x3d.80B-732-48F	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\x.cur	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail2-ul-phn.xrm-ms.80B-732-48F	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\microsoft-logo-white.png	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\HoloAssets\HoloLens_HandTracking.png	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxSpeechToTextOverlay_1.17.29001.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\GamesXboxHubSmallTile.scale-100.png	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\MissingAlbumArt.jpg	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageSplashScreen.scale-200_contrast-white.png	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_neutral_split.scale-100_8wekyb3d8bbwe\images\NoConnection.scale-100.png	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\Preview.scale-100_layoutdir-LTR.png	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Advanced-Dark.scale-400.png	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\js\nls\it-it\!!! ALL YOUR FILES ARE ENCRYPTED !!!.TXT	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\EVRGREEN\EVRGREEN.ELM	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_2019.19071.12548.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\PhotosAppList.contrast-black_scale-100.png	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\webkit.md.80B-732-48F	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Sticker_Moustache.png	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-black_targetsize-16_altform-unplated.png	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\ru-ru\ui-strings.js.80B-732-48F	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\themes\dark\Confirmation2x.png	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\css\!!! ALL YOUR FILES ARE ENCRYPTED !!!.TXT	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\nb-no\ui-strings.js.80B-732-48F	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\management\jmxremote.access	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-72_altform-unplated.png	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsymt.ttf	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Scan_R_RHP.aapp	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\css\main-selector.css	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\GB.XSL	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\THEMES.INF.80B-732-48F	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageSmallTile.scale-150_contrast-black.png	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Wallet_2.4.18324.0_x64__8wekyb3d8bbwe\AppxManifest.xml	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\selector.js.80B-732-48F	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\ja-jp\ui-strings.js.80B-732-48F	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\themes\dark\!!! ALL YOUR FILES ARE ENCRYPTED !!!.TXT	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTest-ul-oob.xrm-ms.80B-732-48F	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\MixedRealityPortalAppList.targetsize-72_altform-unplated.png	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\root\!!! ALL YOUR FILES ARE ENCRYPTED !!!.TXT	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\!!! ALL YOUR FILES ARE ENCRYPTED !!!.TXT	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\sv-se\!!! ALL YOUR FILES ARE ENCRYPTED !!!.TXT	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\eu-es\!!! ALL YOUR FILES ARE ENCRYPTED !!!.TXT	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files\RequestUpdate.html.80B-732-48F	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\BadgeLogo.scale-400.png	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\ExchangeWideTile.scale-150.png	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\NavigationIcons\nav_icons_myGames.targetsize-48.png	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\themes\dark\text.cur	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\nl-nl\ui-strings.js	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\include\classfile_constants.h.80B-732-48F	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxApp_48.49.31001.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\GamesXboxHubBadgeLogo.scale-125.png	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-48_altform-lightunplated.png	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_neutral_split.scale-125_8wekyb3d8bbwe\AppxManifest.xml	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\apple-touch-icon-114x114-precomposed.png.80B-732-48F	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	3244	WMIC.exe
Token: SeSecurityPrivilege	3244	WMIC.exe
Token: SeTakeOwnershipPrivilege	3244	WMIC.exe
Token: SeLoadDriverPrivilege	3244	WMIC.exe
Token: SeSystemProfilePrivilege	3244	WMIC.exe
Token: SeSystemtimePrivilege	3244	WMIC.exe
Token: SeProfSingleProcessPrivilege	3244	WMIC.exe
Token: SeIncBasePriorityPrivilege	3244	WMIC.exe
Token: SeCreatePagefilePrivilege	3244	WMIC.exe
Token: SeBackupPrivilege	3244	WMIC.exe
Token: SeRestorePrivilege	3244	WMIC.exe
Token: SeShutdownPrivilege	3244	WMIC.exe
Token: SeDebugPrivilege	3244	WMIC.exe
Token: SeSystemEnvironmentPrivilege	3244	WMIC.exe
Token: SeRemoteShutdownPrivilege	3244	WMIC.exe
Token: SeUndockPrivilege	3244	WMIC.exe
Token: SeManageVolumePrivilege	3244	WMIC.exe
Token: 33	3244	WMIC.exe
Token: 34	3244	WMIC.exe
Token: 35	3244	WMIC.exe
Token: 36	3244	WMIC.exe
Token: SeIncreaseQuotaPrivilege	4244	WMIC.exe
Token: SeSecurityPrivilege	4244	WMIC.exe
Token: SeTakeOwnershipPrivilege	4244	WMIC.exe
Token: SeLoadDriverPrivilege	4244	WMIC.exe
Token: SeSystemProfilePrivilege	4244	WMIC.exe
Token: SeSystemtimePrivilege	4244	WMIC.exe
Token: SeProfSingleProcessPrivilege	4244	WMIC.exe
Token: SeIncBasePriorityPrivilege	4244	WMIC.exe
Token: SeCreatePagefilePrivilege	4244	WMIC.exe
Token: SeBackupPrivilege	4244	WMIC.exe
Token: SeRestorePrivilege	4244	WMIC.exe
Token: SeShutdownPrivilege	4244	WMIC.exe
Token: SeDebugPrivilege	4244	WMIC.exe
Token: SeSystemEnvironmentPrivilege	4244	WMIC.exe
Token: SeRemoteShutdownPrivilege	4244	WMIC.exe
Token: SeUndockPrivilege	4244	WMIC.exe
Token: SeManageVolumePrivilege	4244	WMIC.exe
Token: 33	4244	WMIC.exe
Token: 34	4244	WMIC.exe
Token: 35	4244	WMIC.exe
Token: 36	4244	WMIC.exe
Token: SeIncreaseQuotaPrivilege	3244	WMIC.exe
Token: SeSecurityPrivilege	3244	WMIC.exe
Token: SeTakeOwnershipPrivilege	3244	WMIC.exe
Token: SeLoadDriverPrivilege	3244	WMIC.exe
Token: SeSystemProfilePrivilege	3244	WMIC.exe
Token: SeSystemtimePrivilege	3244	WMIC.exe
Token: SeProfSingleProcessPrivilege	3244	WMIC.exe
Token: SeIncBasePriorityPrivilege	3244	WMIC.exe
Token: SeCreatePagefilePrivilege	3244	WMIC.exe
Token: SeBackupPrivilege	3244	WMIC.exe
Token: SeRestorePrivilege	3244	WMIC.exe
Token: SeShutdownPrivilege	3244	WMIC.exe
Token: SeDebugPrivilege	3244	WMIC.exe
Token: SeSystemEnvironmentPrivilege	3244	WMIC.exe
Token: SeRemoteShutdownPrivilege	3244	WMIC.exe
Token: SeUndockPrivilege	3244	WMIC.exe
Token: SeManageVolumePrivilege	3244	WMIC.exe
Token: 33	3244	WMIC.exe
Token: 34	3244	WMIC.exe
Token: 35	3244	WMIC.exe
Token: 36	3244	WMIC.exe
Token: SeIncreaseQuotaPrivilege	4244	WMIC.exe

Suspicious use of WriteProcessMemory 36 IoCs

description	pid	Process	procid_target
PID 2320 wrote to memory of 2632	2320	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe	94
PID 2320 wrote to memory of 2632	2320	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe	94
PID 2320 wrote to memory of 2632	2320	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe	94
PID 2320 wrote to memory of 2640	2320	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe	95
PID 2320 wrote to memory of 2640	2320	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe	95
PID 2320 wrote to memory of 2640	2320	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe	95
PID 2320 wrote to memory of 4840	2320	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe	96
PID 2320 wrote to memory of 4840	2320	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe	96
PID 2320 wrote to memory of 4840	2320	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe	96
PID 2320 wrote to memory of 4872	2320	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe	97
PID 2320 wrote to memory of 4872	2320	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe	97
PID 2320 wrote to memory of 4872	2320	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe	97
PID 2320 wrote to memory of 1856	2320	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe	98
PID 2320 wrote to memory of 1856	2320	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe	98
PID 2320 wrote to memory of 1856	2320	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe	98
PID 2320 wrote to memory of 2928	2320	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe	99
PID 2320 wrote to memory of 2928	2320	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe	99
PID 2320 wrote to memory of 2928	2320	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe	99
PID 2320 wrote to memory of 636	2320	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe	100
PID 2320 wrote to memory of 636	2320	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe	100
PID 2320 wrote to memory of 636	2320	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe	100
PID 2320 wrote to memory of 1488	2320	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe	101
PID 2320 wrote to memory of 1488	2320	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe	101
PID 2320 wrote to memory of 1488	2320	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe	101
PID 2632 wrote to memory of 3244	2632	cmd.exe	108
PID 2632 wrote to memory of 3244	2632	cmd.exe	108
PID 2632 wrote to memory of 3244	2632	cmd.exe	108
PID 2928 wrote to memory of 4244	2928	cmd.exe	109
PID 2928 wrote to memory of 4244	2928	cmd.exe	109
PID 2928 wrote to memory of 4244	2928	cmd.exe	109
PID 2320 wrote to memory of 1500	2320	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe	117
PID 2320 wrote to memory of 1500	2320	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe	117
PID 2320 wrote to memory of 1500	2320	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe	117
PID 2320 wrote to memory of 1500	2320	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe	117
PID 2320 wrote to memory of 1500	2320	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe	117
PID 2320 wrote to memory of 1500	2320	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe	117

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
"C:\Users\Admin\AppData\Local\Temp\442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe"
1⤵
- Enumerates connected drives
- Suspicious use of WriteProcessMemory
PID:2320
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /C wmic shadowcopy delete
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2632
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic shadowcopy delete
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:3244
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /C bcdedit /set {default} recoveryenabled no
  2⤵
  PID:2640
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /C bcdedit /set {default} bootstatuspolicy ignoreallfailures
  2⤵
  PID:4840
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /C wbadmin delete catalog -quiet
  2⤵
  PID:4872
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /C vssadmin delete shadows /all /quiet
  2⤵
  PID:1856
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\~temp001.bat
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2928
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic shadowcopy delete
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:4244
- C:\Users\Admin\AppData\Local\Temp\442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
  "C:\Users\Admin\AppData\Local\Temp\442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe" -agent 0
  2⤵
  - Drops file in Program Files directory
  PID:636
- C:\Users\Admin\AppData\Local\Temp\442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
  "C:\Users\Admin\AppData\Local\Temp\442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe" -agent 1
  2⤵
  PID:1488
- C:\Windows\SysWOW64\notepad.exe
  notepad.exe
  2⤵
  - Deletes itself
  PID:1500

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
PID:2292

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Windows Management Instrumentation

T1047

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

T1070

File Deletion

T1070.004

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Inhibit System Recovery

T1490

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PerfLogs\.zeppelin

Filesize
513B

MD5
697c72ffb7ec6735e26df49a79e5b5d0

SHA1
c4ed40267131787793a7e559fb57bbcecfa9edf4

SHA256
f9af0de53584a474e4d664c9e9463bcf42832e4498aff5f9c0ee3acd8db73862

SHA512
540fe00d5e09241ba6488cfdc7011e4a71afa2a1056b0b5b3cbd2f3c7afb6b0dc01acd6e73a5d352f5d9f94d802131a6d6f3d1ea664c5e4a0f8cb739d102f6d6

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\aic_file_icons_retina_thumb.png

Filesize
65KB

MD5
87236719184ffbfac9f5c34420864f39

SHA1
979ab5a4023b16d5a40f25eede13c3c4025b062c

SHA256
78c1d5c3c53717346fce566854904692e0b50bd44d8a135c1e4affe01d2223ad

SHA512
c06966d3ece1cbe5d56d337e8f7cee193a72c4c0e1cd0e2000549719aea0651dccd4dfb8717ba6804a1f12c7f09a6501b49d6377851ec10ffa466b28013fbf45

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\hi_contrast\aic_file_icons_retina_thumb_highContrast_bow.png

Filesize
52KB

MD5
c03e9c1efd1b212e6b10645912b79a8b

SHA1
3dd127db184ee9afd832ae023f370778c02256ae

SHA256
c0ef72aed28dbb3deef66d24a9415bdd9592b19612875862c4c121151612b2a2

SHA512
171d7660f2c96796dcf3c55064ab44ba4b5901fbd291cdad1d76da1cf3f76f8a82c3956a19914a612ce175c7c1b7e06679dad539882f0718a778026f80d78038

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\hi_contrast\aic_file_icons_retina_thumb_highContrast_wob.png

Filesize
52KB

MD5
cbdc282eb876c5c578d0de5d44310d55

SHA1
92a555aaaa7a2aa528e0935cb46c048cefbd1d34

SHA256
5c6d2145e1af8f08acc8f85ea479ceccfdfff1bd5c804a380277e8aa2d38a853

SHA512
76b23dd00c98595c81a04fc7d1372d175aa2490733e3a879f9dd4cf253f116355090fd2850e03355ae78585be3ddcc243ec23b7024f48108561d4cb02893ebe9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\en-il\ui-strings.js

Filesize
30KB

MD5
58152de3520bf060018fe799b58b9c44

SHA1
e50a38d512fd59bf38d6eef47c5704f75d3772d8

SHA256
bc8cbc5dcec9573b5be0bde06bf6d4bf0c8ff53f2ba4403f5600b5156dcc00aa

SHA512
165a82dec281ab770776526cde38d7b64beea6f6f2d80596a3f73e591bdb79b13729aefe91b55770417467a7132876dc51f29ea57439ec57613e016dc401fdb3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\fr-ma\ui-strings.js

Filesize
35KB

MD5
ff99fbe57be321fcc4ff583c9093c35f

SHA1
7e41cb831711612e99f0f5b13787ac07294219f2

SHA256
fe34b9a9f74326252d5c2731a9553e676314c50eb15d0a88bc489cb941137916

SHA512
fd7ea54eb9057a268163e699ebdaeb1cf54306b0cfe028bf647af824f613a38899f61f0e2fd8965513b779decda49533dbefb2e17d9835799b476f61e76530e4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\en-il\ui-strings.js

Filesize
10KB

MD5
886b1823fb4a4fb972abe1b3cedf1ed5

SHA1
0812e2260f576d6c9b7b0d936722c3af919cc5e5

SHA256
affe0e20d44714159b62769dec8d0a40c718323ee8e51f397b472822da5a9829

SHA512
8c640090b6ba98273ed3d1dfe098ead4d581abb00a444dc9c8e6eae5647302b7e270582333e9dc99ab009d192ac39c52edd71e2af42a1c0ae84ff81939577c10

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\fr-ma\ui-strings.js

Filesize
11KB

MD5
0bef80dd3b548999e4346635ee4b076c

SHA1
9e448a3dd26d7b78952c6224e38a25fcd5e2897e

SHA256
6196d343485c7be3355dbed966747eabedff3127460dc3a0f19263fac1e855d0

SHA512
185819bef3eb9f48b55b36b0b5722fafaacab73b2e2178b1db242e2bcf1bb01f685143f8900bb5e0ea09bbae30a4fc71044a9403988a05fa24f35ed938fcfcc6

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\fr-ma\ui-strings.js

Filesize
7KB

MD5
04e86879766d2f988ec934d52e23ea22

SHA1
7160749610f5f227d797dc3ff10a3f4ab71d526f

SHA256
ecd200b7d38657107dfdaa54de0089be907226ea6800baec977fb7bd8437cd41

SHA512
07447f67a0b561c03c16e3130b2e0c056a2607a530df42bb4317ae74ddae94459e36043c3723a1997a7f80afdc65909abc0b2a4c8d3bcca13261ea827929de59

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons_ie8.gif

Filesize
10KB

MD5
325bb9ab3d11fcbd06d636ee38087a00

SHA1
672542416c30384b9e06f833df754d6e728bedde

SHA256
da63f5789f64944565f055051e9939882658220633c63c6fb0780d236d8bd7a3

SHA512
ff2953341cd38106d2a2371ece2a1d57aab95b4aa1fe9dabae6ce7d7cc975092be7990d60eeb656894182cd9e79905779c028134daf43d10cb8998434a47c840

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\exportpdf-selector.js

Filesize
176KB

MD5
01464a36246cced040462d10179f1bef

SHA1
52850127a3523e8b94533d45ec49e069551f5add

SHA256
3763234f04948fb8fd25579c81f795d78d5407b3ca278666677c7b66921b0f19

SHA512
d8bb55944224ba096833b2cc61b0942cc4a75bf21bc354a080493912a2c9f6e9fa0afc406a7aeb35563a5f6e0f746f79a84a74662e8c841f64e624ba886f7b08

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\rhp\convertpdf-rna-tool-view.js

Filesize
378KB

MD5
45ad82e3a9a0236a2dda053626e8694f

SHA1
f2798bc710bbfc95aa528f1b7cbc4ad0d7116fbe

SHA256
79a5dc06ed7425921046b6f1576940757acf02daff10719643d7efa0bbfcb305

SHA512
c2fadc42d953750373ceef98ccd832d530b09de8ba4a341a54578504f78f41c8eafb8b97db17849bebb6b7b70ec0a491e82551624b795ab4f2f628876ccb3bc8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\rhp\exportpdf-rna-tool-view.js

Filesize
388KB

MD5
05952c090878b1a8d3dcaf4ca5550e09

SHA1
20ad7ca5eff49d5ef7412d90999d45315411f2e2

SHA256
2c1c8cb42d2892c83fe3b73bd8e911a64bf0b7ff606935731de7a4e1e1283fc3

SHA512
36da6cb7b5b37841d71acccfbe6d9e356ce76f52014f8539822a42a5e260de2d88365e0cf1c69b94fa6a52f9d1474a3d6f7edfe21afdca416666134545d15877

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\en-il\ui-strings.js

Filesize
11KB

MD5
70e6b8b62b03372e21fa58b4b6436caa

SHA1
0cd1e8cd0e61c53a307e5adc3da78826a8aa9401

SHA256
81634a5b9e38e902ca3ab425a54591fcc430b743ce8e066a0c7601dc762534ca

SHA512
a6c00c1aadcc1c9754fc4a1b7497a7205d307620dcfe900fdd1f223692702f90be08c1f3e31b2788393216c29551caf835c3708d7a4643b7f3884c29a9453f74

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\fr-ma\ui-strings.js

Filesize
13KB

MD5
4965e5471229e7f0042714f0118e3dba

SHA1
f2e9f70be594f7df32ec926d16402e9e3b38719d

SHA256
55af8726fd6ac7a31f0f670c539b7e3223322f2d0996b8310ce03af74f709270

SHA512
2df780d6ed3e274995f83af1b4476fc5146bafe38e83ad1dbbd315b60057cbd469564daf3746d2f452fc137bb869828abcac0e15cbe339eb5b6cb12f1fa74041

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\fr-ma\ui-strings.js

Filesize
7KB

MD5
6207ed079019eb31eff6755434a9f9a2

SHA1
bd9e0a7e024b5ef54bfdf5feb50042f22104d9ce

SHA256
a279a22427c46da3f484d6fb934542cf6ff77f902144a0475ac2f74c8ca5708e

SHA512
5bff36f1698986f417e98fea0d4e28ebac8bc16276b51978efbba5d1e1ade53c37e4655540100fb8926fa7db5e927a1071793849488a62ef56419135154e6cb0

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\MobileAcrobatCard_Light.pdf

Filesize
382KB

MD5
0189fad5675d1f9e6ba89ad3c47172c3

SHA1
c4330c4803a382cd8683a91330ab4eecb6d991e8

SHA256
c152dd09338dca85622c85c1c1b2e558bfb14aa5d6811defbfb098e9e86e3bad

SHA512
71c8e5fa63c5ea4453746781fe53bd22cc9b4b26b7e3881a1e32e17a17ff1039a706b731f580f1be670b57534e43c11846650738250ec6ea1be51f6856db1a33

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\MobileScanCard_Light.pdf

Filesize
56KB

MD5
4bde4c525958885dd0eb02cc4db7537d

SHA1
442fb7449e2c352c8502a3d96a7d896c88224274

SHA256
686c01fe059889ebd2df4fb5507702c2ee43fe3b253a03363b425101a266a9e6

SHA512
597995798981bda573ad24049a70ef87f61e71cc6e98c4c8e8e26844a6e1c9c400a4d9e8e345befbad66577f51a76f2e14c762298a02563dfc1fb2c46da38b0f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\en-il\ui-strings.js

Filesize
15KB

MD5
d3c0bf544c4d87aa80c2784252efde83

SHA1
54756f283d3fb54d3e98640278b3eb94850f1edd

SHA256
94f16ba82c41ac88d04bb64b6643bde07cd1ab12f7406e5d2d0b26401e9e49b1

SHA512
2de11b0c99e4f6317a2bcbb3782c11c64b72d48e34cd58f14ea35d216a957feaf7f1fd3e39a0e202f40dfc9496dd8ab041c5374d6124064797e720abb1bbb010

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\fr-ma\ui-strings.js

Filesize
18KB

MD5
7c37929470dbe5b7dec508d563e9d129

SHA1
c19e93334fb86f9c9ad4491442276fa6c4ac1219

SHA256
f465f56fea3e1571d58c095a8662609a3b723bce36db7ad9a50815043cf9a781

SHA512
eee87d2b7967d1401f9d9fb177e25ed272478e4db43bc2e42931320c09b642c25297ac7fa0561270392a89b69724e858a5f063ae3b0f24bb39cfa29800c46f76

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\en-il\ui-strings.js

Filesize
16KB

MD5
03472c5d2f26344d1f9ee8c2c45330b4

SHA1
8449ac4bdcdade96df30fe2bb29ab57e6ee55ea3

SHA256
b70bfdd0330aff97308e46b9fe58ae80ecd70dbd20d37a11efa220874965f515

SHA512
4ee37db953fc6930785c78f6204f97f9baf4c6d7001990b179b395734f76d807fafabe309292ca7b2c6a8937e849cce274823f8b5e2ad888c0d98ae841536944

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\fr-ma\ui-strings.js

Filesize
18KB

MD5
80de28ce243a4af840c6d79e88ca5ddb

SHA1
ad9ce795ec6f7068d9c6f6e677682efaede57e7e

SHA256
515f96f255d4e130c4fa06c3ab8c8baf16de14e3b4d02e120db8f8961dfbb111

SHA512
ed355beeedea623bb3bb6972e89fb08ff154e68e0148a4401fc9e90f3f1e61cf9bdd3156b502f66bbb04740242c79d0b01c9670d44c1ec11e1e77c5bb5d699e6

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\en-il\ui-strings.js

Filesize
10KB

MD5
cea5660b27f4f5b4a97df9ddd998fb71

SHA1
c3d2ec310a403e862e8a292af9dc541363875672

SHA256
1a106fb6e0a662fe9c0d82c3d955701c5e8c6aabfe6bc2194feab45676fbdfbb

SHA512
bec5467ff9e2ff050ab8fdd68373928277a3e249809adb318dc948c8969f5b5309152080abd715cdc0f72710f7faf42095e48f37cf872c36c249f90fca2559dc

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\en-il\ui-strings.js

Filesize
16KB

MD5
b627b1525094bbada78ec589397367e8

SHA1
182e4b7be21045e100ff641a4df22c4a39188ea4

SHA256
9eda0bd6a79a36500ff9ff64163b5983c48936a4f0c46d81acd1c612e92c0093

SHA512
74710b96f1964b4aa9fcd2a8489c0d5c553897aa0394a6a6a85c4d50a088467bc2e617305eb1b61712b4c01e028a4301ac4d8183957ab04beb5167c51f32079b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\fr-ma\ui-strings.js

Filesize
18KB

MD5
44d658aaa42c1ab53c5309ff1e33b77b

SHA1
b19c3cbdc930cc4d6ae6a48a45659f371583d4cc

SHA256
b99d920487b4ff062072aa1646240bbd8131dde369e420d9b94963da128f2665

SHA512
50cbc86245324d1446e2e829646e35330df2284d42bb2661a8af70dad26089ec87084dec9101c782b570ce784cb5269ab797706078d827095f9e76faac46ac22

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\en-il\ui-strings.js

Filesize
16KB

MD5
b2aaac12d3a8728a5fd13cb79cfebed8

SHA1
78fab5059dfcc40acf6c08ec8a4ea6ff0d54472c

SHA256
bdfa067cb26aa1d43d56df83782d096820d7f4f1f9b2d5491c293511d92a7ce9

SHA512
90c7e584b11d280959caeb3d18c5c9573a19614b44ba5bd19f3fa3a3b0ece0058ef679a173c417866ff77a603ffcf36198db24856b389c739a4f176b51243547

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\fr-ma\ui-strings.js

Filesize
18KB

MD5
7b8780a65c996829b2fc15b32cd34fd5

SHA1
c67fc0efbdcb2b348cc5c8b570c7f1eb57043fbe

SHA256
b54e74a6165c370a251513b06d8605f49249eca3cdefb48b58708a89be4f9661

SHA512
28a140f3bef27ca761329a509c097ca82a8e62e1b2a117d70c38c05cf1a1e4575f01ebaf34eedea44526f6822da282e3b6bdd3ce3ae25c684f35426dd38b076d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\en-il\ui-strings.js

Filesize
20KB

MD5
90e4edd9f8d635fcb666e5952322e206

SHA1
1130ead8f6ce0946663669f5ded76f410db54351

SHA256
f3a4ef4f5764821907e97f0ed72af751a48d055d5cec996629bdd0ce05a1a7bc

SHA512
eb79f030151a23430c091b374e686327fe38cc93ba5daad58ebd99ef2b84df629a1f1fbf72602ebce68b37f06a1105e58cc3875c10f4f8ca224b766c041d4149

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\fr-ma\ui-strings.js

Filesize
23KB

MD5
8e29c0d3bd9b7e2f68d3218de43048c4

SHA1
cd1bde869a9eaa2831f9babe1d3adef36732c4b2

SHA256
1d5b09f2b2be0fce7572f70d69bd644cbeb214d8217c7bbdd9097e95e6ca295a

SHA512
7078d915ba6ddc88c642388598a1f672622ef43b2c885b28efedc5d2ddfde5f2ee0e495c8c243e8b10a19ea4d3c5059a635b023b8a87b93c8c9e7d6dea6510b5

Download Submit
C:\Program Files\Crashpad\!!! ALL YOUR FILES ARE ENCRYPTED !!!.TXT

Filesize
917B

MD5
6a39a67cf6688687c5b15772b3de06e3

SHA1
6873332d9b5a8d4a37ea61cd453920517ad57b20

SHA256
465e3d76f477b1d5341bc26864368128c49dcaec27aaab0377f2563013ea0af4

SHA512
3738e7dcf94c3df4ec4051ce6cbde2aae5b4bed955acfd42da0d424220dc6d5ffdef753f3dd6d7887640be3e70ee017bebb3120122a2ccd4bbd38a370e931854

Download Submit
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe

Filesize
4.1MB

MD5
196ca438b6f95575902979c240ecdbfa

SHA1
f20c4fee51a603977e2d9452967e54ab6f8f79ea

SHA256
d3ef3681c5c66b232c2b2c99352483ce4dd87d8cf1aebe6c0d23e7dd13f65aca

SHA512
484958e7304881eac6c39f03a16e595edd5fdaa5cc0c6e3b8e80907ffa77779fac21ff6b8ffde73bb95a0f5a97139ca01028092c323272d63a6694c9ba513ba9

Download Submit
C:\Program Files\Microsoft Office\root\Office16\1033\PREVIEWTEMPLATE2.POTX

Filesize
293KB

MD5
076d70262b35f530be648587bb7088f4

SHA1
3308f18019d22fd1588958b4370aaa2ae24b0011

SHA256
9e3dc22ed58b964417f4a64be71458c2b0fc017f3b1ccfa2f9c7403fc72c4e8b

SHA512
a86a23a84a456eb9d1ae1c0f12668e286127a578ccce5e772a5764275da142efae1c61d088fcf8958400a3e8d4b55ddc72f1e27c0ac6983aeb919fdedc3aa919

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\1033\osmdp64.msi

Filesize
2.4MB

MD5
40318978a6a4f1b7be7dc71df5f01a1d

SHA1
a6dde4f7f0929cc44f777b1292b657142345a048

SHA256
cbe862752f7bb6e1d502dde982de3fdf2db2f7400ea4252adeacc479310e63b0

SHA512
aa0f73672dc63099d4b4c04d527eafd9cc393a1949d4a9b2abb28bef19970797f7cc1a79ca246ad4abcd4e693e54c5f808a561c8255f4950f19c783c6b325b39

Download Submit
C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\osmclienticon.exe

Filesize
63KB

MD5
5a42a0e375ff6a511fba147b8383333b

SHA1
46d2404e8c3e759e3965c56e768726823c99e5b1

SHA256
969e1b0d7fb97c7e98a8abc4f7f401b616472aaad158c07f31e0c5e720b33ad6

SHA512
6ef1dfc44665467a68ca15b75d718c23c84cc8a2d9b512f098c0be44d998d4a4b325291d84f081ed716e0c43ed377fec52384c1d1f14a6deffcff59abd56c1ec

Download Submit
C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-0C0A-1000-0000000FF1CE}\misc.exe

Filesize
1016KB

MD5
30e7f1a1453d31703dd0646b9fee9473

SHA1
08e725119ae362472091c4dc38fb5eaae914dac2

SHA256
587c1503318c7a82f2b0998b5ab2b93027700d290ce0f8eb82d408986eb621f4

SHA512
94e8dbaad362c5ce9486c138624c432635e1c9632b57f2ba29407ca46d1608a29b905e266d40721e5e69b4891576263cb60f828bda11e9aadb8dfb00e4b3064f

Download Submit
C:\Program Files\VideoLAN\VLC\locale\cs\LC_MESSAGES\vlc.mo

Filesize
607KB

MD5
8059896f453fc6b1e7116eecd4f678ce

SHA1
a3a74ac4c87fb0a17aadf7b97c7129c246fb2709

SHA256
5ef4a932683720efcddcab3b1f35e1924e3f06e4975b44335064cea632edc024

SHA512
7d53ee7fa5d092e44190b859d0fbba9aef73998dca1fdcd0862f5eda62c5f5ac30417632b5c8b0a8a735a2ae5dc3a07553d8e017075e6cf9954c2f66e76c7b09

Download Submit
C:\Program Files\VideoLAN\VLC\locale\es\LC_MESSAGES\vlc.mo

Filesize
612KB

MD5
8411b28db1264cfc40d9e360a6385d07

SHA1
0155d30962bd0598a678951a5cb767bca1fe0502

SHA256
5b31db7e1439f73f1251857c12717bee36c2c35ff66c0892989712d130e534f5

SHA512
722c32e4948193786b704043be4b7394b14de05428ab706b95940d336e69199d1367c3600a7356f537b3918e9ff7ab4ebfac86abb44f11fa3a0dc34c5f0d5f8b

Download Submit
C:\Program Files\VideoLAN\VLC\locale\ja\LC_MESSAGES\vlc.mo

Filesize
674KB

MD5
73b715741227e1991b9f82e2ab4e847f

SHA1
36f6a25dc458af981eda99ddc2594fe1eda99dcb

SHA256
feb558d004bfd28356e65e218d6b6630534e958d685e13a16b7a69f1ed5c2664

SHA512
59ce8a85282edfc74638c032d372192b31b85b26f290b238418362da2b7a6a24407af767eecf0aff5a4cf4dc125d41c6e351e04df0b5de5de2b61c07e3d5aa87

Download Submit
C:\Program Files\VideoLAN\VLC\locale\ml\LC_MESSAGES\vlc.mo

Filesize
1.1MB

MD5
17078bdbbd6932f5507e474b74b37706

SHA1
533e06a4aa149e442e96cb6c1a9450c9eaa92e53

SHA256
ddc5b97472ba1465a29fa840f48731f4267f917b7bde843e900c8377fad1986d

SHA512
1b67d167ac47e7f6289f12b979783ea64e191cc9dcd778b978b99184211728da4c793aa48ecb6e0285ad9209453e9d79a1bbbf94fafd133b0cbe03e347748522

Download Submit
C:\Program Files\VideoLAN\VLC\locale\nl\LC_MESSAGES\vlc.mo

Filesize
596KB

MD5
4e1885bc380e5308564cfacbab538ef3

SHA1
0371d209582a3c952073127ea58d7eed720a4051

SHA256
2b2495e83eb4b00ac6301e3a047a92d8fe3b7d76fb4ad33a8de5a37f7fdc8eb3

SHA512
be247895672e0fef376f3b1a33dd2866222ca5cdc385c5a661dce8da4dcd6e3c572d87bd89c450fa9ccf513583e531daf10c53b8ba82b629dd1f3a0cf5c1843c

Download Submit
C:\Program Files\VideoLAN\VLC\locale\ro\LC_MESSAGES\vlc.mo

Filesize
617KB

MD5
44f1dfb2fe76383dbdddabae614d0f4a

SHA1
03c03d521d9169ccf12187306df3fa22e7a5a581

SHA256
8a2ba47c3526c34e51ad52f3d4c3c3ac6a0bee4e247a09b30b46d7a30f41ac5f

SHA512
46286d8e42ec4ecc0bc6b1cae30217cc649611209c3e7baf518c2b317ee04b4929c32051c400e3fdaca8accc7f69384ae7d6dc1bda4b9224141dde3a22a482ee

Download Submit
C:\Program Files\VideoLAN\VLC\locale\uk\LC_MESSAGES\vlc.mo

Filesize
781KB

MD5
6e4ebda07d54ede0c21ecc6b0ad0eeb3

SHA1
ade9329b01970399df32ff2569845586a8ea7810

SHA256
2588d70c77bec660f6c0f9adb1184cdb9fa315433e5f8dc739161834ae9f93a5

SHA512
36a84b57e14af3da5f6da7c4548e76dcb5dfef9e94bc0933a64e669f1527b5dfbe136a8c7c5c78286a5be422c2cbcff72acff20eda1ec977de9fb41c9c8c0b4a

Download Submit
C:\Users\Admin\AppData\Local\Temp\~temp001.bat

Filesize
406B

MD5
ef572e2c7b1bbd57654b36e8dcfdc37a

SHA1
b84c4db6d0dfd415c289d0c8ae099aea4001e3b7

SHA256
e6e609db3f387f42bfd16dd9e5695ddc2b73d86ae12baf4f0dfc4edda4a96a64

SHA512
b8c014b242e8e8f42da37b75fe96c52cd25ebd366d0b5103bcba5ac041806d13142a62351edecdee583d494d2a120f9b330f6229b1b5fe820e1c7d98981089e9

Download Submit
C:\Users\Admin\Desktop\AssertRename.aiff.80B-732-48F

Filesize
541KB

MD5
84fd8b743eed953d6c7299b5e480dcaa

SHA1
748c0c5f5b3b8dea57979e07848cd4ef73ea3eab

SHA256
049d1b005c2e271298d0abe340d5e6ce1ad4dac90c93c64fa4787ef44d56335e

SHA512
16eef6c8f67acca07653ab96cc3b9b2a6d4bfdcc122b8e53e0a507106ca5195adcdce7c7034c71320216a560806877797feb472e6dc4d9606095e278d63691d8

Download Submit
C:\Users\Admin\Desktop\BackupFind.au3.80B-732-48F

Filesize
522KB

MD5
14cddffe436d56351668d20a0b17924f

SHA1
9b14494b6d89342aa3b76f728b6388c340809640

SHA256
e2869fa1c24b7043b3fb3b8968c7755475fdd30adf0b4bb0dd88bbec35ad16de

SHA512
29fe1a62666c610e651d284fd74fa42b5000b785b05b8fe05b084e473208c8035f574984536c407ea2bd7c2bdceee4ea876da25a48873e808b58c42b273898c6

Download Submit
C:\Users\Admin\Desktop\ClearSync.ps1.80B-732-48F

Filesize
340KB

MD5
8ba63e881de1a264126984e31ab491e4

SHA1
6b7bf41f6949f83e44aeaac4c359667e09c093b0

SHA256
ae0f0dfc763b05cdf4ae5e8bbfdc5ace9cdc045142685fb220f7b65b0eaeb292

SHA512
84e9c3d89cd3ae704d794f6e7b59f7f4abfe953a2e8ee48236fe68b85565b868132a8c3161dec5c400963b189f36b031a2ae12b6f4ba141032e4ca02a94b2c13

Download Submit
C:\Users\Admin\Desktop\CompareNew.lock.80B-732-48F

Filesize
559KB

MD5
5adcb5520c1f3382158c90da6dd25891

SHA1
8aa93b9b0c3127e7b3970f26abe3e6f178eaf255

SHA256
3de98565424e8fd237576757279bd8799a383d1ee0be51b60fb15f565f5e147c

SHA512
90a98adcea65bc86be22459ff657e63e9dcb93a12cd6e9a59d26c541ae48736f04b4c0361481b14a416b61eff04bf2234b63f50f6f68a06abddc3bceaec4e42d

Download Submit
C:\Users\Admin\Desktop\CompleteMove.emf.80B-732-48F

Filesize
431KB

MD5
6291f1656615894f7c792357acf41829

SHA1
bee6f79507b4a0168efd885bc42fdf319efbaac0

SHA256
57c59ed5324e36148de20df5bd644f8e3d049d6e8cbf36260303bbf98f357082

SHA512
ef6c07430cef5ce07f49b2c4b62637097ac7cb13551df5b06218a6b3ee6a63a7844be3c058b7c360ad324e266cf2f7ec87ba7672b0d23b677d77bcdf72d30c9b

Download Submit
C:\Users\Admin\Desktop\CompleteUnprotect.html.80B-732-48F

Filesize
468KB

MD5
7a41c65e85639d41b593f2652ca56385

SHA1
cd96340e5a5bfdb14ec956f5e93212df781251b9

SHA256
eff334e888771b9bb755a1f4b339aeaa5bcdd1b839d4652301b6e23f96621df4

SHA512
b72fb83806e1838eccfa9bcc97771ede7c5f994cd83734b724b39c01cec4a281e894d9f94c50f2ae5bd84c2ffa6b3888ada7999a288db55fb39b0d643b638a06

Download Submit
C:\Users\Admin\Desktop\ConnectRevoke.rm.80B-732-48F

Filesize
614KB

MD5
f4c95b6250b687009385d43131bf1fca

SHA1
66a1ba1a4951e6718fce3468762e36f4a01b4069

SHA256
5461449ed5952db1e13ec185f713783095ef00d8a837a0de7c48e7587229e61f

SHA512
33cbc6ad6206460ff56a208736f367a4bcefb935cfc1455fb2864b97443ca33783703e62fb1c61fba79c38fb8e9a60319b29098b22f9dfc1cce3e0dab150d4d6

Download Submit
C:\Users\Admin\Desktop\EditProtect.wma.80B-732-48F

Filesize
376KB

MD5
8d54a4728aa5df56abf926cb305234e1

SHA1
668f483c9bf4c94f26055982bb8b66d9aa757e19

SHA256
a8ca2c6e4947252b085ae42093b8e9ebf38ee171314e67f9d88e3c69cea7efa0

SHA512
eff7ff450c287209cf8b472ca301312c76f1eead5cbdee9a7d11318ef550ee36d5d5dd23545e52a4906775bc4e4667f5a4e14fe5b5e6bcf8ac6515bf90929764

Download Submit
C:\Users\Admin\Desktop\FormatLimit.ico.80B-732-48F

Filesize
632KB

MD5
d9da5fddb776ba2a8bec970e16e5f9e5

SHA1
43db9c61fbcd165ca5d63a64d81e691755cc0585

SHA256
dda10330e826942aed74c498b63f373391afae35e77bb76ba7329952c255745a

SHA512
0fbb93b3e72e1601853175320a45e41bad7331239474a69d3ef8a36ae49d6182ef6fd64ba38ef5eefdd00f42d7719b666d37b1183fea5e2e9da15f277c6f6c46

Download Submit
C:\Users\Admin\Desktop\GetOut.odt.80B-732-48F

Filesize
486KB

MD5
40074690efa68ad24cc0b8afc4ea9142

SHA1
23f60b6bdee837bac89f3eed493a04e7d45c45a6

SHA256
685aee670a77647e48c4dee4729da5c9f80a9d071eb1a3ffdd26f7ce982eaadd

SHA512
438d3ae49c2906a96483322edd2c3441fd45474e2d49391ab9805cc6874e621699020f610cf621b008d31fce6affb8b1b9a0e5c2621cd6006022c8b91f5308c4

Download Submit
C:\Users\Admin\Desktop\GroupApprove.tiff.80B-732-48F

Filesize
595KB

MD5
5e6217981417c28707b8f360b6cfa7cf

SHA1
3a3479b44980fc4a491905c4b8c353a1d50a0c8d

SHA256
7896a80c31ae2d4e58e0fbdd6111061c1da275146e5ce6ac9b9803dda0d389d1

SHA512
54319568b3fa06d86341d7dcbf5bddaf66a418fa9309f3c7e3daac07727ed6a3164df859b094aab4c757f1cef5e6ce30eed6f6b4fd82a2ae978ec0d4e4107ece

Download Submit
C:\Users\Admin\Desktop\LockRequest.php.80B-732-48F

Filesize
705KB

MD5
707a482cc1a60fbf7818216493af1a7b

SHA1
87bd321bb4410dc6f5bda7fa8644ccb0368bd9d1

SHA256
52584b640d0dc8df7fc5c0fe3c8d1c6fbc582c6f61ac46bd0bd4f5e7204614e2

SHA512
6741f8e5c369ff4ce1d0e9222032bdf538115e8ec374ccc88b8fdb92462cf6cd3fab459629d8ec26de156ce8fed5a23ad53a7c9194f39510b2e045f99e736249

Download Submit
C:\Users\Admin\Desktop\MeasureUnlock.mpv2.80B-732-48F

Filesize
394KB

MD5
bce47aacaa78802f40e41e1bd17d36d4

SHA1
1d2fa34a505a5d77cb0009486db2f6202d563be0

SHA256
7c978c6580d516de1cc64f965a9f3da149e44d0d22011a6f97489e4a6bc5ee32

SHA512
4deae62bba78cd3e13360580a03f184bfd9f095c9e9280fb4d259f470e209982df9377db2ec43079a326945cfd36df0d79fb41c066f0c01e5ccdecaf912eef30

Download Submit
C:\Users\Admin\Desktop\MoveResolve.docx.80B-732-48F

Filesize
16KB

MD5
bf065c19cc66d10b60ce006acf5d9219

SHA1
7bde82f2105920269f7925cce19257735777c018

SHA256
bffea5715530d33d5e24067450e4feb030b35d3af27d59946b4d53cdfdc10e35

SHA512
78c614e30773e7a62daa08d8915c421bb5bcac4a1a5de76dde2a92fec5d531212cd728658dc18562c3d8ad3f9f2a183a56bd546db4ec3b50f951ab72df76bbb5

Download Submit
C:\Users\Admin\Desktop\NewBackup.DVR.80B-732-48F

Filesize
577KB

MD5
9377571262d4cac1df9b8316f3be24f5

SHA1
d20abba06b2f0c05e2c9e7e56c7f436a38e28dbe

SHA256
2e884703580902164c0017ebe08c92244a301039912902add470e0589720f96d

SHA512
55ce3375e74a90fedf10ab98b9d6f9597546658d05cfe5023764483ea0bafd0259a8d928fdbca1f0a6297eeef555f9ba99b40734b2555ab044787464ab35538c

Download Submit
C:\Users\Admin\Desktop\OpenSwitch.html.80B-732-48F

Filesize
668KB

MD5
420a2128edac8f8385e5c0bd431283c6

SHA1
36a16a9efa1bd69b06df51ed4159a460b69d09d7

SHA256
d41b0288acd182aa9a5ec02d37624042218d96bea7d622577905dd54d0fb1016

SHA512
52f3c3cd755d96abecca450cef8ba7ec064f27eb0a70cc4b1c72a1402a1723f4df13339f04ff27c4f9f6b3445ba42cb2da939fd6bc2242ccb4ce5a326a2110e0

Download Submit
C:\Users\Admin\Desktop\ReceiveExit.ini.80B-732-48F

Filesize
449KB

MD5
de60cae60d57e67812aff92e1edcc4a5

SHA1
75af4bf59259e1acbb2d3bb010c1e6cadfeb13e2

SHA256
39ce34ddc2174c1631d1b70629e74cf02687513380386168309297ceb12300e3

SHA512
c29d7197f2bfc45c8484ef757d882264ae76939aec897082ac0517033c8fda5734306a1e217bb6b61822322126c4922a3577cdc77688ad816bdb601ca179c870

Download Submit
C:\Users\Admin\Desktop\ReceiveResume.vst.80B-732-48F

Filesize
687KB

MD5
cf691ce04474598a9712fda81a4f0dea

SHA1
8f16999fd517beb0c8e5eed527b8b3952b7705e3

SHA256
d534f43b49706204067d156f7e63cb94a666c4d4e53209756c46be34069e47ad

SHA512
ffbb0e4b5318bb610ca13d8f629deed0846df6ee8e8d7cdfee714d63583fd92d57f0f0b07a8bd3992aa38c35ec45a62f9cc8d6d5898ec5c4aaa44ce2c52607b0

Download Submit
C:\Users\Admin\Desktop\RegisterConvertTo.xlsx.80B-732-48F

Filesize
14KB

MD5
205264e05d5c8418afff54b3db9458a0

SHA1
599f8f670a9b2aa008c395856caf9d8d64bb0a66

SHA256
04a382f4c952d76a60cf33b6f0f96ceab1247889748194523d8dc1befa1e3a9d

SHA512
9b1efb5332dcba938c79696ef6ec6871d2244e1c77065da40365c237b2da2db4c82ea3892ebaf2cadffdde5f71191f9b23f4f61bba7aaaca3e178adec75d3a36

Download Submit
C:\Users\Admin\Desktop\ResetSkip.emz.80B-732-48F

Filesize
358KB

MD5
1d418737cbfc212df59d2cae97af49e2

SHA1
98f37e2f2cac05c32b6b500c38e2f70d60edf472

SHA256
0821361ab675fb9d74736213748b0082a95bd7bf667f1e30ed99fc98deed0488

SHA512
a3b5c998426dcc633c0c75fd6b7928e880b710e4f4cc20267ec60b1d647ce4b428cbaa8c0d4d0ae4ad35ac2ebafad8d212d8c9ef0148217e163de57002e0e2d3

Download Submit
C:\Users\Admin\Desktop\ResumeLock.vsdx.80B-732-48F

Filesize
413KB

MD5
e5d81a4a9862d0988c877c5777e427a4

SHA1
e8115ce60b727c97c9621de235e8ebacc9a02bff

SHA256
36a4ec01a153c7162e46b69ac53d982629d08bf936b5381043176c258ae28fe1

SHA512
881c2c8d46d0244bd4cb6292dfcc5cc1fbcac31c3c647a2dc87936ce058672968e0edb385f58aa63010812df80276449153edc08ce980765c93a762504994423

Download Submit
C:\Users\Admin\Desktop\SetUndo.crw.80B-732-48F

Filesize
303KB

MD5
7676d83c65645e47f4ad53880805a6fe

SHA1
cb331ec03ce5839daf8abb3635839f0b5bbee338

SHA256
c05456611ade74abdd9d815f40a6fed78a70282929a927d1876dc2fa090a26af

SHA512
8efd50b5d7c171527471375de270284eb265a800fb40ccc6350d00bd41c7a14af1b9fa9d20605675465ea84238cbfac100ad2937cd33a0aa22eab2bf0d629715

Download Submit
C:\Users\Admin\Desktop\SubmitFormat.xlsx.80B-732-48F

Filesize
15KB

MD5
4d2b204afe77a7aa592b07b2000f70d6

SHA1
504fd26ca608af73160ff90c8c2f0fe5d31e5cb5

SHA256
3d29ccc01903efcb949d14ddc3f971fdbdd47119e641e098d72a8716bec39ce8

SHA512
06b7d693fcf5d54e19fc110065099d81f0a0e98382da52aa6c6c4c90517fd5bb318a2dcc68264aa693bc58c410f8a642dd0c4c597a6c7eaa6b24a164415ef3fa

Download Submit
C:\Users\Admin\Desktop\SuspendGroup.bmp.80B-732-48F

Filesize
248KB

MD5
a844b578de7503281a9638470a25b653

SHA1
87fb85815ec9f592818e41e9d81de00d1d372ad6

SHA256
565ea4bb2e3d810ae92bc557125cd3cc0a80336fb2613846173633492fa4977b

SHA512
6a62915ea30ca9a0a6c2ec29badf357ecfa1f8c19f6857836d5cf2852478faee18a9fe11561635f1d5b2e58cb66afd85a7972707d3d672761aa60588899b7d96

Download Submit
C:\Users\Admin\Desktop\SuspendRevoke.potx.80B-732-48F

Filesize
650KB

MD5
2eb247f88c6f01928edb73b307a301f5

SHA1
e0e27a3d6e01aad525661c1f3bd208618a75d69f

SHA256
1a46e1ef5b1b070b42fd79fa4d00b4cb9098ab06a3e1d4037c0973704e02f749

SHA512
8bb01021efb4934890a71f063ccf34864344fe09eb04e32a332cc7f31d56f070db24259dc854caa169ff6eeab930c49bf4a4e6b650fd47dc593762a7b6d52dfe

Download Submit
C:\Users\Admin\Desktop\UninstallConvertTo.xlsx.80B-732-48F

Filesize
12KB

MD5
55e384f33fd5e40f3ef404342770edac

SHA1
4b48978bb4c2e3dbae461b39945cac1bc5d212b8

SHA256
960bdcbaf107fb30650b3106b2c5eb5d4df889078f5495207ac582e1c137af92

SHA512
b84cecb5b9e603b8a768f0fd304a3c513d8eea2f711fca1bb9a93687751108199b5d4b295108435b80b97549df6c71a8cbaf88a0731cbf5a5f248859abfb6eb1

Download Submit
C:\Users\Admin\Desktop\UninstallEnable.WTV.80B-732-48F

Filesize
970KB

MD5
0fd5f6d2f4f98e0febf43c6588c38b19

SHA1
23a7cde52d58718ca432d6ec1c1e0c9f948176e3

SHA256
9f7d844be661f6cd4908c81e557f5e7c7644a8b1af68b0403af9c42571125b26

SHA512
1c24dcab7d32623c1ea4e647dcf25694cdbb9f0caa29a773a3f0f50cfe165527b93540dd37c014aa540a0bc4ab2ad39345b989aca08aaceddeff799cf92ed76d

Download Submit
C:\Users\Admin\Desktop\UnlockOptimize.7z.80B-732-48F

Filesize
504KB

MD5
0d3fccb73d2702f405ba879267857d22

SHA1
24594ba7b07660535c32f15a4167251dec5703de

SHA256
e531f423acba97e1525d5cebb42a1746b17c0c364c356f56ce25234be3384aae

SHA512
382f6c33110d1d6b4e1ed0771d8f85f281be9acad23654cb772d1dd9bd083d690c404102249bdaea7bceb79e8d10d80e8abbbc4a88caa50a7bcc9d5b189499d7

Download Submit
C:\Users\Admin\Desktop\UnprotectPing.cr2.80B-732-48F

Filesize
285KB

MD5
e74231553d56596d7e1bd454b8016f47

SHA1
89eefe08cd2c88c84cb980019f40496fcd854987

SHA256
6acd64ddd3419327dca404a774c547291d3771c5667786b476fee8291f3b8b5a

SHA512
1406784f9dcfe8659f6085a9ae88dc2d525166f1ec64e002bce7fab18fa604871d1a34c9208ef157d405b6fd0c171c523b76c4b7cc4dcc76a200d1c4961f5445

Download Submit
C:\Users\Admin\Desktop\WaitEnter.vstx.80B-732-48F

Filesize
321KB

MD5
4df99efac923bafcdd186562e987aa52

SHA1
a162d51aa9695f0175eab3b7c4ee0287d3481777

SHA256
335bdc3942959a6ead030365cfb119498acd17d3f2c12b48b31869d5e2f923f5

SHA512
c9f055f4ab29ba0a2b0b06786524207166ae725253b2ab68e9c4a46abbc8c9ef504487c2953678e4cb1b2c7ccc814ee45b9b76f028668b3539af6cdb39977002

Download Submit
C:\vcredist2010_x86.log.html

Filesize
84KB

MD5
be628b174de575acca7ed124d0d0d76a

SHA1
259bca4303f37c1ee44186c50ac96dbfb1acbd93

SHA256
4357480c69fb53e402ff9ff1b1d497cc726c2ca8253a0eff6a0f3f3d4beb82da

SHA512
a5134480744b21519539f73b1ed7ef4a6e061e65aa820f62fbffc751849cc0406313fc94f24ce1ad2c74f307a4e422c5e75214327c20c049870a2c8ead514f11

Download Submit
memory/636-26051-0x0000000000A80000-0x0000000000BC1000-memory.dmp

Filesize
1.3MB

Download
memory/636-19618-0x0000000000A80000-0x0000000000BC1000-memory.dmp

Filesize
1.3MB

Download
memory/636-24338-0x0000000000A80000-0x0000000000BC1000-memory.dmp

Filesize
1.3MB

Download
memory/636-4411-0x0000000000A80000-0x0000000000BC1000-memory.dmp

Filesize
1.3MB

Download
memory/636-9427-0x0000000000A80000-0x0000000000BC1000-memory.dmp

Filesize
1.3MB

Download
memory/636-12931-0x0000000000A80000-0x0000000000BC1000-memory.dmp

Filesize
1.3MB

Download
memory/636-15082-0x0000000000A80000-0x0000000000BC1000-memory.dmp

Filesize
1.3MB

Download
memory/1488-25-0x0000000000A80000-0x0000000000BC1000-memory.dmp

Filesize
1.3MB

Download
memory/1500-26082-0x0000000000ED0000-0x0000000000ED1000-memory.dmp

Filesize
4KB

Download
memory/2320-3296-0x0000000000A80000-0x0000000000BC1000-memory.dmp

Filesize
1.3MB

Download
memory/2320-20-0x0000000000A80000-0x0000000000BC1000-memory.dmp

Filesize
1.3MB

Download
memory/2320-26083-0x0000000000A80000-0x0000000000BC1000-memory.dmp

Filesize
1.3MB

Download