Analysis Overview
SHA256
6ae43bb6c38e2b1e4da28ffbb58c169cc65668ecaa5c8a5dd50e26c93005b35c
Threat Level: Likely malicious
The file 2024-10-17_98c920685101ef25caae9db5ec186d5f_termite was found to be: Likely malicious.
Malicious Activity Summary
Renames multiple (8462) files with added filename extension
Renames multiple (8684) files with added filename extension
Possible privilege escalation attempt
Reads user/profile data of web browsers
Credentials from Password Stores: Windows Credential Manager
Deletes itself
Loads dropped DLL
Executes dropped EXE
Modifies file permissions
Adds Run key to start application
Drops file in System32 directory
Drops file in Windows directory
Drops file in Program Files directory
Browser Information Discovery
Unsigned PE
System Location Discovery: System Language Discovery
Suspicious behavior: RenamesItself
Suspicious behavior: EnumeratesProcesses
Modifies registry class
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-17 01:57
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-17 01:57
Reported
2024-10-17 02:00
Platform
win10v2004-20241007-en
Max time kernel
149s
Max time network
122s
Command Line
Signatures
Renames multiple (8684) files with added filename extension
Possible privilege escalation attempt
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Credentials from Password Stores: Windows Credential Manager
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Termite.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Termite.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Payment.exe | N/A |
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Termite.exe = "C:\\Windows\\Termite.exe" | C:\Windows\Termite.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Payment.exe = "C:\\Users\\Admin\\Desktop\\Payment.exe" | C:\Windows\Termite.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\system32\mswsock.dll | C:\Windows\Termite.exe | N/A |
| File created | C:\Windows\SysWOW64\mswsock.dll | C:\Windows\Termite.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial1-pl.xrm-ms.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\Fonts\private\ARIALNI.TTF.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Yahoo-Dark.scale-125.png.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Transit\contrast-black\SmallTile.scale-100.png.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\next-arrow-disabled.svg.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\sl-si\ui-strings.js.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\Library\SOLVER\SOLVER.XLAM.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2018.826.98.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraMedTile.contrast-white_scale-125.png.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Square150x150Logo.scale-200.png.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\LTR\contrast-white\MedTile.scale-200.png.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\next-arrow-default.svg.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\it-it\ui-strings.js.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\chrome-ext-2x.png.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\themes\dark\s_checkbox_unselected_18.svg.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-white_scale-140.png.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected].Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.contrast-white_targetsize-36.png.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\Locales\or.pak.DATA.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp5-ppd.xrm-ms.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-white\SplashScreen.scale-125_contrast-white.png.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\nb-no\ui-strings.js.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ink\Alphabet.xml.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Grace-ppd.xrm-ms.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteNewNoteWideTile.scale-125.png.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\Doughboy.scale-100.png.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Assets\AppTiles\StoreAppList.targetsize-16_altform-unplated.png.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\fr-fr\ui-strings.js.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\WordR_OEM_Perp-pl.xrm-ms.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\Square44x44\PaintAppList.targetsize-16_altform-unplated.png.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\SmallTile.scale-100_contrast-black.png.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\GenericMailWideTile.scale-100.png.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\id.pak.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_MAK_AE-ul-phn.xrm-ms.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\SplashScreen.scale-400_contrast-black.png.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\pkeyconfig-office-client15.xrm-ms.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\AppPackageStoreLogo.scale-125_contrast-black.png.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\nb-no\ui-strings.js.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\lua\intf\modules\host.luac.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_x64__8wekyb3d8bbwe\Assets\NewNotePlaceholder-light.png.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-36_contrast-white.png.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-white_scale-100.png.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\AppxBlockMap.xml.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\Background_Cliffhouse.jpg.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNotePageWideTile.scale-200.png.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\AppList.scale-100_contrast-black.png.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\Functions\Assertions\Contain.ps1.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\SAMPLES\SOLVSAMP.XLS.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCalculator_10.1906.55.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\CalculatorSmallTile.contrast-black_scale-125.png.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Lighting\Light\Silhouette.png.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\MSInfo\ja-JP\msinfo32.exe.mui.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\README.txt.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Functions\It.ps1.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Advanced-Light.scale-400.png.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxApp_48.49.31001.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\GamesXboxHubLargeTile.scale-200.png.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSectionGroupSmallTile.scale-100.png.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxA-GoogleCloudCache.scale-150.png.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-48_altform-unplated_contrast-white_devicefamily-colorfulunplated.png.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-60_altform-unplated.png.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\zh-cn\ui-strings.js.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\lib\images\cursors\cursors.properties.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedMedTile.scale-100.png.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\onboarding\landing_page_mobile_download_v1.png.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\FileExtension.targetsize-48.png.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\pt-br\ui-strings.js.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Termite.exe | C:\Users\Admin\AppData\Local\Temp\2024-10-17_98c920685101ef25caae9db5ec186d5f_termite.exe | N/A |
| File opened for modification | C:\Windows\Termite.exe | C:\Windows\Termite.exe | N/A |
Browser Information Discovery
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\icacls.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\takeown.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\icacls.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\Payment.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-17_98c920685101ef25caae9db5ec186d5f_termite.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Termite.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\takeown.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Ò»¹·âÉñ | C:\Users\Admin\Desktop\Payment.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Ò»¹·âÉñ\DefaultIcon\ = "C:\\Users\\Admin\\Desktop\\Payment.exe,0" | C:\Users\Admin\Desktop\Payment.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.Ò»¹·âÉñ | C:\Users\Admin\Desktop\Payment.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Ò»¹·âÉñ\ | C:\Users\Admin\Desktop\Payment.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Ò»¹·âÉñ\EditFlags = "2" | C:\Users\Admin\Desktop\Payment.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Ò»¹·âÉñ\Shell\Open\Command | C:\Users\Admin\Desktop\Payment.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Ò»¹·âÉñ\Shell | C:\Users\Admin\Desktop\Payment.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Ò»¹·âÉñ\Shell\Open | C:\Users\Admin\Desktop\Payment.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Ò»¹·âÉñ\Shell\Open\Command\ = "\"C:\\Users\\Admin\\Desktop\\Payment.exe\" \"%1\"" | C:\Users\Admin\Desktop\Payment.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Ò»¹·âÉñ\DefaultIcon | C:\Users\Admin\Desktop\Payment.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.Ò»¹·âÉñ\ = "Ò»¹\u00ad·âÉñ" | C:\Users\Admin\Desktop\Payment.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: RenamesItself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-10-17_98c920685101ef25caae9db5ec186d5f_termite.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-10-17_98c920685101ef25caae9db5ec186d5f_termite.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-10-17_98c920685101ef25caae9db5ec186d5f_termite.exe | N/A |
| N/A | N/A | C:\Windows\Termite.exe | N/A |
| N/A | N/A | C:\Windows\Termite.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Payment.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Payment.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-10-17_98c920685101ef25caae9db5ec186d5f_termite.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-17_98c920685101ef25caae9db5ec186d5f_termite.exe"
C:\Windows\Termite.exe
C:\Windows\Termite.exe
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysNative\mswsock.dll"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysNative\mswsock.dll" /grant administrators:F
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\mswsock.dll"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\mswsock.dll" /grant administrators:F
C:\Users\Admin\Desktop\Payment.exe
C:\Users\Admin\Desktop\Payment.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
Files
C:\Windows\Termite.exe
| MD5 | 98c920685101ef25caae9db5ec186d5f |
| SHA1 | 81e52674a6e7eec3e729981ee7d9645b2967c485 |
| SHA256 | 6ae43bb6c38e2b1e4da28ffbb58c169cc65668ecaa5c8a5dd50e26c93005b35c |
| SHA512 | da56143eb84a2b04e9c4c174934e89d7dd2d94e12f41321f87841600a819e9a95bc28dc39fefd39a611c62365a055f2a8e82ebe7c04d55309de61a35ebe20287 |
memory/696-354-0x0000000000400000-0x0000000000601000-memory.dmp
C:\Users\Admin\Desktop\Payment.exe
| MD5 | 9f9bb9ee4952cb514089910e19eac5c4 |
| SHA1 | c57f604e8eca50df40df93a6b0c3d65ab8d3b198 |
| SHA256 | 0c9844f11b7b57547891b3cec86bd3468734a990768dd9f7a9a72cf6a908b17a |
| SHA512 | 8661c46618d0f8454a278d6a4e1b85fd9c9656c2e59feb6851087bfcdb53bba5015ce023cf6d0504dc899ae6fbbd4f413b45228eb2c8eb6965912cb32482d14f |
C:\Program Files\Java\jre-1.8\lib\images\cursors\invalid32x32.gif.Ò»¹·âÉñ
| MD5 | c93fe156f2c4bda8f128ea74928bf3c5 |
| SHA1 | 29af09dccc8317d325eb607b40a37025bc059f33 |
| SHA256 | 007543559c4c1a083eb8d1218f317d24feb4e761513c20ca4e4b9491f2e69094 |
| SHA512 | b99c163a8f8af844765464f2028c7fa016d72403c6dcef0f5b8ffe2ad2dd7a57b9d6f30e22b3cde12ffaff1867adf6dc9f1529833fffd48fd4b896e9f3364643 |
C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_K_COL.HXK.Ò»¹·âÉñ
| MD5 | 0efed70b594d27689d66eef151a48867 |
| SHA1 | 7cfa9199b5ff8d2b8980829b6a48d15bc4a05c5c |
| SHA256 | 25d42f4f793fe9b7f5fc5562da76d814a237cd8ac97ca8eb1f8146c2f0363d16 |
| SHA512 | 173336422b53d828b2a81812f86df6268e0e47f66dba0f55b705b57fefcde4800560840edb60a5f054160c7e6d175f1a093ee92aadd46d41247c1f9c40632153 |
C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_F_COL.HXK.Ò»¹·âÉñ
| MD5 | c79f56c28ce7a4a5f39d1b35dcac788b |
| SHA1 | 32c8d39a5b603acee327b43a6be9bc5f369f0379 |
| SHA256 | 96c863a03d4f96ab35b84ee8a8162e260b3ba773b319f7bebb564254779c521f |
| SHA512 | 42e65f3b57b3468740d0e2bea234b7b1d114592b59b458859cd4e4b55cc4169837285d8fb387c29f7342251c0e76c350d19d743c2ebd628d23dcfda4eb459eef |
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\1033\OWSHLP10.CHM.Ò»¹·âÉñ
| MD5 | 0ec46763fb5aab2186080dc855c4304a |
| SHA1 | d4aba613dc15227732ae70a41b08375c28767777 |
| SHA256 | 9fd113095c1a62c75b5c8e08cb2dfec576be1cdf34dd4afe18ca272f76ad9fcd |
| SHA512 | 0ae82648eddf323172f8a5da8fd1446224322a50641ca73834e529fc568efe790d66d9d8be6d5a6b17bc2df7c43ccb7dd92ca9b06b5b2a70d237fa8fd07d1cc6 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_remove_18.svg.Ò»¹·âÉñ
| MD5 | c6f962afe894a5e050545711f087a9d2 |
| SHA1 | ea08c2f084f13a6d67e101acacdc682728bc4b71 |
| SHA256 | 412f3672daa2813d59ece6326e6ceefa8acf246ba380737b748e44864b69d55a |
| SHA512 | c22fbe21bd44068e297429651006c5440f8829b70879118fe677c9312e7c99b0737aa9aca9d7ed7701dac0942b463b53dbf46240f9674fc816688b8c5149a40e |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons2x.png.Ò»¹·âÉñ
| MD5 | b6aafafd8d4a2161a7b8d7e9f8ebb834 |
| SHA1 | 151fc07474797fbadb405e6593d9e592d4e0b8c1 |
| SHA256 | 5b75136426ec1bb17e20e241a65449e6926d96b0d8079b31df30e07fd0b340a8 |
| SHA512 | 53fe45823aa75b34ffaac5746c0aa0842dfcf0fe29823d8b77bb8ad50a17fb4c6b6aa07e9948c5eefb697591ca317c2e92b43b521a28d544a2a67515e51c3102 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons.png.Ò»¹·âÉñ
| MD5 | 9b1088b3923bfabf181ac36b71c1c07a |
| SHA1 | 9046505b12315e69b91d2410be55046155b31948 |
| SHA256 | 0bc52271ba45cd2630a28d81c88b4af56a5223bdcf726c29eb306b98cc5d450f |
| SHA512 | 87e801d8ac6838e188a197d2793195dfcf17afc535d3d2bb59bdf8956638ba9bd2b6dd19488d196b35067743cba52b96b603a5ce61d75b4b1139f9c28599ada5 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover_2x.png.Ò»¹·âÉñ
| MD5 | e99a48bcd2883210f6a36fc1e4b8b1ee |
| SHA1 | 153a98393da430dabdc96ad50438ca8be4fc22df |
| SHA256 | 7542e1b723b192f96ef4f2f86f83bcfc5be6bc0643144989e4cb6fc2fa57b798 |
| SHA512 | e000b7d3e80eb2d676f0ea5d9ee29af7a09850fd00df23c9625e8a0701eee3686e93fe6c5920e6138041b09d5539042b882e89fb08b8fd30958baabedee6dc78 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover.png.Ò»¹·âÉñ
| MD5 | c125fd04f1256953a4668118967baf13 |
| SHA1 | 57a2196d9e279bedd51a596367c7de7a02e9d7a2 |
| SHA256 | b5c7fb6fcc6a0324ef23608ebb428eb665191f6d36d502768f75a8480801258e |
| SHA512 | 7a7dfaa7554176852a92c5c06542a5eb5d9f36ca0b396ea3527ffe08fbdbe7d59c63347c05010ce508697d4efd67ae390b587239419f16b65791f912d41a949f |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_2x.png.Ò»¹·âÉñ
| MD5 | da26d7cd3a51091e52a62bfb51ad6c16 |
| SHA1 | 81d318e904d2bc9d672daf71b7c089f00879d30f |
| SHA256 | b472760e622ac585dc379120d8ba19502b19add1eae23c84a891088bdfe49332 |
| SHA512 | d639ac6ba4cc3c475e63c73167a87c2e77d04aeb597bc9728dccb20eedc8a227ee2bc3818fe49e07707f473be288979637700deb97b4d77ec908618fdc7c79e6 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon.png.Ò»¹·âÉñ
| MD5 | 22a6c02d39a83089a48f1c1fa04a43ff |
| SHA1 | 61552aba5ec65a1e870c6b844113d7f4c6a4e8d9 |
| SHA256 | ba5e1eb07e92ea1ad9f6ae2447aaa4a0eb7e882c736b890bfa3441604b86e714 |
| SHA512 | 4fe1442c520bb506d294f283d8ff648e449e31980c1d6c09e057dd1b044cb01cdc4be300f0d171d0ed794c770efe32cbc86273e8a1c7a0bd770138b9c05018cf |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon.png.Ò»¹·âÉñ
| MD5 | 5da29711b8cb26ca1b19559b04351e0d |
| SHA1 | 8bee6801b3414b9edc89aa363be94f7b16350383 |
| SHA256 | 91d5782029a48fe45d7b5dbf9d6bdfe83cb2f69dfd9886ecbe63da1159ea3899 |
| SHA512 | 7b48e83083a266d57f015309cdda38651ea88da31382d08b85b401e279887c4757be94b28a61d863920db13118286162e004ded96cd2f762bb7420674cd749d8 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png.Ò»¹·âÉñ
| MD5 | a5b0793c079f0c347bd3c8e26dd42edc |
| SHA1 | c2e59ef8e26f691e72587cfe3605edda2395d095 |
| SHA256 | d2de4ae95afb13d76af4cdda4bd1cf5f8e1d92091e21b1aa2f27dccc44eca633 |
| SHA512 | d7377ec8942b63de4b5cec55ca3e07b0fbadfa6f183425b6d96f1de0729fbc5cc3498f245098a549a70238649930e8bc561aa9074649a2fd168276a6d585c564 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png.Ò»¹·âÉñ
| MD5 | a28159f64935ef1d43a6606056881bd8 |
| SHA1 | 764a086353c9cf10713c47fe702d03f983b8bd23 |
| SHA256 | 090c0488f61ccf3244291e9c8485e3d4741dab70e523bd1f45a45d4118a755a2 |
| SHA512 | acf9db7b8a6b08af35651ab21329cc91fd4645c118884b7167c69df1f157c3dbd942edf49a4b7e0ba9454595fe7cb3f86c6205aaaa64966a42abba702bba70f3 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png.Ò»¹·âÉñ
| MD5 | 05ddf927d98df8c748dae900361de271 |
| SHA1 | 382d240eabbcbf0241e0fa0c20b33558f5e8f9e5 |
| SHA256 | 4cf6860495598aa49b5112ca4dfead03ccdf057a8e431900f91de103c944b0e6 |
| SHA512 | 85343515515ce657e6113ce9ca51efe4917550d247d558bfd97eaf61c3ec91ff34a89f5535357ad0457719933fe372b7c3471b192944703ac68e777fc2478cbb |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons.png.Ò»¹·âÉñ
| MD5 | 0fcde060cd16bf20bf7c8e95faa9a181 |
| SHA1 | 0df04490a7bb420a00ed512403aa97e65a2352f9 |
| SHA256 | 2b50186d24b3caff1cff14f33e7edc3e3632eed09cc4e53ecb7d6dd9b8a21eeb |
| SHA512 | 9967ff5b57d156e5a1340088fe4fadccfe168889367a55165e5b478000aafdb45006ff4b6b39c5f35891e2d50fde69e25dcbcb42b34b9b12e2a4613dcee53eed |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_ie8.gif.Ò»¹·âÉñ
| MD5 | 20bb6c4f81d794cb6e6cf1342711e2ba |
| SHA1 | cb2b2a04a5b6c13f09b776cc32ebe8d06661e64d |
| SHA256 | 0490b069c48f652c2a5154eaee3a0cee90f4c319fbd8ee1ed331e06e18cae8f7 |
| SHA512 | 627f84b7a37bad2ac69588256f50bb7aa37a4cd2e9e06ba678c256b0fc4710dfabe600d3fd5e43265e0de0b3c938467da8d663d2422fcca08909561470acdf8e |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_retina.png.Ò»¹·âÉñ
| MD5 | 29e6275690ba501cf56758850e91becc |
| SHA1 | 9a0dcc6c22ada134568175ffc6a211c68ec473a0 |
| SHA256 | c62152d404cd561a5f7b36f0c615d6a9d8cd76c6c3bafa9c048f24dd622d0f33 |
| SHA512 | a690527cabc96619f039e9db9ad502463bd80199d20f4546fa4fc56b7d0ce6c5b5000c64596299587bbe34b43bfdc8827f932ddee77bbbd0e52ff2318dc80e81 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons.png.Ò»¹·âÉñ
| MD5 | 3342686df40b08c2cfb26774ebc318ec |
| SHA1 | 3425798c14d976ce327a99ba0a23931360d17307 |
| SHA256 | 143752560676dc1c100743be0460192a20ffdb2075129c195c55f4afa0da1722 |
| SHA512 | 5280829dcee020672c474577725076c422607aefcf63d30915060d61af9aef408505cdd21461c565573a854f9ce6de60e79f901404b756886c8eba9cfb3c27fa |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons_retina.png.Ò»¹·âÉñ
| MD5 | ed6934dd3667eff3308cdc2dbfdfdd78 |
| SHA1 | 04e0a1baf3326ba11dfe004af98c1d44a11357a1 |
| SHA256 | daecdabd12f63ff8dd524cff2ca21d76bec4cfc564a0a5e44df60ad6c194a23f |
| SHA512 | 8351744aee9988170ce4933992ff5efc7bf978f016100ca2852e8a52ea51278d3766fed4f4dd1dbc9d01481cacac1556a49b8350723667cc036739d4fc554ea8 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_patterns_header.png.Ò»¹·âÉñ
| MD5 | 139e0fbf1f253446ee597a9c54d537c7 |
| SHA1 | 05381c04788d47c6d8a6063aa75a769f60bb69ab |
| SHA256 | 74c9110c1c3979c1f1cb60dc2f1f6f98789e56d86e8e0a0ed992289e76a1c572 |
| SHA512 | a06f3a1f6ebdeea21f9e76f1aa793de166a938543319efe55b25cafbfe0548582875b9ccad1e63c7c728fe53d99a7482aaa6cf20b6470c407dd4bbedc91b921b |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_pattern_RHP.png.Ò»¹·âÉñ
| MD5 | a4f6e9f18c16512bdf463737f69b87c2 |
| SHA1 | 0c2cb807b9ca29e2efbdbe0c2219898095c60dd6 |
| SHA256 | a3a0bcc4118d9871a2f33751acffc69fdc21318259353c3aa55b10f4b3065dcf |
| SHA512 | d52b489c7ac0c12182cb5dae7bbf64abec133dd0a6ea299b14c14fbfac813610eb469ae1c2a933fb0eb1f10df887afd7d37c38b24de0a05667d6fea0b1840ddd |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations.png.Ò»¹·âÉñ
| MD5 | 47b5d43af7f2876619046cdf6a14a29e |
| SHA1 | 152cac7b0d3af02649e3101555ae18f72b61bed3 |
| SHA256 | cecc29e25138c665c6f32c27d7c82a8bdef8a9c8beb8d88d29b2266ef2da3e1f |
| SHA512 | 7303e3e6be21fa8a24467ebd583e1817545f44faf9d272be92768b47ce1404b5ada58ed4b2ab01097a0b008fdb2b5c81dfd0e568687821b09aab3c63e688c32d |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations_retina.png.Ò»¹·âÉñ
| MD5 | 4eee95a500b36420b130632b48573b5b |
| SHA1 | 53ecc8f6a4dcd635f12858bfc017fefaa3ebfc07 |
| SHA256 | 22292684b127bdb6b0d40b1ba1fb5ce961b577f0bdfe270c118b38e73ac1cccf |
| SHA512 | a2ed8c2b431bf9ae6d2427df991b06021c440a5af361964853ffacc65ca4caa7ee3536eb17236685461d6f2e6735f4797ef2ad240cf6ce0764c2d9b147bf090b |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-gb\ui-strings.js.Ò»¹·âÉñ
| MD5 | cb762782b06780c62447e6b2587f0d4d |
| SHA1 | 53b0ae209078b8cd046ee2318d6656d77ecbd5d8 |
| SHA256 | 91d631942c9ddbedfeac07b7b1c047a79a030f83ab427accd54c838b6646dfa6 |
| SHA512 | 66f056bd24ff04b4b62b7bdab4b6716c60f81fef1a2e83e094821126137cd68c6b884ea15f2d7ca4a0ff967fac76f3fb75724686c93bc122160fe0e3dd782c38 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ui-strings.js.Ò»¹·âÉñ
| MD5 | 206f1c1aaa780e9042af51fb1d93bade |
| SHA1 | 32d2c51acd787f78782b15d79e1f1a5a02fdaf95 |
| SHA256 | 1dfb51f9eb6faf74068ae48d2e15988eaa5517219781610f23c79ef83675a258 |
| SHA512 | d96ac08088b32327e34b16d3a96b386f5e127024ef1eedd19259fdaffaf1dd0d7a28895e9e8c822d0b519c30611adbeea6243fe231ee26272fe370231b463c2f |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ui-strings.js.Ò»¹·âÉñ
| MD5 | ea0fe6b51996c7170d2002fb609e6557 |
| SHA1 | 226eebb545b7f99d894ceed11205b521177e995b |
| SHA256 | cfd8792ff21fea03e7d38cfb3b4356dc62a834119f11678a3e9d869a504e0cb7 |
| SHA512 | fc4dc6f0ac5b0b4327af0651c0227064962a25b3e9a89ee0fb2d6968e330370f7349df2b2583f34f6621a9284888472db28b1a1d0857254a9e340b38a63ce599 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\css\main.css.Ò»¹·âÉñ
| MD5 | fbb902fd7d8cc61af177faece59989cd |
| SHA1 | 6efd288c11bdd1bca73ab099326cce1fd780b791 |
| SHA256 | 456fbeccd401c05aac7ba4f20a3eed41df964365a4e4503aef82acedc10ba2fc |
| SHA512 | 04c9bd0bb0153e48b8d385cdcb2c70791fd1dbff6d29df546864d9df9f7af2b1f113bb7987709f640093c8c6021d7f621be5d30f43e6910c1c3a6e43e3d02e83 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\bun.png.Ò»¹·âÉñ
| MD5 | 98729e9c83d0e473010dd9e94069a280 |
| SHA1 | ddeb711829fc1144886f4078344d89728d12a433 |
| SHA256 | a7138060a4a79f7dab87a70c591d3b6afb932129a470b38bcfef88e573a6a4b9 |
| SHA512 | 1fa6a9dbbc6900239729b0b621fd7f46425b1a21f22bb38acf7fbae792b7320aaadc11e4fcf577c42472e053a5346ef6259e078e89b887015237d1991ff793b2 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview.png.Ò»¹·âÉñ
| MD5 | 45cd5b32f79463e09e35e5a6bbcba59e |
| SHA1 | de534d6320894fcbd38b0e40a41b2c4baa1eafc7 |
| SHA256 | 10a13dd1c760c765c0faa30100bd212cbbebdc74623a6a435791c262354bb6a4 |
| SHA512 | f8484dd47698b76ba399cb0ffe254d1b3985e2d2fbb5c3996cea22ee1fa6f2faa63726897670cfc201a1cf1c0af480ab8849efe5a92d459312b2b42fd88e505a |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview2x.png.Ò»¹·âÉñ
| MD5 | 82a70e0d7cd9576c1a4ade9edc02b996 |
| SHA1 | 5148c3461c18985871e43252544b69c847c5d968 |
| SHA256 | 1343cd889049dfdf6eb0474f672b18f211d0294b5d4f9a5fb470bc730663fcf5 |
| SHA512 | edee7e5497b4db2a408a8b35fcb879cc07a8167bd6babe9f84c26e816ed430376074911b953a10726f0298355fcf8cffd7671832aec1dc6a4f1c91d7536c8bd7 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small2x.png.Ò»¹·âÉñ
| MD5 | 5bdeb18d35a65692f91d1051f64c23c9 |
| SHA1 | 065b509fb8d87255d21531170fd371b13f568c4d |
| SHA256 | d4a74ac2f8c1f89a4e8eb72c89291e9a645071fd77a50be48e942e797a172685 |
| SHA512 | bc27644087e6f0594daf24de3734490278362cab61c91520a2411b4de8a825093fe5752edd1f0761372d462c88d054d272a1b99963fc85173b8b49cdc02ba5a6 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small.png.Ò»¹·âÉñ
| MD5 | 05958eb7c86b05686ee299305a335b8b |
| SHA1 | 8820abd23a33b2b44ff2b6ee63c9e48814529516 |
| SHA256 | 1c0d77d95a164221c06b275ac97d99a8e7332a23f066df9f194dc68078519a62 |
| SHA512 | 8e8c935997cc4dad2740c6505e84135f4fdbac56ac9ff7dbe4e343514e23d262fb22f2d57f51cb5a7dfc3f756c7641293bc9aad9ad93a7e3cd99b23df8852e09 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\nub.png.Ò»¹·âÉñ
| MD5 | 5913b2197f5e3fe13c7aec587204d0e7 |
| SHA1 | d696743f8bb0cdd63c34010fab1c90d465f8e4b8 |
| SHA256 | 896aa7be715e3112bf88ccdb0f4cc2e116bf5dc38c4179de8635f215aeafc8ee |
| SHA512 | d28936f38b7362e9daa6e002771dd54031d07cc9a6ae56ffb114f544fbde9342f96aba018e33ce0617f1cd04b3bada60e122a62f14726bc61f69bcc43f3a1b45 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons.png.Ò»¹·âÉñ
| MD5 | 31cdc19e17e2759aae02e35edadb9934 |
| SHA1 | 020527be38eaeac4e65514ea96c43a07b66f9a44 |
| SHA256 | 5a3dcf15cfe3ea411c0cf2f2a5c8f0a86faf8711ecb75bfdf154ef8a8e111a59 |
| SHA512 | 3a0f24974ebc19e81a96e23b90821367a8fcafd77333cfc72bf818e65c559eef89c8592396b0cb830209084af74ca94d83d232a7aa0a84b0d88dc247b181cbef |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons2x.png.Ò»¹·âÉñ
| MD5 | c6fa4eb764e710a2733953432aec8846 |
| SHA1 | e10caa94fc398b9ad91a4122535a6b5eda4b23b1 |
| SHA256 | 5f9a23a3b7c98755b1b41cdb6fec14ac06439a86a3b6bcc154992f2d9bc90bc1 |
| SHA512 | cbda6d0e0003ce20f1d651b4938a2aa838a216450083c4d1f75fd9aba4cf006698f2c75d90b4d2d28ba69038275d152b6a01b3d7bcc7f5ac26c54f13363466a7 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\nl-nl\ui-strings.js.Ò»¹·âÉñ
| MD5 | 5727cc55524a2d4914529d0344c5305e |
| SHA1 | 527baccdc3dbe5a68edab6b5b7442464c4bcb969 |
| SHA256 | 5fb63f4f18181b3d3ceb0c1a9cf75f1723399ceeb3a3ac393898cf380862e6ae |
| SHA512 | 4206d49d5e8b4e986f9f76b2362e529481b39d126dc0af7a00042771513afba6f66ad20610e7454bb6132e04d159c5a2472fcb84d0aa73716d3efd521a78f69c |
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.Ò»¹·âÉñ
| MD5 | 1ef8c86d933b10c159ce45c06d379113 |
| SHA1 | 4d102825cb464341d055f595334d5518feb4796f |
| SHA256 | 93f4b06edab9da9f83ed3fb263f55eb67a05937ede869dca5b71ab730accc0e6 |
| SHA512 | 57f7118657a56622aff0ca77aa36b05e730d72128a844036a7274b04c1c13b9469a2a2d3ca327df989856735231eb43703da0a763d196bbc78fdb146939e2423 |
C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example1.Diagnostics\Diagnostics\Simple\Example1.Diagnostics.Tests.ps1.Ò»¹·âÉñ
| MD5 | b12c31f0df65c8121948480ab533d129 |
| SHA1 | eac5040f71f17f8c7bb7480b3334c17d10acf456 |
| SHA256 | 5a15d45deb04501844252420f989ae4ffc1a1c45f4ee242c24ccd0f857f65f69 |
| SHA512 | b5ed9225d26d23e9e1c2e30e771265736d0b190d44d03be3bb497799df6533d5eced778e6940e4adc6ed275f4e6154f7f2f2cb031c61149611b66c2dc307d829 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi\CURRENT.Ò»¹·âÉñ
| MD5 | da6b76c3b6e4dc8826730767444edd65 |
| SHA1 | ed637cb43b60936a91b6f0373873623b3303edbf |
| SHA256 | 12ff5f72dfb2c4ead4f9f6543d587f0ca8615bf265100e2957d4df86b6fd8a04 |
| SHA512 | 216a9cc0ddd8182aeb3fd35f22221b041e14d3094478cb8dd638d8a62175ddd48fdd9b3e075ea3dd54cce372a13891750f5ea88a45091d196171567c509dcea0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi\MANIFEST-000001.Ò»¹·âÉñ
| MD5 | b63b2db3df6da8f07d021f4b7d35cefc |
| SHA1 | 68ba45b00c253032074c7ae60d6065cbcca3a96d |
| SHA256 | 4a9648de136866782454cfbfcdeaef667ce04287a95cdeb3050d34aeebba5fa4 |
| SHA512 | b78b1f107bff7f799b2f1fc7d0d0f119e2592ac06fc1603622fc84ed25f34496067d87f5fce6e3d172eab9a7575ff313854930cdd8e6d247447d258054ab2f78 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js\index.Ò»¹·âÉñ
| MD5 | 3c55867e1b19a75dbd63cacfa7b1cc3c |
| SHA1 | 35b2a366f913686bca670fac5d721ef76d912939 |
| SHA256 | 0c6bc68c0108801cfe3e8d3b81767e412d2329ad69a2a3f9e9fae75ef74ad342 |
| SHA512 | 388f0da9667d73d31a13e76d3a056a52ca684e3166685bb88b8b3a2b81619d3187a1dd83e80018529e5d66ffbc4c1c810bbff30ad6524fbacebdf960003a2295 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache\data_3.Ò»¹·âÉñ
| MD5 | ccf042ada54c2fd9f1c0f3759fd679fc |
| SHA1 | 7e2c97511e9bfe7e5891ada6b46a9a28cc3ac25e |
| SHA256 | 29d3e4fe3d2e140740f12f2a1d02abd4516c7cea069882d36ccf803116240704 |
| SHA512 | 8965b7860985c500d7bb6a422687d6351379ac4cdefb613df493c6da6df5759c47f6c5f6026e483859f010a4ff7d22e4e9a915fe348a6d6fcf94a356112a7f3f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache\data_2.Ò»¹·âÉñ
| MD5 | a5949dbf51e9605f24e2ab97cd830e6a |
| SHA1 | 5e8292247b238055675da76aa89110bce93ad4fd |
| SHA256 | 10e7501717b5412b2661460deb00e0ac9bce234c6df130ad1d966a145e1c66ac |
| SHA512 | ea7e04b0ae687fe6c33de41c7ea7c6113d1d5f7ce0c076af1bd8f20dc538a89649db582ad4ab673aafb881d69d4af230280a06d273bc61232f6f29f447dc0fa2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache\data_1.Ò»¹·âÉñ
| MD5 | 914f2c1b4a4e0ab429886a88a32610cb |
| SHA1 | 42262ff2e6cd221bb1547b5f55b167d8f104d68c |
| SHA256 | 6f46243dd36339edbe82b7da17628ec435c9362e194740527806a4291b745739 |
| SHA512 | 0780adbb72e9e539d409eb46a03e09effe2982337bce3ced78f2bfcab46cb56107dd097c72e3c4d5b2148d5d8893252268a9a20ac49157f976cde4a3a069fdd8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache\data_0.Ò»¹·âÉñ
| MD5 | 0feb55ad2348952f57bc350688f630c7 |
| SHA1 | 1a1944cfa503bc591b9470195864f4a3c71f1daa |
| SHA256 | b2945c96b625780118ee8d4594f1050f7538feae94ea0c89a8f4c1a429da94d1 |
| SHA512 | f34ef8b3aa689f6ac2828ed646857cf360371b80e4ba419ffaa530bc3e46fdcbf41b88e55cc4b61a839a2c6fe363e88b606db41697c70c4b8a9dfbd46c350797 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{A5E73466-E220-8EF4-B956-A582187356D9}.Ò»¹·âÉñ
| MD5 | 7aef728077b96ff39f4b7e043966f96a |
| SHA1 | a0fa08f27340579f17605d3d6b6cc09593f0f0ab |
| SHA256 | 2d7bd9a753ec52b5085081c43d26b4c842f51127ee612d950ada06d1e5ba230c |
| SHA512 | a90767dbe69005ddc9992ed5e73a8991b1ed6d9d9f72c82ba2847239cd8a1d67ef585121d218803751b4f0f7c9efca696488a8d100709e3d0e1238ba2941df76 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_comexp_msc.Ò»¹·âÉñ
| MD5 | 226322e0bc9016b62aa15c6b99a53f11 |
| SHA1 | 8794c20fc5a1a111e0f6f125a75731b7d3c9dcf4 |
| SHA256 | 0dc121bd7c8a15f6901142cd0e325a0a027d76b0670f5ad6f50e799c1d573bb0 |
| SHA512 | fd99113f69dfab1b975bc20c96f1a0e622e473cd2a025efec567aabc1adc7121ee412fa3e5f17cc72e1df29a72b77a5c15457e87addf6c429e6fe6ddc57c34e2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite.Ò»¹·âÉñ
| MD5 | e28a91e2f3ba7bbd50eef42bcb950cc5 |
| SHA1 | 23c1553b73ecd521d5b4c642bc984e6e8ab5ed8c |
| SHA256 | c0b0c5f26d98202f5e63587a7057f80b81f2a6703826f945e2e14015b4ca2a4f |
| SHA512 | 3f560bbd1c6b7129cdb00211456239aa45af9be4ac4ca1d98d89524da3b25e4c0c937bceb447a65053ce5ccf7667714bfd04a418aede7380a0292c761f8a07a5 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-shm.Ò»¹·âÉñ
| MD5 | 7f77d30238130b5e4fca2d95952e94cc |
| SHA1 | d9fd90d750ab3fcbf7c5c9329b1d7492b59df8da |
| SHA256 | 3d64e838ed89f2fae93fa691f4d7bb0e274da1f398cdeea64b6cab92fc6224d3 |
| SHA512 | f4d5f5c77faaf41baacfc1ccfdb06ff89e83a8df56c730530197e3db83ea94008d0763791d6e894700e7d2c9971f4a0638ae3be101b157ff602687fc61b642f5 |
C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\folder.ico.Ò»¹·âÉñ
| MD5 | 325754b8af07331617169ad2a954a1b8 |
| SHA1 | ad311b40e2a4313c0914bb9425be3efd20839659 |
| SHA256 | d1a6e8415bd3b15eb132f81413ed7caa6f3e555d7bc09c4c253ff72514e0ce03 |
| SHA512 | 9981dc50749e300a3b68e043660111e14348627193a14892d1d20625e1c381f4ce78b9f42cac8fc660e68f035a9acb6b9265ba3cd8e22155de5e279331b57844 |
C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\resource.xml.Ò»¹·âÉñ
| MD5 | c7351f5c4ede4c3a5c8bed96f3ebb74a |
| SHA1 | fb0bba8b9959aa54308d70bb00eb8f859628fab6 |
| SHA256 | b88dfd503129df17982b6619eebf6ac13f736ccc89647f89c902fef92ed99bc4 |
| SHA512 | 03b2ea6719060d36739cd0c8386e52c0cadefb4a7f214e8cc31c9d0abb06a73e8b6ef0dce2d1b598f9028b06f0ffaf8bd51c46369e4b2aa152d404664ea89e2d |
C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png.Ò»¹·âÉñ
| MD5 | b65cd625cb75504e9acd5eb454e91373 |
| SHA1 | eb7b865a5b2ba4bb55eae24c3bdc3a39bfd4389c |
| SHA256 | 4cb50464be9db4e73b5b461e7b23c67c9f65429d1b155995ce54aa82b58e4358 |
| SHA512 | 40b8999c13e5f50db67cef250172f379a335443d12e03f9dae561d90a39be96f47fd1a4cf151592658c6b843c67a4121fa03abd3a9409f70120c2b72d89baee5 |
C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png.Ò»¹·âÉñ
| MD5 | 1cb59bf6af35022db785d4a4f9cb5c53 |
| SHA1 | 70fd682d3cf97a5e555d382218d55c5b316a0177 |
| SHA256 | 2718a5ef117786b74f670ff79ed8dfa1ec80f8f5c760fbc4396e27ed2f7416ac |
| SHA512 | 9a0a5d6a47240c6c9232824396bad8c2e5ee486ad21a5b0ea2b68a9b3c9db9900139dd9b34d760ccbdfead8632b5555178163d4cde3f3b36cddc4a4230014a88 |
C:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.Ò»¹·âÉñ
| MD5 | e423c23dc63b0f1b94e64d1b5b401c6e |
| SHA1 | c45c63d575ad4f299aaa65a6a44b81230318bffd |
| SHA256 | 762ff18bd2ef976f9b84faa9127a63cc98617c9714f24ee23e9101e2f39d89d7 |
| SHA512 | 15dd935975a1ee5764c5e4b66caaeda2dde05c6d43c93cd04579a2079f9e04b774b6e97a1b3b2c07d6ec18bf9512159db78ed46f06cb24cf3759ea352b694589 |
C:\ProgramData\Package Cache\{662A0088-6FCD-45DD-9EA7-68674058AED5}v14.30.30704\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.Ò»¹·âÉñ
| MD5 | 1527f5bfe9eef4a663c86fd3838b0893 |
| SHA1 | f20bb0f89a12763075e7513881d3042e70b6f05f |
| SHA256 | 45ca65e3df28d0b25c62cb4d92589d46e66e03238df0317cc3156a1b975767c5 |
| SHA512 | 085f4ca44895bc14afd984b01a14043f81960b32ff281659361aec4a0a0722936b0140f9951e17cab0be901591d7e42f89fb2cd0858fe9f368baaf3b266c43c1 |
C:\ProgramData\Package Cache\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}v12.0.40660\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.Ò»¹·âÉñ
| MD5 | 888fe49199971d6b672b509f46ad96f3 |
| SHA1 | 0c039d875ca9bdc0acc7c221f77998e8bae5e780 |
| SHA256 | 042085b0286a0f9bbff6b2e3cb8ef71598679c4c9f886f130908cf0f7120fa12 |
| SHA512 | 22ed9bb33718496d6a5d026c81b34c13dcf78c74dec8ee00c6b746562895f3e557f7b7c85eb9e62756ea81bf65b873ba8c45604e2988fd8e07dd0c29be0e091c |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-17 01:57
Reported
2024-10-17 02:00
Platform
win7-20241010-en
Max time kernel
150s
Max time network
122s
Command Line
Signatures
Renames multiple (8462) files with added filename extension
Possible privilege escalation attempt
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Credentials from Password Stores: Windows Credential Manager
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Termite.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Termite.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Payment.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Termite.exe | N/A |
| N/A | N/A | C:\Windows\Termite.exe | N/A |
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Run\Termite.exe = "C:\\Windows\\Termite.exe" | C:\Windows\Termite.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Run\Payment.exe = "C:\\Users\\Admin\\Desktop\\Payment.exe" | C:\Windows\Termite.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\system32\mswsock.dll | C:\Windows\Termite.exe | N/A |
| File created | C:\Windows\SysWOW64\mswsock.dll | C:\Windows\Termite.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Adobe\Reader 9.0\Resource\CMap\Identity-H.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\INDST_01.MID.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\it-IT\js\cpu.js.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\css\currency.css.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\flyout.html.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler_ja.jar.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\base-undocked-3.png.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\review_browser.gif.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\DD00437_.WMF.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\DISTLIST.CFG.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\Discussion\DiscussionToolIconImages.jpg.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\attention.gif.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_s.png.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Belize.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0215710.WMF.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.intro.zh_CN_5.5.0.165303.jar.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-core.jar.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Microsoft Games\Multiplayer\Backgammon\it-IT\bckgzm.exe.mui.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Mozilla Firefox\browser\VisualElements\PrivateBrowsing_70.png.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_corner_bottom_left.png.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_rainy.png.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AG00090_.GIF.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationUp_ButtonGraphic.png.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\PROOF\MSTH7FR.LEX.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\1033\MSACCESS.DEV_F_COL.HXK.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\js\weather.js.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\1033\OIS_COL.HXT.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\AddToViewArrowMask.bmp.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Java\jre7\lib\zi\Europe\London.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationUp_ButtonGraphic.png.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\9.png.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Orange Circles.htm.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\IpsMigrationPlugin.dll.mui.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hu.pak.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+2.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.nl_zh_4.4.0.v20140623020002.jar.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-tabcontrol_zh_CN.jar.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-spi-actions.xml.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\NEWS.txt.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\css\localizedSettings.css.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome.exe.sig.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\System\msadc\it-IT\msadcfr.dll.mui.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Effects\Couture.eftx.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\1033\POWERPNT.DEV_K_COL.HXK.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\OneNote\SendtoOneNoteFilter.gpd.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\AXIS\PREVIEW.GIF.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-profiling.xml.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Microsoft Games\Mahjong\es-ES\Mahjong.exe.mui.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\css\flyout.css.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\BS01603_.WMF.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15057_.GIF.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\Certificates\groove.net\Components\SignedComponents.cer.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Earthy.css.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.beans.nl_zh_4.4.0.v20140623020002.jar.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\10.png.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-ui_ja.jar.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Java\jre7\lib\security\local_policy.jar.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Windows Media Player\es-ES\setup_wm.exe.mui.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\css\settings.css.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\SO00305_.WMF.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ProjectTool\Project Report Type\Fancy\PLUS.GIF.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\NEWS.XML.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-ImageMask.png.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\SIDEBARBB.DPV.Ò»¹·âÉñ | C:\Windows\Termite.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Termite.exe | C:\Users\Admin\AppData\Local\Temp\2024-10-17_98c920685101ef25caae9db5ec186d5f_termite.exe | N/A |
| File opened for modification | C:\Windows\Termite.exe | C:\Windows\Termite.exe | N/A |
Browser Information Discovery
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\icacls.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\takeown.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\icacls.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\Payment.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-17_98c920685101ef25caae9db5ec186d5f_termite.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Termite.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\takeown.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Ò»¹·âÉñ\EditFlags = "2" | C:\Users\Admin\Desktop\Payment.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Ò»¹·âÉñ\DefaultIcon | C:\Users\Admin\Desktop\Payment.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Ò»¹·âÉñ\DefaultIcon\ = "C:\\Users\\Admin\\Desktop\\Payment.exe,0" | C:\Users\Admin\Desktop\Payment.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.Ò»¹·âÉñ\ = "Ò»¹\u00ad·âÉñ" | C:\Users\Admin\Desktop\Payment.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Ò»¹·âÉñ\ | C:\Users\Admin\Desktop\Payment.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Ò»¹·âÉñ\Shell\Open\Command | C:\Users\Admin\Desktop\Payment.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Ò»¹·âÉñ\Shell | C:\Users\Admin\Desktop\Payment.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Ò»¹·âÉñ\Shell\Open | C:\Users\Admin\Desktop\Payment.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Ò»¹·âÉñ\Shell\Open\Command\ = "\"C:\\Users\\Admin\\Desktop\\Payment.exe\" \"%1\"" | C:\Users\Admin\Desktop\Payment.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.Ò»¹·âÉñ | C:\Users\Admin\Desktop\Payment.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Ò»¹·âÉñ | C:\Users\Admin\Desktop\Payment.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: RenamesItself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-10-17_98c920685101ef25caae9db5ec186d5f_termite.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-10-17_98c920685101ef25caae9db5ec186d5f_termite.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-10-17_98c920685101ef25caae9db5ec186d5f_termite.exe | N/A |
| N/A | N/A | C:\Windows\Termite.exe | N/A |
| N/A | N/A | C:\Windows\Termite.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Payment.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Payment.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-10-17_98c920685101ef25caae9db5ec186d5f_termite.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-17_98c920685101ef25caae9db5ec186d5f_termite.exe"
C:\Windows\Termite.exe
C:\Windows\Termite.exe
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysNative\mswsock.dll"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysNative\mswsock.dll" /grant administrators:F
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\mswsock.dll"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\mswsock.dll" /grant administrators:F
C:\Users\Admin\Desktop\Payment.exe
C:\Users\Admin\Desktop\Payment.exe
Network
Files
C:\Windows\Termite.exe
| MD5 | 98c920685101ef25caae9db5ec186d5f |
| SHA1 | 81e52674a6e7eec3e729981ee7d9645b2967c485 |
| SHA256 | 6ae43bb6c38e2b1e4da28ffbb58c169cc65668ecaa5c8a5dd50e26c93005b35c |
| SHA512 | da56143eb84a2b04e9c4c174934e89d7dd2d94e12f41321f87841600a819e9a95bc28dc39fefd39a611c62365a055f2a8e82ebe7c04d55309de61a35ebe20287 |
memory/2808-35-0x0000000000400000-0x0000000000601000-memory.dmp
\Users\Admin\Desktop\Payment.exe
| MD5 | 9f9bb9ee4952cb514089910e19eac5c4 |
| SHA1 | c57f604e8eca50df40df93a6b0c3d65ab8d3b198 |
| SHA256 | 0c9844f11b7b57547891b3cec86bd3468734a990768dd9f7a9a72cf6a908b17a |
| SHA512 | 8661c46618d0f8454a278d6a4e1b85fd9c9656c2e59feb6851087bfcdb53bba5015ce023cf6d0504dc899ae6fbbd4f413b45228eb2c8eb6965912cb32482d14f |
C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_ButtonGraphic.png.Ò»¹·âÉñ
| MD5 | cdd65f214582bfaa23fc784ecd9ca4e5 |
| SHA1 | 20476f188d7b342ae0930c1918cbee55677062a0 |
| SHA256 | 5c8fbfbe423dcb582e82debdba5c53cdc8a72dc13f3038b817821297614943c3 |
| SHA512 | 0f634b843bcff299ba974f75c8096febd22a8476f8c0da23e3da1d6637f6459ec848114f4f2a0292646a76d90da035a6c3eb848fd5188b4a799721369c2014ad |
C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_SelectionSubpicture.png.Ò»¹·âÉñ
| MD5 | 54531e0716b8b2bee0c78e1f9b974076 |
| SHA1 | 375ae2567d80d499e6a181ca54cf39332c2d79d7 |
| SHA256 | 2f2b4e270e44313ee394c39edf25362ef32339ec108141e3445f6df7780c8144 |
| SHA512 | c154bb14846bbb6e571e0e4989b5fdc1e33f13bb8474355b14d98ee79a411b433fa29652227f9c64bdc2adc9fa1c76273038044531c9ad0045b4cc4e8aab01c6 |
C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_ButtonGraphic.png.Ò»¹·âÉñ
| MD5 | 5afaca0eee3bc3aabf7137ee255c5a2f |
| SHA1 | 2309e3ade563df4ae5d58bf375aed11de59455b8 |
| SHA256 | 958b239f60227e865e3a274129257ae95f77d019f48527fd73c661de64b4b24a |
| SHA512 | d259896219a7b3b27004145d26849a9931865c6ad4e8489ce50de3495b5f3d8afeddd68e9f268d930c21aad57ee0c83a64ace1254e299215e8f59eafdda9eb4b |
C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_SelectionSubpicture.png.Ò»¹·âÉñ
| MD5 | 06a049a15e3aab06ec0921bc4b5984b1 |
| SHA1 | 35a99ea822104212f8a1d5cd92dcd0c9781bbdf1 |
| SHA256 | 6cf591b891d9a326a8d62dc120c735ad11e8e413c46028f18966eef6ce29397a |
| SHA512 | 30d832753fefc0a7d3a21f9a822b2e845786223da007596bf24260e42841d4811dc7d3c7d9e8230834e6c79f51abe0f7fd4f8955ee6df3edaf23be441d9fa9d2 |
C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationUp_ButtonGraphic.png.Ò»¹·âÉñ
| MD5 | 56f9b320f9958f04f43c9613104be5a1 |
| SHA1 | efbd7dcb96d360d4a31a996a6b49ba59a70dc5f0 |
| SHA256 | 037c26dd9986486af297b1e6be674518f3e291e48be0a2cde517adeb3c2f07f5 |
| SHA512 | b73570816160cee1d54b88437b917152f30ed956254a760952c45228cee00aa99ecc6097ac91e11964bdea4d07297cc49765ab5fca52d7916b76c48b85ce92bb |
C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationUp_SelectionSubpicture.png.Ò»¹·âÉñ
| MD5 | dc99615f709eabcdbfdff29cba69f3f3 |
| SHA1 | 8a69f0486debfae614d0bd06f51f76eac0f8a1a6 |
| SHA256 | 3eebc4efd1464a104a0eb0513c663626a5e0e8feb7f0652eb4d83b93ba15ff9b |
| SHA512 | 5941c188de7ae875c8cfa03c28fb633b7bca8855733c2e51c385682801f630335acd96191d18cf1080c8b23ffda961c0dd1aff12d9e7621f8496f6d08a3bae6d |
C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\1047x576black.png.Ò»¹·âÉñ
| MD5 | e8c159cf68cad51b4bf04f4d094e4d9e |
| SHA1 | fe905df9092599a6f2c9c67489a6dadfdd7c838b |
| SHA256 | 3acdce183c47b1275809dca392a61b210d28643c3020587ad090241001665aa0 |
| SHA512 | 4e78aea3643fa8337c74465515269ae66b88ecbd6006543b8395c62437b0ec50c0c58ad8e14c9b78a90c5c9553b0662c12ff88e680c3eaf0b64b312745b89ddb |
C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\15x15dot.png.Ò»¹·âÉñ
| MD5 | be055d27c9d31c40890bfbbc7ba7ac96 |
| SHA1 | 9d0eed419ee807875d09980a3f4f7d632db5e496 |
| SHA256 | a919a003104cb71626103af136066e1b9c5048849a6f39e69552f8de443f2eeb |
| SHA512 | 3c8edefa22d95f662c19dc347e0cc222cc0a4c1f8f2f1e7cdb06b29b938e68dce601d088ff7964a396b1c70d0cc310193c4e2e1ba60ef947584fd2557e30f7fa |
C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\203x8subpicture.png.Ò»¹·âÉñ
| MD5 | 0afae6585ed7aeb739a85c41bdad07b9 |
| SHA1 | 8fe612b3ad68313de95076e57a7a283ee1fbf787 |
| SHA256 | 3599d22a9f3e4aff40f621a9d066064a39d5716e78ecae0dddb7b91df0fd0da0 |
| SHA512 | 17f919279037e471ccdc50493250fcd475b85fc5750a9f45f579387e283071854a8cc3e2e12ac59b7fe1e4aaa868b9e0fe5253970aa60dbc603147ab73149450 |
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\epl-v10.html.Ò»¹·âÉñ
| MD5 | 76f3b4dbfc3a95a42d3910b353e078b8 |
| SHA1 | a0a5abcb748b31d0e2d75bff6215d082db43ee5e |
| SHA256 | dbaf84b3125f3f29f5d743bfa64b4bf57d7289b0dfaae9e027f3afe2716f9dc8 |
| SHA512 | 8dd89f5e7a060b8deb0af4bffaf3a5e6bc847bd465b105ae0a32ef6aab9c913299138233e4b680957ec1a9a43ec7502715a22d082f1e8f8469ed87ebcde05c3c |
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\license.html.Ò»¹·âÉñ
| MD5 | feca5ab2e77a496a2df859fafd8ee08f |
| SHA1 | 78d7f8dd4d40350e7577699508c6451f4f1e8699 |
| SHA256 | ab812fd58c2faa2ec1a50d634d3d0d6552b1089fdf05a4181e8a4ebdddb80473 |
| SHA512 | f738a60dcc52b99e634e7dc3d84e931e3e115aabbb0e262744c88e667341e34d2ecb9118ef891bc8c70207021d8c4215ca7f744f9ae5d2e2263b5b3ea305b608 |
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf.Ò»¹·âÉñ
| MD5 | 51e40a845d9f148227faf53353a61ae7 |
| SHA1 | 5e2a1517bb39db667728b9ced527cc7c122bb8d8 |
| SHA256 | 444e8ad4c22623669cb5957ca0b89f724d1280ba7100ea8f5e20770af6797fd5 |
| SHA512 | 2e1d4a848758c229cdc11410828a8dc66ad44c97a1e95a50fd331b8fcdf5db7c94f84bb4d04e79fe4460f8c7b78ba11def7fa50c312b302ff793eb5d50c31b05 |
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\ECLIPSE_.RSA.Ò»¹·âÉñ
| MD5 | fef677fd7c0a786888f1c85c607adc49 |
| SHA1 | fadf164d5e6b17fb5f28404f30862f5cf030e619 |
| SHA256 | 295cdbe9a897a7c9391c245e3f0464ce758c90b0e9e9a14901f318314dc60215 |
| SHA512 | f7702c3796af3be4dada8be15361778d37f00a5c0d50bece2e3366ca54d9c5c692f4a6d7014d76f81d82d56ebbc324074ae5acc4ca53798377416184b54414d9 |
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\.lastModified.Ò»¹·âÉñ
| MD5 | 0ec46763fb5aab2186080dc855c4304a |
| SHA1 | d4aba613dc15227732ae70a41b08375c28767777 |
| SHA256 | 9fd113095c1a62c75b5c8e08cb2dfec576be1cdf34dd4afe18ca272f76ad9fcd |
| SHA512 | 0ae82648eddf323172f8a5da8fd1446224322a50641ca73834e529fc568efe790d66d9d8be6d5a6b17bc2df7c43ccb7dd92ca9b06b5b2a70d237fa8fd07d1cc6 |
C:\Program Files\Java\jre7\lib\images\cursors\invalid32x32.gif.Ò»¹·âÉñ
| MD5 | c93fe156f2c4bda8f128ea74928bf3c5 |
| SHA1 | 29af09dccc8317d325eb607b40a37025bc059f33 |
| SHA256 | 007543559c4c1a083eb8d1218f317d24feb4e761513c20ca4e4b9491f2e69094 |
| SHA512 | b99c163a8f8af844765464f2028c7fa016d72403c6dcef0f5b8ffe2ad2dd7a57b9d6f30e22b3cde12ffaff1867adf6dc9f1529833fffd48fd4b896e9f3364643 |
C:\Program Files\Java\jre7\lib\zi\GMT.Ò»¹·âÉñ
| MD5 | 7177ac7a806c83ed1b5d94d143750629 |
| SHA1 | 72460400ffa41bca0f5c6e6d93c19299fcc75983 |
| SHA256 | 93cf9f9f33502ce966d3e3138f48a5eef8f4e50366cdf14a6c215e568ecc6364 |
| SHA512 | 801897ca0c5212542d9ca63247233951e2ae5f2eb1bb2af93322b90f99375f7dc5482b9c24942f5854a0594a59d96600a17d273f07acb2bf8229ccfeb0111906 |
C:\Program Files\Java\jre7\lib\zi\Etc\GMT+10.Ò»¹·âÉñ
| MD5 | 68b68fafbb6cc77e945675726bdd8b81 |
| SHA1 | f0da7aa0139239d6c8a215b84a7fd4d5f7960284 |
| SHA256 | 818f8b62683c6f6f8db76fe2f96536c5ecec8c6f0e0c962a5cdcbbf031c439d7 |
| SHA512 | 0a5c558822de0050877c2464866822a44219a6efdf04656d226e709659ba46d6171ffc9af8264dcf0c85c5c37ca0f485effb912b75ce158447898b75b1d02918 |
C:\Program Files\Java\jre7\lib\zi\Etc\GMT+7.Ò»¹·âÉñ
| MD5 | 8a32bc83c47c57d5effcb0e3b98a23ef |
| SHA1 | dc68340ebf3e6a4bab54bab27d4d12cda66179a8 |
| SHA256 | 808ce3e8d2a8a89f23a3fd74f11c419664ebf61789e4fd38c3c42e508d7bedc2 |
| SHA512 | e09167cb52e27e4b95bc9c1e3111ce4e81cd841f1ae008f99edfb57f42d82a211d3279cd471b57ec3e5a821f6d6b420f4a374f636b99797569c417a8985ccbf0 |
C:\Program Files\Java\jre7\lib\zi\Etc\GMT+5.Ò»¹·âÉñ
| MD5 | 0b57c1435a14c7791f54827e28c1d056 |
| SHA1 | b7e8faea0e69fe2d5f5ff722ebe63eea59617dc7 |
| SHA256 | 00dfd76d57be791f57f782ef5bf2635297b97ec4d68cb8b55369ea2c066c3652 |
| SHA512 | 9b417bdd1dfb48d54d3195aeb615de225519dcd252575dbae0b0493a5145ecff3761ddd2b8afe969685dae651ba06a293784d5c0a1f43357c41ce5ff6832a88a |
C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\it-IT\css\calendar.css.Ò»¹·âÉñ
| MD5 | 8cb0868fb17020b757628920b499adc6 |
| SHA1 | 1fd314795f2734cc629ba31a05c850cf53af2370 |
| SHA256 | 6a1c23811a02db96b385d16d31756c0fef2aa33c758c00616e5a0862d813f47a |
| SHA512 | 1600e5ae36137de5c4f001f754c600ea750a99923eeb07102661a4197d3462f41986dc02302833c535bd19a3622e7969fbf21612417e0d0088c3803f70f38834 |
C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\css\settings.css.Ò»¹·âÉñ
| MD5 | 202ea567168a6b086777b116fa795050 |
| SHA1 | 9e008107b3d82ad00814336ed5c4ea32cf8ead47 |
| SHA256 | 4b3fd187fc4ce8efff5fd2f35e20782f59769d4aa558c20ea46995cd44525918 |
| SHA512 | d1c077e66979c11e1f03d42f973a9b0b43697bc34784c6f2611f92838306a0c89c3e97fe5333135120fa8f8b84741084f4c15722e02d518c638c6894fae14798 |
C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\js\timeZones.js.Ò»¹·âÉñ
| MD5 | 1635dd7952ab7964a4d4406abb8615df |
| SHA1 | db46a1ca3ba9477d2b87aa56cd07d44ca02b5efc |
| SHA256 | 5d3fa8520cdf3441c24ceca7ae8af6090f126174bb85603b9f5a8f1028831d35 |
| SHA512 | f89b36a97b2500ca0d14bcbf912c7974f9a14fc7263f571f8c96053c5c3f7cb1c87e98081899acd83d575ed49034c5293c0f100d84ff1f9d574802b5dfb3a9f7 |
C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\js\clock.js.Ò»¹·âÉñ
| MD5 | 379063166abdc90579f76c8d4ff2a178 |
| SHA1 | 2b1f566ce33591a75b1e089e952509b3b803105a |
| SHA256 | b6556bc63c9934e22c87ec6ae0ef574d407b34ce025ca54b55bd70d576ae52cb |
| SHA512 | 1732181f4892bdb1f86fc7d0e7692ff626fe9a31a0551a63f456bfa30b1662f9a162986897840bc7e701ef53ea2f90ed419ed7ba84029ca708236cbb6e362d83 |
C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\css\clock.css.Ò»¹·âÉñ
| MD5 | 61bf86d982ba817950927c44d2551b79 |
| SHA1 | c5a289ae5c5dd18c5d3ae444fa23c3d2202cc178 |
| SHA256 | 3c6a6d1c29ed5b135dd75bb4e8284660620f16916454423832e9d76a1510decd |
| SHA512 | 6fee5a03e48beafe34e061e8db1feeacd35861c0a11085cf344e87efb2d737a275a10bccc057add5a4c0b8098ea5c4deafc359fcab8d7f7e052170237512584e |
C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\it-IT\css\cpu.css.Ò»¹·âÉñ
| MD5 | b6675ffd9b7fc70a8259c5c8625d9cec |
| SHA1 | fe5fa7ea208876e5d54c7983a23a4693871fa8a4 |
| SHA256 | 67e0c763f7094e66bd9f2ef8443767841953fe96a45f6716d0dfb14769fcfe7d |
| SHA512 | adb558c06f020a2c2cecb05fee8d39ed85a605966b45c19e0177ccab641ecf33b73d6c3d036ee979d8230561637b6250eab4045d58a201df2f7986e5d21cb2b8 |
C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\ja-JP\cpu.html.Ò»¹·âÉñ
| MD5 | e265dd716f9bcc19271a57a61252a932 |
| SHA1 | 3a01ab7e28e1a0ab0f875199bb0f35c8d6669e22 |
| SHA256 | 4f3c602fb02cc33c3e063d98accfe1375c7ffe388c45c2efb467fd410f188707 |
| SHA512 | 6048eb6345d3c893634d7ab31793d9bd843baed77ae9bd67e65916b4785bc16ebde66cea3a0d1dd0558eb7cc7a3bb4e32eee70a102014b413562cf80b799965e |
C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\currency.html.Ò»¹·âÉñ
| MD5 | 2055710932cb6c7f799fd50e5ab33859 |
| SHA1 | 9fb97445d90a0a3feefb1340534a1da7165e7077 |
| SHA256 | c1473ae30de349cac71b6819c8c464dcc71cf53af50c1667d5c487d1c1a3fda6 |
| SHA512 | 7bc4dff3a6457ef8aeefa63ec4bdcbe4471ad0e3e1b4004588b0a68130777527caf669add7eca90ceddb1a98afea9e4a4b386e583f3edfe2c6fcbfd409e28fe9 |
C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\service.js.Ò»¹·âÉñ
| MD5 | 296b3e7b211db2994d0aba71b63c5292 |
| SHA1 | 194b9a98530660bb2758a63e538bae2b3a43ec93 |
| SHA256 | 130fd7085f7d8152de7b1cb7b52d56c948f2e2997eeece03d2008773fd950edc |
| SHA512 | 221d392eef003f787687fc285420a93c948c590fdb3e55a392093499de64e5a132335d63d78f4180e15d4d7781fa1897009a62141e0125956543cd5848981ce0 |
C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\library.js.Ò»¹·âÉñ
| MD5 | 1fe6aaca8d6ddedb293253d1d36e292b |
| SHA1 | 14cc13c15e1a92392b9467feb8364ab5356e6bb3 |
| SHA256 | 7743322d122f6331bac4af8a801e316d30cc971d7b72c5eab30dd10bb1bcfc10 |
| SHA512 | 7db8fb69a6a4a342c0e8b32837dde923dafd8f4e629a6b27c1e495d716bb429ba269d8994d806fdc896bfde6b21b605d1aadb0e1f3fb7ebd08320f00e0a870fd |
C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\init.js.Ò»¹·âÉñ
| MD5 | 47787e684aeded6840e9d8733e06bcd0 |
| SHA1 | 575f9fd5cee6904e262ee132e2a756840ea6cd85 |
| SHA256 | 752bbea3e1f00d1b0767229603ebfe9c055230b96b976caf0dd9da9645d4b22e |
| SHA512 | 74d07082d6c86280d8766dc69c305401befb5043e8b3dc7ee976551555fb3fc849a635fc1916a9f7a3d6c871e81d7bc200322b2d67431b9519f97cf0b5ea4def |
C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\currency.js.Ò»¹·âÉñ
| MD5 | 392d5a19136138f5e88116e771ab8fe0 |
| SHA1 | 77d560afe1cc536df4ca32cab90cef06bfb37f4d |
| SHA256 | 1364979fd21ab73a2f935068838477933777243190e11425e15327b86ee656c7 |
| SHA512 | bcd5c16f652c3add2afdb6b8f4db33c31073ba23d53a56e025b7206c3e8388511cffaa1f109ccb827c06ebfff2adf6077ef6107dc908cd07209d8a6b2435dc36 |
C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\css\picturePuzzle.css.Ò»¹·âÉñ
| MD5 | 177616c346a30c8e46e073465dae3e50 |
| SHA1 | 018118f423fd25767f9c2b0f8bfe4ae2d91da9f4 |
| SHA256 | f69acc859af0966fc8649c29b5d11d51ff6cb34a9c17aad20e1289d27aaaa7ef |
| SHA512 | 3914be91d83998183210bd5d391506a58457af7b9ddb5d8c163c865100df5beca59ca26a29ac496cd938e520e25e8326df8c908a424342ffc859f27662d6d628 |
C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\css\settings.css.Ò»¹·âÉñ
| MD5 | 2cd9ca7031669dc966dd33bcbc4e2840 |
| SHA1 | da8cff5cd710a48d3b6908dfd1b7e0226f78b1ae |
| SHA256 | 31808b40020085c6c2c65fffab82caa5d9e67486950217d98499bde2e10c6172 |
| SHA512 | 612da3435782738f0a4647e253cb56dea3505bbddb2a8e7070c02f4ca29da20c8695cc4bd75d32d8d0bd97a00f109444359ad73c76548e8fc3eec38c703f94b8 |
C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\logo.png.Ò»¹·âÉñ
| MD5 | 678377e51def50c008d6d685fb3c5982 |
| SHA1 | 81940a88005f1890d53fe4e7b20ef80aeb045205 |
| SHA256 | 0727625fd1e96c00be4dc3d13669effb9c96fda2bc152a39a73074a4e9ed6e5e |
| SHA512 | 5a64870092f9f0244b4ca15a7cb709245960e84c87a6c7a3968ab35d750d9f851a7bdfdadac5aa5eed707e6ac14fe44c4d81c82423d8bfb7a6c3f18561255c5a |
C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\css\flyout.css.Ò»¹·âÉñ
| MD5 | 87b3ac700a21b9e4b4aa38457560397b |
| SHA1 | b691d22e5555095f32794364203a39c70ea5acf2 |
| SHA256 | e9039f4369abd18855596b53e1a4d169923c290106ff431af63722ff487e3cde |
| SHA512 | 54b7a4cebc0935a9c8974f0dcbb7edab20a86c1dbc77f96322139e2e34bf55b1afac9fde06f0b7d03e0168e779fd854fc8b18b46a1c23c4524279557a559ab9b |
C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\css\settings.css.Ò»¹·âÉñ
| MD5 | 872e22851b8c834849e7cb884954835a |
| SHA1 | 0b53ed387576248027175d57d5388f8961a21f0a |
| SHA256 | 1da1199ea668b51f1d626e6c21ec99e0ec887f1a3ba43ce3ebb1638a6693f5b5 |
| SHA512 | 1181b49683db888fd7c050e74aac910c7b560709ea441324d23d2b2893a7eeb8b18f2fb4f0dd2f8e3a679b9871bfe2978e16d8ee8680a53e7f72b9b7052cd0f8 |
C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\css\RSSFeeds.css.Ò»¹·âÉñ
| MD5 | e18c2f94cef9122902920f85274ab505 |
| SHA1 | 879c3d1c80238cec794632ccb089ed3e48831b6a |
| SHA256 | 00e32714f1e4582d96bb89e4e7a20391f836d60489414c909e89475633ce6a7c |
| SHA512 | 46c532a3c75c34dff4b7907017122e5fda69747cdd97908064e135c6cda6a628e71580453c2c86b99414d23265a5c69a19d717c3dfa7cf6144bba9b4adcb8e7a |
C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\js\settings.js.Ò»¹·âÉñ
| MD5 | 8b92f259b4c13eec94ae0b169b526415 |
| SHA1 | be961aaea8381c9d208c650cf667e1616e92538a |
| SHA256 | 3d9f480b4e39c5fba486253c5e22002f320ebd5800f78e97178af9b34b095ca0 |
| SHA512 | 546d2b9b35524f62a6f8969894c3f1b6a15ddda2f3114b3d6fa33fea34cc96958ebedc821255e684fa7ff3a9b73a179a4b6fb90f77c3da630cb0485c034fdcf7 |
C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\css\settings.css.Ò»¹·âÉñ
| MD5 | ac38c8fafe9f9cb53529b043418c41b1 |
| SHA1 | 7d11fe96f0e82356f66cdf9a54a5bdc4fa2eb576 |
| SHA256 | 41e20f1d0380a1e8329be0d0fa7875ea8e3f8fea29367d85cc055748785668de |
| SHA512 | 851e098cd6ff039f52a339ed39d31fc0ffa78dd216e3027ae99726dbcc1fc692e3b490c66505b84ce6e6490f66da91c17b22cd370361a62bd974a8e2959d53da |
C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\css\slideShow.css.Ò»¹·âÉñ
| MD5 | 394eb0737c497a2539ddd567f96f7969 |
| SHA1 | d606d18c532ed7d50c3c2efc0a0649e4f110a99e |
| SHA256 | fff1f8d65dbe815925a8a98efdfa9833b82d418e1f829b3b2d2527b9bf05ebac |
| SHA512 | 8e89b08bef38563d8ef2e036455f224391ffdbe5677b2e9ef379f17d56fec8eea28219e9abe860634bf0bd013ef003f05b58674933bf446ca3a61ec87a1a089a |
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\38.png.Ò»¹·âÉñ
| MD5 | f0d57d66d0183b238ebd264281116c7b |
| SHA1 | 97e105c79365b1f238a6a523fb8644bfb592f7a8 |
| SHA256 | 64c0fa52babdfc9d96b5e238d868481a34585591709eab3e361588bdb62dfd99 |
| SHA512 | 674ae334f28589223e8f570daefe2551a6564b8125b902e114ad1902d4cbe9db33a07983eb8d187c90a2bde247b6073e748d62661def8f8df38a49da139c352a |
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\39.png.Ò»¹·âÉñ
| MD5 | 465a3a9f8fb37d6eb99d99debba59c08 |
| SHA1 | 995ad27a02487318756ccb19e7b128988e1fca92 |
| SHA256 | 622c44b1457af995633c1c5eb775966dd8f729f8e848b2a227ca526555c36aae |
| SHA512 | 8b12cac26be55e80d1260a9db31f5e7db0515cbcf1ccaaa08cb8899a40aa4442ad3c887d33759679aac41e1c774c30a2cc2fbab8868a296366966daafeb6108d |
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\41.png.Ò»¹·âÉñ
| MD5 | f973a7ada591edb743aa40bbaa27e11c |
| SHA1 | a812a6c8565dc323aa6c8a38fb53bbce7fc01c6a |
| SHA256 | 842ddabd833abbe3e3bbc108ec3e1097296ecfda809d9b5ece4ab0574d4117e1 |
| SHA512 | 1145d33c7bebb42410ba351b4e7302c6dbc2892f4797514a83979420a1752ce4d9224573a5369565d4c8b2375899a75619930b6784a01c01c5c3d64a21382829 |
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\weather.html.Ò»¹·âÉñ
| MD5 | 3d7a38d3edeaab2effe68b1a9122212d |
| SHA1 | 7f7ee1684213bac6a860c6cac7c48f0930212131 |
| SHA256 | c5cddab5d22dc2a03dad69c5727ee95ba3b5a95e6d63ca6e2acdca720083e217 |
| SHA512 | a5a70102790e2c8e4b93b884d88a3b7d78a70d3ee43a655c76609a4689eabbd676d4cbeefa806d32012854fe0e2dd1300094e34adacaa04eb17ddeaf05b1ef51 |
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\settings.html.Ò»¹·âÉñ
| MD5 | f4e69dff166fba71f412bb3f2eb4b4e4 |
| SHA1 | 4419a62fe2ce413a7efdd9036263f4c6a8caa980 |
| SHA256 | f16a6d85f50fcefcd29445e75dbae2719b470377896a2e3f701dcbf1f349d6d5 |
| SHA512 | 0f11ac7695b951e943b355064a5b008d79feefc432092dfb7c7d4ce5e6434f171f56aab02756e520168273d91798a9005ff372b588a58f2e13ea7a1bde049e7e |
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\css\settings.css.Ò»¹·âÉñ
| MD5 | b21c58a152fd411ad7029901484dfcfc |
| SHA1 | 69569de6d2811d25cb6a4642750c381455fad963 |
| SHA256 | 62b3c87720265577b9bc8fd25fc40d56f88764bdec6274384cb12ea0a17d7809 |
| SHA512 | 344ce9c53f1003df9a0756f1e780272c387da1f7bc2e5c857ab0a528039a83c5d3c5161440a81c78144fce06e030b7ee420e794df6469b3c035e06f0c3e207ca |
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\css\weather.css.Ò»¹·âÉñ
| MD5 | be8fd14d3eac478f79423b3c7a72ddcd |
| SHA1 | 31f5fc4e0fe981ddc8cd7461db0fd0332dfd869d |
| SHA256 | 9de74389cc061d8c1a989e8f780eedd946a858f14b17c1f805b02175dfcddf08 |
| SHA512 | 5708ae21cd4d7faa87e8d861f4797afee5e7e1fa5eae3d7695ca5bb6de5dd0efeca31acee6ecc41a080e544e75d499c0bbebb8ecaf61a9c83063a924b4172d3d |
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\highDpiImageSwap.js.Ò»¹·âÉñ
| MD5 | 6014003b65f3e58236bfa68db30c9275 |
| SHA1 | 9fb3a3a1294d78e999653e148a11bf96bdc1f045 |
| SHA256 | c4dfacb72982ae57daa5d693dbdd44f33c19c20736ab3decce5aac7dc760eb7c |
| SHA512 | fc75eebbe30ed990237620f7ac7088a196122c1be98ae263b86264fa6f46121d556598f16c47ef6e603f55974d9b8f01f940b0cd6effaeb27b6379b340e448a7 |
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\settings.js.Ò»¹·âÉñ
| MD5 | 7b14ebd5092934fd8d008e3e577cabbd |
| SHA1 | c882be22d0b48c5732fd18c4b2e517b9533c394d |
| SHA256 | d87345956e32b3a7a9dadb28d6086aeb4d8aed476af168a97a2036f868ee62fd |
| SHA512 | fefea96ffa4bfdfa44ae2a1c6abe3fdb38e50f28436e022354ddc2ab4d43c1680ba504e24e6849a78091cf43e6d598ea8d90cbc7fcd8beff071bb83b47cdca97 |
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\library.js.Ò»¹·âÉñ
| MD5 | c68865e1f86d1d0637dd0712e4f0b0e6 |
| SHA1 | 5e229ffac31da25ffc953328a0f4f4bf9fc24c31 |
| SHA256 | ea09f7fce77bffe14d517cb2a970f6e85d2ca0e287d4240d00174164fe2ee7f2 |
| SHA512 | d591683cee155075fbc3be2400ec35c0a1a9735104e9dd6dc93e13ec5ad739a7fca277e154e7c32676e75809b6d9ce57c414d1d33c2aa38abb324a71aa1c1bf3 |
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\weather.js.Ò»¹·âÉñ
| MD5 | 1e9577bf4556e973c3e956dcef467cad |
| SHA1 | ce2521e1c4a42fb9d0a49575e8ffd26d525f3e39 |
| SHA256 | ccca680b22b201534eaece8437cfc2b3a13f5ce5a2a8f600ca98e4108da76c96 |
| SHA512 | 06ae9761bc18861369bd3570bcd1d7d241244b04f8ad80b151485326b013d685bab692eb84ff5c22cad64cd38db6dcf7bab446d305224346099b396561d86eef |
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\css\localizedSettings.css.Ò»¹·âÉñ
| MD5 | 3a47236c734cbbda5285cd85b5e22c7e |
| SHA1 | 48d042dc785c375578adc6f69296d0d70fc5687f |
| SHA256 | 0d936faea1b23a2c7599e8325420ffd63137c3a0b57bcaad838727f0e7db969e |
| SHA512 | 5e5dc9bd59d4cf62b48e3e8bc7a89e1f5d9836bae0db64e81a8f172921ece3f49b4fb07433b0c0556d7e77d21d3320f70f7359f24c034692cd9a8cf1f7887d72 |
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.Ò»¹·âÉñ
| MD5 | 9333bf4227d0d25c7dd2cbeb062ae826 |
| SHA1 | 59949ec638658bb3f4eb7527b316ba6cac35d5d9 |
| SHA256 | 8aa0bb0094340697090218746e4eeb0f00d1cce95dc70285fa51b1cdeecc04fb |
| SHA512 | 7b415c0679500249193cb6b69099d636fb0b525f11f5c3e4a837bdfe1e376367baf1f0b6df324ca7070e7fbb1222797ca73b366d3952192cb5707b7020d24e90 |
C:\Program Files (x86)\Microsoft Office\Office14\1033\INFOPATH_F_COL.HXK.Ò»¹·âÉñ
| MD5 | c79f56c28ce7a4a5f39d1b35dcac788b |
| SHA1 | 32c8d39a5b603acee327b43a6be9bc5f369f0379 |
| SHA256 | 96c863a03d4f96ab35b84ee8a8162e260b3ba773b319f7bebb564254779c521f |
| SHA512 | 42e65f3b57b3468740d0e2bea234b7b1d114592b59b458859cd4e4b55cc4169837285d8fb387c29f7342251c0e76c350d19d743c2ebd628d23dcfda4eb459eef |
C:\Program Files (x86)\Microsoft Office\Office14\1033\INFOPATH_K_COL.HXK.Ò»¹·âÉñ
| MD5 | 0efed70b594d27689d66eef151a48867 |
| SHA1 | 7cfa9199b5ff8d2b8980829b6a48d15bc4a05c5c |
| SHA256 | 25d42f4f793fe9b7f5fc5562da76d814a237cd8ac97ca8eb1f8146c2f0363d16 |
| SHA512 | 173336422b53d828b2a81812f86df6268e0e47f66dba0f55b705b57fefcde4800560840edb60a5f054160c7e6d175f1a093ee92aadd46d41247c1f9c40632153 |
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightYellow\TAB_ON.GIF.Ò»¹·âÉñ
| MD5 | 90157bab8dbacf24997ec486edf96b24 |
| SHA1 | dcb92c63dce88a6b3faaa2c0e5812bcb47f0c126 |
| SHA256 | cdc4c236abe29753198d059f6d77a1f4ed8e65d5133cec988f2ef14c528b666b |
| SHA512 | 21792044c3c36045750dc20681bed0e40dd485753dcc820616e55930b9f7ee26b9faa72ac8a703600146683158e88d0df03ffcefbbb9aaafcea55d984f930f4e |
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightYellow\TAB_OFF.GIF.Ò»¹·âÉñ
| MD5 | cf3cea6fd760a1be3c27a90cd143d9ad |
| SHA1 | ac081e4b513b3516aef3643a3d7724b7ad7b2595 |
| SHA256 | 2ed620bbb2569a12ed880c2466d2af755921a42b6acabd077c68408781d0e28b |
| SHA512 | 3bf0e330eaf5e37045ca1fb38be9af0ac017b75ead59a084b3b454e0e7d712d0af312bfe3851d71c95221ffc599daba668f51ca843f38e897d711525e37c80ba |
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\BUTTON.GIF.Ò»¹·âÉñ
| MD5 | 71bf99d4f4e17b9265f43fa1199bec2b |
| SHA1 | 4e569079b1432f2f45a9a67a669ed07966f3481a |
| SHA256 | 2920bb08df6895d3209d07bc203b58581c5b48c5dac8fb843b5fd2728ca071d4 |
| SHA512 | 6bad9862769150beb6f9384b031c0750625024702caaa104cd2088d449302cae48a4f2b902c12deb6df774701479e5e22cbce0661458561c584f7a11c46342fa |
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\TAB_ON.GIF.Ò»¹·âÉñ
| MD5 | 0cf1ca68ca3195f9becd4dda156d45cc |
| SHA1 | 8b2904b9a4816695d57c0029f834b4ab4f424e05 |
| SHA256 | af9358ade8055a11ce74619dfa2d6154a7f1e08200e3d81e51c40bdfa787b1e2 |
| SHA512 | 89663178457924d415f6945574d516199c16fe9d8335a8832ead0d6f17ee33630c4d8e91e6f587fee3d63abb2ed0bc063a4f592a66d8838c17bc9e491e0986fb |
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\TAB_OFF.GIF.Ò»¹·âÉñ
| MD5 | eb949d90079835e402e0e10060a94eb5 |
| SHA1 | 25c56a1b5be822251a37331afa478003d397cb5d |
| SHA256 | 6baa17a867afd32258c1a79e198af6af64fb9a48ef62b63abe0e3a2cef8a7f8d |
| SHA512 | c3346de5a09600f205975570e35591420ff6ac68c7e6e697d4d9b78c090ad8492a7d3d5e879555469a584e738345298c18d70fe89d07e485733990310aab963a |
C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.NO.XML.Ò»¹·âÉñ
| MD5 | 6499aa2c4e079765e71385a0c1cb70f9 |
| SHA1 | aea34bbec9eb1ceabf03a0c926c5c917634b534f |
| SHA256 | b548361d6c4297880fbe34506a3a55d434a8b62a2cbe41c53092f8887183c834 |
| SHA512 | 58269814cdc26398a03bd97bd2e010c900904d367944e60daa0582ce21397477f28544063907996aa18398e9c68d0a4adeb6595808bcceb11d2267ae36755cc8 |
C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\css\currency.css.Ò»¹·âÉñ
| MD5 | a4e88b6f01c0a87de841edf983efb8dd |
| SHA1 | 9acafe07abc9fad0edf6747d11906e02c1cffa0d |
| SHA256 | cf7f8c720dde8351c4ad69e830c4b9c7c5aa173950b80520df19399530e19a7a |
| SHA512 | 14e7d7f9001362eead68a8d8ceb8861026421556720276633448b3bc3d5175201c1a4a018c6275a66b990620b3b5069ec3024f966b6ddc6e46479e5eaf5afcd0 |
C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\19.png.Ò»¹·âÉñ
| MD5 | 8abb1d5cb91d278667fc749825b1ca63 |
| SHA1 | 84b3c860d51ce8e147124ccac884ea9c8c50c148 |
| SHA256 | 7aed234fcfdb794835b7f91c9fa24499c8a6774e41f3de825f8ac39e52e6f5e1 |
| SHA512 | f203abb214a2f2c21e0402a1b1b871059da3da5533839a192f33dcc8747df20419bf7b445413ec7167ca5e1f32d96af661217cb5adb5ad5dbca695573f9523e8 |
C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\24.png.Ò»¹·âÉñ
| MD5 | 11ea1212f211d88bbce253437eec4130 |
| SHA1 | c3ce89c651d94e25a58683a5a9cf4aaedad901dd |
| SHA256 | 0a7da093ea50b7925a8da61c95d107e4e4065197d35717b6b88f993f7687a441 |
| SHA512 | 5a02f888db5bb2df125a953135112757ea3aeea1d25b029d0f2633025e45e471513012341687352ac477baa55b59ec4919f74c4d006e8ceb19407e2703b64f1a |
C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\27.png.Ò»¹·âÉñ
| MD5 | d51fb5bf3748c66342bbba032312baa4 |
| SHA1 | 5fcddff9fe860ab56600a16315ad43be2959de76 |
| SHA256 | 49425ac7fad964484d96dbfdfc26704791159b09f3b9ae0538124df5c03d201a |
| SHA512 | 44402e9ffdcd8cfd5fee52aa6ed33bd3cc4823b36cd4f53338ee2588de9925b7f5f1ea20f5b0bc0bad8048d785b60291f5309411d476b81bd08f4b5662c719a8 |
C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\29.png.Ò»¹·âÉñ
| MD5 | 4f592fcb678042c0c92215d629374be2 |
| SHA1 | c786ad5b69395b57d376611cd5e1610f835f9336 |
| SHA256 | 4e79fb9d9148be408b8354d9c2615d61a93f47ac130310a54267fbd0951846dd |
| SHA512 | a7340d18f405c9f2f23fbdd9d4df7668dc9e57c0dc51fcb1e6ac88f10ec8d53302c0c893f6d84cf029a03afe7f0b28f74d51dcdd39b3cbb3af5cbe514cc66f03 |
C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\32.png.Ò»¹·âÉñ
| MD5 | 76c1dad3332ecf96b0f49ffce46af46f |
| SHA1 | d19bffe2c3125d5f1f4c9d67fa836974e5fcc7c4 |
| SHA256 | 96c31dcdd12dd62d7955089b914db02f9bb4e91ba750682e1c3ce07ef0866b55 |
| SHA512 | e324513e6f8453fff5d5af5df304b535fb0dc18726411b4ff551ac7b9ce4b3ca1f1d9babcd2261201967d3b97c8ef22147359dadc7ed1381ccabfc45138b7b64 |
C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\6.png.Ò»¹·âÉñ
| MD5 | b4e74ce84e123c1176dd59487a3e843b |
| SHA1 | 2ccb3827f2447368f47d238316e6716ab714591f |
| SHA256 | c3aa465730f4af3056abe7f73d2f7b093c4e3a29a351f20e0def7b51775e85d7 |
| SHA512 | e877b62229f8be3aa84499ffea73984c934d7921d740d7a30df5bfb430b11f0c366171905e2f3c647082d197706442f833a67ffbc253a1ee5dc1e0932a2df225 |
C:\ProgramData\Microsoft\Assistance\Client\1.0\it-IT\Help_MValidator.Lck.Ò»¹·âÉñ
| MD5 | 106201da205e72e5980ff359021383fd |
| SHA1 | 1373866bc685718d386c4386f3a82d42b428acf8 |
| SHA256 | 80cf922b6ccdf48100b8e0fd2009be5be75d0095d3a1b8ae3ccb2b52e56dbb3f |
| SHA512 | c9419c95be6546d528525d25c391332c43930747d44b2bcfd6b46e9e8ba68b6219dc92446a925c5dfaed55a56c11929748a01d3dd55ed82aa88ec0ed6a5910b7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\CURRENT.Ò»¹·âÉñ
| MD5 | 2f4b08041eb393c42ddf20c855369c34 |
| SHA1 | f714d98076aef0904ad9caff050b8041f3bcd1cc |
| SHA256 | 93040d895a234f01d5c0f8663967197980ae9866eeefd23d7729253463715355 |
| SHA512 | 4c3ef38cccdb281b8185d2118d187653617bfb3a5195208953a1b6f5bc72ffb59d9086efcd97401242452d08790bbf4c59e1b1678a5d3f9514a29f1c834156de |
C:\Users\Admin\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\MSNBC News~.feed-ms.Ò»¹·âÉñ
| MD5 | d1aaeb383ab9cbd5b8fa5d282bb54ed0 |
| SHA1 | 60f31a1ac0d91d770ca24ece66907c565ed3c008 |
| SHA256 | 19d4001cd5a390f7bb34b5319edcdc77ff9a5d27662c1ac55d0f113701731311 |
| SHA512 | 8d0dedf015d4e61fa4d98cdd0eb6751d94f9e9d388a5473b3db2095be865c45ea1654c60400dc441ef62d9ac6930af7d3746d996a9a85713a65d99a7611c49e7 |
C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery\Pretty_Peacock.jpg.Ò»¹·âÉñ
| MD5 | 5f5fdd6d4960cc429e51b46253b964cf |
| SHA1 | 7bcaffe8b70ba7b2181476d80d389857975e0fb6 |
| SHA256 | b8ec0534f6cb7f834db0fb0224958fd20b096d202b0d23ebd3db41e97395aa66 |
| SHA512 | 7df3fcdc57ad13d77e045b3a2f31fe96230295b9e8de4770605af6d898f066d5c24781040f04d4e356244a379d8a6c0532a3983f2964e01ab2e9240f98d47414 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite.Ò»¹·âÉñ
| MD5 | 33bf0b230a26b96d1dc748f0f7cf3c8b |
| SHA1 | b3db49177ac4d0cb1bc42a5ee8710757d555ac72 |
| SHA256 | 674337541aea7b273e480b06f0823c3149d8a148f23a865ab597e0031a6012bf |
| SHA512 | ba178aabfea515e20b18606f111c1650fef14198c4acc3dba3938a11018c847785d2c98cfdf89da4dad583ed23cebcdbfd8bea4d309e0f46ef43aa2c327470b8 |
C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png.Ò»¹·âÉñ
| MD5 | b65cd625cb75504e9acd5eb454e91373 |
| SHA1 | eb7b865a5b2ba4bb55eae24c3bdc3a39bfd4389c |
| SHA256 | 4cb50464be9db4e73b5b461e7b23c67c9f65429d1b155995ce54aa82b58e4358 |
| SHA512 | 40b8999c13e5f50db67cef250172f379a335443d12e03f9dae561d90a39be96f47fd1a4cf151592658c6b843c67a4121fa03abd3a9409f70120c2b72d89baee5 |
C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png.Ò»¹·âÉñ
| MD5 | 1cb59bf6af35022db785d4a4f9cb5c53 |
| SHA1 | 70fd682d3cf97a5e555d382218d55c5b316a0177 |
| SHA256 | 2718a5ef117786b74f670ff79ed8dfa1ec80f8f5c760fbc4396e27ed2f7416ac |
| SHA512 | 9a0a5d6a47240c6c9232824396bad8c2e5ee486ad21a5b0ea2b68a9b3c9db9900139dd9b34d760ccbdfead8632b5555178163d4cde3f3b36cddc4a4230014a88 |
C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\folder.ico.Ò»¹·âÉñ
| MD5 | 325754b8af07331617169ad2a954a1b8 |
| SHA1 | ad311b40e2a4313c0914bb9425be3efd20839659 |
| SHA256 | d1a6e8415bd3b15eb132f81413ed7caa6f3e555d7bc09c4c253ff72514e0ce03 |
| SHA512 | 9981dc50749e300a3b68e043660111e14348627193a14892d1d20625e1c381f4ce78b9f42cac8fc660e68f035a9acb6b9265ba3cd8e22155de5e279331b57844 |
C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\resource.xml.Ò»¹·âÉñ
| MD5 | c7351f5c4ede4c3a5c8bed96f3ebb74a |
| SHA1 | fb0bba8b9959aa54308d70bb00eb8f859628fab6 |
| SHA256 | b88dfd503129df17982b6619eebf6ac13f736ccc89647f89c902fef92ed99bc4 |
| SHA512 | 03b2ea6719060d36739cd0c8386e52c0cadefb4a7f214e8cc31c9d0abb06a73e8b6ef0dce2d1b598f9028b06f0ffaf8bd51c46369e4b2aa152d404664ea89e2d |
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAB0002.000.Ò»¹·âÉñ
| MD5 | 709587aea1113d07d402e471181aa2fe |
| SHA1 | 539d59e036418d04f16fe1ae56b0ae5c684b075a |
| SHA256 | c29ee2e41198318c476312550cf8b3201a0bfc3f9d3e4b68baf697e165dcd8e4 |
| SHA512 | 74863bab3b4afd397deab467b60dd896e4873b8954abc75817ae0ebac79f536146f96a6a2ccdf92eb43a44ed244a70b466cb17da635d748f58ff462df1263992 |
C:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.Ò»¹·âÉñ
| MD5 | e423c23dc63b0f1b94e64d1b5b401c6e |
| SHA1 | c45c63d575ad4f299aaa65a6a44b81230318bffd |
| SHA256 | 762ff18bd2ef976f9b84faa9127a63cc98617c9714f24ee23e9101e2f39d89d7 |
| SHA512 | 15dd935975a1ee5764c5e4b66caaeda2dde05c6d43c93cd04579a2079f9e04b774b6e97a1b3b2c07d6ec18bf9512159db78ed46f06cb24cf3759ea352b694589 |
C:\ProgramData\Package Cache\{662A0088-6FCD-45DD-9EA7-68674058AED5}v14.30.30704\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.Ò»¹·âÉñ
| MD5 | 1527f5bfe9eef4a663c86fd3838b0893 |
| SHA1 | f20bb0f89a12763075e7513881d3042e70b6f05f |
| SHA256 | 45ca65e3df28d0b25c62cb4d92589d46e66e03238df0317cc3156a1b975767c5 |
| SHA512 | 085f4ca44895bc14afd984b01a14043f81960b32ff281659361aec4a0a0722936b0140f9951e17cab0be901591d7e42f89fb2cd0858fe9f368baaf3b266c43c1 |
C:\ProgramData\Package Cache\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}v12.0.40660\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.Ò»¹·âÉñ
| MD5 | 888fe49199971d6b672b509f46ad96f3 |
| SHA1 | 0c039d875ca9bdc0acc7c221f77998e8bae5e780 |
| SHA256 | 042085b0286a0f9bbff6b2e3cb8ef71598679c4c9f886f130908cf0f7120fa12 |
| SHA512 | 22ed9bb33718496d6a5d026c81b34c13dcf78c74dec8ee00c6b746562895f3e557f7b7c85eb9e62756ea81bf65b873ba8c45604e2988fd8e07dd0c29be0e091c |