17e1e290e2c354d5cc4d31ebdfefe46e8fc4e6bc29fc108f1c91311e737a028e

Resubmissions

21-11-2024 10:58

241121-m3b1ss1pez 9

30-08-2024 00:41

240830-a2ap5a1akp 9

Analysis

max time kernel
150s
max time network
137s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
21-11-2024 10:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-08-30_842421d3e233f6a1577892b49ef8971e_termite.exe
Size

1.9MB
MD5

842421d3e233f6a1577892b49ef8971e
SHA1

ef3eb5d43855b9cc77edd967b57540623466d993
SHA256

17e1e290e2c354d5cc4d31ebdfefe46e8fc4e6bc29fc108f1c91311e737a028e
SHA512

1372880857a28260530cf57ca900f9685ebcbeb06c49f4d1fb47c4e3892c366cf44b79947ff00d6bab5471aaa67e785590e2c7b841b601f7e933441742a93df7
SSDEEP

24576:tnxLSUXY7WSIGgjXvYaxKMiZA+yH6uw1ECvGX6H7O3YpPNaG:txOUpSIZzv1xim+y6HLOO3

Score

9^/10

credential_access discovery exploit persistence ransomware spyware stealer

Malware Config

Signatures

Renames multiple (8500) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware
Possible privilege escalation attempt 4 IoCs
exploit

Processes:

takeown.exeicacls.exetakeown.exeicacls.exe

pid process

2300 takeown.exe
2800 icacls.exe
2788 takeown.exe
2180 icacls.exe
Credentials from Password Stores: Windows Credential Manager 1 TTPs
Suspicious access to Credentials History.
credential_access stealer

Windows Credential Manager
T1555.004
Deletes itself 1 IoCs

Processes:

Termite.exe

pid process

2684 Termite.exe
Executes dropped EXE 5 IoCs

Processes:

Termite.exePayment.exePayment.exePayment.exePayment.exe

pid process

2684 Termite.exe
2952 Payment.exe
3060 Payment.exe
2744 Payment.exe
1584 Payment.exe
Loads dropped DLL 6 IoCs

Processes:

Termite.exe

pid process

2684 Termite.exe
2684 Termite.exe
2684 Termite.exe
2684 Termite.exe
2684 Termite.exe
2684 Termite.exe
Modifies file permissions 1 TTPs 4 IoCs
discovery

File and Directory Permissions Modification
T1222

Processes:

icacls.exetakeown.exeicacls.exetakeown.exe

pid process

2800 icacls.exe
2788 takeown.exe
2180 icacls.exe
2300 takeown.exe
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

pid	process
2300	takeown.exe
2800	icacls.exe
2788	takeown.exe
2180	icacls.exe

pid	process
2800	icacls.exe
2788	takeown.exe
2180	icacls.exe
2300	takeown.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

Termite.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Run\Termite.exe = "C:\\Windows\\Termite.exe"	Termite.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Run\Payment.exe = "C:\\Users\\Admin\\Desktop\\Payment.exe"	Termite.exe

Drops file in System32 directory 2 IoCs

Processes:

Termite.exe

description ioc process

File created C:\Windows\SysWOW64\mswsock.dll Termite.exe
File created C:\Windows\system32\mswsock.dll Termite.exe

description	ioc	process
File created	C:\Windows\SysWOW64\mswsock.dll	Termite.exe
File created	C:\Windows\system32\mswsock.dll	Termite.exe

Drops file in Program Files directory 64 IoCs

Processes:

Termite.exe

description	ioc	process
File created	C:\Program Files\Java\jdk1.7.0_80\db\3RDPARTY.kqdwindows7ssb	Termite.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Stockholm.kqdwindows7ssb	Termite.exe
File created	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AN02724_.WMF.kqdwindows7ssb	Termite.exe
File created	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0107254.WMF.kqdwindows7ssb	Termite.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolIcons\messageboxinfo.ico.kqdwindows7ssb	Termite.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\MedianMergeLetter.Dotx.kqdwindows7ssb	Termite.exe
File created	C:\Program Files (x86)\Windows Media Player\en-US\WMPDMCCore.dll.mui.kqdwindows7ssb	Termite.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.jpg.kqdwindows7ssb	Termite.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Araguaina.kqdwindows7ssb	Termite.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\about.html.kqdwindows7ssb	Termite.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4-dark.css.kqdwindows7ssb	Termite.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\El_Salvador.kqdwindows7ssb	Termite.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\de-DE\SpiderSolitaire.exe.mui.kqdwindows7ssb	Termite.exe
File created	C:\Program Files\Windows Journal\it-IT\jnwmon.dll.mui.kqdwindows7ssb	Termite.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jce.jar.kqdwindows7ssb	Termite.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler-common.xml.kqdwindows7ssb	Termite.exe
File created	C:\Program Files\Windows Journal\fr-FR\MSPVWCTL.DLL.mui.kqdwindows7ssb	Termite.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\Access\Issues.accdt.kqdwindows7ssb	Termite.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_double_bkg.png.kqdwindows7ssb	Termite.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\logo.png.kqdwindows7ssb	Termite.exe
File created	C:\Program Files\7-Zip\descript.ion.kqdwindows7ssb	Termite.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.flightrecorder_5.5.0.165303\feature.properties.kqdwindows7ssb	Termite.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-modules_zh_CN.jar.kqdwindows7ssb	Termite.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-heapdump.xml.kqdwindows7ssb	Termite.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SATIN\PREVIEW.GIF.kqdwindows7ssb	Termite.exe
File created	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\EAST_01.MID.kqdwindows7ssb	Termite.exe
File created	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\NA00530_.WMF.kqdwindows7ssb	Termite.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\FAX\OriginFax.Dotx.kqdwindows7ssb	Termite.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.metadataprovider.exsd.kqdwindows7ssb	Termite.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Nicosia.kqdwindows7ssb	Termite.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\es-ES\css\cpu.css.kqdwindows7ssb	Termite.exe
File created	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0107502.WMF.kqdwindows7ssb	Termite.exe
File created	C:\Program Files\7-Zip\Lang\lij.txt.kqdwindows7ssb	Termite.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\es-ES\ShvlRes.dll.mui.kqdwindows7ssb	Termite.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\RICEPAPR\PREVIEW.GIF.kqdwindows7ssb	Termite.exe
File created	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PE02262_.WMF.kqdwindows7ssb	Termite.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\1033\MSPUB.OPG.kqdwindows7ssb	Termite.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\PAGESIZE\PGMN108.XML.kqdwindows7ssb	Termite.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\system_m.png.kqdwindows7ssb	Termite.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\amd64\jvm.cfg.kqdwindows7ssb	Termite.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\css\calendar.css.kqdwindows7ssb	Termite.exe
File created	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18180_.WMF.kqdwindows7ssb	Termite.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.core_5.5.0.165303\feature.properties.kqdwindows7ssb	Termite.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Content.xml.kqdwindows7ssb	Termite.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\IpsMigrationPlugin.dll.mui.kqdwindows7ssb	Termite.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPHandle.png.kqdwindows7ssb	Termite.exe
File created	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\DD01172_.WMF.kqdwindows7ssb	Termite.exe
File created	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\TR00178_.WMF.kqdwindows7ssb	Termite.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\StarterNotificationDescriptors.xml.kqdwindows7ssb	Termite.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\tipresx.dll.mui.kqdwindows7ssb	Termite.exe
File created	C:\Program Files\Mozilla Firefox\xul.dll.sig.kqdwindows7ssb	Termite.exe
File created	C:\Program Files\Windows Media Player\fr-FR\WMPDMC.exe.mui.kqdwindows7ssb	Termite.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\en-US\TipBand.dll.mui.kqdwindows7ssb	Termite.exe
File created	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\SO02028_.WMF.kqdwindows7ssb	Termite.exe
File created	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\TN00246_.WMF.kqdwindows7ssb	Termite.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\IpsMigrationPlugin.dll.mui.kqdwindows7ssb	Termite.exe
File created	C:\Program Files\Windows Sidebar\en-US\Sidebar.exe.mui.kqdwindows7ssb	Termite.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\css\clock.css.kqdwindows7ssb	Termite.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\background.png.kqdwindows7ssb	Termite.exe
File created	C:\Program Files (x86)\Common Files\System\msadc\ja-JP\msadcfr.dll.mui.kqdwindows7ssb	Termite.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsViewAttachmentIconsMask.bmp.kqdwindows7ssb	Termite.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\PAGESIZE\PGLBL083.XML.kqdwindows7ssb	Termite.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\PAGESIZE\PGLBL107.XML.kqdwindows7ssb	Termite.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\system_s.png.kqdwindows7ssb	Termite.exe

Drops file in Windows directory 2 IoCs

Processes:

2024-08-30_842421d3e233f6a1577892b49ef8971e_termite.exeTermite.exe

description	ioc	process
File created	C:\Windows\Termite.exe	2024-08-30_842421d3e233f6a1577892b49ef8971e_termite.exe
File opened for modification	C:\Windows\Termite.exe	Termite.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 10 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

icacls.exetakeown.exePayment.exePayment.exe2024-08-30_842421d3e233f6a1577892b49ef8971e_termite.exeTermite.exetakeown.exeicacls.exePayment.exePayment.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	icacls.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	takeown.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Payment.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Payment.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2024-08-30_842421d3e233f6a1577892b49ef8971e_termite.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Termite.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	takeown.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	icacls.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Payment.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Payment.exe

Modifies registry class 21 IoCs

Processes:

Payment.exePayment.exePayment.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\kqdwindows7ssb\DefaultIcon\ = "C:\\Users\\Admin\\Desktop\\Payment.exe,0"	Payment.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\kqdwindows7ssb\	Payment.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\kqdwindows7ssb\DefaultIcon\ = "C:\\Users\\Admin\\Desktop\\Payment.exe,0"	Payment.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.kqdwindows7ssb\ = "kqdwindows7ssb"	Payment.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\kqdwindows7ssb\Shell\Open	Payment.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.kqdwindows7ssb\ = "kqdwindows7ssb"	Payment.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\kqdwindows7ssb\Shell\Open\Command\ = "\"C:\\Users\\Admin\\Desktop\\Payment.exe\" \"%1\""	Payment.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\kqdwindows7ssb\DefaultIcon\ = "C:\\Users\\Admin\\Desktop\\Payment.exe,0"	Payment.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\kqdwindows7ssb\DefaultIcon	Payment.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\kqdwindows7ssb\	Payment.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\kqdwindows7ssb\EditFlags = "2"	Payment.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\kqdwindows7ssb\Shell\Open\Command	Payment.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.kqdwindows7ssb	Payment.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\kqdwindows7ssb\Shell\Open\Command\ = "\"C:\\Users\\Admin\\Desktop\\Payment.exe\" \"%1\""	Payment.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.kqdwindows7ssb\ = "kqdwindows7ssb"	Payment.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\kqdwindows7ssb\EditFlags = "2"	Payment.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\kqdwindows7ssb	Payment.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\kqdwindows7ssb\Shell\Open\Command\ = "\"C:\\Users\\Admin\\Desktop\\Payment.exe\" \"%1\""	Payment.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\kqdwindows7ssb\EditFlags = "2"	Payment.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\kqdwindows7ssb\	Payment.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\kqdwindows7ssb\Shell	Payment.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

Termite.exePayment.exe

pid	process
2684	Termite.exe
2952	Payment.exe
2684	Termite.exe
2952	Payment.exe
2684	Termite.exe
2952	Payment.exe
2684	Termite.exe
2952	Payment.exe
2684	Termite.exe
2952	Payment.exe
2684	Termite.exe
2952	Payment.exe
2684	Termite.exe
2952	Payment.exe
2684	Termite.exe
2952	Payment.exe
2684	Termite.exe
2952	Payment.exe
2684	Termite.exe
2952	Payment.exe
2684	Termite.exe
2952	Payment.exe
2684	Termite.exe
2952	Payment.exe
2684	Termite.exe
2952	Payment.exe
2684	Termite.exe
2952	Payment.exe
2684	Termite.exe
2952	Payment.exe
2684	Termite.exe
2952	Payment.exe
2684	Termite.exe
2952	Payment.exe
2684	Termite.exe
2952	Payment.exe
2684	Termite.exe
2952	Payment.exe
2684	Termite.exe
2952	Payment.exe
2684	Termite.exe
2952	Payment.exe
2684	Termite.exe
2952	Payment.exe
2684	Termite.exe
2952	Payment.exe
2684	Termite.exe
2952	Payment.exe
2684	Termite.exe
2952	Payment.exe
2684	Termite.exe
2952	Payment.exe
2684	Termite.exe
2952	Payment.exe
2684	Termite.exe
2952	Payment.exe
2684	Termite.exe
2952	Payment.exe
2684	Termite.exe
2952	Payment.exe
2684	Termite.exe
2952	Payment.exe
2684	Termite.exe
2952	Payment.exe

Suspicious behavior: RenamesItself 1 IoCs

Processes:

2024-08-30_842421d3e233f6a1577892b49ef8971e_termite.exe

pid process

2876 2024-08-30_842421d3e233f6a1577892b49ef8971e_termite.exe
Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

takeown.exetakeown.exe

description pid process

Token: SeTakeOwnershipPrivilege 2300 takeown.exe
Token: SeTakeOwnershipPrivilege 2788 takeown.exe
Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

Payment.exe

pid process

2952 Payment.exe

description	pid	process
Token: SeTakeOwnershipPrivilege	2300	takeown.exe
Token: SeTakeOwnershipPrivilege	2788	takeown.exe

pid	process
2952	Payment.exe

Suspicious use of SetWindowsHookEx 12 IoCs

Processes:

2024-08-30_842421d3e233f6a1577892b49ef8971e_termite.exeTermite.exePayment.exePayment.exePayment.exePayment.exe

pid	process
2876	2024-08-30_842421d3e233f6a1577892b49ef8971e_termite.exe
2876	2024-08-30_842421d3e233f6a1577892b49ef8971e_termite.exe
2684	Termite.exe
2684	Termite.exe
2952	Payment.exe
2952	Payment.exe
3060	Payment.exe
3060	Payment.exe
2744	Payment.exe
2744	Payment.exe
1584	Payment.exe
1584	Payment.exe

Suspicious use of WriteProcessMemory 32 IoCs

Processes:

2024-08-30_842421d3e233f6a1577892b49ef8971e_termite.exeTermite.exe

description	pid	process	target process
PID 2876 wrote to memory of 2684	2876	2024-08-30_842421d3e233f6a1577892b49ef8971e_termite.exe	Termite.exe
PID 2876 wrote to memory of 2684	2876	2024-08-30_842421d3e233f6a1577892b49ef8971e_termite.exe	Termite.exe
PID 2876 wrote to memory of 2684	2876	2024-08-30_842421d3e233f6a1577892b49ef8971e_termite.exe	Termite.exe
PID 2876 wrote to memory of 2684	2876	2024-08-30_842421d3e233f6a1577892b49ef8971e_termite.exe	Termite.exe
PID 2684 wrote to memory of 2300	2684	Termite.exe	takeown.exe
PID 2684 wrote to memory of 2300	2684	Termite.exe	takeown.exe
PID 2684 wrote to memory of 2300	2684	Termite.exe	takeown.exe
PID 2684 wrote to memory of 2300	2684	Termite.exe	takeown.exe
PID 2684 wrote to memory of 2800	2684	Termite.exe	icacls.exe
PID 2684 wrote to memory of 2800	2684	Termite.exe	icacls.exe
PID 2684 wrote to memory of 2800	2684	Termite.exe	icacls.exe
PID 2684 wrote to memory of 2800	2684	Termite.exe	icacls.exe
PID 2684 wrote to memory of 2788	2684	Termite.exe	takeown.exe
PID 2684 wrote to memory of 2788	2684	Termite.exe	takeown.exe
PID 2684 wrote to memory of 2788	2684	Termite.exe	takeown.exe
PID 2684 wrote to memory of 2788	2684	Termite.exe	takeown.exe
PID 2684 wrote to memory of 2180	2684	Termite.exe	icacls.exe
PID 2684 wrote to memory of 2180	2684	Termite.exe	icacls.exe
PID 2684 wrote to memory of 2180	2684	Termite.exe	icacls.exe
PID 2684 wrote to memory of 2180	2684	Termite.exe	icacls.exe
PID 2684 wrote to memory of 2952	2684	Termite.exe	Payment.exe
PID 2684 wrote to memory of 2952	2684	Termite.exe	Payment.exe
PID 2684 wrote to memory of 2952	2684	Termite.exe	Payment.exe
PID 2684 wrote to memory of 2952	2684	Termite.exe	Payment.exe
PID 2684 wrote to memory of 3060	2684	Termite.exe	Payment.exe
PID 2684 wrote to memory of 3060	2684	Termite.exe	Payment.exe
PID 2684 wrote to memory of 3060	2684	Termite.exe	Payment.exe
PID 2684 wrote to memory of 3060	2684	Termite.exe	Payment.exe
PID 2684 wrote to memory of 1584	2684	Termite.exe	Payment.exe
PID 2684 wrote to memory of 1584	2684	Termite.exe	Payment.exe
PID 2684 wrote to memory of 1584	2684	Termite.exe	Payment.exe
PID 2684 wrote to memory of 1584	2684	Termite.exe	Payment.exe

C:\Users\Admin\AppData\Local\Temp\2024-08-30_842421d3e233f6a1577892b49ef8971e_termite.exe
"C:\Users\Admin\AppData\Local\Temp\2024-08-30_842421d3e233f6a1577892b49ef8971e_termite.exe"
1⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: RenamesItself
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2876
- C:\Windows\Termite.exe
  C:\Windows\Termite.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Loads dropped DLL
  - Adds Run key to start application
  - Drops file in System32 directory
  - Drops file in Program Files directory
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2684
- - C:\Windows\SysWOW64\takeown.exe
    takeown /f "C:\Windows\SysNative\mswsock.dll"
    3⤵
    - Possible privilege escalation attempt
    - Modifies file permissions
    - System Location Discovery: System Language Discovery
    - Suspicious use of AdjustPrivilegeToken
    PID:2300
- - C:\Windows\SysWOW64\icacls.exe
    icacls "C:\Windows\SysNative\mswsock.dll" /grant administrators:F
    3⤵
    - Possible privilege escalation attempt
    - Modifies file permissions
    - System Location Discovery: System Language Discovery
    PID:2800
- - C:\Windows\SysWOW64\takeown.exe
    takeown /f "C:\Windows\SysWOW64\mswsock.dll"
    3⤵
    - Possible privilege escalation attempt
    - Modifies file permissions
    - System Location Discovery: System Language Discovery
    - Suspicious use of AdjustPrivilegeToken
    PID:2788
- - C:\Windows\SysWOW64\icacls.exe
    icacls "C:\Windows\SysWOW64\mswsock.dll" /grant administrators:F
    3⤵
    - Possible privilege escalation attempt
    - Modifies file permissions
    - System Location Discovery: System Language Discovery
    PID:2180
- - C:\Users\Admin\Desktop\Payment.exe
    C:\Users\Admin\Desktop\Payment.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    PID:2952
- - C:\Users\Admin\Desktop\Payment.exe
    C:\Users\Admin\Desktop\Payment.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    - Suspicious use of SetWindowsHookEx
    PID:3060
- - C:\Users\Admin\Desktop\Payment.exe
    C:\Users\Admin\Desktop\Payment.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    - Suspicious use of SetWindowsHookEx
    PID:1584

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:800

C:\Users\Admin\Desktop\Payment.exe
"C:\Users\Admin\Desktop\Payment.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2744

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

File and Directory Permissions Modification

T1222

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Windows Credential Manager

T1555.004

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.kqdwindows7ssb

Filesize
27KB

MD5
28fdcf9d9c19135f2150fe77962795d4

SHA1
d5dd5af9afd5996c791f323858f1750a30b8cf3c

SHA256
146f7b47eec477e01c17a2c5859ad7c98ecac2857fdd1d5c1a4d68b6c6d68b15

SHA512
56e597f45257c29cf4cb8096ea90a2c4432d9c7fb64f3de78742009f15e75b310c2f6c258b64862fd01df2effb496bb653c31a4e3ce63899e34e691ea034085c

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightYellow\TAB_OFF.GIF.kqdwindows7ssb

Filesize
367B

MD5
92085ee8738b6964ba7b25b5c9e7e841

SHA1
f1f55bd093fa2f0f6f50eed863c078e68122a1b1

SHA256
a480e7686af91fd5b11c2cee238e586a97b2233b33b415e74a552ff43343e623

SHA512
30d117cb38e9da14dd4569bd5788a180fafbf60e3d0e9b03f44e083127b309b57c756e957ac2fa5e554b8d5baa42fe9c1cce319a6d500b6f53fd5dc67447462e

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightYellow\TAB_ON.GIF.kqdwindows7ssb

Filesize
247B

MD5
4b0c4762f44480fa687cbf11b059241a

SHA1
b04f474f15ae1cd1535ac2bf4e01a7920d0026cd

SHA256
e3977d187a01aa63ff05892ebfe49a7aacadd28e0e932de158832262df17746c

SHA512
102ed9ce5e97c80d2c9196d72e9758a9ef1114913cd951786c59ec458e0a3c0e5597d028efa3513b9669475dbf56b84576dfef81f433b58ff2cb47990e5df52b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\INFOPATH_F_COL.HXK.kqdwindows7ssb

Filesize
135B

MD5
5c7e0c0ca0403cc5b4f92143cd92ad24

SHA1
23b13e91dabe1ecbb59d1d4c5ef1b19859d79508

SHA256
d9d54d1a3d8ffa70deaced42c7c367cc6cf599eddec907d7fe6e1dc638968b36

SHA512
09075d15ae6bdfef52a9bc1351fdf210c7b0bb0220afead636dbeed95c4aa21661d6cb8b63390d0ecb4eb09ca62bc6fa442143db49c9dbe9649a0a9afa1f67a0

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\INFOPATH_K_COL.HXK.kqdwindows7ssb

Filesize
135B

MD5
65882e0d2db802bbaf61ad5f6cce303d

SHA1
af095525c57a32243421c20085fd0e74e330dde6

SHA256
bae054ad728c6e10be8d16f1f543f6081bb47735ce93db538ae7786943beb8e3

SHA512
902cfb664aad1ce786f1be3236e1fb7403fea5b34d3fcef27c21fbf1c056f8d4d0714beedc3910c972248d0afdf0e5daf8db0fb77203c151fe0165112403bea1

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\BUTTON.GIF.kqdwindows7ssb

Filesize
207B

MD5
60bfaceb45a679ddc3a592003f4959cf

SHA1
570eb78d5215378ac0b46a6d47266eb92e6649ab

SHA256
6dd2451eea66bd9ddee7ecd0012b27a67a72d9074ac3e02ba1edc01017b070fa

SHA512
0eb255b9897356a1e3bc4edae44be54207be40a684088df801206d9879fdefed1fd3d3eaed0364d14984b1a35003c98fe5172b633c799ad117f1f07084491477

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\TAB_OFF.GIF.kqdwindows7ssb

Filesize
519B

MD5
a02dd646c522edbb744b1beb91e3cd9d

SHA1
feb6f48a5bb0095f470e06bfef8cf94f8b509271

SHA256
7b6c3db15bf2a2de85b49c554e3fe45fa55bed73390ed8b5089e7b5c1c0ebf0b

SHA512
36eaf58887faa671854964b8c34c01f895a9912abb762c3545e4432a9533447ab4e09742387adfc974c7c6b93ba1edd30c7fdd8293e0da39325bf06ae83ebc09

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\TAB_ON.GIF.kqdwindows7ssb

Filesize
1KB

MD5
b80031cd620c06236d82dc38e610d294

SHA1
aa4f3ecb07fcf188ee4da076e62db68f00fce817

SHA256
e7efe81547d076f8179f05efcfdbbd849f52776e594ac14d497532ecad144225

SHA512
0a203e2aba7bd499ae10ccf08ccbc7a6eb2d69e8280eb086b8d64b84fd301a1b2b04d9b8e23d6a4b8d4dd0e7c4ecf93542c3c7f29591c79880be62c2379e31a2

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.NO.XML.kqdwindows7ssb

Filesize
831B

MD5
3ff9c12cd1d2a3b647c50d274ae0356b

SHA1
244e19ce5a54d763d1202d61ce7c93bc5671bbbf

SHA256
49a2d3ae95c513e86bbed5268e0f33a8c57b0af479373c12e2e1cf5d904cb76f

SHA512
5d37cba1eca2b5859c2b40c20f793333390abe565c1cc8f0c9f908953b95fd68d911f18f3a4b57109298efd50193f68a13feca3b1e1f55241fcc2efb770c8fd0

Download Submit
C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\css\currency.css.kqdwindows7ssb

Filesize
19KB

MD5
9f6b3727fb3e79c6cd1a6b6a9bd85886

SHA1
18287918cadd3d61c8683d0ab5ec8ad84df32fc5

SHA256
6f2ce2b32e145a6755574fb61ddd6cc99a55bedbd675dc796dfe366f8bfe5f3e

SHA512
fcfc188ff59a8b94fb4d00951266bbe3fbdbabc6a16b946fb364230e171492465ace53371811904622d40fd5795332cf2a2b77e11462f48ebf45d2a945182a6f

Download Submit
C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\19.png.kqdwindows7ssb

Filesize
5KB

MD5
273e8bf549ec559624a88b50eda9f873

SHA1
4613cdf594156bac98928197ebf58058dd7a2691

SHA256
6c7b9a61be4b962d99fd600524453e72c026c5470ce24126a9f51435076d7ba6

SHA512
7efa024b933724ace93c2a4c35dd2862c17a9ccf1b68ccc97bddb9954f2676b7dd1a2d929e2af39fc0c5d0ea7c121fe9709b8c81ef187843462cfbbe68f8f2b7

Download Submit
C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\24.png.kqdwindows7ssb

Filesize
5KB

MD5
eb8e465a9ad5740e7eaab497c05659d9

SHA1
2c3d5e0002e40f667769bf08a1f238289b02164a

SHA256
dde9bdbf5179fa947d93e571c1ac289c9812d786ecff1996f600f17573fe3282

SHA512
f1e859bf06427d262054ee8dbc594a012187e4f81fa416bf53058cfec2d0ae16642f0704ac9ba3a9239451a986abac55d098c705d7f7654ea8d1782f68338c0f

Download Submit
C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\27.png.kqdwindows7ssb

Filesize
4KB

MD5
2df3e4890c0fa0bf5bc6627718b55758

SHA1
16db2a3731ddeab1647b6d9ede5273f0af2af2fb

SHA256
6439fb8671c5f94f4ef5c85e24e6c10679d06f80a5031feb2a42bcb75c256d97

SHA512
220d5b2ff5c0da9b640b154ff866518f336f8cf084f04be3e3af4af3868c10f85d0c7d156b7138bd7f005f382843d329b27afe9d8d5dd1928ef0f6eadd6a2997

Download Submit
C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\29.png.kqdwindows7ssb

Filesize
4KB

MD5
b5e31e7f5694b43481847bf541343d3e

SHA1
c901cdb354d7f64ad435e3cba5ca21f07d7b96f1

SHA256
063e60e7f817eeb031ae5b1d5e859304b2381a3d34437f2b657d101e68e9e9f0

SHA512
cdefbb147945a22926ae5743d911dde963a215d1616994d753ac831c0f8bd36a52332c546776b759e14181b38c1754649c4355e89893d221327a2fe19757d3b8

Download Submit
C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\32.png.kqdwindows7ssb

Filesize
5KB

MD5
40f4b3e4a50c16106515f17754d2c252

SHA1
b8687390a378aa43ccaec0528b05b75f3c11b74f

SHA256
c35386e18a39c740c46e3ac5df7d07cfc9f0e711b1393a182bc3dec9c27283c8

SHA512
6636392cb0ee47313f62a73ff6a1dd1f210231d380516da295663a75538ef464e0b371be8ace0bf0f2258ea017f1c76e7af7f2ae17e1650723ff54630f32a714

Download Submit
C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\6.png.kqdwindows7ssb

Filesize
5KB

MD5
fcc6f2fec6e5603b84cd18d2db607edb

SHA1
9db9d374cc9e5420b54e3a130941d21b1f35224c

SHA256
f2392946e0f5932a6635378be124752db6787b751292dfcc5384e746ec2683ce

SHA512
4b384a92b635837211b315f0e5056d6e5471dbf5fa32fb3bd83f04429e1fbd4452d3160d7b33c30e25453b485d845ffdc97f5afbf0c7ed7833d76032db902cf4

Download Submit
C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_ButtonGraphic.png.kqdwindows7ssb

Filesize
4KB

MD5
7fc6bc71267f174d50f9eb48f9942848

SHA1
bd983f5040e1bf406d114056b2ad75bc64a20c5d

SHA256
5efe33d1197fea900e4a203bc3dc9ab2de20279c45c0daf71eb158250bb773a3

SHA512
e6f0cf1963522a92137b10d0c57a2e29257e291003dbba742f1374ef37d52f407b8045d74572f92b16aaa30d5bdf4eee941ce9096f7b6eac7feaef8953bef76f

Download Submit
C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_SelectionSubpicture.png.kqdwindows7ssb

Filesize
3KB

MD5
54d29325de348baef8fbee3f70cb4f0a

SHA1
10371795178f30e07f20424cdd80c1261de4827a

SHA256
2804dde4939f3ffdd1b1194543fb8eb197be4407b3454c45e938d9c043e304b5

SHA512
b26dbe11ccdba50e188d9169b3b9583167a39c947f9bb815772fb14287629a13317e89d3a1aa430145431339cfd3b8d822f76848ce092d214b16a46e7d4192b9

Download Submit
C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_ButtonGraphic.png.kqdwindows7ssb

Filesize
4KB

MD5
d70bdb4d2cde25f80e92976b3f192acf

SHA1
9f7171c23d6531027a2fa78b068b30090a8ad58a

SHA256
7008f55eb332392267f1f1ab381782ff78ffcf7e0832237bb2be093fabcc2fc8

SHA512
c918d7d305d81adbd15e79c25df51f0d831072b3a31ba2551594597ceb653f0fb315a040421c55a51bc2270444f1841c7ff356b3ab67c38233eda3904a590c89

Download Submit
C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_SelectionSubpicture.png.kqdwindows7ssb

Filesize
3KB

MD5
11d2f503637702eaf14fa3e95acb59bd

SHA1
1244a50a89ec4672b136a92a0fed625fe555b641

SHA256
e788564625c48234aa4b658d1ca2ba4d393d256687886e0369c9a306be51030f

SHA512
a683851552abf309127812096b65a54d1cf48bbc1693554daaf836b7668855806caca3432d0194fc1f0303989b3ab20c20913977c962d4ea26e04bc1e2a1abd9

Download Submit
C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationUp_ButtonGraphic.png.kqdwindows7ssb

Filesize
4KB

MD5
ea5922aabe658ca8c8960f142bacdf64

SHA1
7b0f518366cad837f30ad3f1a1ca032cfabb1b15

SHA256
ad458376e2ddee013411455713a277546d290168a3b4fac2e91d9d9c767db8e7

SHA512
d8aea408267382f775e61bf98e11d38e9dc719b6fdf63a0bb64c7cb49edf4130cfde8ebfdcba53178cbbe49ee206a7e5c570482009f214fb8effddf4f5497bac

Download Submit
C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationUp_SelectionSubpicture.png.kqdwindows7ssb

Filesize
3KB

MD5
b09349a08f9454aacc7eb334226f67d9

SHA1
00556929d19da2deb4a8c8ca6a666e72356bba15

SHA256
a6ac3777e29de0187521c50f40511b3c448bcb756f153873b487d4ab79bcc289

SHA512
f39d22fcd2cf6644d163535061a9347e0a47f1f73d6a039879bd4959581c542084d8fa406d4842befd267ed43d500b55574893e393ed388eaf8e6821b51d3596

Download Submit
C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\1047x576black.png.kqdwindows7ssb

Filesize
4KB

MD5
003e584eff836e5e2630fd751250c899

SHA1
30d6bcd9642195ac818cdebab480d56451dc89ba

SHA256
42b0489ebc5150031a33a59ee34e567566a23ac0ad147859000c6ce18a2660a4

SHA512
b6a72b2cd0c0ece8c9d0a889f83e6f089581690ee6faf178ccda06d8044309552bf248eeda7b355a406bf772ed3fcf96938063c21178332d7ea793ac54b24a85

Download Submit
C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\15x15dot.png.kqdwindows7ssb

Filesize
2KB

MD5
79cfc06be23a0f650f841dbb084ddf9c

SHA1
eff33fddb2fe8a5013c4410724700e3ef20639ce

SHA256
b1cb015b59b0d1b6cb503f421c17c9c253ff3bd382a99a1c68134ced0a0f0ba2

SHA512
4e92c43083129e5257728713fa8606f6e2ac4c694749bd33d396a18acdeb26e663eb277535b5c81c04afc59c3e7ad23580f7afd214cbcaf9396af7cee38458a0

Download Submit
C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\203x8subpicture.png.kqdwindows7ssb

Filesize
2KB

MD5
97a4f843db9f863842b4f2757368f435

SHA1
308b1c41a314a2ffaabb848b320ae6bd81ca1bca

SHA256
4565bc551d156849a241959fc1a5fbdbb06793daa1336105685b05e26a5f5b66

SHA512
35243c91d3b03451c9031062a91073b8b5c6b7916a41f1185effa3e8ad33d29031844c80ad1e67caa4de774c9d0fa1aed962718b92c45a3920d8acdace3edb3c

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\epl-v10.html.kqdwindows7ssb

Filesize
12KB

MD5
b4e0354a2d1a93212b71e33f31c7b1e6

SHA1
2b619ebb551e491486b291bc784bff9504d4d547

SHA256
022f510741110335ae5aec7e4250de0c5c84a229203855c2e55deba59a69df79

SHA512
f03ec2fcc8fa3bee7b80764a7cce1d823158fa1b5e801e8cda380ac96a2c3d4a6efc92931182736ab4d47f3e3df4dee8be9b022be8bf7db61475330891d40c38

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\license.html.kqdwindows7ssb

Filesize
8KB

MD5
ed1247705a21973f2ce3228990fac71b

SHA1
52d232bd8f61ebe20b45225f009e47e68f6542a3

SHA256
cc6835f8572905228f20756b90b1e975e499e519f15692d2cd1e4b553f6ccaf7

SHA512
013b459eeaab1ebe4d503de061d9aada680e15be456599fadc227375aee11b1eb733d47fe9ad24ffaa5d473206452b4de2eade174f14c11703411f2096855fd8

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf.kqdwindows7ssb

Filesize
79B

MD5
c880aa189607eac7f270ccce197caf5e

SHA1
ceaec031d407815c9e6ce47a9c75184c840436cc

SHA256
88d20d8ab90497a9f8d9de701993e27e3c19bcefa2b1b486ceef9906163b8b00

SHA512
14469c1b5783b48758db444ccc2578f85dbc94a3b4dd81e709f4a88ab0134b35e33c993bfc72aaba24333b480a611f0d30a31670a3581041489a96adbac4d2e0

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\ECLIPSE_.RSA.kqdwindows7ssb

Filesize
7KB

MD5
96685e02a910a8fba6cf57f1d59c9ba8

SHA1
2a054db46daa3c351d599f3f5566d359f7478f5b

SHA256
c0864959662f1e7dd32d5f372d7c1fbc3f8e011d6acbab6a05d7213883e38bea

SHA512
4efbea3b565ecef9f41fe4d7a7d2fff2a40db085b8a23d07f5bc21c9b93a3386ec5bd9b3b7da189193bf86a2d83dfd07730f28c6873509f8877fb2cf090cc7ec

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\.lastModified.kqdwindows7ssb

Filesize
15B

MD5
db35c90203a3a68ebbbf6bd6138116c8

SHA1
a78031f3b6c76d5128bd6c21b42134d93d11599a

SHA256
5e31549a9131247f379d40dd9dd081dad5a2755411eec1863876173046cc34f4

SHA512
a0f227390cf85297d0ffdb4407414c844d3b8c95862a2703953aa4d3ba6052e088437b0819130230e3105d59344d05f47dbd5b1c4b95473a20d09acdb967b6b8

Download Submit
C:\Program Files\Java\jre7\lib\images\cursors\invalid32x32.gif.kqdwindows7ssb

Filesize
175B

MD5
169bb76283332ff06c935f9735a74198

SHA1
dfe1275c66458e785fd1cf891f59fd086986a1cb

SHA256
717f7de609ba32a650b184e8f26c45ac27bcfe01348f4768a8c6c591f658bae9

SHA512
958c542f79c6004bb88689d6c547d103cf3d3d3399ca5871ef6823e0fa81fa7df2c566d2b1994af5c378ab6fc49f2b634f651d85cd495e5c8effbdec4b445f52

Download Submit
C:\Program Files\Java\jre7\lib\zi\Etc\GMT+10.kqdwindows7ssb

Filesize
47B

MD5
eb8cd147c2323f3ef6707b28b8b63907

SHA1
20021ee221c8933404cdd65cd27082bbc6cdc36f

SHA256
907282264d12a7b9d0d4f8260d69c3426e501bd0a7e3021a2fbf817f45a05162

SHA512
46aee4ada29ba8f424bb1c00f57488c3d0f494f5d71adc893b55e784215eae35678e48eea5160a0bd00319d995b04df86851a307d81a5f80a014db57a0d85564

Download Submit
C:\Program Files\Java\jre7\lib\zi\Etc\GMT+5.kqdwindows7ssb

Filesize
47B

MD5
0dee38ffe649bda684ae4ea671d1029c

SHA1
4f141a255fd3ba74a42d7c623a4f32c7d8a2c03a

SHA256
0ebfb685201615ca464effc95456942378f0a96abc8a9c9d598e78ce4bd7c7cf

SHA512
1508944accb0edf3b39a25134f10b164e270514bf11bd95f337f2d835a831f1040803c7cbbc514a8f731837027fd798d0c144487cb0bf46d8dec42406dc445f2

Download Submit
C:\Program Files\Java\jre7\lib\zi\Etc\GMT+7.kqdwindows7ssb

Filesize
47B

MD5
fdb8fd69f9dfd2ef302ae773eca9b5a3

SHA1
f15e2f66f3e2978626194d153014dc60ddceab87

SHA256
d0a6fabf38e69e9a608a0275f215357051a6c3c99822f95d4967d8a8b916d8ba

SHA512
05b0e33eafc7bb8f211528b42365d0c755782d1bec525e2850dba7bc9744bde91e00646a5b5ab42278219fe1bfd43c24a9e3e73fb5ce1f30b181b27dbf9a091c

Download Submit
C:\Program Files\Java\jre7\lib\zi\GMT.kqdwindows7ssb

Filesize
47B

MD5
ce85661bc3651b5a98fcdec574c3f4f9

SHA1
fc08ecd2668a269e2a843291a8fff2b5ea72abc1

SHA256
13c5a24d58a7706bedb92f10abee639fecf2b8e2329426ae71fa1f0fd9d05f8e

SHA512
5965a4ab0e3d7c2e662b313064b58010a08014458d734017d5aec4d90a17e946c28a1cd24fa4bf0ebbde8802df10433cbee02dafdcc7aae0cba12c69fbb4a969

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\it-IT\css\cpu.css.kqdwindows7ssb

Filesize
1KB

MD5
aa3e90dace7d1c0cfea487e013dfe20e

SHA1
ad6d7207c4e97ef4e6e9912c45a09f0c53e244fa

SHA256
81219149091e73562fb6ddbc2caa58fa4447d238d2d001be9a1474c23b4f5b9b

SHA512
cd9907a2b4757dd5d0dce8ac6f36f9710eb79896487ffe3dbb3d18e26312bcf12a8cfa4e71a479811436751b3ce0b1e787e4275ae680bf78b4ee1d2956c71e22

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\ja-JP\cpu.html.kqdwindows7ssb

Filesize
4KB

MD5
df104b3b58240bdfe4e7a054fa30981a

SHA1
d213cf6fd2aa0ed7c1f6d5ef9e19f94446723fa8

SHA256
db2b600a33a605787299fc202d83a5ddf8a1ce2f23978b8cfee4932a7c55a26a

SHA512
68c49dd14802140ab404d40ec6d6b30c6c7427d520ad633f4c2106aa0a2af741e995322948f5544e5c489fe8ffe6d3738853558d61302e5ac6d98e2aa361c553

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\it-IT\css\calendar.css.kqdwindows7ssb

Filesize
4KB

MD5
082b9bf530b3aac15dd7c343721f19bd

SHA1
6c4039decbc49b37e6c7d4a3fcb428cf6a25e50c

SHA256
b6f62a2911c4055a54b6fb05e948643b3c8cd9726e34e72179f7d64c3134390c

SHA512
40cbc646d0ee2c35292bc26caa3139b13cbe6abe847c6ac6fc14b734081154dfd66df08b7f408d529bcafea2727b75d2823ca47bcaf5ff2221dbb277de43aa57

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\css\clock.css.kqdwindows7ssb

Filesize
695B

MD5
db57bad28c06295dcac794db044e58ca

SHA1
5a91a0118970c67adad432ccb313d9e79d3e6cb5

SHA256
6538b7be96d6e2197c133a5534183916f16aeff6f29ca860e203320eac03d805

SHA512
e784d6b13da5cafca8d9b530bbbe6ecdb89e0208f5aa12444d5cb346656f1683255ec6cf17f4b0e2eb0fec7a25d3c7627db9e632803ebb3b855940766dcac420

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\css\settings.css.kqdwindows7ssb

Filesize
1KB

MD5
782b8f5d152ef53e035c89b1b0d294a6

SHA1
df79836e1ece0a7608333e288785a75ca9c69751

SHA256
03ac243cf45f18d2cc70f2651d8a4f3f65e5335eb876396969f878a153a29e06

SHA512
47283f808624a0f4931fcef121a2402d153e9ee5aa52d73e6937c2988bf59172bef5a6d49af4c1a3bbe8b0d577958b41ccd3b59db6c2d989613a46422cdb7409

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\js\clock.js.kqdwindows7ssb

Filesize
17KB

MD5
58da5c112ad5a7a7f846eca672aa745c

SHA1
96f2837f8506a2e5aac65d117be14c9a34d8c502

SHA256
e3c408241d9f228be57764f93368bdd73ed7a3145b78004f9dc28dac6d1061d2

SHA512
b6ae13bbd8bf28ae4320b211f8c3c07bbcdb32d2e5b362bacb838320b7125094c5b40fccd2ea62f25c28bede7793d2375298265196ff44774d296c1ccd766a10

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\js\timeZones.js.kqdwindows7ssb

Filesize
9KB

MD5
8c23bd9441df102a1d0767515d98eac6

SHA1
926a31f2b07ddd4c3c27c9567393918b573a8302

SHA256
b656db53811510992ac20b7c4da724d32c93e4e4d0fb0599c56633f16df60418

SHA512
2bd3a2b5b9e2a14c52e668449adc070c7a29b5e732f59944f947015168b7df19cfab60d5f99e62bb3dd12a1ff0414beb2e32ad0f0f21d0e0310d684f4c68834c

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\currency.html.kqdwindows7ssb

Filesize
5KB

MD5
089233db69fff86cb6a38242e83418e2

SHA1
bd27eecc93f708038476f2c93dd4637720914558

SHA256
04d6e26aecd53d4d2fd3802981c64a40b187c0b802756d4232407809d957d544

SHA512
006b9a1985132dd0f703ae7e066f39a2f880361864a9904134275fd2307eb7254b142c0c692473843abba5b1fb78c54305dcb7d2f4af199a8268069034b827ec

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\currency.js.kqdwindows7ssb

Filesize
65KB

MD5
5540879f00506bb075edfe3bb0e67ea6

SHA1
ce24c01de7863291c67c6c59285cb5a798003ca9

SHA256
fdd59523e6a2f83a7afa526fe2ec729f103f121217f5d32b79e3699a1db23a13

SHA512
59cd31283dd50a398d356349fc37f305e6d66bbad8d1f7e85d6fecb87752cbd88432d14eed06d590368910e6c5dbb00828bc4c7e9788ac3ac52669d516f7df13

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\init.js.kqdwindows7ssb

Filesize
743B

MD5
e6ea5943333b01ea5327ac2ae4fd971a

SHA1
d421c0b17f2259ebe007c28fc3ee0c2122d6844b

SHA256
884c8a7ce3f0c4485a1e6e538934946f6accd46ac34fd7ebf01cac232e0155d0

SHA512
7bd54368d426725f24eedb36bc691b8456213bc08941a307b70f8f10fdca37a231c6b3c58ac4b30b6fcb90ea5784dad0cda396a329f4bb9ce74cb4448f6a64bf

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\library.js.kqdwindows7ssb

Filesize
5KB

MD5
4898fe6ec647f651b574ecaf99c98b8a

SHA1
02ca8f3da4e318955f14ee924649c3acea36d1aa

SHA256
504adc4dbcfc12c69bccde6cd2b84175aedbce34d348134d82eb2fb232bd8e13

SHA512
b8e994c175f960beedcd5eaa3ef0f4844dd4575c6c6902582b160294f92129e01da41bf3edf041cfd1c4ddf27ed96b8690951068f101df58d0e12fee67f49d01

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\service.js.kqdwindows7ssb

Filesize
7KB

MD5
16e03ed5c81f91e9c09d3b7da11fc985

SHA1
13e6a17eef5be687105fde7f9d595db63d6b23f7

SHA256
9b6b7777f3b57900159c65c0cc46cd10fed593de613710d1bcd1275754e01568

SHA512
42a8b7316e0ad2fb9cedc17d2467648f4edfe177ab8baaf666e9491f3c873f9dca1572dc2866ae3346ba1dd83acccb44b8e9b03f8bb57924d70270cadbbba01a

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\css\picturePuzzle.css.kqdwindows7ssb

Filesize
4KB

MD5
6dbe7118cd2d126b98979ceaa4658626

SHA1
a28934bc654f324f269ca97c4e3f84ec37f53e13

SHA256
640513fddd1957d71864843c2a35514ced4071cf6ee14a085e75ad5a815d173e

SHA512
7c5a54ca1c81c1e826c890b32a9a8525167deabe307cdd29b54b2300ab50adde1febd46dce7bec860f55668504d07a1c74b0c74b0dc42078913b8c93fbe7dfae

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\css\settings.css.kqdwindows7ssb

Filesize
5KB

MD5
0c6aca5c305b150f094311c77470eebb

SHA1
8f140cb4f3577d38bf0ee00efc4cff9701cc9ab1

SHA256
9032d1ca3a62ad2b9f85f384aba3df50f5eae6d861f43ae8717fb2e81e8bba3a

SHA512
a6c2f788eaff9355f0712cf5a8d9393d4b5e79c2e678b49051e2b37fb0e007d0f1c5760599dbbacf888323bcc76473329eeb7d625ceec38d30aab1691dd2aff6

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\css\RSSFeeds.css.kqdwindows7ssb

Filesize
2KB

MD5
037a0462e816311bf3c7f2d585bbdca4

SHA1
857841b036d697c943a2f92612429a42d26b480a

SHA256
0f5b3e6ffb3133320db1280ce6fff6fd73f6c2904f934e8ed6c2507a035b4f89

SHA512
5db77d9078f811bd3449c0fd170a8a5217b58c7db5a3caa4c71bf7734fb2bd01204c9672889c05a1c03b58ee93848ddbb985724a0f2a1b61bacbee9dd5561b62

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\css\flyout.css.kqdwindows7ssb

Filesize
2KB

MD5
796a170f45600fe64945b266cd3c5b75

SHA1
e30b0beb438a9486efda58d8982385230690e800

SHA256
4945ec5a40424f578b17b266fb09f56018d671dd457e657076bd8c6e9b45bee2

SHA512
4d219388d55d778d02a6cb369f3eafafd9dcc0561bb54219dd38f2552bb9d9bc6d5dd26414f3e7a98ebbf5c1411565dd10992b9ccd25af3f954fdd2e4b473eb3

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\css\settings.css.kqdwindows7ssb

Filesize
1KB

MD5
a4656a5be1f9ea12da05bacf95edc0d5

SHA1
437b5736bdc2c963a53d038e3f19b27bb362473f

SHA256
50d3d7a66e1ecf0802da375260f1ec251e59119ee64f463df5a007e92a957593

SHA512
354a1ded7376cd42d440cc04740a5aa719c9392d6330129e3b045bac8583ce4906ca5719616fc0b4bdeaba1bd4b26730aea09283a5abb50718f0ff9827846da6

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\js\settings.js.kqdwindows7ssb

Filesize
5KB

MD5
d47b94644cd2cbd81509628a337f1c58

SHA1
6783aed543a29364a040c758792657d08c2fb051

SHA256
1eb3a531b7f03746d6a748f3ad49b38242941faa8dcbeff2290e9b33610fbaa3

SHA512
ea0b37b450e928fcc2462517608b193bfe312a5c270a2632424d4db2c016944c057863e41c28ae1c49304963c0c7972d59b4ee8483996abc59b69a4d2ae007f1

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\logo.png.kqdwindows7ssb

Filesize
6KB

MD5
fb44dc27a74bd8b79bf983e7548850ec

SHA1
35294b27912a35801b2d711576d32f8eb97a8318

SHA256
6cd3e464bf8259b71b068bc780207d9bacd7b53fcd85ffddb710b2d6614cb7d6

SHA512
9f38a3911b2a18ea6406c43fa2dddf35fd2aeded1df9691e83024010c06d505cb496531e59ceb95826eacedaf43e552810e9f604d202cbd61d0764520f83ce81

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\css\settings.css.kqdwindows7ssb

Filesize
1KB

MD5
7c5bdee74e37218effb013e611017203

SHA1
ee89321fb494bab5cc014a2a19b80a64e972dbdb

SHA256
3a4c253e82612ba2482f373aea5c838a105a8233aa6d4d1926138274ee7e0d1b

SHA512
bfa559950d9fd879b4baeb0ac96159549351e6b30e8c7318b46061fe67afbbb6e94493bb7c88d9fc8754ac3468e3f268039817c6c117522b343b6de7b19450e8

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\css\slideShow.css.kqdwindows7ssb

Filesize
4KB

MD5
c8045b7141d1a4a2ad6433d58286cf07

SHA1
925901f9b359663d250ca4c9e59bddd300cba05c

SHA256
76237b85176e600084f3254356bd0f4b83af61c250c8e77551b68e1dadb89488

SHA512
fb353a7b11e2e71011c514ff7d0604fe321811d811de6de04d8ed5a52e8db1c7928dac823d45d9ab04204f58651096ef92ddd70fe8c0425a2f6c5fcd8da663fb

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\38.png.kqdwindows7ssb

Filesize
5KB

MD5
e5bc6c9f3a532ff07cb3289b65914fdf

SHA1
330973c919db66c1e0615cd74432661a5678935c

SHA256
69fb6193f97ff692616093f6f62f5b5fc875783bc15cb43f817109228e40c558

SHA512
13c7716c2136200017d936a95b8918c6c700aa8b5ecc6bcf35a53d5e4be86e22ffb4e243f46b3bea8e52ff87a1d65ca02844c59b06b57651551536bb69c5c033

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\39.png.kqdwindows7ssb

Filesize
5KB

MD5
6cbb8b934296e05ce388a6a4daea1b2d

SHA1
2b2ee5317607be4b8bba7857e2cda73b600678ab

SHA256
b53904f59dbb6ed74062ad18afef39ffbb660fd8bbb156f1608bacb22e560cf5

SHA512
6d87468448d2e600db51632bdc50cc5d1d6fd45a64ead23f4a726cf66006f549c470b3b44b25cfaba23eeaa8de2a3bc2bfc6991f11bf860e4a12dc7acf6051b0

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\41.png.kqdwindows7ssb

Filesize
3KB

MD5
e153eb695a0ce1a1ce55f5c861873dbf

SHA1
f09915976fdd80dd885f74be66e8efffcbb9cd29

SHA256
3b67f087b4a8a78d0ce021ae9cfe4c06b3e1057696618eed15d467139baaab65

SHA512
fa1a70d5de30954f197b16c88b64c406d4aa004eb8e5c79c327a490f5cd7238e4608216566d2469550b13c02ff39bd1203af5ab493eaab5088671044231796de

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\css\localizedSettings.css.kqdwindows7ssb

Filesize
999B

MD5
7fbceb3854915104460092d70551b0a1

SHA1
b03f0f26aecdcea288d411fcf6d6f84653226ee7

SHA256
1299d5d9f7e2c5f6d8709e743f16cbea97182df47eefa28c8ddf0781a5460600

SHA512
1df8e07301aafae156dd26658c6dfac210e7712dd269423dfa38db2e98adbe0d2eafd858ee3473628782ceb696d2cb1b31c8d0f8dbc8e334f3f9d24d3cf915e5

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\css\settings.css.kqdwindows7ssb

Filesize
9KB

MD5
68cd7b9bca045de771e152443638773a

SHA1
db0a17d0251b8de963a150965be05fa0988e9dfe

SHA256
32e7df9ed768cc59af0d65616ffe37053525b8878fa27e684cf929430ecd2f00

SHA512
d827ba2f0c4c54da0164c9baf65be526e014f8023d16c85b6750649d7afe7bdeb7e2602efe4ea0d7956de702e69738292b046e803bf81a21f7a53a5d54770ce2

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\css\weather.css.kqdwindows7ssb

Filesize
24KB

MD5
e61ac19f18e790dd89ef7a1c3742263e

SHA1
703bc78688f3e786ed6a7d7a65a8c6a2bbd1783d

SHA256
c1b8c23668eb04c445cc2471fce8f6b688e94cbd00f0e340e61f9377b4a39f78

SHA512
352775d1f2535e40ac43e4c327fcb0077977378f98701d2292b1bde662a850590e1eb391d7f24dd6ce127329d01dec27c823ac37a52922b77a5f1a39bda42030

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\highDpiImageSwap.js.kqdwindows7ssb

Filesize
1KB

MD5
99f17890ce5be82dbd9627252e42f3f6

SHA1
771140f4b5775528db44aff79e9cac4911cdfc1b

SHA256
e7949eab1890e88e6d090285c88b30daf809f72c707072ef35fe2d68b6f05f72

SHA512
00f5dcb0bda315f99ee21fef0feca64f19e95a427e59cbe8553a3414f28aa235e5e4cab11ee43704552eb64e4ed94635a41b1ab9d6489d030178c5e1974e9517

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\library.js.kqdwindows7ssb

Filesize
42KB

MD5
6fa1eb9316c2b8a3631419be9f7abf35

SHA1
4fdd98eb98326b61dc58a3542f4b8af76cd8d6ea

SHA256
a7d248e52d6e33c8479cc5c3cfe8cb184def2d8754dea90dc6d8c98bc4ba311d

SHA512
08454a06544d3fa665e2d26da92d913658733d4d65d5275f4dc16264a7a90e95563ee498f1ec4f41b0f34550c34ef953a11a5e7a935ef73481c6bfedf55bf659

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\settings.js.kqdwindows7ssb

Filesize
56KB

MD5
835325e20e87049aad6ca58c15d20fd5

SHA1
98a0a98f9c9aff8111698e5eaffa580ca234f5e4

SHA256
0b932fcdb7d5fd59f877befe7a429e7a9a409391c920d2d6fe24aaccb6011893

SHA512
d3d48cb57b7d340ee5f8db22ed2e010004a27798ac2f76cf814111ab7e1bdb59299249019bbedfb51e58c2b2c49d8c38322ccf3a7fb77466e9533ec67561603c

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\weather.js.kqdwindows7ssb

Filesize
132KB

MD5
867a8d852fe9d7fa919b2a15cca029ba

SHA1
fa038ce8d04ec92169bd349e2bdc5ebc4769ef26

SHA256
21df6baa0b642842392caa06eddd3c5a0a478cf02aacdd51fbef786a8a31a3e2

SHA512
20b7f7448796e4edd97b65830a5c4fea186744e1dbae215f10786a1d70a4a1f30a8cce2a278def229e36c897513106e0139499b424291b576c2c3417f6c6465d

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\settings.html.kqdwindows7ssb

Filesize
8KB

MD5
7412fb349417fe329db8e3415e624c06

SHA1
c19d052ec56a215c7ffd2586e2bfa64d97efc169

SHA256
e11a9b24394181eb858d916254023a5c785e87edff615e89417d87286f6e9de3

SHA512
7e976a4a4a7d726494fa304dfd2150ee32f6495af3add2168d3ca28eee25ffed973671f2f6693dcce60fbf2564ea6a91f2412a5b8ab69cbd5bd5cefb22ecbf13

Download Submit
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\weather.html.kqdwindows7ssb

Filesize
15KB

MD5
9965974189930be2bfc53ad4b35b3197

SHA1
baaac462114602fbba48a714806d6e85315a5678

SHA256
8093f4eae509327f0043cffe1c66f7df209781241bca6757f7cdc0d09faf8d0e

SHA512
2aed3970b24f6079feadffd5c9ff86ca692f5bcd4190fe7ad895fe81a7716a1092b299a31ea134393b4d575c2088968cec06dca987680cf2dfcbec4bbb976145

Download Submit
C:\ProgramData\Microsoft\Assistance\Client\1.0\it-IT\Help_MValidator.Lck.kqdwindows7ssb

Filesize
23B

MD5
72543264c6114c15eb8145d82f2d6f03

SHA1
26315979e9a7bb412059a7c255d7c90514febe63

SHA256
6653f523be3b9c389e22cd6ef24d414a874f96a8985ee86ca536bebe17b85ec7

SHA512
7673e1e9df85bc995821f5b95fbb73554bc7d1f35c6970ebe46a4fc5f8fb8691b35a2a18ad67bcd75d9c96b2ada770256b4f2a5a57738cb2dd4b173a29711d08

Download Submit
C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png.kqdwindows7ssb

Filesize
126KB

MD5
1793184b267331d7e7b0f293d2130e26

SHA1
d2b2f8fca79546e9b16ec5c1502705b6b5ccfb27

SHA256
f4844df38a0922eccc7a56d5696ef46a17756fe674a3859104c57aacae6a3e9a

SHA512
1c510f50a2de875071132b961ffb8dae80c473b66d405ac5272d8dcce67ce2a6c3df7ceba8b5733d3c0afd9168000f42b555d049e8b5010d9c2cff147449b75d

Download Submit
C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png.kqdwindows7ssb

Filesize
28KB

MD5
49b2afa827db5099afeeafb4b1c6f6b1

SHA1
f1a843b6a82c22baa5a74994b8c05a0b488c56f8

SHA256
1643b86c51107e38b1b138c74e0a5e102dcef7e55b046e2b588ae8e47d02c1d8

SHA512
c2ba225bf3cd5f5c914d879d39374be3e76de94c37a23e2501d9f9757c9ee0d0560feb963545d7c544de16fb8f5d99e86f96c6278615721579131b58df6d9c5e

Download Submit
C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\resource.xml.kqdwindows7ssb

Filesize
1KB

MD5
c5d15c9183f9e195341f7167caa3ebcd

SHA1
ea95fa4179979bc31da0e3db034ec19d4aecd610

SHA256
6609a6b9fcabfeb61d8ebc52d163cb50f6bff569d31e2828ba5c5c99134e1b43

SHA512
f81e1d8113363e317ea2bdb809dd2e13bbc594598f8ffc34895da901a90a2d847a85932dd40972e61d8d56d1e5e95ebd5c92cd2024487cdb679fe190f55405cc

Download Submit
C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\folder.ico.kqdwindows7ssb

Filesize
52KB

MD5
628c375468410fa3693c8f887842aca5

SHA1
0c2ad1e1ec766d6be42f45abfabada2917a2c297

SHA256
fdafd6d976fb6ae45c9cb07bef7aeb1df5a38e9a1bdf61281486569275d7a76d

SHA512
5624944f847c8c7441016b386b2a9cf559edee4491e6cab0e8eb6e71083bf618b60fd543949f0c197e13696d936643f886a16eb213121d9ea75e653c28647c6e

Download Submit
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAB0002.000.kqdwindows7ssb

Filesize
263B

MD5
c3b4cc52973dc9c6ebb75ad951f87f2c

SHA1
109175c9e7ebe8d179674a1fe7e3b2b6522402c5

SHA256
0fec0fadea6bdc123cf2e4ead66faa842fddd7742d8705864cccc58594eaeee8

SHA512
46840ba1ff678f2ce4f21f2e9ea22772531f9b4b616f8e985b9d5773ff6b741e24deae46e00f561413fccaca5cef4e5623198a588813b189624546fea7764413

Download Submit
C:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.kqdwindows7ssb

Filesize
148KB

MD5
92831e0ef3534614b1a67fb1d19b50cf

SHA1
33f72677139e42af8d77838c3af5a56bd4509ee9

SHA256
6381a292974877004737a0e39073bc0559d37a01a8318046ce87509e11bf52eb

SHA512
ba8dc14292793d331ab716def4ad5a0bc3b2494bf29f4e7219aec30330d0d681f77fee40f96a1b352bc6f6b2aac2dac7c044f9a6f2441b2c159b903f34e613a5

Download Submit
C:\ProgramData\Package Cache\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}v12.0.40660\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.kqdwindows7ssb

Filesize
140KB

MD5
55616b809908677857f11eb04a3b4f32

SHA1
add61af66ca5a923046e6847b85a8fd0e93a0a1c

SHA256
be504eff5cda93fbee16d22e256c831332f154ce027fe39f1792e51f02a95bc3

SHA512
c5ceafaed999b6dbac175bcad21ef7f8fde8149d19b1d52e684fdf311da0318d8aa1b77049b6385670a306e5b59075939065d7b81b24a29f1f10f435e0ebfde7

Download Submit
C:\ProgramData\Package Cache\{662A0088-6FCD-45DD-9EA7-68674058AED5}v14.30.30704\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.kqdwindows7ssb

Filesize
180KB

MD5
927d8445a6ca0d6fc459b57576ab3e4c

SHA1
8601fbc986b857c9e25f587e40b4488dbac80036

SHA256
c0f2e559357d392cb735030394229036484bed63eb1cba07c72cd843981f9533

SHA512
114e523cfeb475d68b1e72a6b2696fa6f526a9748c3de82e10671fd6bc7452e6b689278f2e5a43a062eae6d07c0204d63315b2c096ca85c63c6cb321db65846c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\CURRENT.kqdwindows7ssb

Filesize
39B

MD5
67da609d58c60272a03b30f6bc1a41ff

SHA1
5377e9508de6baa90e00d805b2c59563bac80dfb

SHA256
9e75ea4a5bc782f413f9ff323d52c1ee721e35173a888cbfa766f6658f6e3a1b

SHA512
3467b451666d2c478885d7fe5d93b0a29c6a53e5ad37ada8b899de527cb4d28c3495ba33705f1204abf3a51944441f0e18e846b41d584523a20153f5ed16869d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\MSNBC News~.feed-ms.kqdwindows7ssb

Filesize
28KB

MD5
371d1ff1dbd3807fb9303bbf11bc3469

SHA1
74edc3ab2f73c1c46a06439a22e495e940584e41

SHA256
c94918660f09a0afc8a118c3b9f235b62d7808309a1e10c30fc26ab2f779e976

SHA512
b763d90f8038491dc52b40d05ce5325f013213afcaba1553b46aa5df5f0470477a9147252da3315a340aeb591328a1ea2e1b50356f4e5095566915f1922c887f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery\Pretty_Peacock.jpg.kqdwindows7ssb

Filesize
5KB

MD5
7ba54dc6ac04c39995213a20774e3fd1

SHA1
092548f14c2188e20b749cd2c1529baf42a2c059

SHA256
d07de2eac7dc682645055d84996c2a962e5d98f4375c092ee1debc73fb4fe185

SHA512
14b7b3f2c721298dd52c2cefce9b78775d4a5efb8e9f979f6d68a16f6d5eb546ff538c6d23c6ca934e5dfb1a45293d1ac8bb9ff17fd270674a96d6603e6940c8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite.kqdwindows7ssb

Filesize
48KB

MD5
d861f9ff23d44541f27fe9c0ddc3646f

SHA1
335ce336ca2fb0814fc4d845cedbace9092db96e

SHA256
a74cbda717fe8ddec638f97aa1cd1ca2ea5aa35e6612ae63948724ce71dc3c21

SHA512
783b329629d9ff24990ffe75c7dbb81724f6b1e4b8ded9bc55bbb000d32e632d5c2b8e52cd04c4519a30f1c995c901dedd8d4c9b6b0a7f59d5c871960318f099

Download Submit
C:\Windows\Termite.exe

Filesize
1.9MB

MD5
842421d3e233f6a1577892b49ef8971e

SHA1
ef3eb5d43855b9cc77edd967b57540623466d993

SHA256
17e1e290e2c354d5cc4d31ebdfefe46e8fc4e6bc29fc108f1c91311e737a028e

SHA512
1372880857a28260530cf57ca900f9685ebcbeb06c49f4d1fb47c4e3892c366cf44b79947ff00d6bab5471aaa67e785590e2c7b841b601f7e933441742a93df7

Download Submit
\Users\Admin\Desktop\Payment.exe

Filesize
1.1MB

MD5
9f9bb9ee4952cb514089910e19eac5c4

SHA1
c57f604e8eca50df40df93a6b0c3d65ab8d3b198

SHA256
0c9844f11b7b57547891b3cec86bd3468734a990768dd9f7a9a72cf6a908b17a

SHA512
8661c46618d0f8454a278d6a4e1b85fd9c9656c2e59feb6851087bfcdb53bba5015ce023cf6d0504dc899ae6fbbd4f413b45228eb2c8eb6965912cb32482d14f

Download Submit
memory/2876-43-0x0000000000400000-0x0000000000601000-memory.dmp

Filesize
2.0MB

Download