buran | c5741701b3866459dd1ffa2477cfd8776713612912693a5897f78aac795d23e9

max time kernel
41s
max time network
117s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
25/03/2025, 15:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

RansomwareSamples/Zeppelin_08_03_2021_813KB.exe
Size

812KB
MD5

5181f541a6d97bab854d5eba326ea7d9
SHA1

16d9967a2658ac765d7acbea18c556b927b810be
SHA256

b7f96fbb9844cac5c7f4ec966683f3564bbb9a2f453927e1c579dcb0154f5f83
SHA512

c282d9d6479c10fcc9fa6f674c901df1f1ad94b9354f6e427a7b445d0efad84efed6d7c29a0bc2a37b5ea07ee9a359f0e922d7c24f061258ae11fe4c44e9e4fa
SSDEEP

6144:73KIrUL3UE1S5mY5/i+i6thb2/VMpfkgXkJX/h/O11/vMLZ935PFXwz6Ui:DTru3FS5C/VMpfkg2ROs9dSz6

Score

10^/10

buran zeppelin defense_evasion discovery execution impact persistence ransomware

Malware Config

Extracted

Path

C:\Program Files\7-Zip\Lang\!!! ALL YOUR FILES ARE ENCRYPTED !!!.TXT

Family

buran

Ransom Note

!!! ALL YOUR FILES ARE ENCRYPTED !!! All your files, documents, photos, databases and other important files are encrypted. You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key. Only we can give you this key and only we can recover your files. To be sure we have the decryptor and it works you can send an email: [email protected] and decrypt one file for free. But this file should be of not valuable! Do you really want to restore your files? Write to email: [email protected] Reserved email: [email protected] Your personal ID: FDE-C1A-44C Attention! * Do not rename encrypted files. * Do not try to decrypt your data using third party software, it may cause permanent data loss. * Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.

Emails

[email protected]

Signatures

Buran
Ransomware-as-a-service based on the VegaLocker family first identified in 2019.
ransomware buran
Buran family
buran

Detects Zeppelin payload 14 IoCs

resource	yara_rule
behavioral28/memory/5272-9-0x0000000000400000-0x0000000005678000-memory.dmp	family_zeppelin
behavioral28/memory/5272-15-0x0000000000400000-0x0000000005678000-memory.dmp	family_zeppelin
behavioral28/memory/3176-21-0x0000000000400000-0x0000000005678000-memory.dmp	family_zeppelin
behavioral28/memory/3176-29-0x0000000000400000-0x0000000005678000-memory.dmp	family_zeppelin
behavioral28/memory/3176-34-0x0000000000400000-0x0000000005678000-memory.dmp	family_zeppelin
behavioral28/memory/372-37-0x0000000000400000-0x0000000005678000-memory.dmp	family_zeppelin
behavioral28/memory/5252-350-0x0000000000400000-0x0000000005678000-memory.dmp	family_zeppelin
behavioral28/memory/5252-4952-0x0000000000400000-0x0000000005678000-memory.dmp	family_zeppelin
behavioral28/memory/5252-9832-0x0000000000400000-0x0000000005678000-memory.dmp	family_zeppelin
behavioral28/memory/5252-13497-0x0000000000400000-0x0000000005678000-memory.dmp	family_zeppelin
behavioral28/memory/5252-17231-0x0000000000400000-0x0000000005678000-memory.dmp	family_zeppelin
behavioral28/memory/5252-22913-0x0000000000400000-0x0000000005678000-memory.dmp	family_zeppelin
behavioral28/memory/5252-26024-0x0000000000400000-0x0000000005678000-memory.dmp	family_zeppelin
behavioral28/memory/3176-26053-0x0000000000400000-0x0000000005678000-memory.dmp	family_zeppelin

Zeppelin Ransomware
Ransomware-as-a-service (RaaS) written in Delphi and first seen in 2019.
ransomware zeppelin
Zeppelin family
zeppelin
Deletes shadow copies 3 TTPs
Ransomware often targets backup files to inhibit system recovery.
ransomware defense_evasion impact execution

File Deletion
T1070.004

Inhibit System Recovery
T1490

Windows Management Instrumentation
T1047

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation	Zeppelin_08_03_2021_813KB.exe

Deletes itself 1 IoCs

pid	Process
4372	notepad.exe

Executes dropped EXE 3 IoCs

pid	Process
3176	smss.exe
372	smss.exe
5252	smss.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smss.exe = "\"C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\smss.exe\" -start"	Zeppelin_08_03_2021_813KB.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\O:	smss.exe
File opened (read-only)	\??\E:	smss.exe
File opened (read-only)	\??\A:	smss.exe
File opened (read-only)	\??\Y:	smss.exe
File opened (read-only)	\??\U:	smss.exe
File opened (read-only)	\??\T:	smss.exe
File opened (read-only)	\??\W:	smss.exe
File opened (read-only)	\??\S:	smss.exe
File opened (read-only)	\??\R:	smss.exe
File opened (read-only)	\??\M:	smss.exe
File opened (read-only)	\??\H:	smss.exe
File opened (read-only)	\??\G:	smss.exe
File opened (read-only)	\??\B:	smss.exe
File opened (read-only)	\??\X:	smss.exe
File opened (read-only)	\??\Q:	smss.exe
File opened (read-only)	\??\P:	smss.exe
File opened (read-only)	\??\N:	smss.exe
File opened (read-only)	\??\L:	smss.exe
File opened (read-only)	\??\K:	smss.exe
File opened (read-only)	\??\J:	smss.exe
File opened (read-only)	\??\I:	smss.exe
File opened (read-only)	\??\Z:	smss.exe
File opened (read-only)	\??\V:	smss.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
34	iplogger.org
36	iplogger.org

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
25	geoiptool.com

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 11 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WMIC.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Zeppelin_08_03_2021_813KB.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	smss.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	notepad.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WMIC.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	5272	Zeppelin_08_03_2021_813KB.exe
Token: SeDebugPrivilege	5272	Zeppelin_08_03_2021_813KB.exe
Token: SeIncreaseQuotaPrivilege	3668	WMIC.exe
Token: SeSecurityPrivilege	3668	WMIC.exe
Token: SeTakeOwnershipPrivilege	3668	WMIC.exe
Token: SeLoadDriverPrivilege	3668	WMIC.exe
Token: SeSystemProfilePrivilege	3668	WMIC.exe
Token: SeSystemtimePrivilege	3668	WMIC.exe
Token: SeProfSingleProcessPrivilege	3668	WMIC.exe
Token: SeIncBasePriorityPrivilege	3668	WMIC.exe
Token: SeCreatePagefilePrivilege	3668	WMIC.exe
Token: SeBackupPrivilege	3668	WMIC.exe
Token: SeRestorePrivilege	3668	WMIC.exe
Token: SeShutdownPrivilege	3668	WMIC.exe
Token: SeDebugPrivilege	3668	WMIC.exe
Token: SeSystemEnvironmentPrivilege	3668	WMIC.exe
Token: SeRemoteShutdownPrivilege	3668	WMIC.exe
Token: SeUndockPrivilege	3668	WMIC.exe
Token: SeManageVolumePrivilege	3668	WMIC.exe
Token: 33	3668	WMIC.exe
Token: 34	3668	WMIC.exe
Token: 35	3668	WMIC.exe
Token: 36	3668	WMIC.exe
Token: SeIncreaseQuotaPrivilege	6088	WMIC.exe
Token: SeSecurityPrivilege	6088	WMIC.exe
Token: SeTakeOwnershipPrivilege	6088	WMIC.exe
Token: SeLoadDriverPrivilege	6088	WMIC.exe
Token: SeSystemProfilePrivilege	6088	WMIC.exe
Token: SeSystemtimePrivilege	6088	WMIC.exe
Token: SeProfSingleProcessPrivilege	6088	WMIC.exe
Token: SeIncBasePriorityPrivilege	6088	WMIC.exe
Token: SeCreatePagefilePrivilege	6088	WMIC.exe
Token: SeBackupPrivilege	6088	WMIC.exe
Token: SeRestorePrivilege	6088	WMIC.exe
Token: SeShutdownPrivilege	6088	WMIC.exe
Token: SeDebugPrivilege	6088	WMIC.exe
Token: SeSystemEnvironmentPrivilege	6088	WMIC.exe
Token: SeRemoteShutdownPrivilege	6088	WMIC.exe
Token: SeUndockPrivilege	6088	WMIC.exe
Token: SeManageVolumePrivilege	6088	WMIC.exe
Token: 33	6088	WMIC.exe
Token: 34	6088	WMIC.exe
Token: 35	6088	WMIC.exe
Token: 36	6088	WMIC.exe
Token: SeIncreaseQuotaPrivilege	3668	WMIC.exe
Token: SeSecurityPrivilege	3668	WMIC.exe
Token: SeTakeOwnershipPrivilege	3668	WMIC.exe
Token: SeLoadDriverPrivilege	3668	WMIC.exe
Token: SeSystemProfilePrivilege	3668	WMIC.exe
Token: SeSystemtimePrivilege	3668	WMIC.exe
Token: SeProfSingleProcessPrivilege	3668	WMIC.exe
Token: SeIncBasePriorityPrivilege	3668	WMIC.exe
Token: SeCreatePagefilePrivilege	3668	WMIC.exe
Token: SeBackupPrivilege	3668	WMIC.exe
Token: SeRestorePrivilege	3668	WMIC.exe
Token: SeShutdownPrivilege	3668	WMIC.exe
Token: SeDebugPrivilege	3668	WMIC.exe
Token: SeSystemEnvironmentPrivilege	3668	WMIC.exe
Token: SeRemoteShutdownPrivilege	3668	WMIC.exe
Token: SeUndockPrivilege	3668	WMIC.exe
Token: SeManageVolumePrivilege	3668	WMIC.exe
Token: 33	3668	WMIC.exe
Token: 34	3668	WMIC.exe
Token: 35	3668	WMIC.exe

Suspicious use of WriteProcessMemory 39 IoCs

description	pid	Process	procid_target
PID 5272 wrote to memory of 3176	5272	Zeppelin_08_03_2021_813KB.exe	95
PID 5272 wrote to memory of 3176	5272	Zeppelin_08_03_2021_813KB.exe	95
PID 5272 wrote to memory of 3176	5272	Zeppelin_08_03_2021_813KB.exe	95
PID 5272 wrote to memory of 4372	5272	Zeppelin_08_03_2021_813KB.exe	96
PID 5272 wrote to memory of 4372	5272	Zeppelin_08_03_2021_813KB.exe	96
PID 5272 wrote to memory of 4372	5272	Zeppelin_08_03_2021_813KB.exe	96
PID 5272 wrote to memory of 4372	5272	Zeppelin_08_03_2021_813KB.exe	96
PID 5272 wrote to memory of 4372	5272	Zeppelin_08_03_2021_813KB.exe	96
PID 5272 wrote to memory of 4372	5272	Zeppelin_08_03_2021_813KB.exe	96
PID 3176 wrote to memory of 5672	3176	smss.exe	103
PID 3176 wrote to memory of 5672	3176	smss.exe	103
PID 3176 wrote to memory of 5672	3176	smss.exe	103
PID 3176 wrote to memory of 3996	3176	smss.exe	104
PID 3176 wrote to memory of 3996	3176	smss.exe	104
PID 3176 wrote to memory of 3996	3176	smss.exe	104
PID 3176 wrote to memory of 5500	3176	smss.exe	105
PID 3176 wrote to memory of 5500	3176	smss.exe	105
PID 3176 wrote to memory of 5500	3176	smss.exe	105
PID 3176 wrote to memory of 2328	3176	smss.exe	106
PID 3176 wrote to memory of 2328	3176	smss.exe	106
PID 3176 wrote to memory of 2328	3176	smss.exe	106
PID 3176 wrote to memory of 3920	3176	smss.exe	107
PID 3176 wrote to memory of 3920	3176	smss.exe	107
PID 3176 wrote to memory of 3920	3176	smss.exe	107
PID 3176 wrote to memory of 5140	3176	smss.exe	108
PID 3176 wrote to memory of 5140	3176	smss.exe	108
PID 3176 wrote to memory of 5140	3176	smss.exe	108
PID 3176 wrote to memory of 5252	3176	smss.exe	112
PID 3176 wrote to memory of 5252	3176	smss.exe	112
PID 3176 wrote to memory of 5252	3176	smss.exe	112
PID 3176 wrote to memory of 372	3176	smss.exe	113
PID 3176 wrote to memory of 372	3176	smss.exe	113
PID 3176 wrote to memory of 372	3176	smss.exe	113
PID 5672 wrote to memory of 3668	5672	cmd.exe	117
PID 5672 wrote to memory of 3668	5672	cmd.exe	117
PID 5672 wrote to memory of 3668	5672	cmd.exe	117
PID 5140 wrote to memory of 6088	5140	cmd.exe	118
PID 5140 wrote to memory of 6088	5140	cmd.exe	118
PID 5140 wrote to memory of 6088	5140	cmd.exe	118

C:\Users\Admin\AppData\Local\Temp\RansomwareSamples\Zeppelin_08_03_2021_813KB.exe
C:\Users\Admin\AppData\Local\Temp\RansomwareSamples\Zeppelin_08_03_2021_813KB.exe bcdedit /set shutdown /r /f /t 2
1⤵
- Checks computer location settings
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:5272
- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\smss.exe
  "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\smss.exe" -start
  2⤵
  - Executes dropped EXE
  - Enumerates connected drives
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:3176
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\system32\cmd.exe" /C wmic shadowcopy delete
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:5672
  - - C:\Windows\SysWOW64\Wbem\WMIC.exe
      wmic shadowcopy delete
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious use of AdjustPrivilegeToken
      PID:3668
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\system32\cmd.exe" /C bcdedit /set {default} recoveryenabled no
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3996
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\system32\cmd.exe" /C bcdedit /set {default} bootstatuspolicy ignoreallfailures
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5500
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\system32\cmd.exe" /C wbadmin delete catalog -quiet
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2328
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\system32\cmd.exe" /C vssadmin delete shadows /all /quiet
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3920
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\system32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\~temp001.bat
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:5140
  - - C:\Windows\SysWOW64\Wbem\WMIC.exe
      wmic shadowcopy delete
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious use of AdjustPrivilegeToken
      PID:6088
- - C:\Users\Admin\AppData\Roaming\Microsoft\Windows\smss.exe
    "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\smss.exe" -agent 0
    3⤵
    - Executes dropped EXE
    PID:5252
- - C:\Users\Admin\AppData\Roaming\Microsoft\Windows\smss.exe
    "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\smss.exe" -agent 1
    3⤵
    - Executes dropped EXE
    PID:372
- - C:\Windows\SysWOW64\notepad.exe
    notepad.exe
    3⤵
    PID:2400
- C:\Windows\SysWOW64\notepad.exe
  notepad.exe
  2⤵
  - Deletes itself
  - System Location Discovery: System Language Discovery
  PID:4372

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
PID:3592

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Windows Management Instrumentation

T1047

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Indicator Removal

T1070

File Deletion

T1070.004

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Inhibit System Recovery

T1490

Replay Monitor

Loading Replay Monitor...

Downloads

C:\7e20f84d5244aba7145631d4073af8\.zeppelin

Filesize
513B

MD5
ca780293975fe54e0ac9932e9df4ceb0

SHA1
6d09fead02517635390d47cdc209e23b4826577f

SHA256
67631134ad4592e9aca132a7aa7fd1c34d7d110c033515893de84383cba55de8

SHA512
527c86e7db2d1cd3a104321b56909eadcf75fb84c59d1128c31c2dcd81fa7deedfedd1e4bc0e37b39557881719cb58e4820180d7dd3fff6baa1f22d26e45fd58

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\aic_file_icons_retina_thumb.png

Filesize
65KB

MD5
f7674520c56f51fa8caba8def311e0ec

SHA1
7792fdec78703338bb3c06f37d6a85d96c6e2f54

SHA256
075e74591bba4a960bf5d8076039257fa2dc06878975172ff287d72599dcd7a0

SHA512
3588b81724ef178d844927862a7ea8e98403d514c2543e2608cee88d604b58f2d8e5fca04d3d1f748c8ebea462e79d776f039c25473674b4e78e47c8f31187ca

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\hi_contrast\aic_file_icons_retina_thumb_highContrast_bow.png

Filesize
52KB

MD5
1129a78a7f79fa7e71392dd4bc0b0607

SHA1
8c97cff14cda42d2e56e37fc1a6e36194c046461

SHA256
922e4f4faf1ee5987a0df35a6b4390a2eb22acc3758cc7d3f859ecf8707a392e

SHA512
273e676d17e8349528ada940c678ad3c2bb172e083ba977307c6b0bf12a0d0b6e329482ef68d63ee7990c51dae303b8bd531659996ebf681e4ea8f14e034caa9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\hi_contrast\aic_file_icons_retina_thumb_highContrast_wob.png

Filesize
52KB

MD5
ababce6b2a8d712b330a0b24d489889d

SHA1
faa0de01e5634f07d2148e85797bb318a2841644

SHA256
ecb4bc349eaa1d3250d458b4578c0166e580df05ce8b0fdb32585e61efd04954

SHA512
03320b4ecb12d927f20c4e32b09cbbbb17825d2c279b73447c6142d9a59d70718ef23068f5a2917d39c19fcb397e2bdff95b15f8881a1c42b9b4348225b2dfe2

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons_retina_thumb.png

Filesize
52KB

MD5
fb001bce14ff8a7f9edf231767ac8c10

SHA1
b561371741567f32be5def3b55542d8a8b8eb84d

SHA256
9f48de9a85f5246053fd66b65e29d7a4fe8462f64bea07a566d14d9e5c8af2b5

SHA512
b8bdd76feebda6bb645df9e7104a8ff67bdde22545c9f7755c41ac76f0225d493fa191b75a8d082f2434b18af68766a68621e47845af21a3c5fa7a20fee76a8f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\en-il\ui-strings.js

Filesize
30KB

MD5
e9e09cd2ed60a07ce1d7a08f34c46114

SHA1
e8638dc6806fe0f339b1d14cd4ddb62a6bf0b15a

SHA256
4571d10fee9b576750d2229bda7fa0cdc8ebec99535f98c338205d8175b51151

SHA512
9eb6163c3c3474c84407ca687e6aca2b1a59a1f52cca0d5893984465703f8f0097dfab0b5fbbb6b711b54b85705fcf525a993e166759ded338519096e9c9af71

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\fr-ma\ui-strings.js

Filesize
35KB

MD5
734de0b9a02d00db9eceb9c372ed3fac

SHA1
177b92b646b664b94784a8a9a8e97c1165d9add7

SHA256
ca0c2989c1f62c6c7cf57c6df2efc2e2f0e6027390e89bf2584105ee4de9284e

SHA512
d4f8ec55252cf4d33920bc2b51ea8209a81e5070fa5e55bf0498f4e4ac7605b228267d748c1787b0fd785396b7f9af65a315c3a821a9b7d7dbd91d36b5ffc693

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\en-il\ui-strings.js

Filesize
10KB

MD5
0c450de96ab04064d9cb9349b036f197

SHA1
28740a9fcb55f70e227f1164d67e740d2702ea2c

SHA256
65e457885ad23d296c85c2fe57616a067db75286ce3dcd5b67ffbce203710fbb

SHA512
5af2d9bb01406f2d4740f4fba40424b6e367c2b6e923b86fced78e3bc521eabf9be25fe9047cc3b5e186e710acc7db4153e035dda6ec8ec395f3d110570cf5e1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\fr-ma\ui-strings.js

Filesize
11KB

MD5
a97ee3741644503b021f0a78ca1943a4

SHA1
52233faa81e2577955d81a39de4af8f730321b61

SHA256
db7454af9ba72785dd0ed548dfd4575c2d0f572654a3a239e47904a639672e21

SHA512
4a0015ee0f23bd5bf468f140c43086a8a8bc8ccbecc9518e26501a87e6114c2c289a073dc535b75416da89f92fe123326bb68fbcf99aa4b93eb10c3ed00a30fd

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\en-il\ui-strings.js

Filesize
6KB

MD5
8bed36257c0ffb829172965ff27cee33

SHA1
f4210493d079ac171a4efe6009e686f85154217a

SHA256
f38215b9b921ae3aff01d15b9b71c5e90052529249e33b7943e7ef5c415de4b4

SHA512
5143c84c4a9caacc1a5c4a5071718d3ed08ff99d234e0827592b617f39fc8c64a3bb15442c3596855ea26e56f1ac3b93f97998ca15492f0a9e6b97cb1b943ea2

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\fr-ma\ui-strings.js

Filesize
7KB

MD5
383660c48b3c736dd5667ac80f8af786

SHA1
0d4a0356a11d0c43ef5d4860ab5a5077ec789778

SHA256
943f833205408452be0526afa0970325e710296cdf880b574849a23fe5bebe50

SHA512
b596fdab6e7da4e30cacaf1c4e50057b6fd4450e8cc1958613ce0b0c52d3afbd617f16c4d841869e59772ab902fb7336cdd6e58d42b8ef311f33536cdd38c9aa

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons.png

Filesize
10KB

MD5
c2b0044516ee1a27c6aa30fb02d0364f

SHA1
041aec59e9944b741d1c71b81e6b66c6282bd773

SHA256
90cb71f1cd750b08c4d8586317a2e68fb10fde7eef5e81665924b7392e1523bf

SHA512
93edfab7d43ccffd05c39179060cc187b43c4826a01f7ce3ad290d35f4bb93cc998ec48bbfe38ec76a7a75c4271629cc1014ac4773cf43637afa9afa410666f1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\exportpdf-selector.js

Filesize
176KB

MD5
ffba40fc7b23081b46824a6902e8fc43

SHA1
e4640c8d42c290e0cf249bf6205cb3571e05e1a8

SHA256
aad948db59de3ad45de08a0122f44c9a8a851ac9b2c7cf8bbb6ca1345d918fd1

SHA512
fea1f1a5bcf13b744d241567ab42a0df5771768f08a8123042a8dddc7b483718ed84c329c9a01da466c4dcb68e3de7015180f45e9fed46bba6435cbd57b35a44

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\rhp\convertpdf-rna-tool-view.js

Filesize
378KB

MD5
d813a39154dd177584a319051811a069

SHA1
f3b154e8064c203f405885d038491d8c0abf03af

SHA256
064d4ad03b8aed2e352b229f947e49f544647b4b375bb83bdff666bc39b2f419

SHA512
bf531d9df91cf8ebb90289fbca361b5d956333d15ef69b46616341476596ab61638bdd4a7ec16bb51932e3370214c2f7e6b257e1e50303251b7978de2c16348f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\en-il\ui-strings.js

Filesize
11KB

MD5
e767624ff4bac6cc1f5142ff770e8a90

SHA1
f23bb8090c747ae987f3bfacc959abf8a8f391da

SHA256
0183e227f084c2005c54b2698e66093680ffe1ec524718782b3ea4a3c82e5531

SHA512
48be770ff41f72d27aa6730f3e675f048b965f61f0b1c98422060d5c442f0f441c1850dbe1c67fd070d9920cee75894429c48a8bdef05411c9ae8f86ccde35b0

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\fr-ma\ui-strings.js

Filesize
13KB

MD5
321cc9f80f91d4c9f1c74fbacfe82113

SHA1
7a1c5fb42639104200461ce6775f26d278f113a5

SHA256
3c4114ada1c3c8ff0d9ab136ac550df039b4ec2a3b478bd439b49f443818714a

SHA512
c64e87f0c23874dd122c93bc4ac7b57cdcbdcca31ba78c5a45b61ae92a0cc5c39fda206b8809b00fcafc6b04714222596a6a3f310e237ef884f11fe2627c7cb7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\themes\dark\new_icons_retina.png

Filesize
19KB

MD5
0094c2c1ce7677276c3571099b3c11c6

SHA1
8ad964ae2899eaa285fdd25d13149f7de18ded84

SHA256
6e87fd80520bc3a3076f2723938e89a692c05a0db3e1d5e39ca6d54b4e7bbe56

SHA512
a3b04dcababe34e12145ad0e0086250798b5b4d90882ee69b070e2cabf1b301ee1b93c25f9648ce6f03169496c07c924be56b323720955e5a28d7d90edd4df8c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-il\ui-strings.js

Filesize
6KB

MD5
8ab2259824cbbd7a303cf6b7bb87e949

SHA1
680469fce21992120b3ec6924e472a598c77f237

SHA256
3914834b965ab417fef8ea34813375efa22ddddb2718ee27c35b0385dec079f5

SHA512
bfd9a648b575a1f797105a291de21955b7e5eeaefcc06762587c4eed748f467bcb596aa8d082220962fc24048a714c67f7694879d5ecd1054612bc605b330d40

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\fr-ma\ui-strings.js

Filesize
7KB

MD5
8dad7198849396cc4295de84111b1688

SHA1
d67cba6a43ba8ca643e2316e4140522674b32619

SHA256
4b974f30eab2955c8d6575d3eb4825d9c98666cfda4712937b32bec26d28241d

SHA512
70e1c01f2f4bb2194fd7ffc03788e5c294bcfeb8836f3d4c63949d3083554ceceb78786d77814ee8e488c71572f1bea1c852ada82a53ea8cf94f513975e070d9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\MobileAcrobatCard_Light.pdf

Filesize
382KB

MD5
5bba9cb469e73f7469873ca2cefad1c1

SHA1
a88222a0b6a913eee552962250bbcbcbbcb85f95

SHA256
cc80d3422f698dc3052c17959f46b6bb0c110e8001ed8a7a75e9ba9e12e1929f

SHA512
57a384f3f586a3621210810f0bba59c9e5faa866272f3c239dc3b51f355738a3cbc7cd68553533622e7a72e1f9193a8644086db0941480fc96a30686c0ff97ee

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\en-il\ui-strings.js

Filesize
15KB

MD5
ec3084c8fb2b1b29b97da4ce684765a7

SHA1
75c50a1d6e9edcb57754b526739861b62912ef60

SHA256
a160c77f2ac3b0a698ce4f0e8c55a998b1ef7cfef1052c26338be9614ecb6aac

SHA512
ca9414c1f27ebe53dae2b66a8758067bb9cd9ac2db37ef6ea508430c4f5e1897f184cbbab23f8d9dca7bc26b6369f252eb7ddcd84ced403a2914a575c79cc60c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\fr-ma\ui-strings.js

Filesize
18KB

MD5
35760a0a46c9174a0252c3850c5c89c5

SHA1
dc9afc4f0a8fed40d1260ddde1b5219e1a11fc4e

SHA256
d272111e5799ee7bb8b6646c6c7ef1dccb23a91d0083eccbbfef566862275d8f

SHA512
3cf38518580b60094b417862251db2741e81a2a733e1950ad6e49f7f489c904c5c7ab5686e52d3728044377147fcbfe0f548d41a006de7fedee1003c51847abd

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\fr-ma\ui-strings.js

Filesize
18KB

MD5
afc36037f6c795c40c05e9bb7a494c85

SHA1
d70a64290a3586f6886187c5d4b7424279776f0b

SHA256
f5a9d910a46237024375cff2b088834776838a1f0c952afe8f4d33ef4235f4ff

SHA512
ebb3e6aeb09df0ab86ee78bc470d5f51db0de27b8a7091a4d3b2e9ab9dd3b28d340fe97d027f879dc31513c07d0ec807ee3b6b2faa0ab107275ce526fb4c88ce

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\en-il\ui-strings.js

Filesize
10KB

MD5
e01a6b4c01bca123a72a2e7847259dcc

SHA1
c9114f7d6ae419e54e9c8fe1616e5a89c8856eac

SHA256
66327c3aacea9d6298fcf29fecc7417190738dbf192665486a029f1950498407

SHA512
045a758e94dbe0b28cb595cac25c19e50701bf9c405ceafdac2cb088517b4d4164339f7712f00f994a3a9ac1e287940f2ff5259ae40bcd2ed1652967fe040d4e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\en-il\ui-strings.js

Filesize
16KB

MD5
15fcbd6fa65d7b19938e2902997d9cb9

SHA1
75e163e9b5987d388e3367e79c22ada4dd61e94d

SHA256
bbabcacd9b083e1ba1e1118175cdd4ea2959fb7f4b81a08dd567d27df42adaaf

SHA512
96e4b7d477570cd07474b461c05a697ea6be26e005a6c21ca6fa9eb260846916e477a95c8d03e42f170265ccea00b0cd193dd8f17b287d189fc0dc9c12101ef4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\en-il\ui-strings.js

Filesize
16KB

MD5
f2d3e1d9e40c5c97fec3fba552519870

SHA1
f69af898ceec816b08e7c8cab211e6c894bc656c

SHA256
47088387cdc721df915bb85cf2b15e6245052ed0992c8d19b2b1ac56e8f1b5f9

SHA512
c63710d7f7db97df1ba1a692be2d9acc7640f34f0b95f2d14bbf9f57ea9dda2b2dd0531e4bb60b9cfee27ac5b89916eb97e4482cbda92608fc32ffc50cd1478a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\fr-ma\ui-strings.js

Filesize
18KB

MD5
b98aca605317914b8693ddbd6ef2837e

SHA1
bc1313dc3fc9e08cc698b830ee8c3955692a98ef

SHA256
cc1e4f3668c5d3a80e0a2b2bf49b376c1309c4a790af5ae3e14b5d30a65b40d4

SHA512
f85295fe88b7b4e4dc23ec27d5e1f4dedd93aae97596cea5ab41f347dd9defbd83235d1412b4e0bd391539c83a2b9ff72db536ab7342565b038a33e55a19e644

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\en-il\ui-strings.js

Filesize
20KB

MD5
9e9779d03297a5c7200e03383d6e7729

SHA1
26623c305582da8e4a419af0a233c667cc539338

SHA256
6bf176b164dad54a05fab7757acfdf93278537b3ddd1e7136f2aee99b11de55b

SHA512
41d183037c6eb6f90afb52b73051792b155fc411468dfbfe83a0fea22e1af09285ebacdc327e864e51a4bf0741d5d693028bba907249c94d5aec92841c1b8291

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\fr-ma\ui-strings.js

Filesize
23KB

MD5
48f4f5e766825481d794f18953d2ca2a

SHA1
0143b57e0e456059b2eeee31da385dcf1a762557

SHA256
06c687d548eb4e1c1d2e5260a7540ebe4bcde133da190a3c31437472035333cf

SHA512
c2baf696dd7c23836e67860e53f4606be401e827be01270bdf9ba323428bfe26e75bfb5694a0d6a175c149739bb9e10d7b6f8565673073a36e6a40f746b2cc68

Download Submit
C:\Program Files\7-Zip\Lang\!!! ALL YOUR FILES ARE ENCRYPTED !!!.TXT

Filesize
935B

MD5
d01482986a1b62fb45f879fc70923006

SHA1
f58d289518673eec96a221ec21d3f6f2cd467419

SHA256
f30f77d1b42aeda918a6c98dfa79b73d3fc6112fa0aff88773b3f127d23fddb4

SHA512
a5d213874a9b1ab9554e4ef4797806ec6faafe2d2e27628f1b5bfb92d418174dcfed264e26e87be9edb777b2a6cadaa5f7fd4e1b16b018fb9da1b42546813069

Download Submit
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe

Filesize
4.1MB

MD5
c058510416a1752112ae419326790829

SHA1
cc4fd455003cb74ab476a86a0432ebfe5dced673

SHA256
f95c02de7f175fb785ca7861e2f3d9615a1d4efd16cf2d0abdacd2f00eb68f0c

SHA512
368953e4c32b3fa1024f298013b61273a983ff727aa2a2fed49be0cba2d918c41d7475a78677a9aab874320a343736582993319ec0e0d22a5da66d5c460bc9ae

Download Submit
C:\Program Files\Microsoft Office\root\Office16\1033\PREVIEWTEMPLATE2.POTX

Filesize
293KB

MD5
407762e5f4b73f7cf80494360bb8d0b2

SHA1
6fe824a59f1ceeec45a269256363135a8c9958d1

SHA256
d2d03da10879846b5827f172c2ebb72f2ca096c2197a1605e8c6f648b13cf592

SHA512
cfe324796531890607951c7a33a3f369e5175b5555b21e859bc2e87c629d66b6f14f1044a671da80f65dd7cb2a14465b080cceba4c3a0bfa0deccb27a181e708

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\1033\osmdp64.msi

Filesize
2.4MB

MD5
d61cb6bd8bc1b00e74f9c8ffa0d195fa

SHA1
e00edc6b96bd4aeb992b19709d879e2ada04cf82

SHA256
9e69b5be8308b0c6e03a79e4ef77d95bd8dd570e870e2fda95f8597dcd9e5e45

SHA512
1a76faf256c70f1c91aaca99a2fc006e5740534031478c07784536987f05c2d013fd6ab48d7021e204aa9c0b585ec53eee0da857d5076f5c37ef9ab520f0fc4b

Download Submit
C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-006E-0409-1000-0000000FF1CE}\misc.exe

Filesize
1016KB

MD5
4a8fd13c534eba916f215fc807eac1be

SHA1
ee05de5981ac4798bb620d06b73d27505fdc9235

SHA256
9d848bd9cd7239fb5c158b0f32e82da38abf285c24db0c2bdaef1d4e5991330a

SHA512
e7b71c760a144cee5e78d8531ff17028ba804ae4ce68e5b525661a662b604878f6599b7a87a45ff41eac5d5651e488dad411db1df7b9ab8d4abf876c2bee5e9e

Download Submit
C:\Program Files\VideoLAN\VLC\locale\cs\LC_MESSAGES\vlc.mo

Filesize
607KB

MD5
56f125c15c83856c4051c5844ab6ce93

SHA1
59dff06d35578f81c77d19bdc7e15428c0517757

SHA256
649b9f4c85b5d94822ec795790b3b94e1552288c70baecf3265fff73238eb7c2

SHA512
672a57a474f04b5be3bc133ff790bb2c8d30b4a555d1f306345043296a7c2a63a3345d105edb81e2572d1ac30ae0699c041c35c6d638de540de1e24a367cde31

Download Submit
C:\Program Files\VideoLAN\VLC\locale\el\LC_MESSAGES\vlc.mo

Filesize
833KB

MD5
211a08d15596b7b5ac9ef3fd273b7444

SHA1
7ec3bc6080e48441da2e83bc1373bc3bbb7c492d

SHA256
5b1564c21ee93ca66aecf552dadc8fb4a24fceab8c228d868205474b866a80b3

SHA512
1c4f095500861a142cec9214bbf438e8d4dd2e0add90b96493409a88d0010cfae4120466d6bfd66898edbbf6cb72667d7a20c44b852dd0cb0a0b27a1fb7f9022

Download Submit
C:\Program Files\VideoLAN\VLC\locale\ja\LC_MESSAGES\vlc.mo

Filesize
674KB

MD5
9f7829d1f05c4db478fb6230cb78a1e7

SHA1
3fbc5837e456dc227c80e39c49d458f5f98e522a

SHA256
1e80f803c7ca6cc1e32329c13c0a7f624f99ff85790d8215e76782c74de7037e

SHA512
3cd6bb711f61e49e543fcb01735b6405d0b0e039a1b203513b481c5f3d2ea41ae729dad3c875b6a4b8f403ebd69e3cddbebed8ca20e6314bf199cfe32586a958

Download Submit
C:\Program Files\VideoLAN\VLC\locale\lv\LC_MESSAGES\vlc.mo

Filesize
614KB

MD5
805777dfd2e85574a1df2f2dce2f0844

SHA1
7a2e149e35aa2014af03d26141c4f4504ee9c83d

SHA256
a4d7f10aea03fd9fdcce7b1089d15f957c96e4bf3475d5b8221b551c46462b21

SHA512
f9bc507c50875a6ae4307617e7bb2699e50ba2ec124a5bf3f77dca1800c5b440fdfdbc3709fa66b57599e456ac1229b22215fe06dda2c74c5f3876c305a71a26

Download Submit
C:\Program Files\VideoLAN\VLC\locale\nl\LC_MESSAGES\vlc.mo

Filesize
596KB

MD5
33aa9983cf8bf576cddd1c10538e8b4d

SHA1
a01e133cecc9a3ddb36fdd85c04f95673f68c4be

SHA256
bbed914675f7db76dd8f1fada06056ca912d4f5eb808acbbf4ae73c172b5d3e4

SHA512
2dd892131b55ccc0fd28c5c9304a9504adbd94dd82da3d1601c6e93b9a892da9180c3f1c4484a98966e2055b9cdb8c2bd76df95c6d90b83a3b8bcdd684b26241

Download Submit
C:\Program Files\VideoLAN\VLC\locale\pt_BR\LC_MESSAGES\vlc.mo

Filesize
616KB

MD5
924a00f886bbac4f75cd9ee7b02df535

SHA1
1a0b8d7650fd6d72d32d72b2ebcd26ab8b683710

SHA256
cc24b413320a8005bc500fc2c2e57aba2811f2ab79685612b7edd3b57d5f9c8b

SHA512
e778ea46c54af826ca6c8befdfcf60cc8470bfeaa27e1acf1025c3f2e3187ad96a085a608bbe11e343d8442368172917dee79272718d6e311a4f1570d0e53586

Download Submit
C:\Program Files\VideoLAN\VLC\locale\uk\LC_MESSAGES\vlc.mo

Filesize
781KB

MD5
a2fd29c266fe5fb4461aa8facbb45ebc

SHA1
acac187f633c2f597935f2e9b4cb1e2ada084436

SHA256
b39a9c52d27038b789b6f39dc765558b22acd2e1c41581f5b3b7cc396b043175

SHA512
4e053f9524c1eb54180eb33acebde401b4b832474c6851c4c9ec9ed3ee2b9d58e5d84f0001b549a23c3ca18c7aca5413d77c21da8be91a38edea4d137b19bd97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\MSRA1ROA\0KEIZN3D.htm

Filesize
114B

MD5
e89f75f918dbdcee28604d4e09dd71d7

SHA1
f9d9055e9878723a12063b47d4a1a5f58c3eb1e9

SHA256
6dc9c7fc93bb488bb0520a6c780a8d3c0fb5486a4711aca49b4c53fac7393023

SHA512
8df0ab2e3679b64a6174deff4259ae5680f88e3ae307e0ea2dfff88ec4ba14f3477c9fe3a5aa5da3a8e857601170a5108ed75f6d6975958ac7a314e4a336aed0

Download Submit
C:\Users\Admin\AppData\Local\Temp\~temp001.bat

Filesize
406B

MD5
ef572e2c7b1bbd57654b36e8dcfdc37a

SHA1
b84c4db6d0dfd415c289d0c8ae099aea4001e3b7

SHA256
e6e609db3f387f42bfd16dd9e5695ddc2b73d86ae12baf4f0dfc4edda4a96a64

SHA512
b8c014b242e8e8f42da37b75fe96c52cd25ebd366d0b5103bcba5ac041806d13142a62351edecdee583d494d2a120f9b330f6229b1b5fe820e1c7d98981089e9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\smss.exe

Filesize
812KB

MD5
5181f541a6d97bab854d5eba326ea7d9

SHA1
16d9967a2658ac765d7acbea18c556b927b810be

SHA256
b7f96fbb9844cac5c7f4ec966683f3564bbb9a2f453927e1c579dcb0154f5f83

SHA512
c282d9d6479c10fcc9fa6f674c901df1f1ad94b9354f6e427a7b445d0efad84efed6d7c29a0bc2a37b5ea07ee9a359f0e922d7c24f061258ae11fe4c44e9e4fa

Download Submit
C:\Users\Admin\Desktop\AddDisable.M2TS.FDE-C1A-44C

Filesize
277KB

MD5
f71318237b04d2c2122eaf2fe821fbb4

SHA1
dd2fb57cfcad1f7908ac39343adf2346102da766

SHA256
b788512ff2863bca8fc30f259cdd2711a7d149389f800a54aa02854190e1dff9

SHA512
b8ad51584f8c16c676bfd0e78c45985d34025b3b0cbccb2c84b789b08abe1c43bf805972a43cc4b22a5eeb21324cfa00f39bdafb03c9a9cc54a8e3bf1addfc15

Download Submit
C:\Users\Admin\Desktop\AssertTest.DVR-MS.FDE-C1A-44C

Filesize
176KB

MD5
a97b6da6f203905ce1bdb0e5e37360ac

SHA1
a228ef7d9c69d6c963c9bd60573a55fb7b3e6204

SHA256
8cfe84f5f226e5ad4edf0722de78d6f60dff9d8ec1116dc944c78024ff62fd78

SHA512
4bbf12a7b5e50f088bcb9d2bb53fe87732d8ac2f49f18fd12a07477aa809c0115b10f30870448fe59070657b7cadcd0165694a363f416e1bb2f51bf1dbcc2f47

Download Submit
C:\Users\Admin\Desktop\BlockGrant.eps.FDE-C1A-44C

Filesize
311KB

MD5
b094a21ca03cfc3ae63f3e784e20e59d

SHA1
6a507d403a57451f3603edee39d1ddfee503930a

SHA256
2fb1325b20f3ddb8f6b11f508cf1496f440a3a75edd0d9f25dcc7e87bf2d245c

SHA512
641233c32f0b188396ab43b5d1fde8fd2d8baa6aaaa672f8cab0ac6634efcfdda78f99760a861f2b7ae913cc8dae7aef25d3b8d8b6c20af83a288d06a2b73417

Download Submit
C:\Users\Admin\Desktop\ClearTrace.html.FDE-C1A-44C

Filesize
378KB

MD5
6adcb67248291a8daf180690ec78de2d

SHA1
30b90b45022da67dd1d4197e77e128adda6c538e

SHA256
7669620bf62b7382323001cddd818f1631b04dfcae01abb9c77f31058a937a61

SHA512
02fdfd36f04e6343b85ec70a0716f24ba3a48563ff23317d57d2c0f1d574adacbf718cfa33e0c6fb7e8cff9164602ebdfc58e05c152949ccc1e07eb4665158ea

Download Submit
C:\Users\Admin\Desktop\CloseComplete.docx.FDE-C1A-44C

Filesize
390KB

MD5
5e7312cf8fd1eb771aaabce3b4206bd4

SHA1
adf9e5fd5a6be7a324699924145547b1ec603b13

SHA256
c516a31837916bb68536e5d06b5b07dd98abe25f7ada97c7f5fc8d3f3e2f3c2d

SHA512
dbba2a537b17e1bba6f520944c93df3558960202d0d1d6d9359c520e9983c3ba6d368d0e20c80a3cc45fd642d96da6691846c06ea86758ee18086aa379ec6c58

Download Submit
C:\Users\Admin\Desktop\CompareSelect.WTV.FDE-C1A-44C

Filesize
154KB

MD5
909f5718c5afcee0c7ad27ad060264a9

SHA1
cabd61722352ec6cda2dc36804b80f21312d7a9a

SHA256
780107f6e7c16234a43fd605a1a2275f3590c85b086f701c8293be250d67d106

SHA512
315a96f4f128a19b49d486a9f59ca4b2a66efbee992a643869770b41c71cfbdcf70fd6af66fff889dc4b2627fcb52562ab217d8fa020f1a007f047cf180e7069

Download Submit
C:\Users\Admin\Desktop\CompressDeny.xltm.FDE-C1A-44C

Filesize
356KB

MD5
cc111e271bc80dda831535cfc66a50d9

SHA1
c4e2174e951d745078630d251bdba19346099aa6

SHA256
065ec5d92e62d2ddb97b1200402e647e125ab9902296ec78acc60aced7c18eee

SHA512
37267b230f3c0ad46147e2713eb783dc56025998071b8febf2e53678265a6014b066149b66f91d490e0b99e9b1952e29f7478d7bee06352757526e24804d1b0f

Download Submit
C:\Users\Admin\Desktop\ConfirmUninstall.mpeg3.FDE-C1A-44C

Filesize
255KB

MD5
a2d53c5af7ac9d6bba499cb3bb70f5e5

SHA1
37a336b4147cdb18e8c0dcc3a930b88f0103b594

SHA256
b33b12f29b6c78585477e60e40530ed051799a2eca27ca7eab2cc73f84266721

SHA512
1c9a8237d587587a5286ea97d781958539de4d425e07892053daaa81367b5a3281ce5ffbece9be195ccec286f5784b3290efbb2c2c39bbc6f1364e931c39f10f

Download Submit
C:\Users\Admin\Desktop\ConvertFromEnable.tif.FDE-C1A-44C

Filesize
434KB

MD5
7ff167c65de09a1078a758f525abb7ff

SHA1
c030b2e7612e01de7bc4f74d860c5f683dadd282

SHA256
200e931880b17a7d44112887e5f7571e81f2e36f23148c6f2f66fbc5a9ebc90c

SHA512
b671a86ea942f1c862914366ef4a83a7ddb3e1b639a55ac77f3b1b8dfbce849d4dd4d75e62062ab81dd4ad0ddd4529dc05f67ddd6cd09d76b36abd68053d9564

Download Submit
C:\Users\Admin\Desktop\DisableReset.xlsx.FDE-C1A-44C

Filesize
13KB

MD5
495b6fec4972ff3596165d0d9b5e8bb6

SHA1
ec35209090a63fbca022ee7715a70e14114613a2

SHA256
095f43f6ec65fc5692409679cc4d8ab0809bafee74d6f63c57baff9685f60c57

SHA512
649ed45afe6242de37be778fecd4b9a78483b4fc838b78120f44d71c541c880c9c8dbf660bad017641d691aa515b7c4e127343dbbd87ccab8ad56a1579aeec34

Download Submit
C:\Users\Admin\Desktop\DismountUndo.iso.FDE-C1A-44C

Filesize
322KB

MD5
856da01b7fe7e29c7b97f03b39683584

SHA1
3ec72d80589c716c2bccf4743197a6ce4bbccf34

SHA256
f968affac352cb237aee7b6746564b0b8d0508feac6d9e702298de7c88e9cf62

SHA512
8a9293a54df3d71787ffaea20b37711e75c64d79015f26252b0287f59707d15d155c1e01ccb708b3a465f121a479dd7c80fdac1de3864acb23c86eca38638b73

Download Submit
C:\Users\Admin\Desktop\ExpandHide.mp4.FDE-C1A-44C

Filesize
412KB

MD5
bc9608bb89d296adb4f57612d9a0105a

SHA1
6252125157fcc1b34cd6329c64e5c4491272d4e5

SHA256
dd1ca2f48d836eae4626783a7c1510e4e848fda6f0bcc70a10cbe2e2714284bc

SHA512
f1b4e7099754f63ebba132662effe6f4dab887c27256003089f8879a68a2c71b978be2292110cf93fd4fae371bd0c4308d958d974c5cd5673e627202809555d5

Download Submit
C:\Users\Admin\Desktop\GroupUpdate.M2TS.FDE-C1A-44C

Filesize
345KB

MD5
717f228240509e047c8501be5a5f546c

SHA1
e9c13d5038429b752f94a41dfb29837d9ba62027

SHA256
b10a84d987e99800d8863d8d01f31d6fe649aecdf3a0122544c831012cab7672

SHA512
82400c8bbe7f933581310694cc2f7014897047e19f62cdd6932d4c69504300c392922009cea6fdc7c5eb850566a281f553c4df8043edcd30dc2ee593aaa30f36

Download Submit
C:\Users\Admin\Desktop\ImportSkip.TS.FDE-C1A-44C

Filesize
187KB

MD5
9010296262423200fc94c0bccecfef25

SHA1
a386196e4694564da3cb6eb5567cb5c4dbb4f837

SHA256
349664d7594e56cb410fbaae45c6853bbfe033d92efd9d524e1f30fdde4fe2a1

SHA512
68278ba2bacee7337136d43ccc6652bf215bb52d5b215790bfaa1592ff27f9a6296b91bff4b173be4c621bf07871055076e85eb8bf550738541c0ba303c20383

Download Submit
C:\Users\Admin\Desktop\MoveEnter.jpg.FDE-C1A-44C

Filesize
266KB

MD5
2ed9cde4c4707324ead75b5818d4980a

SHA1
00b432cd036cc0ac5d4dd60e0fd9756b6a2d8f8d

SHA256
e301b999137e10bb22cd3e92ae54f140e874889e3987e114def31e2e86c06b42

SHA512
f0c77d519044612d3134e925b278406756fd5e3e3565f1d9e7b8ee3c54d890a9e1c437b5180af9a409b6b76dca7b49413dfc760b2a43fc14dc30ccb506153b2f

Download Submit
C:\Users\Admin\Desktop\RemoveSet.ps1.FDE-C1A-44C

Filesize
300KB

MD5
04d89e60e3102fd76d4f2e11ea83e8fd

SHA1
f618b4dc8d2e95c8e315863123bffb0b724bcf30

SHA256
12041960938c4adc8f61c7e86b93c9515e2ee2296b16fbc0f52cdaffa286d929

SHA512
4e353a7c7af6d7d0cc9f7631581434f4d331faa38de0ff343f0051ae64bbdea47ce8ad481341db8f62b40be022647daceadb0855f15108683f87424107d3302a

Download Submit
C:\Users\Admin\Desktop\RemoveUnlock.xml.FDE-C1A-44C

Filesize
597KB

MD5
58ea70d2a226ae590a5f91aadb15851b

SHA1
183133aaa3ff99007c0af3311db68dc325ba2cd1

SHA256
a97b7c1ed4aabdb68c627610c46a96f8969ad12657e3ca3b9a479f02e738df16

SHA512
090153272d756d144c543c2238a24587844da84d33a7bf33f82b28853cf42249ac6831eddd1dc737a58fc4d211d10632e2e696268c1bc81c627b2eb84a24483c

Download Submit
C:\Users\Admin\Desktop\ResolveSet.mht.FDE-C1A-44C

Filesize
232KB

MD5
b440f2493840f00f0dcd32014a61bdfb

SHA1
f513ee4af4d1ee5f96b63584a1cee98474e4afaa

SHA256
f9f3c13d2a03acd28dacd3f25fc968070d3550177f084f3cadc3aafd25515438

SHA512
838214dba2c0a9653aa11d782aef37893d97c21aa0a16ffda47a51a7b89149507bed25cb7ce385d5de55bcd36bd247eabc8585c004da4deb39cd3c131ac8bc6d

Download Submit
C:\Users\Admin\Desktop\RestoreRegister.vsd.FDE-C1A-44C

Filesize
423KB

MD5
cc6009908d804aa821a5aceb8d01340b

SHA1
fef25c14f4951767001c52ec74729ec493fe9020

SHA256
53df12cfb77116e97805d9a89ae403cddea170a2b8b73626f9b6ed680ff10111

SHA512
619846752496848f3dbf12cac1107d966672a21c59d841a5c40630b469834bbe5c4022f08c24cd7e04f1cba29d6dbbf3e4ed875c214c7e24f965fc1911267d98

Download Submit
C:\Users\Admin\Desktop\SaveStep.xltm.FDE-C1A-44C

Filesize
198KB

MD5
1e2c7483f10dd5d9f00462501af20e5d

SHA1
1f4c1bd3425e444f9a8328d2bbfd23b770e9417d

SHA256
8c144346d8cff07311fdcc2d822dacc3cddb4f46fedd9ca524605cbd30e824d7

SHA512
5ccc6e3da783e407a5edf54f3b77f7c23fc9866e12caf0eb8b80c17baf619cfa78f03246de76f2e1309a28a51c09ab1e01c610b0b109497a342530aed7604761

Download Submit
C:\Users\Admin\Desktop\SendRepair.vdw.FDE-C1A-44C

Filesize
210KB

MD5
4880191a8eba4b235f6a44c077f7d908

SHA1
adae51ac970d166837893252c9cf840f2db81207

SHA256
55a77e98bdb0c474ae7e7fe6fb7eb9d627ff5eed2c38a07ad3b33e7f8ba97c2d

SHA512
127d25da2a7e9780645c11e48b4671bcd57ea8c7b5a01286ac36acb76bae14645b7d9acf8c9049e8dcb9cfe186b93d5f0aa1cd4334d8f6c9148d880d6834e645

Download Submit
C:\Users\Admin\Desktop\ShowPop.eps.FDE-C1A-44C

Filesize
243KB

MD5
823fcbcb0bce531151fa8b7799cde4f9

SHA1
c311278c47e5b10c182ce90126c9a5a9c72b593c

SHA256
f6f50350b604256f23f4d509eb69e7bb070e781624f1982de68a16c692cc047a

SHA512
05fc84d354556633850be480d05eadfaa0bd00f3174938e75cbf7f1681402ac6746abd3437d9cb4d617b28762aa33389041e2bfbe171aa7451c627d575bc66bb

Download Submit
C:\Users\Admin\Desktop\SkipMeasure.mht.FDE-C1A-44C

Filesize
221KB

MD5
ff6a0e6c9090ef3ebd2d20a2caca31e3

SHA1
50d4b5f94c08845457ac9f227d80f6ed301be500

SHA256
6c4cf4f3648ee12762cd57ae7dad6cc69cef284ad4ca7d594552a8ab0a517f87

SHA512
44915e5e480308962e3aad72b0c3da2ef4e18e2952b682c89225bdd779f9dd4abf79032a7e13d8b8a5cf0d7a1847cc942b57ede16b1cb3d711d1e7a2e23732ff

Download Submit
C:\Users\Admin\Desktop\SuspendEnable.au.FDE-C1A-44C

Filesize
401KB

MD5
67284d6eed69c57d119ce037e03eed22

SHA1
f19c59c38464eb6505cc2d3cae387ee2012b3047

SHA256
794bed4c3df91df5bddd80cd25718e3598128cc154d697f36558626d3f27a69c

SHA512
42ec9f587851c8edc691f813d52731caf851dde4887b8abf7acc6068da0951f7bf3d340516a2bc7a014586178fe1236c55d484eb4d89c7a1e5cd965907352d09

Download Submit
C:\Users\Admin\Desktop\TracePing.odt.FDE-C1A-44C

Filesize
288KB

MD5
4abb16235e69f1615cc5cb3c6a60b961

SHA1
e1cad43cf800a451e8d9bc8f917389768d4fd5d8

SHA256
df691ff99de7922f332c466925039ba0511c3b0ffcfc921d967dd2b4d005578f

SHA512
919ceb30b87b8f72a3ed913b31e419dce6c08ad8d6a8ac5d1f26756ab81f7f002a96d7005dcd018966d7e39a6ddc4e460c93811b0f05fe40f71be81acc3e395c

Download Submit
C:\Users\Admin\Desktop\UnpublishSync.svgz.FDE-C1A-44C

Filesize
333KB

MD5
ee30356ffcfcdfda50646dc6ad34c068

SHA1
bf9c7d2b65fe3001766b33de89a2feaea56aefa8

SHA256
d871c454703bbafe5da1389558b3ec6511fb06f495a8d217b2fac71146d4c54a

SHA512
a0175b811d1584ecd1db4e871f12fd899dd14d33ed902ffc34118b8abc8de2735b866ad3cb4239d5d30022e4b6f924a9ccb03daf94de8ddc5a18d26ea233fcc1

Download Submit
C:\Users\Admin\Desktop\WaitPush.search-ms.FDE-C1A-44C

Filesize
367KB

MD5
1b856bcb8c3355a2f631f27c23460d09

SHA1
114a3ff81972c5f9fd46269271ac70e9079a10f9

SHA256
ddb6326a229dbeaf6b2ff552446bedc57d765f8ae3889ae925653460d1f22d04

SHA512
8a232090e07b0517d9ab81814ed8bd029687a569ed6dfe91cb03d034dd29b9d15146b58243d6bb625356ecac37fcf07d0f951bae35b6fce4331924973371face

Download Submit
C:\d25f591a00514bc9ba8441\2010_x86.log.html

Filesize
83KB

MD5
be6fa5238ea8f4d38982a1028fdf7d28

SHA1
7954b558fc6fd6e38ee27a011ea2e3cf5959bcbf

SHA256
9fd5393e5072af759ede9350075555c5b4ced2284dd76b61bd5481f50c56736b

SHA512
41a8a8a988f60cf2772014a76e97864978340754ea84a684587fb99f9a694bb7d00eed61129448cad0380d78f1d85a05b5e1f26280a3fac31f881df3a17cfa57

Download Submit
memory/372-37-0x0000000000400000-0x0000000005678000-memory.dmp

Filesize
82.5MB

Download
memory/3176-34-0x0000000000400000-0x0000000005678000-memory.dmp

Filesize
82.5MB

Download
memory/3176-26053-0x0000000000400000-0x0000000005678000-memory.dmp

Filesize
82.5MB

Download
memory/3176-21-0x0000000000400000-0x0000000005678000-memory.dmp

Filesize
82.5MB

Download
memory/3176-29-0x0000000000400000-0x0000000005678000-memory.dmp

Filesize
82.5MB

Download
memory/4372-11-0x0000000000D90000-0x0000000000D91000-memory.dmp

Filesize
4KB

Download
memory/5252-9832-0x0000000000400000-0x0000000005678000-memory.dmp

Filesize
82.5MB

Download
memory/5252-22913-0x0000000000400000-0x0000000005678000-memory.dmp

Filesize
82.5MB

Download
memory/5252-350-0x0000000000400000-0x0000000005678000-memory.dmp

Filesize
82.5MB

Download
memory/5252-4952-0x0000000000400000-0x0000000005678000-memory.dmp

Filesize
82.5MB

Download
memory/5252-26024-0x0000000000400000-0x0000000005678000-memory.dmp

Filesize
82.5MB

Download
memory/5252-17231-0x0000000000400000-0x0000000005678000-memory.dmp

Filesize
82.5MB

Download
memory/5252-13497-0x0000000000400000-0x0000000005678000-memory.dmp

Filesize
82.5MB

Download
memory/5272-15-0x0000000000400000-0x0000000005678000-memory.dmp

Filesize
82.5MB

Download
memory/5272-0-0x0000000000400000-0x0000000005678000-memory.dmp

Filesize
82.5MB

Download
memory/5272-9-0x0000000000400000-0x0000000005678000-memory.dmp

Filesize
82.5MB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads