buran | 035231fd1c1ed6e0619688a83b43082deee66bff69913aa73421b675f601172a

Analysis

max time kernel
151s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
29-09-2023 19:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2023-08-26_ca53c7bacfb8c147bee538b348707cf1_zeppelin_JC.exe
Size

211KB
MD5

ca53c7bacfb8c147bee538b348707cf1
SHA1

94075d331d4e649e38abb7930616834abecc58af
SHA256

035231fd1c1ed6e0619688a83b43082deee66bff69913aa73421b675f601172a
SHA512

0825ce9e8c741d1a65d33f7de0164e7ce122904ed69c44613d4c5c5ae3b6c40656ad8b44ced7deb9522714fc2d727d57d4340bbbe97c7a268f8957343a40e0a3
SSDEEP

6144:Lia1gMHOPDWIhID8X/4DQFu/U3buRKlemZ9DnGAetTsB+d+:LIMH06cID84DQFu/U3buRKlemZ9DnGAI

Score

10^/10

buran zeppelin persistence ransomware

Malware Config

Extracted

Path

C:\Program Files\7-Zip\Lang\!!! ALL YOUR FILES ARE ENCRYPTED !!!.TXT

Family

buran

Ransom Note

!!! ALL YOUR FILES ARE ENCRYPTED !!! All your files, documents, photos, databases and other important files are encrypted. You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key. Only we can give you this key and only we can recover your files. To be sure we have the decryptor and it works you can send an email: [email protected] and decrypt one file for free. But this file should be of not valuable! Do you really want to restore your files? Write to email: [email protected] Reserved email: [email protected] Your personal ID: 8A2-89D-08C Attention! * Do not rename encrypted files. * Do not try to decrypt your data using third party software, it may cause permanent data loss. * Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.

Emails

[email protected]

Signatures

Buran
Ransomware-as-a-service based on the VegaLocker family first identified in 2019.
ransomware buran

Detects Zeppelin payload 21 IoCs

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\spoolsv.exe	family_zeppelin
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\spoolsv.exe	family_zeppelin
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\spoolsv.exe	family_zeppelin
behavioral2/memory/1672-13-0x0000000000D40000-0x0000000000E80000-memory.dmp	family_zeppelin
behavioral2/memory/3500-15-0x0000000000630000-0x0000000000770000-memory.dmp	family_zeppelin
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\spoolsv.exe	family_zeppelin
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\spoolsv.exe	family_zeppelin
behavioral2/memory/344-18-0x0000000000630000-0x0000000000770000-memory.dmp	family_zeppelin
behavioral2/memory/3500-296-0x0000000000630000-0x0000000000770000-memory.dmp	family_zeppelin
behavioral2/memory/348-1015-0x0000000000630000-0x0000000000770000-memory.dmp	family_zeppelin
behavioral2/memory/348-1823-0x0000000000630000-0x0000000000770000-memory.dmp	family_zeppelin
behavioral2/memory/348-3400-0x0000000000630000-0x0000000000770000-memory.dmp	family_zeppelin
behavioral2/memory/348-4650-0x0000000000630000-0x0000000000770000-memory.dmp	family_zeppelin
behavioral2/memory/348-6552-0x0000000000630000-0x0000000000770000-memory.dmp	family_zeppelin
behavioral2/memory/348-8118-0x0000000000630000-0x0000000000770000-memory.dmp	family_zeppelin
behavioral2/memory/348-10248-0x0000000000630000-0x0000000000770000-memory.dmp	family_zeppelin
behavioral2/memory/348-11909-0x0000000000630000-0x0000000000770000-memory.dmp	family_zeppelin
behavioral2/memory/348-12151-0x0000000000630000-0x0000000000770000-memory.dmp	family_zeppelin
behavioral2/memory/348-12550-0x0000000000630000-0x0000000000770000-memory.dmp	family_zeppelin
behavioral2/memory/348-13778-0x0000000000630000-0x0000000000770000-memory.dmp	family_zeppelin
behavioral2/memory/348-14523-0x0000000000630000-0x0000000000770000-memory.dmp	family_zeppelin

Zeppelin Ransomware
Ransomware-as-a-service (RaaS) written in Delphi and first seen in 2019.
ransomware zeppelin
Renames multiple (3567) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.

Query Registry
T1012

System Information Discovery
T1082

Processes:

2023-08-26_ca53c7bacfb8c147bee538b348707cf1_zeppelin_JC.exe

description ioc process

Key value queried \REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Control Panel\International\Geo\Nation 2023-08-26_ca53c7bacfb8c147bee538b348707cf1_zeppelin_JC.exe
Executes dropped EXE 3 IoCs

Processes:

spoolsv.exespoolsv.exespoolsv.exe

pid process

3500 spoolsv.exe
348 spoolsv.exe
344 spoolsv.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Control Panel\International\Geo\Nation	2023-08-26_ca53c7bacfb8c147bee538b348707cf1_zeppelin_JC.exe

pid	process
3500	spoolsv.exe
348	spoolsv.exe
344	spoolsv.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

2023-08-26_ca53c7bacfb8c147bee538b348707cf1_zeppelin_JC.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\spoolsv.exe = "\"C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\spoolsv.exe\" -start"	2023-08-26_ca53c7bacfb8c147bee538b348707cf1_zeppelin_JC.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

spoolsv.exe

description	ioc	process
File opened (read-only)	\??\V:	spoolsv.exe
File opened (read-only)	\??\T:	spoolsv.exe
File opened (read-only)	\??\I:	spoolsv.exe
File opened (read-only)	\??\H:	spoolsv.exe
File opened (read-only)	\??\B:	spoolsv.exe
File opened (read-only)	\??\A:	spoolsv.exe
File opened (read-only)	\??\Z:	spoolsv.exe
File opened (read-only)	\??\W:	spoolsv.exe
File opened (read-only)	\??\K:	spoolsv.exe
File opened (read-only)	\??\G:	spoolsv.exe
File opened (read-only)	\??\P:	spoolsv.exe
File opened (read-only)	\??\M:	spoolsv.exe
File opened (read-only)	\??\J:	spoolsv.exe
File opened (read-only)	\??\E:	spoolsv.exe
File opened (read-only)	\??\Y:	spoolsv.exe
File opened (read-only)	\??\S:	spoolsv.exe
File opened (read-only)	\??\R:	spoolsv.exe
File opened (read-only)	\??\Q:	spoolsv.exe
File opened (read-only)	\??\L:	spoolsv.exe
File opened (read-only)	\??\X:	spoolsv.exe
File opened (read-only)	\??\U:	spoolsv.exe
File opened (read-only)	\??\O:	spoolsv.exe
File opened (read-only)	\??\N:	spoolsv.exe

Drops file in Program Files directory 64 IoCs

Processes:

spoolsv.exe

description	ioc	process
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.mbeanbrowser.zh_CN_5.5.0.165303.jar.8A2-89D-08C	spoolsv.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\core\locale\com-sun-tools-visualvm-modules-startup_zh_CN.jar	spoolsv.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Riblet.eftx	spoolsv.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\release.8A2-89D-08C	spoolsv.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\lib\psfont.properties.ja.8A2-89D-08C	spoolsv.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-openide-util.xml.8A2-89D-08C	spoolsv.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\lib\psfontj2d.properties	spoolsv.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.office32mui.msi.16.en-us.xml	spoolsv.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\GostName.XSL.8A2-89D-08C	spoolsv.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\jre\bin\kinit.exe	spoolsv.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-netbeans-spi-quicksearch.jar.8A2-89D-08C	spoolsv.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_KMS_Client-ul.xrm-ms.8A2-89D-08C	spoolsv.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Retail-pl.xrm-ms.8A2-89D-08C	spoolsv.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\com.jrockit.mc.feature.core_5.5.0.165303\feature.xml.8A2-89D-08C	spoolsv.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019DemoR_BypassTrial180-ppd.xrm-ms	spoolsv.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription1-ppd.xrm-ms.8A2-89D-08C	spoolsv.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Retail-ppd.xrm-ms.8A2-89D-08C	spoolsv.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.security_1.2.0.v20130424-1801.jar	spoolsv.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerEvaluators.exsd.8A2-89D-08C	spoolsv.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\core\org-openide-filesystems.jar	spoolsv.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\jjs.exe	spoolsv.exe
File opened for modification	C:\Program Files\InvokeResize.mhtml	spoolsv.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-jvm.xml	spoolsv.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\Configuration\config.xml	spoolsv.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.alert.zh_CN_5.5.0.165303.jar	spoolsv.exe
File created	C:\Program Files\Microsoft Office\Office16\!!! ALL YOUR FILES ARE ENCRYPTED !!!.TXT	spoolsv.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest4-ul-oob.xrm-ms	spoolsv.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_KMS_Client-ul.xrm-ms.8A2-89D-08C	spoolsv.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.apache.httpcomponents.httpclient_4.2.6.v201311072007.jar.8A2-89D-08C	spoolsv.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.core.net.nl_zh_4.4.0.v20140623020002.jar	spoolsv.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\linessimple.dotx.8A2-89D-08C	spoolsv.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-white_scale-140.png.8A2-89D-08C	spoolsv.exe
File opened for modification	C:\Program Files\SearchInitialize.edrwx.8A2-89D-08C	spoolsv.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-snaptracer.xml.8A2-89D-08C	spoolsv.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-white_scale-140.png	spoolsv.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\lib\deploy\ffjcext.zip	spoolsv.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_OEM_Perp-pl.xrm-ms.8A2-89D-08C	spoolsv.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_OEM_Perp-ul-oob.xrm-ms	spoolsv.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019DemoR_BypassTrial180-ppd.xrm-ms.8A2-89D-08C	spoolsv.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_MAK_AE-ul-oob.xrm-ms.8A2-89D-08C	spoolsv.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\feature.properties	spoolsv.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Trial-pl.xrm-ms	spoolsv.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_KMS_Client-ul-oob.xrm-ms.8A2-89D-08C	spoolsv.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_MAK_AE-pl.xrm-ms.8A2-89D-08C	spoolsv.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_KMS_Client_AE-ppd.xrm-ms	spoolsv.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_KMS_Client-ul.xrm-ms	spoolsv.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTest-pl.xrm-ms.8A2-89D-08C	spoolsv.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\excel-udf-host.win32.bundle.8A2-89D-08C	spoolsv.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\jmc.ini	spoolsv.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\about.html	spoolsv.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\VERSION.txt	spoolsv.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_MAK_AE-ppd.xrm-ms	spoolsv.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Glow Edge.eftx	spoolsv.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\jre\lib\psfont.properties.ja	spoolsv.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.zh_CN_5.5.0.165303.jar	spoolsv.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.e4.ui.model.workbench.nl_ja_4.4.0.v20140623020002.jar.8A2-89D-08C	spoolsv.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.engine.nl_ja_4.4.0.v20140623020002.jar	spoolsv.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.nl_ja_4.4.0.v20140623020002.jar	spoolsv.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_MAK_AE-ul-phn.xrm-ms.8A2-89D-08C	spoolsv.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\jre\bin\ssvagent.exe	spoolsv.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.core.nl_ja_4.4.0.v20140623020002.jar	spoolsv.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-openide-io_ja.jar	spoolsv.exe
File opened for modification	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001B-0409-1000-0000000FF1CE.xml.8A2-89D-08C	spoolsv.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_OEM_Perp-ul-oob.xrm-ms.8A2-89D-08C	spoolsv.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

2023-08-26_ca53c7bacfb8c147bee538b348707cf1_zeppelin_JC.exe

description pid process

Token: SeDebugPrivilege 1672 2023-08-26_ca53c7bacfb8c147bee538b348707cf1_zeppelin_JC.exe
Token: SeDebugPrivilege 1672 2023-08-26_ca53c7bacfb8c147bee538b348707cf1_zeppelin_JC.exe

description	pid	process
Token: SeDebugPrivilege	1672	2023-08-26_ca53c7bacfb8c147bee538b348707cf1_zeppelin_JC.exe
Token: SeDebugPrivilege	1672	2023-08-26_ca53c7bacfb8c147bee538b348707cf1_zeppelin_JC.exe

Suspicious use of WriteProcessMemory 15 IoCs

Processes:

2023-08-26_ca53c7bacfb8c147bee538b348707cf1_zeppelin_JC.exespoolsv.exe

description	pid	process	target process
PID 1672 wrote to memory of 3500	1672	2023-08-26_ca53c7bacfb8c147bee538b348707cf1_zeppelin_JC.exe	spoolsv.exe
PID 1672 wrote to memory of 3500	1672	2023-08-26_ca53c7bacfb8c147bee538b348707cf1_zeppelin_JC.exe	spoolsv.exe
PID 1672 wrote to memory of 3500	1672	2023-08-26_ca53c7bacfb8c147bee538b348707cf1_zeppelin_JC.exe	spoolsv.exe
PID 1672 wrote to memory of 1104	1672	2023-08-26_ca53c7bacfb8c147bee538b348707cf1_zeppelin_JC.exe	notepad.exe
PID 1672 wrote to memory of 1104	1672	2023-08-26_ca53c7bacfb8c147bee538b348707cf1_zeppelin_JC.exe	notepad.exe
PID 1672 wrote to memory of 1104	1672	2023-08-26_ca53c7bacfb8c147bee538b348707cf1_zeppelin_JC.exe	notepad.exe
PID 1672 wrote to memory of 1104	1672	2023-08-26_ca53c7bacfb8c147bee538b348707cf1_zeppelin_JC.exe	notepad.exe
PID 1672 wrote to memory of 1104	1672	2023-08-26_ca53c7bacfb8c147bee538b348707cf1_zeppelin_JC.exe	notepad.exe
PID 1672 wrote to memory of 1104	1672	2023-08-26_ca53c7bacfb8c147bee538b348707cf1_zeppelin_JC.exe	notepad.exe
PID 3500 wrote to memory of 348	3500	spoolsv.exe	spoolsv.exe
PID 3500 wrote to memory of 348	3500	spoolsv.exe	spoolsv.exe
PID 3500 wrote to memory of 348	3500	spoolsv.exe	spoolsv.exe
PID 3500 wrote to memory of 344	3500	spoolsv.exe	spoolsv.exe
PID 3500 wrote to memory of 344	3500	spoolsv.exe	spoolsv.exe
PID 3500 wrote to memory of 344	3500	spoolsv.exe	spoolsv.exe

C:\Users\Admin\AppData\Local\Temp\2023-08-26_ca53c7bacfb8c147bee538b348707cf1_zeppelin_JC.exe
"C:\Users\Admin\AppData\Local\Temp\2023-08-26_ca53c7bacfb8c147bee538b348707cf1_zeppelin_JC.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1672

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\spoolsv.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\spoolsv.exe" -start
2⤵
- Executes dropped EXE
- Enumerates connected drives
- Suspicious use of WriteProcessMemory
PID:3500

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\spoolsv.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\spoolsv.exe" -agent 1
3⤵
- Executes dropped EXE
PID:344

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\spoolsv.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\spoolsv.exe" -agent 0
3⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:348

C:\Windows\SysWOW64\notepad.exe
notepad.exe
2⤵
PID:1104

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\Lang\!!! ALL YOUR FILES ARE ENCRYPTED !!!.TXT
Filesize
933B

MD5
b60b2607fa43f9720a821128c2fc0e2e

SHA1
2dd64bad95e6dc8f1e84f7c599d186e69ea3ae6d

SHA256
1540156d1db479c91fc058ec0f69a400932510d95fbd5fdee66b97a89e20fd89

SHA512
c8f8349683b5ff6b8620bd511579c10fe0bc5dfa1e79cfda83e2670ef4bdb9aca3cfb9fd1054fa6e50b31459d41d606d91cff8e0f9d972e2042febc06e24fd1e

Download Submit
C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\epl-v10.html
Filesize
17KB

MD5
a6da1725cc10e4bc5aaa2f58f31e3084

SHA1
ecd9add068f7c59c42811990d6ab65d2a5a461f2

SHA256
16662e90b48fc866cb127c4fbedf1e6b3980b42aa009300ca4ab7e065f965e36

SHA512
e3f81dd99fcc3e8a4fa7b19e3520de4cf57844097aa1b442807a7280616dc8c10f73ad9142658488c6ac2b12d18142ffc4235d10b5bf099983755935fff6509b

Download Submit
C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\feature.properties
Filesize
7KB

MD5
83aef1deb5a8cff61a14edb534cbfc5d

SHA1
ee8f7746c262e24c527778411dd4d96ac2e8b25d

SHA256
1a571dbb720d622c89f767a82e337a74ef798b1969bd32b0b9807d89ae848f99

SHA512
387396d789ccc4d6157e5d0a72b5992a22b9c77277b4f1e163222dd209ef40c844e03202baada94801ae421dea2481a9d889785e05ae6d6d2810a67d9520b32b

Download Submit
C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\license.html
Filesize
7KB

MD5
2a29ca433ad2abeaabbd31d56d2fa6e0

SHA1
e893653a24e16a87b2d30ff8d01ac7b917928723

SHA256
7ab8505d2753a79151c16b1d1c365bd78103d1481237f6f795006bdcb3119cb3

SHA512
4fbe5648dd3b407a2cb3ada52cbad0ec25c1eb85fb0f849130f079b58736b4ae5eed079790b14e8cf135dd2ed67fde92f62de57ae09a935a85e490e73965c890

Download Submit
C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\license.html
Filesize
10KB

MD5
b6cb1edaa4efbb37e95339d2243ea5ee

SHA1
b613ca5588f7f7fe0aaea2885f592fb940d05412

SHA256
5b605ae4141eaa3cb33f50b4c5c63d32439e5bcb538b2ff30f13f20e6c8a4005

SHA512
60549de57d33aa8517b035988465363f041b5272001e911dc16729f517958af1d477e48cc031db589c4e3efe4a5c8a111ed7e31098b347354f44316ad6ac35bb

Download Submit
C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\epl-v10.html
Filesize
13KB

MD5
c71bf353743088d5e328612fbd87bdff

SHA1
d3579a4459ff9d736cdcb33d53010b67a0f57757

SHA256
e4f4c924487f5f29e6bfff1774491a5045ed9124dabc2d25473464468b93949d

SHA512
d6e4e03c0d06a0b5742e64eaf7ae631f239ac7d7165b562d10d039f9084856498b923db62134d5d4d4731d26d50b2684d7222f46b504eab3c6b6e3b2e243ab94

Download Submit
C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\license.html
Filesize
10KB

MD5
0b20569c2ae20406c2dc0f9b3f9c02a5

SHA1
ab9d69b6b914bc2ddfbf1af53c0dc0677af98f04

SHA256
784652290890f33722e6d61a6135628e7e1b97b2a2167d587fbc3f2c02cfafad

SHA512
73ea10666849739ef3375a2b96a5fe034f6e98fe4c3f86b1635675ebc3701ff2992db7ab59758e7f9e8ed510993e11835f8590f0516f68238d06b6d7c50d1ddb

Download Submit
C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\epl-v10.html
Filesize
13KB

MD5
b32ebe1fbfcf857ef6e81a7e16d6569f

SHA1
26b56a1ef00c51b41c30255604e9ef978e6da35c

SHA256
5ab9a302b00d9c70856b78acfe7e5f0ecbf5d58a16e941589b4a67ba1e2c9559

SHA512
f9a12ef9cc8e05af67702b29750220651fa6029c68813fafbd7e1ccd66e1633bf937a966658e05059d833689dc05de0b185e25b41f12585a22fdd789c5b3c1aa

Download Submit
C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\epl-v10.html
Filesize
13KB

MD5
10174ad59d2710346b34210680f74ca5

SHA1
f9843309852f2c38f7729337955b57c4eb31ff93

SHA256
5235b2eacccdc982d5dccb7784235f9cdfd13a32d1f44f6eb1aefa4314066ec0

SHA512
6d1fb4651cdc335e8a8b1e9c6bc1f9c55f99e796665bb3b91a0d4bbc54b5a5600119bb4360b0319adcfdee5e03ea2ebcd3263967b82fd21ced979936d9f302aa

Download Submit
C:\Program Files\Microsoft Office\root\Office16\1033\PREVIEWTEMPLATE2.POTX
Filesize
292KB

MD5
5291d6ea73f4f701a94f6b07a4712be7

SHA1
c1caf451c9408dfbf0cb6e9d5f2b9e0067dc4f8a

SHA256
46c39e232dbe88df945a294f7b5f44a838977b2d2285981acb8572a0c411aeb2

SHA512
6111be067a88b46f3d5bc7ea2c57e762324c582b2e0b6edb7606e330cbeb0e9e9d71f6467aa33f0ba4d63fd1d4496f97243926783ee945587e1be3184c2d57b1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\spoolsv.exe
Filesize
211KB

MD5
ca53c7bacfb8c147bee538b348707cf1

SHA1
94075d331d4e649e38abb7930616834abecc58af

SHA256
035231fd1c1ed6e0619688a83b43082deee66bff69913aa73421b675f601172a

SHA512
0825ce9e8c741d1a65d33f7de0164e7ce122904ed69c44613d4c5c5ae3b6c40656ad8b44ced7deb9522714fc2d727d57d4340bbbe97c7a268f8957343a40e0a3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\spoolsv.exe
Filesize
211KB

MD5
ca53c7bacfb8c147bee538b348707cf1

SHA1
94075d331d4e649e38abb7930616834abecc58af

SHA256
035231fd1c1ed6e0619688a83b43082deee66bff69913aa73421b675f601172a

SHA512
0825ce9e8c741d1a65d33f7de0164e7ce122904ed69c44613d4c5c5ae3b6c40656ad8b44ced7deb9522714fc2d727d57d4340bbbe97c7a268f8957343a40e0a3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\spoolsv.exe
Filesize
211KB

MD5
ca53c7bacfb8c147bee538b348707cf1

SHA1
94075d331d4e649e38abb7930616834abecc58af

SHA256
035231fd1c1ed6e0619688a83b43082deee66bff69913aa73421b675f601172a

SHA512
0825ce9e8c741d1a65d33f7de0164e7ce122904ed69c44613d4c5c5ae3b6c40656ad8b44ced7deb9522714fc2d727d57d4340bbbe97c7a268f8957343a40e0a3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\spoolsv.exe
Filesize
211KB

MD5
ca53c7bacfb8c147bee538b348707cf1

SHA1
94075d331d4e649e38abb7930616834abecc58af

SHA256
035231fd1c1ed6e0619688a83b43082deee66bff69913aa73421b675f601172a

SHA512
0825ce9e8c741d1a65d33f7de0164e7ce122904ed69c44613d4c5c5ae3b6c40656ad8b44ced7deb9522714fc2d727d57d4340bbbe97c7a268f8957343a40e0a3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\spoolsv.exe
Filesize
211KB

MD5
ca53c7bacfb8c147bee538b348707cf1

SHA1
94075d331d4e649e38abb7930616834abecc58af

SHA256
035231fd1c1ed6e0619688a83b43082deee66bff69913aa73421b675f601172a

SHA512
0825ce9e8c741d1a65d33f7de0164e7ce122904ed69c44613d4c5c5ae3b6c40656ad8b44ced7deb9522714fc2d727d57d4340bbbe97c7a268f8957343a40e0a3

Download Submit
C:\vcredist2010_x86.log.html
Filesize
82KB

MD5
8999d2917b823f9632b1e6cc0044bc1e

SHA1
ec1264f3464d85a16029d405ffa41a5094a21cbc

SHA256
d7b157ccdd8d449d9cbb4eea10fe43c0129148615edc925bad4d5bf75488bae4

SHA512
2b2d50f02fbca53716f9a6e41164c6d38a9c9e4b177ff0dd1497ec9cd1798da9c9eb865c69b8fa8179e1e21522973a24ac062fd80d5cebdb019c62baece4c471

Download Submit
memory/344-18-0x0000000000630000-0x0000000000770000-memory.dmp

Filesize
1.2MB

Download
memory/348-1823-0x0000000000630000-0x0000000000770000-memory.dmp

Filesize
1.2MB

Download
memory/348-1015-0x0000000000630000-0x0000000000770000-memory.dmp

Filesize
1.2MB

Download
memory/348-14523-0x0000000000630000-0x0000000000770000-memory.dmp

Filesize
1.2MB

Download
memory/348-13778-0x0000000000630000-0x0000000000770000-memory.dmp

Filesize
1.2MB

Download
memory/348-12550-0x0000000000630000-0x0000000000770000-memory.dmp

Filesize
1.2MB

Download
memory/348-3400-0x0000000000630000-0x0000000000770000-memory.dmp

Filesize
1.2MB

Download
memory/348-4650-0x0000000000630000-0x0000000000770000-memory.dmp

Filesize
1.2MB

Download
memory/348-6552-0x0000000000630000-0x0000000000770000-memory.dmp

Filesize
1.2MB

Download
memory/348-8118-0x0000000000630000-0x0000000000770000-memory.dmp

Filesize
1.2MB

Download
memory/348-10248-0x0000000000630000-0x0000000000770000-memory.dmp

Filesize
1.2MB

Download
memory/348-11909-0x0000000000630000-0x0000000000770000-memory.dmp

Filesize
1.2MB

Download
memory/348-12151-0x0000000000630000-0x0000000000770000-memory.dmp

Filesize
1.2MB

Download
memory/1104-10-0x0000000000740000-0x0000000000741000-memory.dmp

Filesize
4KB

Download
memory/1672-13-0x0000000000D40000-0x0000000000E80000-memory.dmp

Filesize
1.2MB

Download
memory/3500-15-0x0000000000630000-0x0000000000770000-memory.dmp

Filesize
1.2MB

Download
memory/3500-296-0x0000000000630000-0x0000000000770000-memory.dmp

Filesize
1.2MB

Download