2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2

Resubmissions

20-06-2024 08:48

240620-kqs3fasgrl 10

24-02-2024 08:34

240224-kgll1afd31 10

Analysis

max time kernel
147s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
24-02-2024 08:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe
Size

573KB
MD5

2cda932f5a9dafb0a328d0f9788bd89c
SHA1

e27521c7158c6af3aa58f78fcbed64b17c946f70
SHA256

2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2
SHA512

3bcaf2bda26b22b67edcdd5ca357c8e0b7124788dd905c7bf6cacce080ae3f24bd09e1e9260a3ebf3d4d62ea749f7a8b965193a2ebf6db85a563735874511880
SSDEEP

12288:BV0qnXKTH2P6rxTcQpXDHgswvodgTAdA:BV0EMm6rxTcQjos

Score

10^/10

ransomware spyware stealer

Malware Config

Signatures

Process spawned unexpected child process 1 IoCs

This typically indicates the parent process was compromised via an exploit or macro.

Processes:

powershell.exe

description	pid	pid_target	process	target process
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	1200	1044	powershell.exe

Renames multiple (7590) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops desktop.ini file(s) 4 IoCs

Processes:

2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe

description	ioc	process
File opened for modification	C:\Program Files\desktop.ini	2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI	2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe
File opened for modification	C:\Program Files (x86)\desktop.ini	2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe
File opened for modification	C:\Users\Admin\3D Objects\desktop.ini	2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe

Drops file in Program Files directory 64 IoCs

Processes:

2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe

description	ioc	process
File opened for modification	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\StoreLogo.scale-100_contrast-black.png	2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\WideTile.scale-150.png	2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe
File created	C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_x64__8wekyb3d8bbwe\Microsoft.Support.SDK\Assets\help-you.txt	2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.targetsize-80_altform-unplated.png	2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-125_8wekyb3d8bbwe\microsoft.system.package.metadata\help-you.txt	2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\models\appuri.ot	2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\sv-se\help-you.txt	2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ro-ro\ui-strings.js	2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ACEODDBS.DLL	2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\Close.png	2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\uk-ua\help-you.txt	2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\Functions\It.Tests.ps1	2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.contrast-black_targetsize-256.png	2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\LTR\contrast-white\help-you.txt	2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\LargeTile.scale-125_contrast-white.png	2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\skypex-icon-white.png	2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosMedTile.scale-200.png	2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_sortedby_selected_18.svg	2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\sfs_icons.png	2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_2019.19071.12548.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\ShareProvider_CopyLink24x24.scale-125.png	2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\CardUIBkg.scale-100.HCBlack.png	2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubGameBar.png	2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\uk-ua\help-you.txt	2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\no_get.svg	2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\themes\dark\illustrations.png	2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\Assets\Audio\Skype_Video_Msg_Stop.m4a	2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-72_contrast-white.png	2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\HomeBanner-4x.png	2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Car\LTR\contrast-white\WideTile.scale-200.png	2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-white\BadgeLogo.scale-100_contrast-white.png	2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-black_scale-140.png	2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\new_icons_retina.png	2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example3.Diagnostics\2.0.1\Diagnostics\Simple\Example3B.Diagnostics.Tests.ps1	2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Car\RTL\contrast-white\MedTile.scale-125.png	2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\GenericMailSmallTile.scale-200.png	2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderLogoExtensions.targetsize-128.png	2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_2.34.28001.0_x64__8wekyb3d8bbwe\SegXbox2.ttf	2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\es-es\AppStore_icon.svg	2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\bun.png	2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\db2v0801.xsl	2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-black_scale-140.png	2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_x64__8wekyb3d8bbwe\Assets\SmallTile.scale-200_contrast-white.png	2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Diagnostics\Comprehensive\Comprehensive.Tests.ps1	2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\js\plugin.js	2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Yellow Orange.xml	2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-60_altform-unplated_contrast-black.png	2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\StoreLogo.scale-100.png	2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.targetsize-80_altform-unplated.png	2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-black_scale-100.png	2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\sl-sl\help-you.txt	2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe
File opened for modification	C:\Program Files (x86)\Common Files\Microsoft Shared\ink\fr-FR\mshwLatin.dll.mui	2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Glow Edge.eftx	2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxApp_48.49.31001.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\GamesXboxHubStoreLogo.scale-200_contrast-white.png	2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailBadge.scale-150.png	2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-48_altform-unplated_contrast-black.png	2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\help-you.txt	2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\fillandsign.svg	2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\pt-br\help-you.txt	2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\help-you.txt	2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxApp_48.49.31001.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\GamesXboxHubSmallTile.scale-125_contrast-high.png	2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe
File created	C:\Program Files\VideoLAN\VLC\locale\fy\LC_MESSAGES\help-you.txt	2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\HeartbeatConfig.xml	2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-80_altform-unplated_contrast-black.png	2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\ExchangeWideTile.scale-200.png	2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe

Suspicious behavior: EnumeratesProcesses 44 IoCs

Processes:

2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exepowershell.exe

pid	process
3452	2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe
3452	2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe
1200	powershell.exe
1200	powershell.exe
3452	2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe
3452	2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe
3452	2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe
3452	2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe
3452	2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe
3452	2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe
3452	2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe
3452	2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe
3452	2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe
3452	2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe
3452	2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe
3452	2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe
3452	2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe
3452	2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe
3452	2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe
3452	2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe
3452	2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe
3452	2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe
3452	2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe
3452	2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe
3452	2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe
3452	2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe
3452	2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe
3452	2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe
3452	2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe
3452	2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe
3452	2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe
3452	2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe
3452	2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe
3452	2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe
3452	2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe
3452	2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe
3452	2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe
3452	2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe
3452	2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe
3452	2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe
3452	2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe
3452	2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe
3452	2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe
3452	2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes:

powershell.exevssvc.exe

description	pid	process
Token: SeDebugPrivilege	1200	powershell.exe
Token: SeBackupPrivilege	1668	vssvc.exe
Token: SeRestorePrivilege	1668	vssvc.exe
Token: SeAuditPrivilege	1668	vssvc.exe

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe
"C:\Users\Admin\AppData\Local\Temp\2b28270c1675990a2c78b31faab547fb75948dd1c2b22e892377ee5e40abebc2.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
PID:3452

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -Command "Get-WmiObject Win32_Shadowcopy | Remove-WmiObject"
1⤵
- Process spawned unexpected child process
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1200

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1668

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PerfLogs\help-you.txt

Filesize
2KB

MD5
a4d54eaae8d6e0e75825329fd216b836

SHA1
3dd23b09f2fb318e8ad6bfbcd5937a928207811c

SHA256
e366a7512389c1f73a47b9976854b28a73224cde2a0495f3bbc530cc4100bea3

SHA512
1282c30947707871b79d7c10a4e6ad556219e19656a426edb6116bad03059fcef8867d79f6cd558d0b084f193357550bb8788df34fdd750ade432d2a92adeba6

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_remove_18.svg.zhq

Filesize
1KB

MD5
c0136f6477d30f8bfbc101a3e50aa1fd

SHA1
e56c837fbc69ac7d4f5771c8ce8682a8af0336b8

SHA256
6104e6bc265af7479ab341a0dc3b0334c2fb39dce332c044d5874b1e27dd560d

SHA512
aa82c68d1f5d99db68df101cbbd0c725cb0fb456f12e4f40e4e3f2a280f3d71177120fda75e5f757a328a9a7248c31dd89076a2dbb2d0c0a0fbe3c2eb0f8b817

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons.png.zhq

Filesize
1KB

MD5
571753d51f94a7bdc4f1975cd246a5ae

SHA1
2c3e3b1d9cf33a6f8c5294b5e9ac32c56e5945f2

SHA256
f671f4e84e8b02b7658b5fdbe01e10e49a5eb03ff7f01714c2b0f725402f5cbb

SHA512
c14dfcb5bdad04fdff83cee8e98b130e0343ad6aef8b08b51741d918a7553de631a0d4a24b801e46d786ebef99355998f590021f7ce1d149260a1b461f3573ea

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons2x.png.zhq

Filesize
1KB

MD5
b4014304b08baf43f185a2da19ab494c

SHA1
b8fed014dea1df3d174fda79f52ba601e745565d

SHA256
8534410231fe17741bfab762dafb1c1eaee2fc346acf5b9b3411a0eba9d82596

SHA512
69015a076a3fc69a540ca0e81c4a216365828c535aed928a873587b3f32b00ce6743731563b19b17eef5c1cafe723e136d6f0d9eb125e230a1d40168ab0b041e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon.png.zhq

Filesize
979B

MD5
bba176d569cd7c891748c3fa6c49c128

SHA1
22360edaa4aac84b363d13dc0337a7e12789684a

SHA256
b6b7b8c2e4c1fdcd622d716a8721352041076be5cd5bc58a0ca1101dedaa8efd

SHA512
e7c07ba6234053171d99161340ea924873bea1abd8aebf7143203a958f2ff79aa92d1700c1f61bc6445b240e9f6375c01a6731f95405714cf2d435cf6fa03cb6

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_2x.png.zhq

Filesize
1KB

MD5
60bb64f742031ad77023d74967b5398c

SHA1
7a27141d815e6681fef88221073b050615a0f09f

SHA256
884d7ebc7fdc3ea8009a6d66e1ca22aaddfbe85d4e0ec8f2a4a9746fdb7d4a62

SHA512
0ba1e783343319a4d3c199e40840064c27c45245329fe0160f5a66cfddcc4cbba308481b65ef3920307d5a6518d897403d0197bd80fa1edad72f9d837297af7a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover.png.zhq

Filesize
922B

MD5
8685fd8a694e1aa83ceea1f088769d4b

SHA1
0a69390794a8d5ff3a926ce7e293c755301a0071

SHA256
4df40d9c65f68074a8f988b04646725db8e50f8e603a9caf1cc1b3c3c91eeca5

SHA512
f5b6cb1231b78dda6a9a98a8b4310a6fb469c3c6b113bd1623f1ceb2e743cd557853e723bb178e8ddae59c0f8cd7a63f8a244474d55bfada73a5cb7596259888

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover_2x.png.zhq

Filesize
1KB

MD5
b8f8152114779d2d83e330a038107354

SHA1
6adc16cf3a17bada2886901fa0b6dadebc1aa67e

SHA256
a812c27afc962b5dcb39cb9dbb182f7813584063287f8e6690ae3d01c414f480

SHA512
662ce7b058e45e184324ddf1f0f91a24a4dd0c0959012f4df4207ba8f02260df710d2b2e0cc0f1bb5f90906d1534779c15a1bbab6d98dd93ff4f8a7569cf848f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon.png.zhq

Filesize
922B

MD5
83ff7a6acf5db688355354ba0ba1cd63

SHA1
06c5ea94b927910d5140ccad874cf95b270a896d

SHA256
5d2c5746d1fa204f168f305a246d4a1484a30392be4158e8b6a6cb8938282c4c

SHA512
4d14184adb187b9f4d5aebf2388b46082349704f2e2f244908e485897d82f9c7510a7039c621215af2f869c5be875d9e0597d385ce8eb28ca5d23a440992d9c7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png.zhq

Filesize
1KB

MD5
f12bf47cfec451116d4056783da4222f

SHA1
280469ef119eaa93bfecc41d38cd02298fb68294

SHA256
0500fceb7c907f8dc7a17a0f1730cfc3820aa87bc8f377d5af2eb10513a75e08

SHA512
64273ffb50a77eec297387c9f9a8d6fa1723acbafd85b1da3f499cd473306d9ea8a0eeeb52bf16d98e042c91f5cdd266c6495e2600670f1b8eb22b425876f90d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png.zhq

Filesize
922B

MD5
8c2ebe377698e9b3c9a2e70aae8673b7

SHA1
7afc63a78a435a23ca3fe8a4ac2cdc1ccb593b22

SHA256
13e113f889cb605a2c1f155bee2825a96ed4d5d6737120b8b3a6dac6bb82769b

SHA512
4862487fedb3c49abd5a46857a4700a87a0ab4eac51185d1c1dfe984ee1f00133ab3b94d83477e5bfb808b937b54f9613970ccd4a7df32e436f5e3357b28137e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png.zhq

Filesize
1KB

MD5
faeb069f08ca9ecbcde0d5b0717a6931

SHA1
c25b24b9e29211371b2f54e37cb57a0dc2a3ce83

SHA256
30290329cc2e618902f5cfcd4046994368da52f8cc64b1ce975cbcbf498c64f0

SHA512
f00aa4ba73532bad4bf193b57593a21a531f7d4bf0283b7e9e4f4eaaa1aa5de4be2f6f2067535dc83ec230f21999268bc44e4d20480df1ce36389ab0f4686b34

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons.png.zhq

Filesize
8KB

MD5
cd35e5da6376202f25a52663a76694e6

SHA1
aebb72c5cda5811429f566c3b62c68b87c9fee03

SHA256
b79a6b9b018355a94e6cbba4674ac6129555ba2ad9cb7833a27742714975ccc8

SHA512
25f6f27b94c54f893e799558076895ee0753bac7a902381d46d47dab250078bcf0f729c3fad3a1236bb17d2353f596b57436d37718b9ad1bb0803acdf56fdfa1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_ie8.gif.zhq

Filesize
8KB

MD5
1fbdbd6d6c0d6593c3ed54dbcf5ea2de

SHA1
ca840d0f19cdbe1c3a3e4275b6852eafec52c871

SHA256
16d0775e0038fc38bfbc14de0773a66a1a27c7be48a68ff20443896cbd81b231

SHA512
021fa853c45101482989ceaf2ed5238d7aeb3dcf3b4f3564a21af27187a1c14c6c1bb2cb3ff6d943c372c2b4d5fbeab9579687117ae78cda538bff4c1738c144

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_retina.png.zhq

Filesize
15KB

MD5
13dc3244b7df6a2b333706ac319d8229

SHA1
a6ff688481862ecbae85ceb71d5ab51be9a22b9c

SHA256
c3200d04dcb931174120095eb5a0ca164778841007fe0d7af797106f5f8debbf

SHA512
909a6bc585697374a60fbcc44210f4cbd98f94d2d28add536f17a4d3ddaa2ce7397d19d6183d2877576af1058075fe3a722bf38727cda68fe3aadeb51575eef0

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons.png.zhq

Filesize
8KB

MD5
0d8c134e38854f60daa982fa36b2db44

SHA1
8ac5725aa7ac4014eaa28fbfb66820945076ae04

SHA256
4f5a87837d8d8dc9db713368a0f342abe5b15c346e103d53073291e8ae03ba61

SHA512
1de18591815f0c8c81b591f66a2600236691b0ff92f86e5dd812e439776948c522cfba04e074326643fe0c5b5cb4083f56dcff5f2ee752b9b1fb0286b99f8d94

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons_retina.png.zhq

Filesize
17KB

MD5
9d126d7e3ea305ec35585ea7fde3f1e3

SHA1
40ca8d37b9556fa8a9a564bcb3975d2c27742ab9

SHA256
f71c4890fa463f7835766f2a7bb1c2f597b272275398c7dd843acc74766d7d1a

SHA512
0e03d3b151af7247573638aaeea0febecec78e6c4b4266d287bdb0fb6810c2f4866306bc85cc03dd9eecb30de2232711352f120df4441abf9c5c34d9f5e4899f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_patterns_header.png.zhq

Filesize
1KB

MD5
f4263fd6b886eb3a874e43939ef70851

SHA1
34bacd2932e80649a52b71ef3168053a9ee55f3b

SHA256
47b7be3c7749f88cd75761bfa47dc655ab62e963e7c73fedad4c82df70af6bc4

SHA512
313906a83363b46541f1dc42839d936b63f3a20e2fbf705bf78a64c014a403ac000e37e31844700807c9bf68680380e224cb23ff3cb1a5883e50f112c61fcdbf

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations.png.zhq

Filesize
9KB

MD5
b681b18ac8fac7d770856c1b5769f231

SHA1
e5d5a5f4e5f10c2de7848205fcd46c195b3a9576

SHA256
3063a186feea772b8471e51ea345928ac952022fa89f39b1d9d5a3e72d878ae6

SHA512
dbc93e07b781b68d9e76c4ce3336285bb088404e17c4a2a9cf509d4d72e36e461349326034dc40e846136757ac7c358a2ff562de7bda4975c9b8e202f17844a3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations_retina.png.zhq

Filesize
19KB

MD5
ea82b41c0d3b18e3e4ca3afc3818db43

SHA1
ec94a56819d7929b48f6d6daf7ede51b46a920da

SHA256
2d7403fa0bcbe6490a84e648259551ac0ad0db5e40347f8eb6340514eb026bdd

SHA512
341d941ce8de56dc14a84a3c597db5b0b309445d2bd0f3c178a904e11a993b139cdc6e868028ee5a549b22cb91d733d76b8a8b933d4728803b723fb3cc8196e6

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\themes\dark\bg_pattern_RHP.png.zhq

Filesize
713B

MD5
71dcaa50e5fc04c89e96e064427cfc39

SHA1
63720909a554a92fa2b5c970172cfd9ea2ce50ab

SHA256
9295330447dbbac86764ebb6bb35893b0d1f1b789cefd3575e994870591a7dbf

SHA512
83f878b5793e9602122b935d8fab74fa87649ce9be07e46f68e55690605f91154cc90e88d479832f849fc18befffabb56029980c095084dfd3effa6b4dceb2b1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-gb\ui-strings.js.zhq

Filesize
1KB

MD5
df33e03336b342268874331f5f4a2fea

SHA1
4fcf9bc0710bb8efc6381a927168d79b9b484c20

SHA256
d58b57873c4b92e14f19adad4da3c1a221ed0407cb4ebf2736bbc6a4dae64c3b

SHA512
56e926aa15de16b3071286a386a56d52250dfac8f8834ede34471a0b92e8acc1aed9437560ad0542d080819fe5c4840e327f1060bf2ba1da027151ee0cc85a14

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ui-strings.js.zhq

Filesize
1KB

MD5
367484742e91ede7fd34136ef5f92ce8

SHA1
7ac53a8f1eccd69bef741474b73474bae8eca0d3

SHA256
1f70d922c19d3777e1dc969ecb4df4544eeaa5f9c89ee0d066611f0e9c0601ec

SHA512
7e716f8a71f779ec44661793b6c1bb99fef0d21ca9ee979daff1dfac7f97146abea6e6e6d5d3969c52757a8dcab6ffd6fdffd34643221c179a4d68a219b01fb7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ui-strings.js.zhq

Filesize
1KB

MD5
f9bfc78837a859508475ff3ecb58b476

SHA1
59d4bb5e41f83c1808a0beccd67b09ad597ad9f5

SHA256
3d85499e56eb865599fb0952c1e3388816a71c7e8947f275a68ccd42bdd38db3

SHA512
f38f381d29411bedbd409fdab185019a6d03dab5c7888ded744ff78ff2ab170087b9b8aa033593a8a1ae9fdfa6b9e0f49e17ad70f29c2fcf00c981635ec94e4b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\css\main.css.zhq

Filesize
1KB

MD5
802e04961c71a67058e2d3646f8f18a4

SHA1
0c518f348b0cb7722bdf4c70c562f03a6fd32a4c

SHA256
27aded2796b896e1c634693859a6c49fb9770742c30baf1d3b65b53b2e447907

SHA512
bd2049200a3f642987c8e7ae7d0ce94894448bd9be374f58d287527d8701aed9bf0366dba46380c73fb40d6c19b0b20518b015eb084f3e1021bbc9d13e3e4143

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\bun.png.zhq

Filesize
3KB

MD5
716106119870d80ca78962237afface9

SHA1
162d177785f06e4dfa11fcc440edb7885ee5cf02

SHA256
e9ee805ebc9774331ee9f8294bf3dd53c3372e543c60a40ca39316cbf4bbc6d4

SHA512
9b535b17e1e86ded4ed8d7e866b7065fc35347ed3f9c63bae6ff92c15f636c58829ba2c2a0cf5fe172ae95e1565b491b9b141a4d9246cbc1d5e2f5d7a32802ee

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview.png.zhq

Filesize
2KB

MD5
19b9b3eeec65e92e1d69388a34a2f577

SHA1
248ccaf7f71fa531d2191f42274001501e6f885d

SHA256
949047c14633be1e00f1997c10b77474606fd3a074759ce3c7d7a56d83bbc708

SHA512
73c131172fce0bb3c3690a56bec5fc66baeae91af65ca82eb908114c9ea8960d6cdbbdba7d235d6813f51845f192d78b701b64c89e8a30bbf4043362790e9e75

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview2x.png.zhq

Filesize
5KB

MD5
08fdcf9d53e46618467f5eb7860f2534

SHA1
2e9ecdb1806a978a79cf291a256737be5cd33ed7

SHA256
03380376ce5a9d159c78ecf66dd4f5b7ec280d7721b58070f94904652e05b494

SHA512
599a78b2c5c9b903da17399811261516a57cd27860344f3b26c92656148d00bd08c7377ceca5cc39fd24a729a099db57000709cbfb5e6b55fb958050ca9faa6f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small.png.zhq

Filesize
823B

MD5
3bf0ba26b2412fc43deea08cca0884b8

SHA1
f088206ed7202cadc4ff5271d34c6a7fa3987d8c

SHA256
d7e00538cc50a685975aeea3bc47e02d007e578a0a27e0b9467e40949c4968fc

SHA512
80df79858d01a987410b933320cfe2a2998200c71d085940f67123ba139b43298ec9927502ad6b00bac80743ccbbde710663ad84d21a7c1b70e2fcce14ecfcf6

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small2x.png.zhq

Filesize
919B

MD5
d0bd5c300072d3a6eb4a5e1657eb33e9

SHA1
8fc868d8647eb53c068e4b627087a2cb1af779f2

SHA256
c89840663a8e5fe05ba9a5aa69ff698ded090030f39b73b6e4986cc6e425832f

SHA512
7b470e96212573418c59f595d2d87ba315098e0b6b12c28e8fb03ba7a19ccc52c9c582202cf9a418ca685ead2197b2db69dfc8234c0ca5a25e2f50018ae134e9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\nub.png.zhq

Filesize
1KB

MD5
8e02af3418c4a2ec80024a9ce2d3ad8a

SHA1
c14f2657c158be999e07338b59d8e7e9fdf56b31

SHA256
7cc054db17854c2735c44d1bb51f1ac77bd3214970b5e28e5a6d0821ce4ab9d1

SHA512
5b2e0fc3cfbdabf18810c4aab947f019ba6b19cd00ee5f59b2c7e5daae39084b8cdc61882892a8d54648552b611d2a7430745294c849c6ed11850cc434492ee1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons.png.zhq

Filesize
1KB

MD5
0902637dfd4359b46c54977a8015be8b

SHA1
826ccf95690622d8b67c848ef78507abdf97a7b5

SHA256
45fa9b6c26cf12d4809db1d44b6e1a8dd178b5d0bc51329777fbe51a48431ede

SHA512
6e995d5be4c81955e2d9eedd457d403f237fb52e5e6927850aa38232ceff07ca7f4e38833223a2280d7ddac113abfa9488d23efc5ce0cee89d96bad9323bb8ae

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons2x.png.zhq

Filesize
3KB

MD5
faf86d6afe9845bd11a4e002e922c278

SHA1
bd1b2175315ca165de568ddd44467065f2f749d8

SHA256
4af4c1c973a8edad10158516a6ab4207f7ad40f62ccf5e6d03dbd556f6f8616d

SHA512
2fa8bbb688c64c0a78923e389664fd19806307acdd35a17f37e6d388bb92532d1dfd60addee16ee5c212a9b1c893b8ed4be78454174f2d00b0419acc858a6ef4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\nl-nl\ui-strings.js.zhq

Filesize
1KB

MD5
9265648e12d68d94b0720c726e72ba42

SHA1
5f0ca4451c5dcd48a57a3eb6d76d1ff88930f63c

SHA256
9a269163575793d967d3df714885d7a0f13c5fee1512a580680907c335e0d971

SHA512
7a0685ce54f96925817fd2e0c4bbf2f1ca5d8e40b53cd3e9ccb6c22c9c376761bf82a963f95409074abab984f4b741506246c683519ec5c37f6ba74fbe5cbc7f

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.zhq

Filesize
33KB

MD5
2cf6687b028f2ee15ea5a81034c1164f

SHA1
5d4123012b776467e18b3cda1a7ab2c54ea27051

SHA256
3732d07b150e205be1dcf30787e41b3cdf55d393bc98c60a170c15cc97293d1d

SHA512
4fe2ed233d9e376221fdab7cab5efbd8923272540fa3e2d75174c64421f357ea0b4d0f22da9e53ca141f047711249f90247fad2996b530877a59cf961c122607

Download Submit
C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_CopyNoDrop32x32.gif.zhq

Filesize
687B

MD5
9b9e369b5ee75dd6614050ced6082637

SHA1
18d9b8012067ea826b4fac7d9ab2fdd747d1bb7e

SHA256
5e50c92e072631379967792d4918ad75dd9c156a4b7bd1d3373b959c6ea6e592

SHA512
6489acf8391b7ec353363c5bdedf3e6a07a99b9a79ccf9410e631c76839d710b225162ca21cdce37dfd9eb9f81dda615546caac137e11df2d2b60d3422e60bf5

Download Submit
C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_F_COL.HXK.zhq

Filesize
648B

MD5
374167ca329ba59121be9ce1c8e1c495

SHA1
aaab9a9765509c0e9dda538d34c33e10dd624b1a

SHA256
c3602d1e8b12da298c1961b812aa17e616f5c206c8fccbb4cc26debfaea8a960

SHA512
d17ff24e372f7cf65e140c5c6bb8d095f4057f077301d355842f3dc0cce51e8930020815cc702085d809b4b3244846c767c8788c8ab5a88c151e7b222ff57675

Download Submit
C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_K_COL.HXK.zhq

Filesize
647B

MD5
b0f8d4730bd66b080edd61c6f98d60eb

SHA1
de35cd2ef29c6abf9c9a5c25c4887afba98e5333

SHA256
199530bffaec0904b60784dfb8acff9454d1563c90c42c410f53d3b9e1dcea11

SHA512
1e0cc4a40239432f932e53c42be4505f8f65b9ded623e67d89638c025d4791d365ca1c216f94c35528a540d5f1ad3f19325be7d71414c11910cd76bafd3e9965

Download Submit
C:\Program Files\VideoLAN\VLC\locale\lv\LC_MESSAGES\vlc.mo.zhq

Filesize
605KB

MD5
7ff28e11e9e2c5587821fe9ca37fb0d8

SHA1
1fe0b7fcf81a69dc05fb5abac0b08b749a8a2b36

SHA256
46c50ac73c0676c55785f9ea4f3c00bff677af10bca3c44a4bd83ab34ab36d12

SHA512
25ac9d9133d7f53cc2e013312907ffac9a0e28d230e19feffe1ac3f92141e48211d55080cd274cc6af6af3b77a3bee086c2dffbe58337da8aa311afba1465803

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi\CURRENT.zhq

Filesize
550B

MD5
447c75cfc10a6906995f69a4675ca428

SHA1
51191ff694ee77db60350f27829895e751352acb

SHA256
b7f5de276f66454cb2abc2b0e00c59fa27929abe4075e9ff2ab279ba3f371622

SHA512
59af78ee9c5fc7decd12c8204391d1b28dab4115e56034ff64077ea5de63864edeee6fdd87728a2b23d4eed41c3e7d54621ccf758dabc5688b0bc498c4e810f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi\MANIFEST-000001.zhq

Filesize
575B

MD5
a252fb29702a178aba5b271fed153384

SHA1
c1fe2f9142b8003b2ae580e01c889c95feeff888

SHA256
d5117bbe76bed2223ee632e703fb5f8737d0a0bd8a1f7529bdd59154a2c77a56

SHA512
a42ae6f7bf06dc34070ec88c63de9483c045a3a42cff238cf0ccb5b3200c9d420aec91f7d7d57628104e32e84bdf3e37c1cac7d028f13e765a2b8c473fc5bde0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_2.zhq

Filesize
8KB

MD5
4e89695538999f43a44e65bb2784c4aa

SHA1
7b41a50a0170ce672aef8945e064578869d66a91

SHA256
b2d081b9cf6d709da9b7272acd495dcdad0acf81b34424522089a2e41b53903a

SHA512
7b76ed6bc570a7e8b49f15eccc581142541ab98e7396c13e7a9c0d0c6da3c2383a1da794229f8765f872f678feba83de53a0389652b082080eab1a012ccfd148

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0.zhq

Filesize
8KB

MD5
8e11d4f497c12069850ad24247029b81

SHA1
b3e3ea7d040fef5f6889daf6d103fff6d86b7aae

SHA256
5b8b83e023640aa92cff2613938872f2f3fcf7fa3435d420be90eaf1bae04433

SHA512
6f35bbeb23b34ad1aeba552439d8ef185144a35caf492de5dc222d7112c97cb710f8d2ff3f6757d400b3dee9948f7bbcd76dea9940b73ce0cc8b2eac4b98b50b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1.zhq

Filesize
264KB

MD5
07cb398612e251ed2ad027f698ec930a

SHA1
b56db881b87c78cea97c653791f343b9ff4102f3

SHA256
ba05ea1dcbaebcd3b94121ad414701bb597c9b3d069be0a65408632fb14e53d5

SHA512
df40fee3067350a7acd8f3a7b90bee658db32b538aa64e187cb54600e609b861e792dceb0d60202a04f8d3c68c923bb9af69dfb995533781c5b0f1046a2b3ec3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_3.zhq

Filesize
8KB

MD5
cf59f3d9a9cc80fd60f836fa864a2ce4

SHA1
2df6c0b55fac0bc723369aebb3d6c672141b2d2a

SHA256
3d5f07d4514a4b186d82d97c3a581c828eabaa8990825afaaa40a4a40db51771

SHA512
8bab1c27c3252ffa11475b79a91d872f58e3b5e17384821f72cbeff0dec09529a18e6f75349655cd1c38c3227e2f652fe4828b1bf9379fe80a331a99b10ce5a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
3KB

MD5
32195e1676f559f7ad5ec526c0e03770

SHA1
60c262f8542cfffae79fe773e623d04c9b2aec8a

SHA256
15f51ad586eb1496979e8110224b97ad3e599562e6d2581ae231ca2bff400988

SHA512
cdbdf33e6edc8d47cd82716229ce3a682c86239d83d301725610c2a0d94c23ae276cd99ee6c594cd653ed7bf84be8b3284a2d2830d4f06f4190cf1e67f783a44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index.zhq

Filesize
558B

MD5
92b5f2ddc5cfeabe22ff284e891723d7

SHA1
680f0e2646f9deedc1e92b99684172edf268418d

SHA256
3fbf7a9f526549669e149ae02ca618f45d79ad3393aa81b1029f80b5b95b6d19

SHA512
1a205c1d0fe96cf628fbb8abe2504795db701e0a7e2170f8222fa1816e008cbf61b93a4af627756137992f2ba5de3b75553394f2fa1acf9aaf3ea53bc7f39ed7

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_l5twa1tw.3ox.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
memory/1200-10-0x00007FFC732F0000-0x00007FFC73DB1000-memory.dmp

Filesize
10.8MB

Download
memory/1200-11-0x00000247F1140000-0x00000247F1150000-memory.dmp

Filesize
64KB

Download
memory/1200-0-0x00000247F31F0000-0x00000247F3212000-memory.dmp

Filesize
136KB

Download
memory/1200-13-0x00000247F1140000-0x00000247F1150000-memory.dmp

Filesize
64KB

Download
memory/1200-12-0x00000247F1140000-0x00000247F1150000-memory.dmp

Filesize
64KB

Download
memory/1200-16-0x00007FFC732F0000-0x00007FFC73DB1000-memory.dmp

Filesize
10.8MB

Download