Overview
overview
10Static
static
3AntivirusD...t3.exe
windows7-x64
6AntivirusD...t3.exe
windows10-2004-x64
6AntivirusD...t4.exe
windows7-x64
10AntivirusD...t4.exe
windows10-2004-x64
10AntivirusD...te.exe
windows7-x64
1AntivirusD...te.exe
windows10-2004-x64
1AntivirusD...er.exe
windows7-x64
10AntivirusD...er.exe
windows10-2004-x64
AntivirusD...er.exe
windows7-x64
10AntivirusD...er.exe
windows10-2004-x64
10AntivirusD...er.exe
windows7-x64
AntivirusD...er.exe
windows10-2004-x64
AntivirusD....2.bat
windows7-x64
10AntivirusD....2.bat
windows10-2004-x64
8AntivirusD...re.exe
windows7-x64
1AntivirusD...re.exe
windows10-2004-x64
10AntivirusD...st.exe
windows7-x64
1AntivirusD...st.exe
windows10-2004-x64
1AntivirusD...re.exe
windows7-x64
10AntivirusD...re.exe
windows10-2004-x64
10AntivirusD...t3.exe
windows7-x64
6AntivirusD...t3.exe
windows10-2004-x64
6AntivirusD...t3.exe
windows7-x64
6AntivirusD...t3.exe
windows10-2004-x64
6AntivirusD...re.exe
windows7-x64
10AntivirusD...re.exe
windows10-2004-x64
10AntivirusD...us.exe
windows7-x64
9AntivirusD...us.exe
windows10-2004-x64
9AntivirusD.../c.exe
windows7-x64
1AntivirusD.../c.exe
windows10-2004-x64
1AntivirusD.../f.exe
windows7-x64
1AntivirusD.../f.exe
windows10-2004-x64
1Analysis
-
max time kernel
150s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
28-04-2024 03:37
Static task
static1
Behavioral task
behavioral1
Sample
AntivirusDefender-main/AntivirusDefender/AntivirusDefender/Resources/antivirusfalsepositivetest3.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
AntivirusDefender-main/AntivirusDefender/AntivirusDefender/Resources/antivirusfalsepositivetest3.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral3
Sample
AntivirusDefender-main/AntivirusDefender/AntivirusDefender/Resources/antivirusfalsepositivetest4.exe
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
AntivirusDefender-main/AntivirusDefender/AntivirusDefender/Resources/antivirusfalsepositivetest4.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral5
Sample
AntivirusDefender-main/AntivirusDefender/AntivirusDefender/Resources/usbwrite.exe
Resource
win7-20240215-en
Behavioral task
behavioral6
Sample
AntivirusDefender-main/AntivirusDefender/AntivirusDefender/Resources/usbwrite.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral7
Sample
AntivirusDefender-main/AntivirusDefender/AntivirusDefender/bin/Debug/AntivirusDefender.exe
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
AntivirusDefender-main/AntivirusDefender/AntivirusDefender/bin/Debug/AntivirusDefender.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral9
Sample
AntivirusDefender-main/AntivirusDefender/AntivirusDefender/bin/Debug/defender.exe
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
AntivirusDefender-main/AntivirusDefender/AntivirusDefender/bin/Debug/defender.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral11
Sample
AntivirusDefender-main/AntivirusDefender/AntivirusDefender/obj/Debug/AntivirusDefender.exe
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
AntivirusDefender-main/AntivirusDefender/AntivirusDefender/obj/Debug/AntivirusDefender.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral13
Sample
AntivirusDefender-main/AntivirusDefender3.2.bat
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
AntivirusDefender-main/AntivirusDefender3.2.bat
Resource
win10v2004-20240419-en
Behavioral task
behavioral15
Sample
AntivirusDefender-main/JigsawRansomware/JigsawRansomware/JigsawRansomware/bin/Release/JigsawRansomware.exe
Resource
win7-20240215-en
Behavioral task
behavioral16
Sample
AntivirusDefender-main/JigsawRansomware/JigsawRansomware/JigsawRansomware/bin/Release/JigsawRansomware.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral17
Sample
AntivirusDefender-main/JigsawRansomware/JigsawRansomware/JigsawRansomware/bin/Release/JigsawRansomware.vshost.exe
Resource
win7-20240221-en
Behavioral task
behavioral18
Sample
AntivirusDefender-main/JigsawRansomware/JigsawRansomware/JigsawRansomware/bin/Release/JigsawRansomware.vshost.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral19
Sample
AntivirusDefender-main/JigsawRansomware/JigsawRansomware/JigsawRansomware/obj/Release/JigsawRansomware.exe
Resource
win7-20240221-en
Behavioral task
behavioral20
Sample
AntivirusDefender-main/JigsawRansomware/JigsawRansomware/JigsawRansomware/obj/Release/JigsawRansomware.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral21
Sample
AntivirusDefender-main/antivirusfalsepositivetest3/antivirusfalsepositivetest3/bin/Debug/antivirusfalsepositivetest3.exe
Resource
win7-20240220-en
Behavioral task
behavioral22
Sample
AntivirusDefender-main/antivirusfalsepositivetest3/antivirusfalsepositivetest3/bin/Debug/antivirusfalsepositivetest3.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral23
Sample
AntivirusDefender-main/antivirusfalsepositivetest3/antivirusfalsepositivetest3/obj/Debug/antivirusfalsepositivetest3.exe
Resource
win7-20231129-en
Behavioral task
behavioral24
Sample
AntivirusDefender-main/antivirusfalsepositivetest3/antivirusfalsepositivetest3/obj/Debug/antivirusfalsepositivetest3.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral25
Sample
AntivirusDefender-main/antivirusfalsepositivetest4/antivirusfalsepositivetest4/Resources/JigsawRansomware.exe
Resource
win7-20240215-en
Behavioral task
behavioral26
Sample
AntivirusDefender-main/antivirusfalsepositivetest4/antivirusfalsepositivetest4/Resources/JigsawRansomware.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral27
Sample
AntivirusDefender-main/antivirusfalsepositivetest4/antivirusfalsepositivetest4/Resources/blacklotus.exe
Resource
win7-20240221-en
Behavioral task
behavioral28
Sample
AntivirusDefender-main/antivirusfalsepositivetest4/antivirusfalsepositivetest4/Resources/blacklotus.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral29
Sample
AntivirusDefender-main/antivirusfalsepositivetest4/antivirusfalsepositivetest4/Resources/c.exe
Resource
win7-20240220-en
Behavioral task
behavioral30
Sample
AntivirusDefender-main/antivirusfalsepositivetest4/antivirusfalsepositivetest4/Resources/c.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral31
Sample
AntivirusDefender-main/antivirusfalsepositivetest4/antivirusfalsepositivetest4/Resources/f.exe
Resource
win7-20231129-en
Behavioral task
behavioral32
Sample
AntivirusDefender-main/antivirusfalsepositivetest4/antivirusfalsepositivetest4/Resources/f.exe
Resource
win10v2004-20240419-en
General
-
Target
AntivirusDefender-main/AntivirusDefender/AntivirusDefender/Resources/antivirusfalsepositivetest4.exe
-
Size
10.1MB
-
MD5
97f44c7df82adc19ce025cfc8958245c
-
SHA1
699fb553ea85db7c6c5fc5118ab7a1a0c3b19602
-
SHA256
0fc9a98ed6bad1f94e0357b6bb833b4eca20bea119abc0cdfa3bb4caeeddcda1
-
SHA512
e2da423ba4eee8f4e836f5eeed82bfe9cf482a911200f805dcdff20d41901c73b40faf187c66ef2e32f9ec8f6d565c43f38229c026285dd0411d4c1c8c22c27e
-
SSDEEP
196608:QbxNMGrnhzvYf9EfmiAf1qkB8I9r1UhraBMBMBR:kMGr4+BAf1qC1caBMWBR
Malware Config
Signatures
-
Jigsaw Ransomware
Ransomware family first created in 2016. Named based on wallpaper set after infection in the early versions.
-
Enumerates VirtualBox registry keys 2 TTPs 5 IoCs
description ioc Process Key opened \Registry\Machine\SYSTEM\ControlSet001\Services\VBoxGuest a.exe Key opened \Registry\Machine\SYSTEM\ControlSet001\Services\VBoxMouse a.exe Key opened \Registry\Machine\SYSTEM\ControlSet001\Services\VBoxService a.exe Key opened \Registry\Machine\SYSTEM\ControlSet001\Services\VBoxSF a.exe Key opened \Registry\Machine\SYSTEM\ControlSet001\Services\VBoxVideo a.exe -
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 3 IoCs
description ioc Process Key opened \Registry\Machine\HARDWARE\ACPI\DSDT\VBOX__ a.exe Key opened \Registry\Machine\HARDWARE\ACPI\FADT\VBOX__ a.exe Key opened \Registry\Machine\HARDWARE\ACPI\RSDT\VBOX__ a.exe -
Looks for VirtualBox Guest Additions in registry 2 TTPs 1 IoCs
description ioc Process Key opened \Registry\Machine\SOFTWARE\Oracle\VirtualBox Guest Additions a.exe -
Renames multiple (3905) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Drivers directory 1 IoCs
description ioc Process File created C:\Windows\SysWOW64\drivers\RwDrv.sys l.exe -
Looks for VMWare Tools registry key 2 TTPs 1 IoCs
description ioc Process Key opened \Registry\Machine\SOFTWARE\VMware, Inc.\VMware Tools a.exe -
Checks BIOS information in registry 2 TTPs 1 IoCs
BIOS information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion a.exe -
Checks computer location settings 2 TTPs 2 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-2818691465-3043947619-2475182763-1000\Control Panel\International\Geo\Nation antivirusfalsepositivetest4.exe Key value queried \REGISTRY\USER\S-1-5-21-2818691465-3043947619-2475182763-1000\Control Panel\International\Geo\Nation jigsaw.exe -
Executes dropped EXE 9 IoCs
pid Process 3976 thirdpartyclamavinstaller.exe 2472 thirdpartyclamavinstaller.exe 4740 jigsaw.exe 4216 a.exe 3384 c.exe 1756 f.exe 4020 l.exe 4892 drpbx.exe 4100 z.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 4 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-2818691465-3043947619-2475182763-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\firefox.exe = "C:\\Users\\Admin\\AppData\\Roaming\\Frfx\\firefox.exe" jigsaw.exe Set value (str) \REGISTRY\USER\S-1-5-21-2818691465-3043947619-2475182763-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jahrein = "C:\\Users\\Admin\\AppData\\Local\\Temp\\AntivirusDefender-main\\AntivirusDefender\\AntivirusDefender\\Resources\\rebcoana.exe" antivirusfalsepositivetest4.exe Set value (str) \REGISTRY\USER\S-1-5-21-2818691465-3043947619-2475182763-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Media = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\AntivirusDefender-main\\AntivirusDefender\\AntivirusDefender\\Resources\\z.exe\"" z.exe Set value (str) \REGISTRY\USER\S-1-5-21-2818691465-3043947619-2475182763-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MyGigaPp = "C:\\Users\\Admin\\thirdpartyclamavinstaller0.exe" antivirusfalsepositivetest4.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks system information in the registry 2 TTPs 1 IoCs
System information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer a.exe -
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
pid Process 4216 a.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.scale-100.png.fun drpbx.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-Yahoo-Dark.scale-250.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\lo-LA\View3d\3DViewerProductDescription-universal.xml drpbx.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\js\nls\fi-fi\ui-strings.js.fun drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.targetsize-24_altform-lightunplated.png drpbx.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\sv-se\ui-strings.js.fun drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Sticker_Ear.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Thumbnails\Sticker_Icon_MouseNose.png drpbx.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\sendforcomments.svg drpbx.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_unshare_18.svg.fun drpbx.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\ru-ru\ui-strings.js.fun drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.targetsize-64_altform-fullcolor.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailLargeTile.scale-150.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedSplash.scale-100.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-48_contrast-black.png drpbx.exe File created C:\Program Files\VideoLAN\VLC\lua\http\images\Video-48.png.fun drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PlaceCard\contrast-black\Error.svg drpbx.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\ca-es\ui-strings.js drpbx.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\EmptySearch.scale-125.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\RTL\contrast-white\MedTile.scale-200.png drpbx.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\uk-ua\ui-strings.js drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageLargeTile.scale-125_contrast-white.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-96_altform-unplated_contrast-black.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\AppIcon.targetsize-256_contrast-black.png drpbx.exe File opened for modification C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Slipstream.xml drpbx.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win8-scrollbar\arrow-left-pressed.gif drpbx.exe File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\LTR\contrast-white\LargeTile.scale-125.png drpbx.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\images\themes\dark\example_icons2x.png drpbx.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\zh-cn\ui-strings.js.fun drpbx.exe File created C:\Program Files\Microsoft Office\root\rsod\office32mui.msi.16.en-us.boot.tree.dat.fun drpbx.exe File created C:\Program Files\Microsoft Office\root\rsod\office32mui.msi.16.en-us.tree.dat.fun drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\AppIcon.targetsize-80_altform-unplated_contrast-white.png drpbx.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\bg_get.svg drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\StoreLogo.scale-200.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-60.png drpbx.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\en-ae\ui-strings.js drpbx.exe File created C:\Program Files\Microsoft Office\root\rsod\officemui.msi.16.en-us.boot.tree.dat.fun drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-36_altform-unplated.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-72.png drpbx.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\selection-actions.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\StopwatchLargeTile.contrast-white_scale-125.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\OutlookMailBadge.scale-200.png drpbx.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\email\dc_logo.png.fun drpbx.exe File opened for modification C:\Program Files\7-Zip\Lang\sk.txt drpbx.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-white_scale-140.png drpbx.exe File opened for modification C:\Program Files\Microsoft Office\root\Templates\1033\Training.potx drpbx.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\[email protected] drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_2019.19071.19011.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\AppxBundleManifest.xml drpbx.exe File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_2019.19071.12548.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\ShareProvider_CopyLink24x24.scale-125.png drpbx.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\en-ae\ui-strings.js.fun drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Thumbnails\Sticker_Icon_NinjaCat.png drpbx.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\s_filetype_psd.svg.fun drpbx.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\da-dk\ui-strings.js.fun drpbx.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\TelemetryDashboard.xltx drpbx.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\lib\deploy\splash.gif drpbx.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png.fun drpbx.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Scan_visual.svg.fun drpbx.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\da-dk\ui-strings.js.fun drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.targetsize-80_altform-unplated.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-96_contrast-white.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\StoreWideTile.scale-100.png drpbx.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-addtotable-dark.png drpbx.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\s_close2x.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\CalculatorSplashScreen.contrast-black_scale-100.png drpbx.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 768 antivirusfalsepositivetest4.exe 768 antivirusfalsepositivetest4.exe 768 antivirusfalsepositivetest4.exe 768 antivirusfalsepositivetest4.exe 4216 a.exe 4216 a.exe 4216 a.exe 4216 a.exe 4216 a.exe 4216 a.exe 4216 a.exe 4216 a.exe 4216 a.exe 4216 a.exe 4216 a.exe 4216 a.exe 4216 a.exe 4216 a.exe 4216 a.exe 4216 a.exe 4216 a.exe 4216 a.exe 4216 a.exe 4216 a.exe 4216 a.exe 4216 a.exe 4216 a.exe 4216 a.exe 4216 a.exe 4216 a.exe 4216 a.exe 4216 a.exe 4216 a.exe 4216 a.exe 768 antivirusfalsepositivetest4.exe 768 antivirusfalsepositivetest4.exe 2472 thirdpartyclamavinstaller.exe 2472 thirdpartyclamavinstaller.exe 2472 thirdpartyclamavinstaller.exe 768 antivirusfalsepositivetest4.exe 3976 thirdpartyclamavinstaller.exe 3976 thirdpartyclamavinstaller.exe 2472 thirdpartyclamavinstaller.exe 3976 thirdpartyclamavinstaller.exe 2472 thirdpartyclamavinstaller.exe 768 antivirusfalsepositivetest4.exe 3976 thirdpartyclamavinstaller.exe 2472 thirdpartyclamavinstaller.exe 3976 thirdpartyclamavinstaller.exe 2472 thirdpartyclamavinstaller.exe 768 antivirusfalsepositivetest4.exe 768 antivirusfalsepositivetest4.exe 3976 thirdpartyclamavinstaller.exe 2472 thirdpartyclamavinstaller.exe 3976 thirdpartyclamavinstaller.exe 2472 thirdpartyclamavinstaller.exe 768 antivirusfalsepositivetest4.exe 768 antivirusfalsepositivetest4.exe 3976 thirdpartyclamavinstaller.exe 2472 thirdpartyclamavinstaller.exe 2472 thirdpartyclamavinstaller.exe 3976 thirdpartyclamavinstaller.exe 2472 thirdpartyclamavinstaller.exe 3976 thirdpartyclamavinstaller.exe -
Suspicious behavior: LoadsDriver 1 IoCs
pid Process 652 Process not Found -
Suspicious use of AdjustPrivilegeToken 3 IoCs
description pid Process Token: SeDebugPrivilege 768 antivirusfalsepositivetest4.exe Token: SeDebugPrivilege 2472 thirdpartyclamavinstaller.exe Token: SeDebugPrivilege 3976 thirdpartyclamavinstaller.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 1756 f.exe 1756 f.exe -
Suspicious use of WriteProcessMemory 60 IoCs
description pid Process procid_target PID 768 wrote to memory of 3976 768 antivirusfalsepositivetest4.exe 84 PID 768 wrote to memory of 3976 768 antivirusfalsepositivetest4.exe 84 PID 768 wrote to memory of 3976 768 antivirusfalsepositivetest4.exe 84 PID 768 wrote to memory of 4748 768 antivirusfalsepositivetest4.exe 85 PID 768 wrote to memory of 4748 768 antivirusfalsepositivetest4.exe 85 PID 768 wrote to memory of 4748 768 antivirusfalsepositivetest4.exe 85 PID 768 wrote to memory of 2472 768 antivirusfalsepositivetest4.exe 87 PID 768 wrote to memory of 2472 768 antivirusfalsepositivetest4.exe 87 PID 768 wrote to memory of 2472 768 antivirusfalsepositivetest4.exe 87 PID 768 wrote to memory of 2860 768 antivirusfalsepositivetest4.exe 88 PID 768 wrote to memory of 2860 768 antivirusfalsepositivetest4.exe 88 PID 768 wrote to memory of 2860 768 antivirusfalsepositivetest4.exe 88 PID 768 wrote to memory of 4080 768 antivirusfalsepositivetest4.exe 89 PID 768 wrote to memory of 4080 768 antivirusfalsepositivetest4.exe 89 PID 768 wrote to memory of 4080 768 antivirusfalsepositivetest4.exe 89 PID 768 wrote to memory of 4072 768 antivirusfalsepositivetest4.exe 90 PID 768 wrote to memory of 4072 768 antivirusfalsepositivetest4.exe 90 PID 768 wrote to memory of 4072 768 antivirusfalsepositivetest4.exe 90 PID 768 wrote to memory of 4740 768 antivirusfalsepositivetest4.exe 92 PID 768 wrote to memory of 4740 768 antivirusfalsepositivetest4.exe 92 PID 768 wrote to memory of 4188 768 antivirusfalsepositivetest4.exe 94 PID 768 wrote to memory of 4188 768 antivirusfalsepositivetest4.exe 94 PID 768 wrote to memory of 4188 768 antivirusfalsepositivetest4.exe 94 PID 768 wrote to memory of 4216 768 antivirusfalsepositivetest4.exe 96 PID 768 wrote to memory of 4216 768 antivirusfalsepositivetest4.exe 96 PID 768 wrote to memory of 4820 768 antivirusfalsepositivetest4.exe 97 PID 768 wrote to memory of 4820 768 antivirusfalsepositivetest4.exe 97 PID 768 wrote to memory of 4820 768 antivirusfalsepositivetest4.exe 97 PID 768 wrote to memory of 1176 768 antivirusfalsepositivetest4.exe 99 PID 768 wrote to memory of 1176 768 antivirusfalsepositivetest4.exe 99 PID 768 wrote to memory of 1176 768 antivirusfalsepositivetest4.exe 99 PID 768 wrote to memory of 3384 768 antivirusfalsepositivetest4.exe 100 PID 768 wrote to memory of 3384 768 antivirusfalsepositivetest4.exe 100 PID 768 wrote to memory of 3384 768 antivirusfalsepositivetest4.exe 100 PID 768 wrote to memory of 3076 768 antivirusfalsepositivetest4.exe 104 PID 768 wrote to memory of 3076 768 antivirusfalsepositivetest4.exe 104 PID 768 wrote to memory of 3076 768 antivirusfalsepositivetest4.exe 104 PID 768 wrote to memory of 1756 768 antivirusfalsepositivetest4.exe 107 PID 768 wrote to memory of 1756 768 antivirusfalsepositivetest4.exe 107 PID 768 wrote to memory of 1756 768 antivirusfalsepositivetest4.exe 107 PID 768 wrote to memory of 3756 768 antivirusfalsepositivetest4.exe 108 PID 768 wrote to memory of 3756 768 antivirusfalsepositivetest4.exe 108 PID 768 wrote to memory of 3756 768 antivirusfalsepositivetest4.exe 108 PID 768 wrote to memory of 4020 768 antivirusfalsepositivetest4.exe 109 PID 768 wrote to memory of 4020 768 antivirusfalsepositivetest4.exe 109 PID 768 wrote to memory of 4020 768 antivirusfalsepositivetest4.exe 109 PID 768 wrote to memory of 4508 768 antivirusfalsepositivetest4.exe 111 PID 768 wrote to memory of 4508 768 antivirusfalsepositivetest4.exe 111 PID 768 wrote to memory of 4508 768 antivirusfalsepositivetest4.exe 111 PID 4740 wrote to memory of 4892 4740 jigsaw.exe 112 PID 4740 wrote to memory of 4892 4740 jigsaw.exe 112 PID 768 wrote to memory of 2964 768 antivirusfalsepositivetest4.exe 114 PID 768 wrote to memory of 2964 768 antivirusfalsepositivetest4.exe 114 PID 768 wrote to memory of 2964 768 antivirusfalsepositivetest4.exe 114 PID 768 wrote to memory of 4100 768 antivirusfalsepositivetest4.exe 115 PID 768 wrote to memory of 4100 768 antivirusfalsepositivetest4.exe 115 PID 768 wrote to memory of 4100 768 antivirusfalsepositivetest4.exe 115 PID 768 wrote to memory of 2368 768 antivirusfalsepositivetest4.exe 117 PID 768 wrote to memory of 2368 768 antivirusfalsepositivetest4.exe 117 PID 768 wrote to memory of 2368 768 antivirusfalsepositivetest4.exe 117
Processes
-
C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\Resources\antivirusfalsepositivetest4.exe"C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\Resources\antivirusfalsepositivetest4.exe"1⤵
- Checks computer location settings
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:768 -
C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\Resources\thirdpartyclamavinstaller.exe"C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\Resources\thirdpartyclamavinstaller.exe"2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3976
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\Resources\thirdpartyclamavinstaller.exe" "C:\Users\Admin\thirdpartyclamavinstaller.exe" & pause2⤵PID:4748
-
-
C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\Resources\thirdpartyclamavinstaller.exe"C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\Resources\thirdpartyclamavinstaller.exe"2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2472
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\Resources\thirdpartyclamavinstaller.exe" "C:\Users\Admin\thirdpartyclamavinstaller.exe" & pause2⤵PID:2860
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\Resources\thirdpartyclamavinstaller0.exe" "C:\Users\Admin\thirdpartyclamavinstaller0.exe" & pause2⤵PID:4080
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\Resources\jigsaw.exe" "C:\Users\Admin\jigsaw_backup.exe" & pause2⤵PID:4072
-
-
C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\Resources\jigsaw.exe"C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\Resources\jigsaw.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:4740 -
C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe"C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe" C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\Resources\jigsaw.exe3⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:4892
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\Resources\a.exe" "C:\Users\Admin\a_backup.exe" & pause2⤵PID:4188
-
-
C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\Resources\a.exe"C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\Resources\a.exe"2⤵
- Enumerates VirtualBox registry keys
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Looks for VirtualBox Guest Additions in registry
- Looks for VMWare Tools registry key
- Checks BIOS information in registry
- Executes dropped EXE
- Checks system information in the registry
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
PID:4216
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\Resources\b.exe" "C:\Users\Admin\b_backup.exe" & pause2⤵PID:4820
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\Resources\c.exe" "C:\Users\Admin\c_backup.exe" & pause2⤵PID:1176
-
-
C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\Resources\c.exe"C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\Resources\c.exe"2⤵
- Executes dropped EXE
PID:3384
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\Resources\f.exe" "C:\Users\Admin\f_backup.exe" & pause2⤵PID:3076
-
-
C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\Resources\f.exe"C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\Resources\f.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1756
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\Resources\l.exe" "C:\Users\Admin\l_backup.exe" & pause2⤵PID:3756
-
-
C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\Resources\l.exe"C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\Resources\l.exe"2⤵
- Drops file in Drivers directory
- Executes dropped EXE
PID:4020
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\Resources\m.exe" "C:\Users\Admin\m_backup.exe" & pause2⤵PID:4508
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\Resources\z.exe" "C:\Users\Admin\z_backup.exe" & pause2⤵PID:2964
-
-
C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\Resources\z.exe"C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\Resources\z.exe"2⤵
- Executes dropped EXE
- Adds Run key to start application
PID:4100
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\Resources\of.exe" "C:\Users\Admin\of_backup.exe" & pause2⤵PID:2368
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_remove_18.svg.fun
Filesize720B
MD561947d0907c945a6df0f1d86b894e4c7
SHA1fd488589b551ef61957bc329d1a10a4dd20481db
SHA256cfa663ff1da533b46726d1761848a327ff515ee7dd4bb395a9430f6cbc568bdd
SHA512296a37e91d1fbce5e951413e09b240db31eef5ff88ce783a506cb40151dfc394465e0ba617f8d2ce4310a1432b969d88873e74905012b65492cdccd11a874981
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons.png.fun
Filesize7KB
MD5a842db7ac1990b29e2c453d22188eafc
SHA1562adae12978c15a03c541c86a930d306d1a3618
SHA256577aceff95acfa55f729b8c56d5a5848d55d76ac0664b7ad4e32f1ffbc6729f3
SHA51221639cb95779a49f24fa1fc74e2c26eba8040800b2f3fcba8815b41a915cb7710d2d528d00fb9d3acce8a74ce155a83e0f1b24fd7f4614934405d10211a19554
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons_ie8.gif.fun
Filesize7KB
MD5f13b68445c6a611c58b69d0663adcd41
SHA1f4405939a8ce9d73be0b9e95bc694c0e3187d4f5
SHA256dfa70d2305ea3cc4ceedf503877087e358697aba61f28e6afe310af68dddfcee
SHA512c2e8e3fda0588bf6bf8385c654a245a597ba146e5877943db63d0f2177833de3a1e0f6118d318071f07a2c0a107001bfeac901119e036b15ebf5dfa6b7795f28
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons_retina.png.fun
Filesize15KB
MD5c8fc25207f8ceecd9227242be2efbac3
SHA146f774b5a0f7cbd381d4434ce8e50de84c3c0c12
SHA256bab54850e29f9ebc93b283187ef71904745c380cf99f7b2fa75de22a59ed3d97
SHA5128ebfe4584beb21ad2a82da8ad799aebb00e52b5c819775f4df6dbf6dd2435f45514cbb15747baaea6018d476f43ea2c7ba66f6103b551ccf55ae3642167bc653
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\new_icons.png.fun
Filesize8KB
MD5b5d8672c3a1c0c03ea94ed8e7545b730
SHA195dc280bb5e13b9979952cc20f30f6830f184901
SHA256fca20ec5c665941480e92223fc4719aac0b3235a7f115d2574d7129e7e6ee348
SHA512de8da4e24416eda326404a717e77a8d810aa6f995c5fd545c9da1ef8cb47fa9786628d3ac3273f165167e4ea4f63532303f07518c85f8198adbfd89f0342f7c3
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\new_icons_retina.png.fun
Filesize17KB
MD5ce629e483860631759ed4b212ade9bfb
SHA1f5b4a74fcd8a4c203febcbcf808d2581959ab442
SHA2565091a8ca0d8b0b72af4059110ad2197a423e2ddf8c8cc15e6a7f468c3fb2a78e
SHA512d530e96e76b674605c4cf5ec30288ad4ea93399021ba88d68961cee3b158aed0e56729925a025ab355a888dda8d668780723aa3decfdebbeabfb6d5109504b42
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon.png.fun
Filesize448B
MD5cab6c8585046fdcc0b2600cef0cb22aa
SHA12b0ce8b6523310938dceeec9fb9c9d864acc2f6b
SHA256628b2ec6f6336318df443543de6a8a1d16e3b3400753e75a54e7a68cac604720
SHA5128a88ceb9ec69d8f3cb6ac5965d7498fecb83e9c64f18d96c385ffffd9eae8fcebdc382c8a2c4b4b45581995fd1bc77e0afb0d3c568a6ce2907543092b3e6f992
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_2x.png.fun
Filesize624B
MD5363b1b98d976980f0af736f587e99651
SHA14c9dbdd0523152e757c445a0495cb0572306b5f9
SHA256bb70106809438ed5d550b69ae3d5119ecb46c75f7d8e0dddddd18e2967df73d0
SHA512ca1c0b3690e7c9ce985a7f6ff2af321685d365d5ce61d700d2d17afd231cce067c01372faf43e2634414e3e6aa0c1ebdcadbdcab7c46eab759d6e4e584030e7a
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover.png.fun
Filesize400B
MD5296b9b5580cc931820d1a1e62c29c41a
SHA1484d786dc7196520072ec4a4952ec96d88ed6e26
SHA256a36df9606a73c204e04696b1930d23c3581d33876d2b1510c9d324996186247c
SHA51258e4b6c8014c9413540733003a2075c74ce9170bfdcfc27db79b795616988d91f58b7f3234183850a24a6b38ef2b4befdc61bae828a0d50bb79e729e51e458ca
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover_2x.png.fun
Filesize560B
MD5355f9c4064151c7089fbe1126af0cb77
SHA1b138c3b0563efc29dc3ed24180dcd46cec5819b4
SHA2560d8584a9d9fbf7c7b0b54f69b308da3204281c93aa1bf2f83c02e129c73a987e
SHA512cc39d40c5058cee42fd451210b64def65499a5e2abe1475426aa88b65305e3b0a7572b7a0de15756ab68660d899bfd0c28fb62c2b6920c98d0a7e1896e292905
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon.png.fun
Filesize400B
MD5b9928ad5ffa158894354df8b8ff6b23f
SHA1e228563a9873a502801dda31c3d33be880080251
SHA256e1a2e7cd9fe8586b95860da7c13d7b9407797ab253573c24fe423c8bc4485cf7
SHA512d18f4fe5500a0cd70092f22f414895782cb8f3f3040c627a21ddafb1295faa146bf158e8b71ed4741f53c096b13d24d1046f7c6d6753fe0fe9a72b496f1093a6
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png.fun
Filesize560B
MD52e7765187796a13a10d805e0ee978a6a
SHA1c7a8e4989068703a552b2cfe13e2411a621114f2
SHA256cf050c014f972d74e2e9ef5aab5dab5ca46fb1344d07539aa4071305f51d2b9e
SHA51273fd7b93efc84fb8a7c63eca4b51c85a33c85db58c2e98161bb2045ad06fc60479a0cf672346a0fd9ee30ed4cd28e565310921315180400cab56561ce0f9ed40
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png.fun
Filesize400B
MD5d86ab3c169ebf736f5109312a9ce1c27
SHA1513eacceed79aeba7c7ef521759d65e73edb368b
SHA256aca7c25306834d60e990bbff5a59d35171811a4cd764cd6f19ed7f3d60678a6c
SHA512ae27bd93e06be3c9e392ad9ed852e5b06828ab298a7e91ea58411b04cc7997858f6d3e891212a044dde51307f9cf759fb18e90c6d3afa7e78ed8f404116ec0c4
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png.fun
Filesize560B
MD5ba92eb229413a4997d609cb7c32a262b
SHA17e3d458cb15bdd2b4dfb48cd636b915f1e216d69
SHA256307ed4b76842f00b9b5ccbdfee3dbe845027badaf9fefa0f270ffdb37d053195
SHA5124d532be35dbee30672cc2734717c827cc1ba3e9961fe5068bc21b0826edfceaabbf9e8511ed60b03522fa8f02f3c028c5c815727628a29217a8a843200ae3925
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\example_icons.png.fun
Filesize688B
MD579928359f473ca412b6619daa126ea4a
SHA155d1f1d741b2327b2853a26b9c55712460ab6433
SHA25626bc3338fa8e8f825c0e8fef85c572df98afa06dfd09dcbf6be0be93a0e7644e
SHA5126e976147cec5201ed7d9543db2b335d007dc159f571e7df373d4efd28625255c53e47d76e21ff514de08887b15995111ba68ae0b047678d5c64387465729e52e
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\example_icons2x.png.fun
Filesize1KB
MD527c2ae5ec13d9be007de8f3bd3577b19
SHA10b4fb7f92ed8c9a72bb48a2b6ff4dd0eeac45f5c
SHA2569bc2e43816cd6586b50b94902b7beac1291a4123b9ca38fa2f3cb6bf647cb9a8
SHA512832d67e486247748c3eafff6c9c0b3a039203c349c31677d26361e0f66c1e0e1e671f637be9c6dc22687b7ec77cd3ac4bc1a2d7eeac3e67204b79dfc2f664e4d
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\bg_pattern_RHP.png.fun
Filesize192B
MD5840221d27a09a3080a93c1f4bb265f5e
SHA16ed12d47df1500f7ad56ce0e3e43fa803dc040c0
SHA2569999fa3e8b7b136d9688bc0bb42a144fab43263998c28850facdcf0def8d6360
SHA512cc4afa07c610dba58ac80779196edaf2a745c733bcbb3b1a581ddf36c0a3f4e79a70e93ee448074d3f06f25362919140288ba59e71fc21a89ba46688434db7d7
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\bg_patterns_header.png.fun
Filesize704B
MD5a967c33396482152971c0a3dd54053a2
SHA12d8cf663746ad928d0ebfcf87af685988f540aca
SHA256107c2a1239238755e33ce29ef7b000935ede80dc9fdf544182d01e5c330a5a6e
SHA51263e990a4d044c2414571481e6fd40bf30d1bc59c009b6b497eef062c9b2b3443005caf0dd014055d2da08e2f7e8a12d7c324f6c63430b1bfd95d14088c9b7162
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\illustrations.png.fun
Filesize8KB
MD5a48c79d6485aa84f70909e0deac5afc6
SHA15885dd3d8553862554312632d40b04ecc583e09e
SHA25602f138096bc96757a83a6b42e855007d6f4fd1c8390c220fb5f428219253d573
SHA5123615eba5102df9ad4bc8aafa4c43ad3a43afb617f49607789c8a6c0fb80d0fc4f5a625ba27600b5e7f6ef302dfdedee3022d61ae202dfa6c319762befc31ca46
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\illustrations_retina.png.fun
Filesize19KB
MD5a5b25141ae69df8e8627814bc7da55e7
SHA1862ab0471f3d3415ded16e77f2542f84023fe8ad
SHA256bc2276d83723961e25e621e4400a2aadefb95f1e38642ba2fd8c4e7f83dda6a1
SHA512b9b0b0c3e5bf9026e684ef38ee576aab142ccb9a19759834d30771df121a0f87167d298bfda2d341055c1949e203102e88d5195a53ab96eb18ec2c6e70d614cc
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-gb\ui-strings.js.fun
Filesize832B
MD5f9d942430d103eb14bb89a8b06dd354c
SHA128c8f183fc1c03eb2f69dfc662c0d47f25dceb9c
SHA25630f745264662bb65ea8e073548faa9cbb594394fe6bb8f238fd463cd4b19a16b
SHA51251994cfee07ebe1f030eb609f5d70c42b15f7f4d7a7e7e82c44682048b405ccc52cc33aed16ac21ac189d378eb93db093e32c50ece0d1c6bb5687fa1451ffea5
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ui-strings.js.fun
Filesize1KB
MD5254e6e1f919c82e7e6386148f4fd8b85
SHA14b16f83c625875047f0e397bd22c318e3dc401f5
SHA2566fd7ad452179754ac6fe6ee17a1e9ca7277173e23096153ab776cb5c572f19f5
SHA512b9d8f88e89da06a98685ef2dab1f85115defd342d09527fcdf81712b000800fa1350db0ba085e2fc9df29ba0da394346a9d2c68395a3f9509d525e155d986ca4
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ui-strings.js.fun
Filesize1KB
MD5c8df49bb4bbdc9da2bcab074f61beb09
SHA17bec3ca11d7533d9853d2a9a6ba2dfeb7d8201a8
SHA256ef67108356c94c9c8826ab0a667fb88add02381715a352f9be62ee92ad781647
SHA51253b472bdc116931819173f7385d23a8becfce39f63fcd451962bc3c6d0e117fc5f2e7ae6dac3297bf778bb35b06d5d514c10dc882ed3a5d958f8f5cdd979a213
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\bun.png.fun
Filesize2KB
MD55a7c257c74c8c7d5352b57cde2f0b55c
SHA1ef9cac32cb1329bef6857173abee2fff4cac3ac6
SHA256b2a557b40c73eb81ca22b167c4a6ac1f43622c59b2d85e5f43119769c6d6b6f5
SHA512031764f3fb1194d778a84a294df4e0509ba00e50ddefe3a6cf7a655f48219cc38e53f5c47a56646d6ea63275ed56d19328c7b82f14e717a688d6181093764928
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview.png.fun
Filesize2KB
MD52ac07813a74d6adaa3e44db55e899e09
SHA1a0447b0b95d442c2d770987b1e007826cdae98a2
SHA256b770a96d153a9e662d5a586e571ba9687a0995b9dccf3f50afdb5dba8da465d9
SHA512940e4a99d233d99b1b342c4a8d032ce70f66ef0134d57b3c13f1cdde780453e32f54f442fe9255cfe73cc9e478f72f707a383a156aa924a95ffbd3cfc840a94c
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview2x.png.fun
Filesize4KB
MD52613b34bca30302406bbfa57c93b6c0f
SHA104a4e32759eb78be5d4397916bc9e51090fa4333
SHA25653bbcb949a287d7ac25e7a31d671cd9eb11ac609f7344a38aaa5c2f165dc4093
SHA5124c170f25c9d3238cc6572ff5522495effab28c7e0047a44eaba8939d2da46950ff9f8f1329b923d82b0b8a3e28de735dd41ebaf83711eb20b2fa52ba82f23855
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small.png.fun
Filesize304B
MD5e4e7837a4f0c71864f2ed00e23aae8e0
SHA1c35796c887fb94fc2112caf3921ba504570dde1e
SHA256e69aa05159c50cb7dc9083dcd34a21f811aa80ca24e67eda8fca86c244d9a483
SHA512296817bbf0f9faafa16577edb105f560be7a27ded19370efbbe9e14657fca5c202d3f19d0f001de5d9119fdef304e099bafda922135f679b487afe05e36d4fbb
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small2x.png.fun
Filesize400B
MD530c5fafcb889cfdfef7a7373c623221b
SHA1e4a12b7ef07ca5780ebe205201be538a34fc6154
SHA256b2bf549220418c47e80507084b43eeccd85c0a43f4da74de6858fc96dd3020af
SHA5124a621fa79335711dab7dbde3bf0fd30979b15c2f48eff9b867a0cde99ddc67a97d612ea0472db9903c5cb5555800907b8a183cf499f55d186a42fe0ad6fb023b
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\nub.png.fun
Filesize1008B
MD53c501b84ed7912d164470fb2024d29ba
SHA1f54ec8a32fe7a67acfcbd48e789c0b5d2c0b6816
SHA256d1ba5eb730cc20b906290b76d64d2697896cc25ab4d782588f98c62c9b7ea1bc
SHA512cf9adc56a6685c7f5131d703238752700cfe9b32133ee38f6e828b658dbd64af9732509a47abee3958c5cc22f3685f10cc27a1d5d76f7459b99498310fb6cdb9
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons.png.fun
Filesize1KB
MD5242c795c3e07e4f7e1db97121e007727
SHA1c0704070f2026d817b82f71878e334be06bab551
SHA2562ab2f7f6b540d3bcab915e7626db8db6ed71736ba7da94ce2ca4366d440cd822
SHA5128b990d5a35b324ebbd5ee6d6d88d74e783e211f3c778162dfdf1577e2d3c6cc32693117fbfd1175ad34d7bb46e05504e8ccdcdc116a6895eee31f50d583289cb
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons2x.png.fun
Filesize2KB
MD5a06ee81cc9009bcac3c9a5af0dab2b1d
SHA1b95ada870dd0ebfd4058b6710076d750186ca151
SHA256c82b8a9a8fa45f93bc000a754e07e9922fc1788f9d54bcdd0b4c6869145c613e
SHA512b4271b58a89b37e2c48584778eeb08668e2d32026f98990fb017215e854a7006184f09149e478bd95a5b15027e308b61982f5a2275b998174bdf281736edece8
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\nl-nl\ui-strings.js.fun
Filesize848B
MD5fe2afee9fcdf2d43940944ebd1145480
SHA1986b8b7ce80ec8b8e223f95b508532e69cd49c05
SHA256116b7fbce50c3c08cc73efca3439106f4f2e00012794fbad81ebff4598066a42
SHA512b66aec41ffabc4d1566b2316de80efe3528d2ad5dd8b0030d1a127d58c0f9257c8b76ca7c301199e92213eb35f1d557a85062dc8c432e5c554590f0a91d2ceaf
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.fun
Filesize32KB
MD5aec7bd7c96948d97d13c7df53988e89c
SHA17b906b88009e7509324ae92dc8a32ae4fb38626c
SHA25615fcb7c77cf60f287e9c81ec8053a9cdd1aa8bc0413734e8a1499a9de635c6d0
SHA51227d12f825c16d1d5349f53a23d57f71eb8d4534a1ae4af2c4eead9cda09a4440dadc518a8887a3ea818494cb6319fc82ab8147cdb85958e9b344400b7d6b2803
-
Filesize
160B
MD5000e8c41d4a15fb34d0be0dbb56e3778
SHA100c4eae64ee6239d7c65d819c6ce1ac329224f8c
SHA2568bdfa6a5b7de345cf0d4fe0e9c17d8b0e9db26d58b05b1b2ebbb3a05a068ff28
SHA512775d832eb8ab73e4a93789917dca69edb6c91fbb426e02acf7c6e213ffb4575776187209d1c471fbf57c4621ea3c23d9850f6dfc2770d62c17de9d66710800af
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.fun
Filesize8KB
MD5420960c4b17842a24bbf117222c60e47
SHA14e2f5bc3a3fe7da4ea60dfaae851b1b88e48751d
SHA256e94c37d7dc8dd954bfee8e340abc882bc361baf0d3771ed442ed625a3bcb0174
SHA512b42f16f6fca9b66d49a2ad7c80e56c51e04d023a4ae50e984dbd267e204682ecbb929fefb5c7ee67775597773b08b6bd39416f13b87f1782cf8c5d553ecd7ce5
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{9341b00b-3c0d-4d61-852c-de825c5f186d}\0.1.filtertrie.intermediate.txt.fun
Filesize16B
MD59817c637ea440822e5d3ff2144d17467
SHA184080fede70d3544aad82976cec9b51c83c472ec
SHA256df1b3b60351e48245d6ac589c68ddf77dba1aa9ba12427405b90daa9143d8252
SHA512399bd0074e50829c3f5b5000c5e6da863de969adab921b5244da53ae35661ffbc24687176ecc1411f0da78d6a186c999846d454c365500f9833607095a0f2373
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{9341b00b-3c0d-4d61-852c-de825c5f186d}\0.2.filtertrie.intermediate.txt.fun
Filesize16B
MD52a89b7646b4d795f4bfc5bb4269138e7
SHA1ff1ffe4b11ab6094419b961bcdc9b923369293bf
SHA2569dd722337fac6f6363c0697082384f6866d27ad7f5f3d541cb494c91afe14c16
SHA5124a2cfc5c842227c576b3f93962fa38001db85ae56f5989880e6938c31cc77718b69d94c900cbe150d2126d1952242450981bf2f3f148909b5e056d69579bf3d9
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133579836733239332.txt.fun
Filesize77KB
MD512c8e1d600754bb1cbb40937165dab28
SHA1ed69ec57e7d32319d6b9325998f306e83934bc07
SHA256e35288b22dac3900fad63a85d1987a54585501324cf8d2abef55836899820e61
SHA5128de08b6b1ccc5bd7e51eefb0eada9274c8e34f02164604942c32c57daa4049c0896138b4f0e5e539648450b85645230cbcd0d09e4c2bd7669215262673b7115c
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133579839229142017.txt.fun
Filesize47KB
MD5c3404891a3f2870d611fd31d8a40ddce
SHA1d537ef45ae2f1dd43334098284b70f6fd05aafbd
SHA2566c8eacb71f946bd525ba4ed3c6f2c1d7477b243a0c795ade20c0d9b3405331c4
SHA5126fae8d79456b87723ea3aab70600c7c11a41a21f9b5e142b6ffc3d45b6379f572d1a77f4aa87a63a7ee29021ea77e9319335b6cc2760d71303490ff36638cd0c
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133579846343471163.txt.fun
Filesize66KB
MD596c01ecfb4fc486b64b7e292c1b1a8d4
SHA18bcec94ebd884f137d9792dfd964176d9430ab87
SHA256fe7aea111c602983ebdbd966f47bad5b9a4da03f1b52b794860ef39634eed69a
SHA51289df28f533cd3d14e4f0366952d1b4a220e9874388264576084d9e9b2bdbde8bd5d001e43d245bd2fa8ed64210fad02294c2a76d302d23e4dbd4d0bd9679eb02
-
C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\Resources\a.exe
Filesize2.4MB
MD5d948d4b6db5d6d6e2e1ba6c0fa4bf008
SHA105846d5b1d37ee2d716140de4f4f984cf1e631d1
SHA2561f43703d2171ab90e98357b6dfdf824417baa191a59419c27fce42cbafdb7ecf
SHA512fce681b3721eaf87f27b758782095e34665517ea4e0529cf18b32c4d0d5270ec40c8acf296ad2665e60a6e7e0430807f87e01e3a145902c9fea2a3c83100c15d
-
C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\Resources\b.exe
Filesize96KB
MD5ddfe44f87fac7daeeb1b681dea3300e9
SHA19a7291fc90f56d8c46cc78397a6f36bb23c60f66
SHA256951f74882c1873bfe56e0bff225e3cd5d8964af4f7334182bc1bf0ec9e987a0a
SHA512775a17e879e23262b3102c88218de6c1adde8e3a8c7112937aa63cb159c52e280f30782d5c6925661b0e92c63472345fe1eaa0e354b9a14412fbbd6550b5487f
-
C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\Resources\c.exe
Filesize44KB
MD56d1a47574ef7598017c13d64769cccfb
SHA11d75bfb18ffc0b820cb36acf8707343fa6679863
SHA256d61417d72a054d45ee33e395079e9d674f891a42ed0ec5357b5a8d91c69858a6
SHA5127e4f90cd9f1c072089d626a51cffb3e89216e2ad5c55ade7b2c2f4f2d8106d5bc2030d2e1f6745cc47bf12180f566c2eb88dc0925f3040eb641e1fb1e6239f13
-
C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\Resources\f.exe
Filesize3.0MB
MD54994952020da28bb0aa023d236a6bf3b
SHA1af807380a745a4bcf937b87a081ef895ee7f15ba
SHA256bb8c0e477512adab1db26eb77fe10dadbc5dcbf8e94569061c7199ca4626a420
SHA51288393499d0816c173ea0b983995833e82e1aac1a73554d0b64d959b69dcf943644ab74927ad576bda48bbdace66256900aab33383f5a0546f6dfe21a8dd5662a
-
C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\Resources\jigsaw.exe
Filesize60KB
MD514a2065165fca7f48b20123ea1ca8d2d
SHA1f6371909e9b9751d3f7539a75ec0f024cd3094bf
SHA256cb8068f6f5623b19fea0e5e8657ea059283dc7fbb04ac61c204b8fcf9b09cc3c
SHA512eadd1e658b19805cc64a8a9a391f42fcae5c410c89b95a1b2e5d8615aadc1e873fb67e214fff5f96163b8340bc37443cfbb4d50eccd2b8e06b6294f503adf103
-
C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\Resources\l.exe
Filesize334KB
MD5e00216958f15f1db6371b583a3ea438a
SHA14b9e71615b37aea1eaeb5b1cfa0eee048118ff72
SHA25681e96c07e6c9cb02f72c0943a42ff9f8f09a09c508f8bbaa1142a9ee4f1326cf
SHA5129d46b4fbf26c775929e95e145b390f0d12566e482920f629b342db2aaa37c5a40a789226ecfe51ba0f0b94fce827b9f53180232cda48bae510cce1e3b37bed16
-
C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\Resources\logcli
Filesize125B
MD5ae104e7a450b94fddf3731db785f85d7
SHA158a6738893b20c3e6da18841e08fd472fc0d0ad0
SHA2564f3e694c824c1f4ee07dc35ceac70f4e5023ba5d97911f72fe13a4b9618f7851
SHA51203babb84df8522978d63e88693e0fdf5b4c711e530d9d0cd3249a9de9f7bcd3e6c02a554433aed5406c4c841619830fc0256f153eb44165debb1bf4944bd2f40
-
C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\Resources\m.exe
Filesize1.7MB
MD52d4991c3b6da35745e0d4f76dffbca56
SHA161340c41787d16b753598670de2cb1dcf50718c5
SHA2563dacf5cd40090a6d011f1e522eaed2d29699b9d892ce122ea406e0c9d03d5d2d
SHA51287eb0d4957d81c9ec3be2bf5f032428b4d8e298b8dd70c6a5fc9cd98ad2bb12beb457b32ab698452cb558fdd98e6a78fb081fdf22f63ad0238f0a8ff1092a17f
-
C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\Resources\thirdpartyclamavinstaller.exe
Filesize14KB
MD505bd1940ef02d78bc2bd107e81f729f5
SHA1dd5a4c413464dd21143e98f57484ea979e79d057
SHA256576e4c14ef11683d332abc303503e257084cfef8ced3072549bdecd0a44bfbe1
SHA5125967ddaa8eef68883a29de0b470ea101a0c2fb7ba51e7e45ecef1c2f31391993fa9514300c778c1931581b44001f672affb0217333353797742e821e7e885343
-
C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\Resources\thirdpartyclamavinstaller0.exe
Filesize11KB
MD5c406d8a0b58a59cfacbd41a267cec4bf
SHA184f496a9337aa2f8055fcbf5aa77b67d48bd0e21
SHA2563e3950ea1bd00d98ceb91d7be28beb40772af548d32c9584fa631eda1db01642
SHA51208a6a905f91faa40a116e071fe153bfd75e43dd47b2d21a56ebad8409102b078f79c854f9d72612d5a9bdc5e5ae9f05324d421334c35fc2402bbe9f9fb47bfa2
-
C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\Resources\z.exe
Filesize85KB
MD50d3da5adb9bb63c7fcb0185756601749
SHA172dbd9bc44173033b504dddc655b2082e99cf2b9
SHA256f31034fffec424d6e4505318400ecc3b00f8c2107c1823510a037b11a49f0741
SHA51212cb90877e442deb37ca64e911a9d699b3d799e89889f023458bf6f032eb2838b344bddb02cfed82aaae5af84b172d0acd95d84b9db469e2d4cb28586cd30e14
-
C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\JigsawRansomware\JigsawRansomware\packages\Newtonsoft.Json.10.0.3\lib\net45\Newtonsoft.Json.xml.fun
Filesize658KB
MD5e3ab3f6e3dd3856197ef93ab05bc2048
SHA105a5ebab502ac54af84109bf361cfbab147d4eb4
SHA25689ab2878576875ad4b5f06ef7ee0f76311a86d87a50c17ec2d2e34dbe9c15fa1
SHA5124047bea983fa05ee89257fcfa060fb6ec4c01e33f948a3277792f9f1a643a0f20d9b8c0f2dafd5619d7fd9d8d03f89ba36bcd681a0bb61d3265a388451a4ce5b
-
Filesize
16B
MD5cfdae8214d34112dbee6587664059558
SHA1f649f45d08c46572a9a50476478ddaef7e964353
SHA25633088cb514406f31e3d96a92c03294121ee9f24e176f7062625c2b36bee7a325
SHA512c260f2c223ecbf233051ac1d6a1548ad188a2777085e9d43b02da41b291ff258e4c506f99636150847aa24918c7bbb703652fef2fe55b3f50f85b5bd8dd5f6e3