azov | fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a

Analysis

max time kernel
140s
max time network
60s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
17-06-2024 04:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe
Size

411KB
MD5

a6d3a2717a53313e7b28e6c20b4755b4
SHA1

2763146cec961843dcedf6651e969007f04cd54f
SHA256

fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a
SHA512

ef0b8214c59282b2790b24e22830fe056636deee1878010b732872ba673810126e73da2cf4659bd80e4333a96ff9d2658a5aa4290da930520e23f414bf5598ae
SSDEEP

6144:/bs0rJENQi7/PQ/C4aPNVs9SbSPQmU7F5sjYWXIemOKOYWwJN77ld2Oqu:/hl2BfFs9dzU7kXIHWwJF7ldnP

Score

10^/10

azov persistence ransomware spyware stealer wiper

Malware Config

Signatures

Azov
A wiper seeking only damage, first seen in 2022.
ransomware wiper azov
Renames multiple (8249) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RESTORE_FILES.txt	fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Bandera = "C:\\ProgramData\\rdpclient.exe"	fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\I:	fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe
File opened (read-only)	\??\K:	fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe
File opened (read-only)	\??\L:	fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe
File opened (read-only)	\??\M:	fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe
File opened (read-only)	\??\Q:	fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe
File opened (read-only)	\??\R:	fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe
File opened (read-only)	\??\U:	fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe
File opened (read-only)	\??\B:	fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe
File opened (read-only)	\??\W:	fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe
File opened (read-only)	\??\Y:	fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe
File opened (read-only)	\??\V:	fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe
File opened (read-only)	\??\N:	fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe
File opened (read-only)	\??\O:	fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe
File opened (read-only)	\??\T:	fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe
File opened (read-only)	\??\J:	fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe
File opened (read-only)	\??\P:	fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe
File opened (read-only)	\??\X:	fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe
File opened (read-only)	\??\Z:	fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe
File opened (read-only)	\??\G:	fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe
File opened (read-only)	\??\E:	fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe
File opened (read-only)	\??\H:	fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe
File opened (read-only)	\??\S:	fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe
File opened (read-only)	\??\A:	fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jre-1.8\release	fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\PAPYRUS\PREVIEW.GIF	fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\TinyTile.scale-125_contrast-black.png	fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\WorldClockLargeTile.contrast-white_scale-200.png	fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\css\main.css	fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\js\nls\sv-se\RESTORE_FILES.txt	fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\LTR\contrast-white\MedTile.scale-125.png	fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\cs-cz\RESTORE_FILES.txt	fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail-ul-phn.xrm-ms	fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\1033\RESTORE_FILES.txt	fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler.exe	fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\AFTRNOON\AFTRNOON.ELM	fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\intf\telnet.luac	fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\LiveTile\1px.png	fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\WideTile.scale-125_contrast-black.png	fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageStoreLogo.scale-400.png	fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\Icons\icon_play_prs.png	fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml\Assets\RESTORE_FILES.txt	fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_empty_state.svg	fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\cs-cz\RESTORE_FILES.txt	fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\SkypeForBusinessBasic2019_eula.txt	fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraWideTile.contrast-black_scale-100.png	fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\GenericMailSmallTile.scale-200.png	fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\cs-cz\RESTORE_FILES.txt	fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\AddressBook2x.png	fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp3-ul-oob.xrm-ms	fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\Assets\Audio\Skype_Call_Ringing.m4a	fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe
File created	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\x86\RESTORE_FILES.txt	fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.targetsize-20.png	fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailAppList.targetsize-256_altform-unplated.png	fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\LTR\contrast-black\WideTile.scale-200.png	fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Snippets\ShouldBe.snippets.ps1xml	fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Retail-ul-oob.xrm-ms	fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2018.826.98.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraMedTile.contrast-black_scale-125.png	fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteAppList.scale-100.png	fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\AppxSignature.p7x	fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.contrast-white_targetsize-40.png	fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\EmptySearch.scale-100.png	fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxMailAppList.targetsize-96.png	fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\plugin.js	fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\SearchEmail2x.png	fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\WorldClockMedTile.contrast-white_scale-125.png	fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\MixedRealityPortalMedTile.scale-100_contrast-black.png	fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_proxy\identity_helper.Sparse.Beta.msix	fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe
File opened for modification	C:\Program Files\7-Zip\7-zip.chm	fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription5-pl.xrm-ms	fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL086.XML	fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\sr-cyrl-cs\mso.acl	fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\ru-ru\RESTORE_FILES.txt	fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\en-gb\RESTORE_FILES.txt	fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\PFM\SY______.PFM	fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Retail-ppd.xrm-ms	fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\Cartridges\sql120.xsl	fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSectionGroupWideTile.scale-150.png	fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-256_contrast-black.png	fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\networkmanifest.xml	fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\sk-sk\RESTORE_FILES.txt	fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\ru-ru\PlayStore_icon.svg	fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe
File opened for modification	C:\Program Files\7-Zip\7zCon.sfx	fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sq.txt	fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\include\jni.h	fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\BadgeLogo.scale-125.png	fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\LockScreenLogo.scale-100.png	fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\MixedRealityPortalStoreLogo.scale-100_contrast-black.png	fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe

Modifies registry class 8 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.GRF	fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.GRF\ = "GraphEdtGraph"	fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\GraphEdtGraph	fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\GraphEdtGraph\ = "Filter Graph"	fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\GraphEdtGraph\shell\open\command	fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\GraphEdtGraph\shell	fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\GraphEdtGraph\shell\open	fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\GraphEdtGraph\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\FFFCF9~1.EXE \"%1\""	fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4396	fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe
4396	fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe

C:\Users\Admin\AppData\Local\Temp\fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe
"C:\Users\Admin\AppData\Local\Temp\fffcf9f4697b7317b384c7641b8d8dd7d76d5705c9e28b933a85ebb61e00d61a.exe"
1⤵
- Drops startup file
- Adds Run key to start application
- Enumerates connected drives
- Drops file in Program Files directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4396

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\de-de\PlayStore_icon.svg

Filesize
5KB

MD5
0d8c388e260287d2e89b79141049711d

SHA1
ac2e80bbb853d090dc1a613ed9592b8f9ee9b0cc

SHA256
db3b682a39713f49074853472e3059a030ddbb7a43b35e458a2785e3fbdf3594

SHA512
14ac5860fd542c1ac97839b535fcb5eeca2857936215cab774aafc70a444844f3a086b72c7a891cd7ebc1fe74ec0be54fcd27a0990dcb4d469897e75fd0527a6

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\pl-pl\PlayStore_icon.svg

Filesize
5KB

MD5
a753c3ec6ee737d8d6450f0a74bfd5c4

SHA1
d53ddf45492c5aff1e415f43a02f8bcd22ceef0a

SHA256
56e518a056860971a81a724dc8e94c8b0a29d19504a60d3222c2ac2c08630610

SHA512
4bf2fe9270900ab70c884761e31369a59a889a4c926ac3f7996cdfd494230c57856dda3815a9e3ca09c28efcb27403f6152504d3a6b1452151cbd3100af0c24b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\zh-cn\PlayStore_icon.svg

Filesize
7KB

MD5
50800ad70098f1bbbe72352a75dd8016

SHA1
00effb754b26911a867a3a006654584f2f65b784

SHA256
bf2f38b9a5268ac016adad5bd334b8c7a9b71ab013209e7a45cde422c8e14c02

SHA512
7a3074b8a8bbc3f86632f1dea757fc2b3f131e150d68d9e7084362380b3850a9958843899b0df6fb017dc5aee3d00334945ea5c06909ca2762f4fc279f6366d6

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe

Filesize
296KB

MD5
ba72a0b4771de423114d9845dac5309f

SHA1
1d3761c463b51b2ae4730dbed2fea2d6f2317bfc

SHA256
050105c7ff3fd47d1a84fd33b83adda49049d8b72e47ce81a327a9ba94688415

SHA512
29d3ef36304a264ed914b17a0a392d5f998f154928ee859c1f68b5490e32d52e64150b15d2fedc7c91221138a6eadac0824296a09ff58f870c26c053e38e2e18

Download Submit
C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_102250\java.exe

Filesize
333KB

MD5
070cf690b3d46c7782f776a095447c24

SHA1
8a79752e188eb69e3797b365b823aab1286672ab

SHA256
b1b72b74a4e6c823173f45085417ea6517ff0cc28662a7e640cb852bed9e8f3c

SHA512
dc956a942095fba08202ea3f24ea756a83784ef4cee1d4f50e5b6f0c434ada8e9be7f1b590c79ad8b94c07a8064e7504c3d247ce5d86d5eeed13abcf6a64acfa

Download Submit
C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_102250\javaw.exe

Filesize
333KB

MD5
285e4bed0e132af41f714108a1e1f982

SHA1
fd87dfefe24949a4131456136d79e68c5d8a2324

SHA256
da371d49ccf0444207c1b7a582bd88e5b186f845686a19ce8d9b75d1a91f3c05

SHA512
22108be1dea9e0165800b02347939f77bb5d0152bd825a68a5719ec72cb52da172e598b17bcc355d7fcfd8fee76df9c82ab24a3a38afd9ccf908f66d825b04fa

Download Submit
C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_102250\javaws.exe

Filesize
540KB

MD5
e38f3cdc8ecf154717ecbf6a468099e6

SHA1
69fce203cf85f096c7292b82636d06964c767ce6

SHA256
7200b86073ed842701ea4a70c5c945b3ad51b9cae21713ac89d5a825b59c33e0

SHA512
f7a9227e4cf4e8416494e680294806f7c50537062b4a979e5ff8bec811839fbf921ac8d469f04324f97aea38628972418597a54e012b188d4ab586ffd2da0732

Download Submit
C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler64.exe

Filesize
454KB

MD5
8fe2988ebaaed4b99e532274c9278179

SHA1
f95fd030a1a0af19a41849b1fba7ae141cdbb767

SHA256
2e9b498af37634abef877aa8f4c57be94a92645a724546ccb4aeee64e74a321e

SHA512
caa45cba9eea38eae9e72e4c15f5ee62ae8fe402b3aca041f2e78c3166c7063a877cf71e8c53aa29d11e88eca95ba844add50c911b092f09e5033f50f1920c3f

Download Submit
C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.187.37\MicrosoftEdgeUpdateComRegisterShell64.exe

Filesize
262KB

MD5
6fa4a0e94d93741e40635ab5b3b79108

SHA1
b031cc9b1e254fa22473f8a8b3469549f8314f21

SHA256
a41ee2f9f34f815c03ba524df0698dd2b1e86a78cd42a16f0ded8bc8135c0aca

SHA512
5eee3a7a7d2009f07bbd0ae87e0bd1326141d7ebdaef5c1df019e678b71f776b036d90ec9108431253113f792481bfd7fec45ac37a5aac84cb5029de8b4474b4

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\BHO\ie_to_edge_stub.exe

Filesize
545KB

MD5
56cca67206d71b1320c8ea11c5a554fc

SHA1
2ad6d9172886439b148b13b96f3e95a9644e6f6e

SHA256
5924c5978800ddda626aae42a1b478784327ac99352f22de8427dac28b97b0c1

SHA512
bda71c10167667600d876d6cbf4a251a1caf21001de6039b58340ecc9a3ae8eec5e180260fa223755454b324e72f4199602c9421c7ad9297a9b3e567fcef173a

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe

Filesize
3.7MB

MD5
65d2901a42d4cf0244a04c64ffda6256

SHA1
6c67cd94923b6160db686e453ebe48d8da4f9813

SHA256
593afbb82b0891025bab1a4facb27571c9c00b489e4a872d3eabb4007f5d5db5

SHA512
81e416dd342fcd557d532884ce8094532589767e381ae3047c4243aabc6c9b65c7a65fbe51c275fbc96dd8bb4cb257af26b4985fa9608da7d6e38dd7f8290e47

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

Filesize
1.7MB

MD5
a61ee2df205860b7875c875c514dc23a

SHA1
230d5f903d6ef323a85f54b7f7ab19461e8f0c4d

SHA256
4d109b73841e5df5f26fd0c8887e878dd08a4eda4882873a040b8603699ae97a

SHA512
f21b34a87cc552a573b2f3a0d1d6af8f73c6ea635c9a8a32deb1f6f5ea5d5ebd7d67cf413c523d3e21c5563265b64377cf7d04878a8cc1818b564bf3563c52e8

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

Filesize
1.2MB

MD5
7399a4ced31b9b728d67b53e578ff450

SHA1
fe7eea25b8bff7c07b8b281ff67c01479a3e8804

SHA256
deac7f5688c36b2d2bcc18cb7224e7bf34f82a258141a7a5696ae780a2db5dfb

SHA512
0ac1c1c3bb42af93326b432f45070d032ab215583c61863e6abab8ea14818355934d741824c81f800eb8bf66dd70f2c220ea4fd93bd7f94ffef540862861a868

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\msedge.exe

Filesize
3.3MB

MD5
40794049be900a4956748f12115dc8fb

SHA1
8884f343917300864aef3de3f8d71fa755be9438

SHA256
ecb6c66fbf4a6f2ae27e828b92c131cb1802e09f18b6485b5e1965ac17727126

SHA512
d4c9cd57a9ad2d0e3f2c978dc2cd1bb14fc56014e77ddf14b61e00727ab35a9f2ee1cc080ade754110ef94a078785c53f867e12b8ab7316f3e6793d144f48630

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\msedge_proxy.exe

Filesize
1.2MB

MD5
9670440929417dedea1bbe2f2efb0154

SHA1
b339d78274cb1da2ae39a91d90b180b6342840a0

SHA256
620ea480cc9582abdafc4e7d61692833eb76ad3867fed7e54d20053b41d89164

SHA512
063851c1aac421f649f298e03040a6e453da74383fc96052c49c0f281248fc7f584d991e69fed1c0448ebd3b79099feee91698b7e325dc0b958ba5ab143bb186

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\msedge_pwa_launcher.exe

Filesize
1.7MB

MD5
ebf6b1eafce8fbb3f88e0e9033c02ec7

SHA1
335ea93b05d7d31f28a2908f61e1fb448909f3e5

SHA256
800e7d2cf4fa4124df2938f1e04a4330ee822856df2737f493a8b0ef3b7669d5

SHA512
325f3a05bc65c51bb827dd1a90af18c16c6f74b39fb3c0d6db233f00ababa75da8f62b0df9b9804d4ce0a3a5cadcb2f399a1274406db1f5e12d55689f5d65970

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\msedgewebview2.exe

Filesize
2.9MB

MD5
c51c34be25c698966cdeaeb2d013c9ae

SHA1
e66a8d85a7b62c6cb92a445f928a7af3c8df0192

SHA256
787f94c861bc5057d25261c9619880f54962f2edd103486b937787479b9d5686

SHA512
0b55ed31ee522d22266a45e513a2fa5e3f5056a548d7c978239304fb8ade4e10f68d64c7fbd7f5bf9beb77a7d754f5725dd1c276a1784dc93562caa2a44a101f

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\notification_helper.exe

Filesize
1.4MB

MD5
94a55ced608341ba3667c218f85cfdb5

SHA1
6671ed9426cd7d9540b7dbd845400fa37300effc

SHA256
ba9d66bdf99173475fcbb2396a29bc1fd84737bfc5651042a5a4f5907827ca91

SHA512
c90b8cd864737c3a744c808124289d015321e30093b19968687b908a2a8f660ef0f11431b07695058fd429cda194b364e1a58ebbdecf428c8dfec2499e1b2da9

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\pwahelper.exe

Filesize
1.2MB

MD5
283a813032bc61dfea3acf240fe3487f

SHA1
882bc22f3e7e8678196e234756b9da083cd9c627

SHA256
4f8e4c3a7392dc0b8ebc1b2bf968e540061700d6326cf2a825b58ffce6ad7124

SHA512
ed6d5224ede841c49f7922d4921920dfdffa3b25d97d5b76c567f747c481a0d13e1427c7219878704f13b86a16e34bfd079a982f58f518d7eb5bb28e746a3aa5

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Filesize
3.3MB

MD5
17cec3187ad66f56239fc44bf1989ad6

SHA1
162a02133b05219e59c9dce6653379818e87836d

SHA256
b6fbd14a647ddc679cc6c577a2884c497e9411691aad0a4f1ca15aefe6ac9f72

SHA512
d5b79e22a16359ecca69c52aa5f913f91fb9175b6f0c94953056bd0e66ee9cfd5cd3f8772a309b74269207aacdfe82d41947af9c497a6e4b7e718359dffcd010

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe

Filesize
1.2MB

MD5
c1253d15c94784a0ca5d0b83dad803ea

SHA1
c549f885528e232c28b9a865b6d400b111974aa3

SHA256
69e56622ee833c25448d6f04bd92095e0e5392fda94150e8a6f51415ecda44c1

SHA512
80203a79fcc2eb46ed807298e9bf5cb91f5919e1bb8f1375486f3bc471b3a6ec4ff9177590254829d17a1d82dd7e0e150b244ca20e5eab395b9538877fa6fd86

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\pwahelper.exe

Filesize
1.2MB

MD5
a1b69139957651f633209aa8796c9139

SHA1
4f533e67768ea8442065df4bba2faafa66ddea97

SHA256
d90ae7a757726f37c7a5f8ed5bec4b310fea7eeff390ccd4761fcef2966cddd6

SHA512
be5e7175fe2aa8f897c750b4558158959babbdf5032bb3f1fc7b43bfb295223e6ce4abec20a2135d2256581e7daf7c06e9033bc68438e848d101729a4f72b2df

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

Filesize
301KB

MD5
a4653faf030a589e4dcc710a8bcfd85d

SHA1
e190acb2eb38d2587d03822b98964c362f979e0d

SHA256
be1a63ef46ae45ad98d0b5d3221c850ec2720f2063ae5de36028848271d53e1f

SHA512
1bca22bb02e6eb0c24ebce5b82431c190962413177927c181ba56336f6c8cc7edc8015a2bea53af3f164d9d515c846d224a47b6e60ed0a3aa5d05383d255d212

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
666KB

MD5
03721d813c9fd6a8663743d55352b25d

SHA1
d611a5f9a5a8abed078f9b36c70c4db99854a2da

SHA256
18d3157f41e91febe010eebd09f0f045aca326f1a26aa2da53d0e45845b79b8c

SHA512
06b4f378576f44fd1677eb555f12ed19190e6fd91200e1af93c87b086756707d84c27e4e86aa04d49343b587de4f20d3a6f89fb92a0165d9928acada5e7e0d2a

Download Submit
C:\Program Files\7-Zip\7zFM.exe

Filesize
1.1MB

MD5
1645703aac3808c7a830894d092d0532

SHA1
93e1fee1de2f12c999436b81266b99053e16b863

SHA256
6f068b0c0e3f3893738977bfb3c7ccfb837fcf704a21aae1c08394718e95c638

SHA512
95c2059e56e453f3604a6b3dd7e535fa418f27edb759f62a86a240a00ea9b0cb2a064a38fbb99e8e31a67cc3f5349b80f9fcfa7f2574080a9045c20def01cad6

Download Submit
C:\Program Files\7-Zip\7zG.exe

Filesize
832KB

MD5
7afe76b45cced121537a84f3d5980edb

SHA1
a649fe16e8d9cabe77c1dcadaff4e00851c77926

SHA256
f66c3ba21116990142d984bc9011be78b2b40f7d429b71beb9cdfa9b9ef9d0dd

SHA512
27a5ed8f161d71e0259c63412da506f84cecf2827c20e567bf8d625800fae87cd9a6569c76a951ea4f8e023fd065e7087bd1c2d2b964cdc4e5bac39057c54c5a

Download Submit
C:\Program Files\7-Zip\Lang\RESTORE_FILES.txt

Filesize
2KB

MD5
78ede93114e65f9160fd03d3357c56e6

SHA1
88d531b101e57655f1d0d26c6b3257aa2468d460

SHA256
c97412fbf88da8f91099a52888dea4c3f222cd95af3e681e3271cbca8b6b7bb5

SHA512
074a4c741273902ccacb6f573b96d8accedb2ee405dbd04350cdbf54d180c1fd577a4e90c2aae26bf72f3782403f4494db6e3501a04cfd9d7d81a6bc14884b9d

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

Filesize
350KB

MD5
f43d0ec2f95fb5296d9dcb1ed8c898ae

SHA1
73a6ac329919ad1e03f6ea26cbdefee6b1cb0ee1

SHA256
3cf1dc4bd9dd8ec58558cf43f3b0d4271aec637671217b353da8324f7171cc3a

SHA512
ba29555f2d79914f09a4a72b3838193819715b606d3da440776ba13897844aea4a94cd64390dc8a3660310fbc9d6f79e83abcffebed8e81a0ab00afa8be1e2b7

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

Filesize
4.3MB

MD5
819800498080ed511763c37ad8cf733b

SHA1
98af84f143a1beb2c606380f396188aaf65f2d0f

SHA256
5fc09b1ce8441c203e52466c4878d0ca18f406fae2df2f3c3de04b24a4fae343

SHA512
215423e8b63feb6788681f177f04fc95f6f95c8a65794f9c373a3d875f6bbbd20abd1b438adf1257d71eab2fa544a3cc6a4a0e563359ca896d097c1eace830c5

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

Filesize
2.3MB

MD5
b9009f15e5048fce64c8f36e20cb56f2

SHA1
66a945cbdc18b8d32dd012a0fe6f630c79ed4870

SHA256
757f369a3423caf5de18a9bd125afb28784b32a24279b7d361ee28f694c45e61

SHA512
c7aa6ce34c8bd225127ce86c73d34e0434ee800eb565f32cc3720b22377be1ff13ed85bd1f5a93b0cf8b5ad220533a19b5c3065643ddf1979954a3eb5f2fb399

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe

Filesize
5.0MB

MD5
d1c3cc3c023c65b3c67d09fe2ed2d2a5

SHA1
8d27a1e3d3aca5cf272b480e2bc2cf14bd25c9c5

SHA256
4e306d05ba327f7717b022d2fcde9148a01380bb14d3cca58bf06968799815ad

SHA512
6726dcbb80242d9cdafc75359543c6b2f1f1f6e8327c10b72545de8705c11d8711671c8d581ea1f1fb2ea7705e9d312ba312a4b8a6fd28941dd85baf9c788372

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_pwa_launcher.exe

Filesize
1.6MB

MD5
4ef83e739c25eecffe98576a20bf9b18

SHA1
f66eff1ff545cffd9fbd2f93a21f33cece8c0d0a

SHA256
90b4e34564661356b5eaeb6c673332e9dba8e918006166cfdaea50214353a19d

SHA512
5bca3d4f8406ce056109e106ff52c561ce9f64aba0ddcd5f21bac89f2d5468d34cfb5668b0d95524d67acf6a80a54b245e446ed81963eb7c1bb9d9ccd71248d7

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

Filesize
1.8MB

MD5
7b4f1a2784c3fede0f020e7fea596646

SHA1
579f8b1de428373e934987acdbb3cfe8e0aae033

SHA256
47ae2f63229807cd322e49c478eba750e73b63093034ed041f7c031b39d7bb42

SHA512
5995f789134608e7b0c5f92b8fb52146d53ac31fe1edaa92ace9c84c1401607f44dda190e2a159a839ecef129e01f912a39de52a773d9dbbd3cc1def9e2a2acd

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\notification_helper.exe

Filesize
1.4MB

MD5
6c4678300c855cdc9a61f3aefb82a744

SHA1
d595e5e0ecd5fcc4eb02934666c6af7e4e56f3af

SHA256
53086e222ec826d3fa7c5c2925dfec7bbb3613a62f1afd9bb7d5c55aed4c6beb

SHA512
166a51263f1b91d7026020089beb3271b38700cbdf41c9b27adda6408b3070a0b5d0ab1f06f50bb7fb770122b0d3491576278a4541503740fb63f3926b8a748e

Download Submit
C:\Program Files\Google\Chrome\Application\chrome.exe

Filesize
3.3MB

MD5
7d9d06d6666de8f08f384fcb1fa09866

SHA1
5f17ccf4f7e6f9573a2f1f0b4419b7775e555ba3

SHA256
d365829aac96375bd39499808e85498338b00b1ba3e111e17d57c09616bc0bd2

SHA512
024126a4f9c6fe2cfedafd49015d3a76d0f845a06fd01875aeaf0489d54bfaf8ae82e5434a00e6f96fd71f63c308a93325dd867af2c049d90fa26e4029e30ea0

Download Submit
C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

Filesize
1.3MB

MD5
6e4fce0977cc48e1c2d7b1f303e1d9c8

SHA1
b5dc2d759c85f84eadcefa7fcd03eea43fc6f28b

SHA256
ae72f9b7999713237be7f632313de02a4e0ce07db906f3899f3d9ff38816b7f0

SHA512
1697cb0af484ebec98839bbf67d1b6a75398f1ef1b1b96725b508856a821ff3d8f197dc5c0d5521b4b82230f3cfccb661f2960ffbbac23190065a38d967a2d87

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java.exe

Filesize
333KB

MD5
19de1fe61f6603734e7a9ca0601d761d

SHA1
71bbc83ea1184e7c860bc382202fc093e1dbf485

SHA256
9f5371d30063d180a87ecf02db346fbe500b2fab9745579b02e72706b9cb571d

SHA512
553c1cc00ae526dff52062bfb81613ad4d69ee66526c5b42065fa0128381bfa65cb84a5d91377be95776be0b1c78473a1e37cc3811748de6ebda6a571961a1a9

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaw.exe

Filesize
333KB

MD5
d2f17110b452af4451fa31b4c6cd52f3

SHA1
9e108ddac054f71c33adbcf038867741a68e417b

SHA256
39148731fcbfe6be68608cd316793a1be6e73e7d9548493b281d63c7600f98e2

SHA512
0f9dfd051ffdc12c42488551072a85435a8cb37c2170d124f211884d3b7c8c62f9339ff9e310b877b940be20977558fb2a8e4513315841b74fb2e7b0bf7e0ee1

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaws.exe

Filesize
540KB

MD5
3306f6424bae7c665387aaf6ea23fcd6

SHA1
ffc5c89ca4f83e5b2054947ff6fcbaf707862c6a

SHA256
74c904cf293e9ecdb63449dcfdbdc7e07a47ffce664fa235815d7712fd0e67fb

SHA512
fcf7069c39a07248a14ab60b7d2733e15d8d7d1133cef498975fc68abb25521df4f9e3f1f5dd83285f5e5f9c369184c096bc83d16b2994733b1896a17f6189d6

Download Submit
C:\Program Files\Java\jdk-1.8\jre\bin\java.exe

Filesize
333KB

MD5
2d0b159dac1e1b3954d31777eb2ed124

SHA1
a1e83e9a5b872f5a8f3e26bb1958da6c3772af32

SHA256
0edcdced09381cc6e48165499a9e2acf0eaae2ef4d0218d8dd9308445bb618df

SHA512
560a6378a406a437d5a1835cb05c018d4684dc5d25c1393bfcbf97c1de9787a27875d02004d4ee180903d37165f7d3d786621c3ec82dc8b5c050048b6c33bb4f

Download Submit
C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe

Filesize
142KB

MD5
8e5c94278c717dddb63f7e37de048375

SHA1
14e704098ecd905ea620623bb40ecfa5f81167d5

SHA256
727e8e3822fbf6734f2f00ca12f60560feaa379bc55494a09eeb6278bd0ed6a8

SHA512
cc65d127743fa455ddefac706d2df51fd9b1c26df3930b73b23a947859d737e24d357248d02751ebb619076f8de6e99d4f740fc5b333d021c590780025cc43a3

Download Submit
C:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe

Filesize
333KB

MD5
55ffa15e9f16be30c1fcf0f86e0c8d05

SHA1
a1c025a91aa19146055ce163d388b195d30be8ae

SHA256
81eeedd772c53c6f7d7262a4352b132a1da963ef10780fb716bbf26acdd93132

SHA512
da3d7175059702ce4b0981fc220aee1daa5e2f76eb0b94e29dbbd0afe26dc73c02b8243ef46be1c57fa2b2e3fb0315ec47bf847eef1f5118e27f1dc2bdc8f566

Download Submit
C:\Program Files\Java\jdk-1.8\jre\bin\javaws.exe

Filesize
540KB

MD5
4ccfc885f89f5e08743714f85e0add41

SHA1
e7cfbe52fee7615c511bdcdb3ddf716ef20cc9c5

SHA256
db41619c8a22aa6fa47bbc2a8c070c69b5b43f64217b08612b27399c9a3b5518

SHA512
e28fc7980d2619d96cee6e222abc1de276478b9a52ea538578b62a05099f2d1cfa23f93c36d9b5de422902c2b3b3a2b336a876d88d6e5ecbb91731bbe5df0aca

Download Submit
C:\Program Files\Java\jdk-1.8\jre\bin\jp2launcher.exe

Filesize
195KB

MD5
8454b41145a6c0e143331e9c7cad6e41

SHA1
874b9f522346ad71fb5056cec6f072e9d62ab685

SHA256
9b12ff67605032095cf399131195a68248516537efc2d9e399816fdcd5298f03

SHA512
5928b684021e68d5b48cd7f6773beb78da022cb82a28309eebea6daa809be5580c5bbabb0e8515e583431bc9229e69b23c7df8dac368f25f0c657593c1373f88

Download Submit
C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe

Filesize
138KB

MD5
e1501ba600164baa0f977029134b2feb

SHA1
8713177dee0450a614cd6d8a6da185fa0abdf422

SHA256
ac942dc0960c0454889b54f4dbc6aea402dea351a73346fcd33faba74f41ba5c

SHA512
bb88d77c9488f5eda654ebd2d02a4a79e586764cd79a9ffc5b202d5f64fe67d9a9ae73d161da432c1b7f8b94221040b5aef9a7d5f44ec8bec98d3144990f4740

Download Submit
C:\Program Files\Java\jre-1.8\bin\java.exe

Filesize
333KB

MD5
d37427b3c513710be62df7b3762f8a39

SHA1
19c84e0a38f5199828befe3ba0dea903849f1a76

SHA256
01e6e01cada58b41ee0362be372e07dc00936fdf3b8dac7613c3be927f8cbbfa

SHA512
582270b1101bc7d2c9cbbd9bf4344855a66c73a3396ebf46c1fa5a033091bd7a3f38e47db1d79f3a041415321d7cd5d705c344036ec2611956dbfd672aee521d

Download Submit
C:\Program Files\Java\jre-1.8\bin\javacpl.exe

Filesize
142KB

MD5
2e292fd53a04ae73495d31ff73b12781

SHA1
9564a1ffd350f9a5506568706d50ccf4ad03d28e

SHA256
4c284cf8596995257456becd52cc842be1a39fd00434d263f133cfe7c6537f2a

SHA512
29cca4ef797392ef8647a2a16dd8427f33bc3733ce9ba8839c8dc03349bfcf600212b1935cf42595aa6793332a8f98658897d99923ce9a4de85f7ee3dbdbc936

Download Submit
C:\Program Files\Java\jre-1.8\bin\javaw.exe

Filesize
333KB

MD5
62b31bd0ea97eee5bd268981c69f9da5

SHA1
9ae385f6d6c41c410e522d94a5f66bbe51a687ba

SHA256
fd28500b40892c3dd5442deba6f6a9f5104bae5e5a446e59d7bba348f931f3da

SHA512
e064975a604b53b9c30513f20875e83f67489206f2a0d2266630cda177bb9ab25ccf6365dade3f37f8c33d056203448d564392b041da9b72a692ccb74568fc0e

Download Submit
C:\Program Files\Java\jre-1.8\bin\javaws.exe

Filesize
540KB

MD5
f6907cf4cfc4f2750560e5df3c6102af

SHA1
2de5018a6bfab1d4974d647d71644012e08b2c40

SHA256
778a565fc85315efecf91c9181eb4256bab92976dd862e9151938f5c84c4179c

SHA512
19d8d47597da0be28b4b63f3446623fe20ba2d556568d5498026ad2fb0d3cdbadac40b900b4f3d6161000eb49debbfe48c9d82680452c2ecaaa1d30d5cb7c9ac

Download Submit
C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe

Filesize
195KB

MD5
9be290bc6682362cc4f25f340513f262

SHA1
02e60caf13ae3cca49b6924645c4955b85270e81

SHA256
a8cc76fd2e243702e8737b3c038cb3317d88267703a57d7dbe067770100f7b7f

SHA512
8e52256a4bb496acf799faf4ab83879234b19eb1aa19286994c86910ff53e72b283a3c3e913a2992b298e38b59db8fb50114a10731b7c47ef355146be6fd9f38

Download Submit
C:\Program Files\Java\jre-1.8\bin\ssvagent.exe

Filesize
138KB

MD5
6ab494aa11c1a63e388071a4514b6444

SHA1
5fb3171dd31bbd64c41c6f333a0d86bcbe94a294

SHA256
39872b31068b38f7edfbfbd90be92d17c3bfb715c335ce18c596d0e8cd45419b

SHA512
550481906e26e8b778e8c3d4673a79fd94488da0e79377143e18cb560053a422ad69adaa267c0d361f40f456a45bae344d29fdc6a34a26cc04f0eeb989ae010e

Download Submit
C:\Program Files\Microsoft Office 15\ClientX64\IntegratedOffice.exe

Filesize
4.3MB

MD5
f54c1b09d78daf943c1ed5292927a3c4

SHA1
594add531cdab873fd5628129123e0e7ab5d5c58

SHA256
7b9d70af0dde934fc6e835eb6962c31e6f6d08a2fe505991fe7d752a4085c161

SHA512
52f56c403a8dcd0026ec645f41ae9e3f58f30e6c3c410433827882c8f229a172e1baef074ba03705ad7a02b3a4582fb12dc362b79ac4dd7f519a3885d3742fe9

Download Submit
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe

Filesize
4.3MB

MD5
a284cdc89f2fa27f774d80651cee9753

SHA1
0bc75a4cf5638271205a5b45c35bbb2b07fe8281

SHA256
8d346d30037ab32115ef066912a84d5cd41bac641841e3c349aa7eff08c70fd3

SHA512
ab9c52e798905414cb4c680d9346789f6d07026d90c4d9b6b5a7d7423b96bb988e3bfc9a69cb4edc4ccfcfe704c7bf1671d904c015952f5567f9ed8dd9a1b143

Download Submit
C:\Program Files\Microsoft Office\root\Client\AppVDllSurrogate64.exe

Filesize
275KB

MD5
162cf268fc74516f29e3e1b5ec5c0387

SHA1
154cd5d5bb81fa71646ff36226c039494fc82ef4

SHA256
918bd1c65f665f646a39a7247db4d2956d105380e3c14904fb6a3ccf3c37bee0

SHA512
1570fd24f52aafec0c53da1358d8e53b626a9c5dc999a9b120f5740271508b5da8af16cc6866e946dcf1dcd282df375f7458e34a761a0daa85187d77062e563e

Download Submit
C:\Program Files\Microsoft Office\root\Client\AppVLP.exe

Filesize
588KB

MD5
5db1f745894f40cabd0ceb2c1b99459b

SHA1
e5e9b4beee817c08f0f08d8c96a31e4518ef3880

SHA256
39a185518b3cb2ef6fe13422ce3f08240a69dbdddf383558c8c152615b33cde9

SHA512
c60f7c694bb848eb9f7c1b1f42a9aa00aa628ba4838b6ec10368a92e81563d9bf437e88fcd62a38bf7842319e173b5b70990c7f825991472694e9f1e93135aee

Download Submit
C:\Program Files\Microsoft Office\root\Integration\Integrator.exe

Filesize
6.8MB

MD5
fe334453db88b9c171a76a696331b4c2

SHA1
198766b5dd8c388146a4afc72372506333db5430

SHA256
2c273b88e7026c758021db3e036377c9178754e16fad62956aa8036c71dc57a9

SHA512
69934b9b6cb2cd00e5b0e18b09b098fc278a2c0816390e5f8f753f67fe8fffa706bd478d98526bfa1ecd22c3f3140c812b568951d3bec307d5eba0ee5715f512

Download Submit
C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exe

Filesize
100KB

MD5
aa278644b2079ee0f59a39ef10b5a5b8

SHA1
8622ab910e94fe027c22355a45a984f73e5dd5b0

SHA256
0a26500684cbb5235c4e5e796c5c6eefb9f4bd34ab2f0be088290dad446ca3e7

SHA512
d882e4a4591c6b2e968e115d7ea54c5c751c9f4fd9b1f11493f47a7b310aa4ac8df41747ab599cb5f77edaa8165d8d3966a2578fe5296cd4699bb260603f78d3

Download Submit
C:\Program Files\Microsoft Office\root\Office16\IEContentService.exe

Filesize
449KB

MD5
99b4a4c37f073850a22d37661453619d

SHA1
cc403a035c8b35262e7ba8bd4e6fdd51d96ac7f3

SHA256
e02c3d176d87655f98ad65f94c3365c11a8a3a6014dc45b46ccd94ad5822d4b3

SHA512
cba681ba3e45e9d1cf25eb8af9e484d28a3c9d690ba7c1cdac6f8c29b2eae6f97617feac9c416aa6ccd5800c859c79b6fdee7379ac64f96b1c55536183a4a958

Download Submit
C:\Program Files\Microsoft Office\root\Office16\PerfBoost.exe

Filesize
877KB

MD5
05af910b09f1334d4eb88974bd8ef535

SHA1
4eff875f202f64d3695044d09cb6d61442161bae

SHA256
be2a1ca4dcf5c5d1390cd4fe3964b4a91f9962876e0714ff3d7012a53bd49ebe

SHA512
de140ac2ac62af66b54addc09cc13c3db134a5f3dd57eac53b0a6e5f2d7c7a3a566969cf9226b44c3fe2ba2bab7fe593a46df71cfa75151a9babf2f931c12295

Download Submit
C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe

Filesize
189KB

MD5
2646ce66662f915c799acb6bb7cbc27d

SHA1
6c235398921f9588d8d0265d80450be52dbf3134

SHA256
79e974d7f5a4115646a9f405dfcf1314d367f96f304a94ef4a054a849c0f55bb

SHA512
39f0d86f1cabe839a708fd3410258c16ecf69dedec24484afbc0e176e3821f9967d0e15bd493e3ef57834fbb59623c967e023c1c26f90fd8de6fcdb2b9a5ce15

Download Submit
C:\Program Files\Microsoft Office\root\Office16\msoadfsb.exe

Filesize
2.0MB

MD5
50f1b28f2639b6f608595330a92cff51

SHA1
fec9d478d28541e3a4e3c2bac1bf4452b8645760

SHA256
ab60d5c5e8092b61fe5d2a44313ff7c2a3fa8a3fae521afde12a99a0aa43388c

SHA512
2e0b95b0cd7ad3484528ad4779fcdca0fd8c756a20aee2175a9846281509b4bae77dfef3fd8a3b8db9626bca59aa2bc0baf7930d27e97cca53f31e46a2c99dea

Download Submit
C:\Program Files\Microsoft Office\root\Office16\msoasb.exe

Filesize
341KB

MD5
34c6b381f3b5d67c7c3633e2a9774110

SHA1
71933708a2a367eb41350a3a0c2a09e72ec0adfa

SHA256
d13a5331153cbf1dce986a350449f7cfcdb814b740893476b08b050621290d22

SHA512
fa5771aa453d690be02ecddc4dcbe22bb425715c8b3dc63c06af5fd7af4370cd2c40ee1e8600eed389c9aa7bdf8208330338eff78d990c2521ed57ab3e5f96da

Download Submit
C:\Program Files\Microsoft Office\root\Office16\msoia.exe

Filesize
6.0MB

MD5
3b56fd138ea8d1613492623f86abb7b5

SHA1
9efda1e47136fe7feb0de28bc766bb3a97674375

SHA256
f06701f076e33e22d5bf1e11f39147982453ef0ef409c640c47d597517484603

SHA512
d5458e7796038ec6a20a606f7ef51868ba42b39f382d8077e44c6c1efcf2d3bb9d649ab39b02a495bed7d004ba754d72102fbb73ae0a3f93f6307139e09e0669

Download Submit
C:\Program Files\Microsoft Office\root\Office16\officeappguardwin32.exe

Filesize
596KB

MD5
ecb2263fd0acd3ed786eab51ef9f3c6b

SHA1
bf3109c1748a1395a5c14dd442015bbe24d6a95d

SHA256
d41c2b0c858c9bd7bb6b5fa366eba8a865c5a62acbc792f5c5815a062fdd011a

SHA512
e60670f4f2119cfb848128a355632f187edb0bf06ac87b27c0ae601cb0452df7b300932dfc3ca4df63b58a3f59300cc618ab4d7453f43a6675a39501db94ebb4

Download Submit
C:\Program Files\Microsoft Office\root\Office16\protocolhandler.exe

Filesize
6.4MB

MD5
7237b1a013988d828df6bba1ce316178

SHA1
e0457a33e2d05cfffb677bc6b1d0a0f3430e688b

SHA256
c7b4069aa6e3e7cfa1f62ca8d19fc255ad1fcbb7cd7c864a6be0527647b3cdf8

SHA512
649a2abbf45430e39a98ce2a0a4bfecae304db2dc4e2fcc6665aa7f882db8ceaa679c329dfe67306a071027f039db82dc132ab8207f59757fa39ba1532fac409

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\OLicenseHeartbeat.exe

Filesize
2.0MB

MD5
620336a91357290f5aa1cfc9e3fbe800

SHA1
2f11646d527d905fd41e46e71f8051c4fb25de16

SHA256
6d9a4d87220325db6b6d9c3aa116873486fa8f2b2be6be84aefa786a86419d8b

SHA512
ec6093ffef6be864f0a1e586a3f69b369c6210c816380bffa64069e93f01121eb171200ddff363b6e49b7bee250c2be47eefd013e5605027f5bccdfb6dacf6ca

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\CANYON\CANYON.INF

Filesize
666B

MD5
3ea52adf6fa7965abcd58c79d066f1a0

SHA1
ebc0c7f7591e08a4991abf5848393489e8c5b8e2

SHA256
1946d338f94b0a456b7dd5cb761d6cd0809d2e93ba6c47ac2204f6abbfc8363a

SHA512
70a95e4873aa4816de701558029e3520202278ab27c478e55e8165f8672490a09cefdef66d2e91352b7f65b2ac2d4c48e55f7fd9fbee021f2c2297393f9abb06

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\CONCRETE\CONCRETE.INF

Filesize
666B

MD5
443239a2522ac2b05d375fe7bda2e972

SHA1
114a0c9faf604e31479e0ef4d3c86bd20b0778a0

SHA256
c0de1487bae4ff2a566550ba51a23483d71b3568e36aa87f878267dbacece6dc

SHA512
c26a080ed646fc4d4739dfc895b34a4fa293bc1c095d5c769450266bd590122a33d2254cb9ad35fae9bf208848d77147103086372159f0f3aa7685466d2d675b

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\DEEPBLUE\DEEPBLUE.INF

Filesize
666B

MD5
75dfde55b2707ba15c477acd118eafbc

SHA1
a9da16dda5dd5fcbc0d01020893343bfe189f79e

SHA256
0d2da1e730c7dccfce799d3f48762f046f99c381841fb90f987df486de85a1b1

SHA512
48cebab167a00b21ed6e7649f59180dc9356bb70dfd4ec43b561a57b9d1fefe160efb8b9a98bf554b890b1669dd0d284a41b6cd7118a114c4799aefceb2fdf25

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\IRIS\IRIS.INF

Filesize
666B

MD5
9e2e1368aa7fc9a5cb172ffeb1f2313d

SHA1
4cd72dd40e475ca05ce2f628d0f3b4b7298642f0

SHA256
9b1d4d4c1ef589c67b091fda72a0ea251ac4221b6db241bf8856c7bcdc372a03

SHA512
f2461efecb4a2925b88d9470aa2a949c09d5eb3f189e4962067b4315cfc369b00bba808e9daa6b3a50d31e27b2199564473f21ede7b060e5f122ed5b2564e291

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\PAPYRUS\PAPYRUS.INF

Filesize
666B

MD5
5d21a8bf0f0fe53ef3f1c08484debca7

SHA1
986e4afe8b22f03dacefd44a8b05e75ed0012648

SHA256
e9238c3459d54ca63f18b3160f8f5744fee1e07f22f5703d8e5773c51f9526b2

SHA512
82bf311da5516ba714a4567b65443d91c7c2f7a59e041c91c75772271a42aa674c690bea1d44a6de418d814d6242147496cccccc6a1195d3c62728fc5f4ce29a

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\SQLDumper.exe

Filesize
222KB

MD5
b9187df7e27cf5da7c4a01b7509c2568

SHA1
0ee192a396ed0eca0f6c7e94313fd9429bb8ef09

SHA256
de0029b343755464b75bc538a05daf8c548420180e1d632fc3f2d1143297713c

SHA512
cff66cce45a611675e308b07fe3726594894440d57c3a513112c4212bd9841ab478c4e800e036642d18c7b60870bdd69fcc2955eb67c8b2cc582b0bc3a2c16e2

Download Submit
C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\ohub32.exe

Filesize
2.0MB

MD5
190eed5d4cc14fc8726fa7098ad8fe45

SHA1
e776bc0a57b7915e7f728c9939e6dc89ef19c09c

SHA256
f60441141b1a2d1562f4edaf479b031898e3cc2e3ddd147658c8325c7ffeeba4

SHA512
1c0a684085cc38d9baa246a92c8c8f6d053c8447e4511842107e24e91298b8c04341ab38ba0e849867cb41bbc63f7783904bbccea011e565ba4edeffe95cc059

Download Submit
C:\Program Files\Mozilla Firefox\crashreporter.exe

Filesize
324KB

MD5
d0372dceb889920e4d3ebc336a1144da

SHA1
eb388a80a64404ceba3ed0f90655f185477cc339

SHA256
e7a2f803416935fefc7595c2dde0bebec5a7de8248e1606baad368463e23bff5

SHA512
371169c6a57bd0822254f9bc462ca33f327650fc8d7ccc90692ea8a9109d123fcdfa0592410e259daee58dd79b2d4195e993b192cbba4ea73721356739c275e5

Download Submit
C:\Program Files\Mozilla Firefox\default-browser-agent.exe

Filesize
803KB

MD5
ea2377bd1c7f0f2cad64cdad04e51be0

SHA1
bb5b232c4213f5b78819bff8a449526819bd9679

SHA256
7d87398b12d3c6b0b89cc14dbfc67e6ce66e7d71970932db92473bb638c12119

SHA512
842fdd1f1f7e29a0ae4daf0c5acaa5c76973f689e309a276f7ab1f570c518eac3e3ec844129d609a82fd9ceb09d10dc68da50a81e38216bee4f584a41190299e

Download Submit
C:\Program Files\Mozilla Firefox\firefox.exe

Filesize
777KB

MD5
573a28767a6684010041d354b8076fdf

SHA1
d332bb1786622e7f75f813db8c188a0ab12cc8dc

SHA256
d0bb43f79a10aff60c25606fe7614aa98408b4d8d747f6d9aee80fa5cc7a09fa

SHA512
db3313e3daf37f0143b867a02fa3cd13191b895a3a9e68809ca3b8534dfb47bd3b352a1093799aed175cb586d1bbccaa217d5353e72335c1f43843c1d544eba7

Download Submit
C:\Program Files\Mozilla Firefox\maintenanceservice.exe

Filesize
301KB

MD5
1236477ae968765109c14a20690f480a

SHA1
c60a0cbf0bc3656b3a4e7d1197da62ba1d193c4f

SHA256
307a1d4cc924912e6ff82bae1526e88559a22569c61a2b700fba17185e388cd4

SHA512
06627ddf6c93325862a8a421a14c46ba312a3ea64af848b61b62d70825f6a319bf6f8b78bb47e88e146cfe95683b98a04262e0bbe3b38bf8fed6b7da20dc3c94

Download Submit
C:\Program Files\Mozilla Firefox\minidump-analyzer.exe

Filesize
829KB

MD5
b6b48fb1a5afc9a37fc03a786cb6b8f5

SHA1
d662cfce807e9b458cd64414acde0105ef0b135f

SHA256
719139a79fa4c0d683a3186be67eda72141a67c0624a5794470c389f17479075

SHA512
71588f1c5e7f783edecc2db76c49635316aa94d947108d163029748497ca9ea9a9e7f504d9516beb25d303b391889020924ed5fe51e15c0071bdd8004ed7afd6

Download Submit
C:\Program Files\Mozilla Firefox\pingsender.exe

Filesize
121KB

MD5
e4d37648e0de3327e61d423b0ab07b30

SHA1
ea0e2255f4542bdf9f36237714407b3cc8843dfb

SHA256
9f67244a9eead46153928bca044bd765ff774b7738ad5333f2a74d8f247c8d7b

SHA512
49210825824c6bce31081e9a58ed96a1352ae8a886a169a0fa09ab17ab16e62bbd7a8ff24628e6267c76a11097f88db152db3b2e4d040cab8d835e9e11b38254

Download Submit
C:\Program Files\Mozilla Firefox\plugin-container.exe

Filesize
392KB

MD5
b2db44c02f9de2e9c44f5b6234802451

SHA1
913f50be7355552ad78fa5b75827236ce5d3165d

SHA256
4e175da790164a298ffb617198a5a15f202b5a76960891534cd18348e8ed1c8a

SHA512
bc20c3385d4fe1229c22b203ce411aa390a231b623f8536be5d34ed0d242293e1f9ae3bebd42f00750dc1d1bcabaefce1535e28a5d67a9719d42a2bd7ca4d525

Download Submit
C:\Program Files\Mozilla Firefox\updater.exe

Filesize
465KB

MD5
7ca19b5dddbffb2b3f31593091c65231

SHA1
c2bebeb30300dc1e9b3918fc0e128fb6301da745

SHA256
c813343f8660a6cdc5b20db52239fde05d1d8c774c5904931ef2e61a64f6f38c

SHA512
7696fb540adeb393b2894d07beaa1ff179ba8ac6dbc9f556fe707ab78fa1abb44288667092c86094ece8eda51f938f4255d359304b959572b384d069620c1a73

Download Submit
C:\Program Files\dotnet\dotnet.exe

Filesize
189KB

MD5
d7501ccef74313b07fb5f3fe5cab0c80

SHA1
4eb2c017ba7939385d34f75dad5b0727114218ea

SHA256
a645c1db391d791a13c7949b8e807f735c6891206bbfa8924e8058a58cc8434a

SHA512
259bfb39a4b2ed5ae979742f6d1958298efbb8c2bd9e98d40e5fa3b34420897184d651a92d03cba7cce0db6cd229b12d0303074c2e0f70ff6e9773ca29fa6602

Download Submit
memory/4396-3-0x000001761E840000-0x000001761E845000-memory.dmp

Filesize
20KB

Download
memory/4396-0-0x000001761E850000-0x000001761E854000-memory.dmp

Filesize
16KB

Download
memory/4396-8-0x000001761E820000-0x000001761E827000-memory.dmp

Filesize
28KB

Download
memory/4396-10-0x000001761E850000-0x000001761E854000-memory.dmp

Filesize
16KB

Download
memory/4396-9-0x000001761E840000-0x000001761E845000-memory.dmp

Filesize
20KB

Download
memory/4396-4-0x000001761E840000-0x000001761E845000-memory.dmp

Filesize
20KB

Download
memory/4396-2-0x00007FF700330000-0x00007FF70037E000-memory.dmp

Filesize
312KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads