4c67e5fbf6064e76323c243ff39cc5595c69046552647c7cb41102c9fbae625c

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
07-08-2024 00:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe
Size

205KB
MD5

887b35a87fb75e2d889694143e3c9014
SHA1

c8be4500127bfce10ab38152a8a5003b75613603
SHA256

78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae
SHA512

98cf0e201092e6d43a7ec5db4d80e6cc20ec9a983098b04597039b244535f78a4096b76bc62e591336b810fafa302e1009a64be6e788f24dcc8b3ac0c8eb930a
SSDEEP

3072:b2HPbwlPLBkWW+DrxsYwvif/Sx+YzM5ul7SaD82gHxoLoPTI1IL7vtJf:bYT0PLB3QNJz6uhbDju6c3LJl

Score

9^/10

discovery persistence ransomware spyware stealer

Malware Config

Signatures

Renames multiple (422) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Adobe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe"	78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3664 set thread context of 3728	3664	78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe	86

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageWideTile.scale-100_contrast-white.png	78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\kk-KZ\View3d\3DViewerProductDescription-universal.xml	78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Modeler.UI.rll	78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-white\PeopleAppList.targetsize-256.png	78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\ShareLogo_15px.png	78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\pt-PT.pak	78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageSmallTile.scale-125_contrast-white.png	78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-96_altform-unplated_contrast-white.png	78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\uk-ua\ui-strings.js	78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe
File opened for modification	C:\Program Files (x86)\Common Files\System\de-DE\wab32res.dll.mui	78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\StoreLogo.scale-200_contrast-black.png	78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-Exchange.scale-250.png	78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxCalendarSmallTile.scale-400.png	78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\PeopleSmallTile.scale-100.png	78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosWideTile.contrast-black_scale-200.png	78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\sat_logo_2x.png	78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\sk-sk\ui-strings.js	78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Locales\he.pak	78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxA-Advanced-Dark.scale-150.png	78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteSmallTile.scale-200.png	78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosLogoExtensions.targetsize-129.png	78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.targetsize-64_altform-lightunplated.png	78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\hu-hu\ui-strings.js	78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.SkypeApp_14.53.77.0_neutral_split.scale-125_kzf8qxf38zg5c\Assets\Images\SkypeMedTile.scale-125.png	78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\Standard.targetsize-24_contrast-white.png	78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-black_targetsize-40.png	78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageAppList.scale-100.png	78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageSplashScreen.scale-100.png	78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AlarmsSplashScreen.contrast-white_scale-125.png	78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\images\themes\dark\example_icons2x.png	78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSectionSmallTile.scale-150.png	78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteReplayCrossHairIcon-1.png	78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-96_altform-unplated_contrast-white.png	78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\images\themeless\mobile_scan_logo.svg	78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteAppList.targetsize-80_altform-unplated.png	78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-16.png	78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\LinkedInboxBadge.scale-125.png	78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\InsiderHubWideTile.scale-100_contrast-white.png	78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\SmallTile.scale-400.png	78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\sendingDark.gif	78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\kb-locked.png	78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\zh-cn\ui-strings.js	78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\AppIcon.targetsize-96.png	78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_delete_18.svg	78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\js\nls\es-es\ui-strings.js	78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe
File opened for modification	C:\Program Files\Windows Defender\it-IT\ProtectionManagement.dll.mui	78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-96_altform-unplated_contrast-white_devicefamily-colorfulunplated.png	78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\Images\Ratings\Yelp3.scale-100.png	78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\SplashScreen.scale-200.png	78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\fi-fi\ui-strings.js	78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\pt-br\ui-strings.js	78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe
File opened for modification	C:\Program Files\Windows Photo Viewer\uk-UA\PhotoViewer.dll.mui	78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\RTL\contrast-black\MedTile.scale-125.png	78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxMailAppList.targetsize-20.png	78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\css\main-selector.css	78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppPackageBadgeLogo.scale-100.png	78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\LTR\contrast-black\MedTile.scale-100.png	78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_cancel_18.svg	78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageSplashScreen.scale-200_contrast-white.png	78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxMailAppList.targetsize-16_altform-unplated.png	78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_reject_18.svg	78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\jopt-simple.md	78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Store\SmallTile.scale-100.png	78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxA-Outlook.scale-125.png	78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe

Modifies system certificate store 2 TTPs 3 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3728	78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe
3728	78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3664	78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 3664 wrote to memory of 3728	3664	78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe	86
PID 3664 wrote to memory of 3728	3664	78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe	86
PID 3664 wrote to memory of 3728	3664	78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe	86
PID 3664 wrote to memory of 3728	3664	78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe	86
PID 3664 wrote to memory of 3728	3664	78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe	86
PID 3664 wrote to memory of 3728	3664	78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe	86
PID 3664 wrote to memory of 3728	3664	78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe	86
PID 3664 wrote to memory of 3728	3664	78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe	86
PID 3664 wrote to memory of 3728	3664	78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe	86
PID 3664 wrote to memory of 3728	3664	78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe	86

C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe
"C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Modifies system certificate store
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3664
- C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe
  "C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe"
  2⤵
  - Adds Run key to start application
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Suspicious behavior: EnumeratesProcesses
  PID:3728

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Crashpad\YOUR_FILES_ARE_DEAD.HTA

Filesize
64KB

MD5
cd757fbda822154d3f8b151c5572a610

SHA1
5e36434255159c68b6a52a9a740431a54eb65242

SHA256
3b0dccad06906f208ae9f9c3c9ec4e048b0c346f705648b310801900654b5c32

SHA512
a1c98ba2c49712be240a6bb4fc6a70eb077502161b3e12e507823d9bc26533e5f41a3a81fd14de355257d2a50fd21b8cda08dee81f10f50551716463b103c89e

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif

Filesize
153B

MD5
4409c9e98062a5f757e3c8e3fee839bc

SHA1
6e20ffdfcb864270e763c9f4617049a821a6f401

SHA256
b8450b62b5134f0dae7eb5fce76c80148c2a8d0779cec2b3bd8bef90da05f61c

SHA512
b0d518004358c42a2d409f51746af16e43de4ccd619652330b9ee7a9e63104c32d82270e8435b34e8077ec0de1554c595b6c2f98106c01b509adb2457daa4f1d

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

Filesize
1KB

MD5
f57d73720bd5e7fdf711a99dd9daa0d6

SHA1
d4de234d9ec3cf360818a8d92a41420c098ec2c0

SHA256
c2b0f6920c4d6308353e15987fef2acf6d8b804ad8487b4f0754d793ffa2ed1d

SHA512
a1f8654b89be42bcb242efbd2b39d2ed4f16bf74a38485a61a969e96d364ef1fb7b4dca5545f71cba3b392be11a7d546cd91f6e6544f40d40664e5ecd5710398

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

Filesize
31KB

MD5
67826868730d9eda7118a7234e9da8fe

SHA1
13c0deeaf3b70598b60eef0dc95dc346c1885e6a

SHA256
56b9d4f428a25e87f1246ddca7cb087b908c68fdb04d4eac2bd04f669055773e

SHA512
f3b5a1f866239bdab2bbfcc2aa13f13823ae28289f2296411deefb6955b4fa42ab750ae2a1ea1241a388632b30e64e79296801a11f9d955ce13bb09f71d900eb

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

Filesize
34KB

MD5
8ba76633e400e777d6ea6f2a48d04c42

SHA1
b03a971ac7164c11266a4f6057cd67ac98d59d52

SHA256
7b94717efb7501cac5d687c84805a716c7e08b71bd843452d537ed6f62ee726d

SHA512
1b396270afb52a271633103587ebcb3e1aff7b209bb958873aec3888c185608ac5cecbf4e609ef20b6e0228fa2c5dd7106fb0f5aa5b0d57474f789ab61024cbe

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

Filesize
23KB

MD5
d14fdee0bbd8a57be56cd3ba34acdec2

SHA1
73839973a706f0382d7e6ccdd1c9370519aedafd

SHA256
7d5daf6c58f8182f8696a8d9033af47284c8a5a865732634e08a83ac790b537d

SHA512
ae605fdfe69e358aaeea0c36336b636193d9767543baeeabf48ba284623fa3f1dc07bcdf34aedae2a6ed7b8cb7359ee0c890c7c0bf4197c4e2e76e63f0ef166f

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

Filesize
2KB

MD5
19ef396589badf75370fabc19653b77b

SHA1
1f8ee237a313c7eee369f3c40dbd6ece84d358b2

SHA256
2eed1481724361de744cbc57d0ac0cfc2a468af5895d8074b7ba1e1fe2a31df7

SHA512
caaa54951ca533568662b25da7b3f50977a72d80346f706cd519fc6c7b53c2cdc569ecdd7ef06f51e689779459bc8c19e57e73054af189dbcfeea9611763c343

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

Filesize
1KB

MD5
2a971ceef8a4b890bd6ef53b29dbf088

SHA1
e7f6645d3aa7d25f244313ca9ffa7e94de831b3f

SHA256
85765922699a46cd12919f9e0d268d9e9eee10f93d25f14be2f3fcdcf1b1b577

SHA512
802ea6598760747d2a95db8bbd9f8f27f303aa8a23ff1ac99af398b06206da93d81fd9e2060fd3386083f24bf6f728f56de6405099c6482218d8813f83dbf9dc

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

Filesize
3KB

MD5
891c86a149e6f64989f1e83f279b83bb

SHA1
689bfc66b17659cba7d68adf0467d5e5a459166b

SHA256
2580280e249c24ffaae709dac7c03c93325e84ff3244451fc97c2fcca8965e67

SHA512
5286c62d626f15d866d18d922fc861e1110aa5251043690fa12600c20108e8d87f444e29847f57adada1d561f8a247ce08135aa19f4a81fd11175e406b4bb0be

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

Filesize
2KB

MD5
3d207c8a08dcec6bbe27cbc6c8f004f4

SHA1
28589b507a412c3204dddc61a20bc0a49bd982fe

SHA256
44884a647dfbbe9914389b833c477f64db09a4a454a938f8ab0fa99b9d6f1f06

SHA512
7b142474a84940e2c1971c43ed94145087225bb0bd79a4e61a7493a747b7aa255de25d76477205fe0f016bcc985ec2b206a3d91c0056de35a6ec017e98d564ac

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

Filesize
5KB

MD5
0c65b950dbebf3f837bb10eaf2e5d0ff

SHA1
9acfe2c4d6dc00ba52a662c14ec43c6f07cac003

SHA256
9617d3f6d948f5443a5ba99803372cb60512913190b2be52b2a0e2976300f6b0

SHA512
53573fea54e008495f6679c210d60945ea7e31ec8b08022610878b20a4b396c0e97b28078255a89d648a482d174b2fc9505a4066116e202d7f0f15541a9e8b61

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

Filesize
17KB

MD5
cfad78ad48050755725d2c4eab96be83

SHA1
8cc65b33b9cab01412b64fc9b97b7f24f5b33f18

SHA256
1ac46832c2b77c752363c89537a2a0732286d6a8994b161d08479164f61f38c3

SHA512
f343e9dd4c4f41835fc77289df2c98f854d05754af174696ee375fd27982e9c81540aa2eee8fbef40bdf613b4612470ae0b203ebac07024337e2d06dcb02ccf6

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

Filesize
320KB

MD5
d313bcbcc55679e7a7e941c5476aa735

SHA1
3506dae85c77c956e22c208d2ab0bcf41fad8e17

SHA256
ff74859e6b2571a9d2dc1a0c0e7ef290b9ed2bdfaf305f65b3ebcfe8322364ef

SHA512
c9771c049472927e3e28c07a5e8600fec95ca77c0160086e1041b06696be952931ba643d59310721ac64340ee2b9059a08db451e8306081a6aadf9e7328180d4

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

Filesize
1KB

MD5
c476d18e3c9f75be25c1499715c87800

SHA1
e22a677e3714607dbd51dafefd5609ea35c15808

SHA256
2db43826393234e13a54d3cfa86aa71e5a1db88e9d38bbff957487f7f53f6719

SHA512
c4e61839bc89d496047888f0af2988938ac2601466eed5f310608c07631e7ff8c6f1fd6ded35d5211ad7f61db13d03a638e2c4e011ee65eddd0f5a56cab94b35

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

Filesize
10KB

MD5
0d9b3f033990729aed1f860973c731a5

SHA1
8f991bff5974f2a02d888b656de0ec1bc450c973

SHA256
a9e551175816614f1cab77f1653e17cdd44992e874692331860ecc22dfd7675f

SHA512
2b00977d3aacab14c3ba3875411c01ed1fd5f3fe7fd86165a1004e34a990f9bcf5ad958ca49dc299f5d560f9fe0746419fd2523180b7b69c1634a00a6b3ec32a

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

Filesize
3KB

MD5
7789b7a233513293230ca86973683399

SHA1
4cfd93226cb5f6c2d75eae22b447cf50aea13e17

SHA256
71c84cef4d313ea01b18ac44527aec0a7b88ccb984f5aa36119776f273f78de8

SHA512
89b7c231f09312eca77c8da6b8f7798bb08e0b67266cd608f3a229a0700eee16e4a9cbb92d966f3a3456d9e06ee1420e12ad60841310f159840f5f75ade2ccf9

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

Filesize
162B

MD5
33b5c6995a09ce9529353ba67c11714f

SHA1
a9f218a51c22b4df33da535b916adecfb2cebf6d

SHA256
d712b7bcfa268276cc36048ee2fbb2994af9c2560b8f6bbc02e785181aeb0b83

SHA512
2246650537c267204e1a11e1f1c70e556526b9d7db6cb401e0e3635958ac176a7bc0cd132b6e4172ecad94674530681666263031153657fbabdeeb1f13f07c26

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

Filesize
1KB

MD5
27bf6fec883a8152821ec22fbe9264eb

SHA1
5cde55d10464eeacf9209a6ef942f59f3ef780c1

SHA256
d3eaf39b66517bb3b36e31347bcfc051f7d376f2b502283779e1f5ca0fbf69c1

SHA512
598f88d051df17cd347e9778e74e62bd197fc804e535d7b44f845ff28eab3536340bff8cfa65a5060e3dd6e9e9ca3b3806c95d8df6e09b0ec78b9521f90164e6

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

Filesize
3KB

MD5
13d3cd82111691296f98990a692c6f1a

SHA1
454fc8a55ef981b49604048cd034940c69bfe09c

SHA256
6d0fa5ecd4c29c890376d71e6f56e3bdbdbc9850c98b6cf80a128868b8af08e6

SHA512
4f05de2469748040e93707f7836362aaa06d225bc43d852a79a3e58caeb315e3954a4dc4c258bc3e597b0c3f3678e25cc5f082535f1dc534fd80184d9e9afa0b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

Filesize
1KB

MD5
a63d0186299ad35e4b03282aa96f0bb7

SHA1
1891a5f4abbdf9ed095e7100846c5820477eccd6

SHA256
6d1885dfb9b728cf72d8f5e5922cbb2096030bdd9e2fbab979d939c2f669e2e8

SHA512
37c53b2a7cf156afb6cc8a42c31bf93ef8fb32cfe9ff1224452843135b3b2b267a6d440cf0181bf8b878cb34592b41f990885dfba71dd1c4ececdeff1fe31611

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

Filesize
28KB

MD5
0c06a7b70c90c634c60d6e2c68092123

SHA1
72160227cd391ff23c89fcaf5fc9da89e03002f1

SHA256
412fe8b90f67945e6f688665c5e687c2ddcbfc808c1eca8f443c0e1e985106e9

SHA512
f68f43cf4d6436b8afe7dd8747abc5580b16e08f0b9479593ccbd6bd1480d189583f5b76f16d9c83c5a46e3effa999b1cfec94ac57fbc92db153014ceb48ca9b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

Filesize
2KB

MD5
dffcc2102071394f85d6b97f18bcc4a3

SHA1
5f2a239e0032c343b3ac0d8cf7caefe2a5664ed6

SHA256
e75daf67da611c3365ce9b58a147fce85349c3b72eba73ef87cbcc9d4dabf5ac

SHA512
70d249daa05d54ea9d62fb863041b33f7620bd7e3b723fe7bf3ae59e0f2b2f095ff52e1db44ff857a037f40937446b7585a054bb7f08d162ef28b34b15658b49

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

Filesize
1KB

MD5
e2434303f6d73508ce2a724fdfad4c83

SHA1
aac468e787bf57551a5f0a304205e262c0ab0598

SHA256
a7e97a54c9b3579c117a123809b6dabc8506ac1f443b48e2ee4dd7e96a6c49c8

SHA512
2473947d22fbe6f417033570ef71529a0aaeb98f57425e620be0d8614033146311dfcf10de5651255e8b52068184aa89c579487aa0aa4ffcea7a4b6c6fa594b0

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

Filesize
2KB

MD5
476f006acf9d0350bf9b90c52efd8991

SHA1
c24a7aa9c3c80487fba0362fbf27c3d9f0d95f7b

SHA256
63027bc5f1d7c58cafe1d2c2cddf3ba7ed01510700ce9a7562753e667ac42f51

SHA512
e203da3afe5372c0739aaa36ba4dce6b1fe310da7585d920021376b15cb75c182a47add466ca8450d4aaa9ed67b3abdb0ed5787b215835456a2db55abe83f233

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

Filesize
1KB

MD5
cdbd4e4b0a2b32707741855b51e966af

SHA1
3f8bbc710b04156326ef3a766326380174d85ed8

SHA256
0ac09e409d2fbd485757d566064f1a27e3d0a9603e008d122c57f2fe6183982d

SHA512
48c273090141ad405ac2e46f4c53b9102d6a682cca5ee9ef4334ec49205dbe1769dd7b3d56ab7966000d624e01767f7c030e9c394414319bca6c5ef88fd4d79c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

Filesize
1KB

MD5
5f75ef2c8a6e94da341d4b53431049f1

SHA1
8b8d61ba4220ecba7da9f6b2693d5bccb09b6f84

SHA256
63805dc79907f205cd7dfdb6e0f06604ab37f261cdfb46a57e94336ea14fa088

SHA512
480a2991c4018b2cf751ebe34e4174b7e0527189f833476864c8daaa3c02a0530e1a2fdf6314beaf71144f0c89bd4a384fd1aadcf88ce79c4716250cae71758b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

Filesize
1KB

MD5
c0f1ec05dcbefcd5df0317f98f10d5e0

SHA1
c198ed67a442960cf71eae4e31ede8465c9b1936

SHA256
09c9ec06de5d491ee71eb3b2705fa7b51a74d4037ac66f92695c6ab2b389891c

SHA512
8259797930ca4b9c535d938c4cd1c978463fbb3b99befbf486da14b55aea22b84438f4b554d6a4f7b144015f1d42422a02426045d7248ee1e5df8bf3ec8bc899

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

Filesize
3KB

MD5
6c8ebfa3ac3469439016380c278b027a

SHA1
f679d6a26e30c634e9e2d884af01f9e18c1e4a41

SHA256
71ddfefabe8daf55eaf9b89498be2c5bc23ffd0da14a27b656443422d24f2b83

SHA512
23c7e73f56fb3fcc78898050643ba05f0e7441b4edfdc97c3d52fee87a2be8f65026887f2f89bdc088a8f0afe9c4b4e72cb80a464b2def9853e3aa6c7c485f35

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

Filesize
2KB

MD5
cd11684af62e8522320db85fa5cbf673

SHA1
322516ee91896d8d1aec7fbd72d501ebd2962dc8

SHA256
a4055345acaffd3871b484e043052466cdcc774611bcf0ff5854417cd71bfddc

SHA512
ce81116a965aa782ded4e73f415355850e311712a6ab70b931e6ee887ac21efa90212b524081b2e200d259f2ad80980d8f21ca855ed452ad0a1b519ad022b6aa

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

Filesize
6KB

MD5
72b61a1212aeae44f1fa740a8f882523

SHA1
6147c70bd81803bd28c6226c3ca16f508f67e084

SHA256
0d6d799a80eb5997ac80cb90cf5b9b047961064fc129a879eec0a9008272a99f

SHA512
9f9b0d208a97c302aaab126f137f1b74e83a5e657b74553d8d3564218db6e9579646f177d9a7222c9b2e0dc22caccd0c52f219379434c04e66f73142dee41dd2

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

Filesize
5KB

MD5
f5c2951068baeae656154437603caf35

SHA1
135e173097ce45c2710dd4bc7f05229e675628d5

SHA256
1f86eda2da46473846d9a494c2396ba9bccde3fe1f16d512f12634407c28708d

SHA512
b9c51be257912d6b8d56f261c8cdef2e8f912e1660e0bf4193fb1abb1add250d456aaefd870e1c171388dee0085216866ec989f045cf225a6e1dde8f0f4465c5

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

Filesize
3KB

MD5
0e69d2363dfe3e9d130c0ef6521e968d

SHA1
8d6fbf3b2752bf8a349c125892bf9b0490d84488

SHA256
4a0d1fb0e7793c9c6543b624e8e64ddef27ce1a78bdfef9b7560cfdd1ce9bcc8

SHA512
0b8edc066fc455f58b7e87a812f21c443964229d7b7a92f49efbd6bde0d9650f6f0bdde48b0235f6fb2d6b856863e9513c39e6528f09302febbef640dcf1c415

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

Filesize
2KB

MD5
718a2a06353afacbfc1cd37ebf1ea7d5

SHA1
169bf3449ee4ca06e5acc4adf4958e93c4356b58

SHA256
83fe2db31234f9ce3b511fd23c79d60f09f6af11d52f7071a3d0f8a7281e3f44

SHA512
b3d8b5e574ef2c74db455508c6588a0f6c563589cd79d1001937f7ee5d5a45ac9ff2f14343ee5fe181d47e8fb169a0eab728ed9084730ca63d6b564a281a7db6

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

Filesize
2KB

MD5
de03d40ea834f088ef4128d3bb41227d

SHA1
424da2995ec97787510205111d7a7112a94945ea

SHA256
7011492f98b07ca18d6d56d4d11fbe82c110db973cddd6d9dbd18919f325f14b

SHA512
fad6d7ea8708383ce699ea5a0931d1efffa7b458f3778f26353c838921dfc6112c980da9c92a7ce660784cfe567ca9b7e3f584c437cdbfd1523cc0061d7d9638

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

Filesize
1KB

MD5
05e5f50fa4fb9e6d13fbf38e48540f54

SHA1
0f62a0971838c28a9c76f14bf2668110b64d43ab

SHA256
0fe2346e19f045d16ca2736706d49b645185e40c8cac30fb98549110b7dbd541

SHA512
542635d98b678f926dddd2530d88d1ad177bb6e1ee7a49a1068c21030c6244a71ce9cfc30540bfa518f8bab86b4c44d92dafcca0e4e9c1c685be14ea539e93a1

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

Filesize
1KB

MD5
6aaed819ae8e0ee099d0c767051aca8f

SHA1
5e17de71ba87010d4c6262b7ca06fbcd4bf10d00

SHA256
8bf3e6008d75fa88143165cc4964034cd0ab6981c5c5b499d91fc98c250e25ac

SHA512
aa68811bfb81c36761ea915c5307116a306b5f0aaa21115ad6789fb05bf9b040b3d5c1a1164c24f13150461ad257b28cbf2d74f568280a4a74027ee205827ac9

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

Filesize
11KB

MD5
766b7e251eb7b9d862e0870caf3e6290

SHA1
38f2188d041a706c29098a969fbdfcdbf566958e

SHA256
47abfd94d6e282ae8bd3ebbedbc2e064b57026ec338a86d71d026767796324e3

SHA512
f336c753e10d7303e1a8f1aad50bd796b277254db2bba7873ecfd5cb3b8ec8343f2f2ff249abdb6334ec4863db371d9c2b3f6d971b7d8664a7c1976c78434815

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

Filesize
1KB

MD5
fcd8ec86f0d26c597d9de7f48061c4ed

SHA1
dc18e00ae5baabe5f4513c3793f2bd2cbda99115

SHA256
74bde91e9794d29541b7841d6055c69fa63542b209793b03388c357eb4921700

SHA512
8ffc6fec2bd251b124ab763fc587c24eaad954bc58f41fa914def0259ac5a7e9f0a966d3e8b5b06ec3acffd209f546c7e923c3a082933c51036e0c7e1388d213

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

Filesize
2KB

MD5
763f2fc3984744f426994c807c320f6f

SHA1
ddfe5d68b5285653a8a2f32c8ae256122cc6af00

SHA256
460f1ec4cb7011d2fbaa52c60d13dff6fd59593e4b01a9b0990f7da144b753d7

SHA512
8d5e1548bd595997435c330d824caf47d8d40451d93862470c37008976277eb4ee349d906c2903176c9d7e006964d4006e78d726a41846e5b3f4b83fc05ba037

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

Filesize
11KB

MD5
7f942d73919581abd3bd9b434c08f69d

SHA1
57ca60dd01bf3f1b9fa1ed3673b629697ab068ea

SHA256
e60a8b21ed39273ef1fe532ddb0e88e49c8ef84033180048fe9afda5bf57a149

SHA512
df44313df6633a603ed4f7eceb42cc3c59fb18697edb3e3e53bdcb325fe4950180f48e5cd3dfdbe71bbe54365b9a24f2434ed80810f1203715a16183a340c322

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

Filesize
11KB

MD5
d251ee4ceb2bdf6b4193a8e70acae01a

SHA1
f7821d0667e1e96d0692c92ecbfe3b75148f80bd

SHA256
862e8096b8924643cc139ca0d6e1dd206071ba7c9b819616903c7fb2a3fa7ff5

SHA512
0ff1014d58efc4d53c4b7df8e8634629149bcf76c09b3c8fb72c6c799e280f4069b4e8491d37bce84c2f6560ae0dc711f677af292aa24e0881adcacd8b1568ac

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

Filesize
11KB

MD5
45c542b1cf6ac75935ec0282f906706d

SHA1
2850ca404b78ac4d4c4074d97a6b69a75eabd2a1

SHA256
9c6a0eb14beb0a7cb99e3773db0c66e5d3cb156c364b8d9c1b971e488657a482

SHA512
e5f18e3ab9faee7ff5be9b4c4d90792d62ee619f4ce5ea7207f3cacd3393d363d0430033ea65e62b4a6a2b7e59d825304a0a05758b3a6b8b84f31ede459c289b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

Filesize
1011B

MD5
81aeda81c29d665b4bf2bdc869bfb787

SHA1
81947bd2808f6a7d2965f2b1686175a5092ef3c0

SHA256
881ca01cd200db40fdc99cf71b7ea6cb05a3791f706e1c70d7544d729e716268

SHA512
ed6fcd0e15df3c2713ec29ad0f94b4a4f9d616a8f391a7f9ee1d864aeec9ee6210e6ba68b36b32bdfcb0c4b72bdd8c6b4fb89e6282364cb27e9e9bf367d67981

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe.log

Filesize
319B

MD5
da4fafeffe21b7cb3a8c170ca7911976

SHA1
50ef77e2451ab60f93f4db88325b897d215be5ad

SHA256
7341a4a13e81cbb5b7f39ec47bb45f84836b08b8d8e3ea231d2c7dad982094f7

SHA512
0bc24b69460f31a0ebc0628b99908d818ee85feb7e4b663271d9375b30cced0cd55a0bbf8edff1281a4c886ddf4476ffc989c283069cdcb1235ffcb265580fc6

Download Submit
memory/3664-22-0x0000000074A90000-0x0000000075041000-memory.dmp

Filesize
5.7MB

Download
memory/3664-2-0x0000000074A90000-0x0000000075041000-memory.dmp

Filesize
5.7MB

Download
memory/3664-1-0x0000000074A90000-0x0000000075041000-memory.dmp

Filesize
5.7MB

Download
memory/3664-0-0x0000000074A92000-0x0000000074A93000-memory.dmp

Filesize
4KB

Download
memory/3728-15-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3728-18-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3728-17-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3728-20-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3728-16-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3728-14-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download