Analysis Overview
SHA256
78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae
Threat Level: Likely malicious
The file 78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae was found to be: Likely malicious.
Malicious Activity Summary
Renames multiple (417) files with added filename extension
Renames multiple (850) files with added filename extension
Reads user/profile data of web browsers
Adds Run key to start application
Checks installed software on the system
Suspicious use of SetThreadContext
Drops file in Program Files directory
System Location Discovery: System Language Discovery
Suspicious use of WriteProcessMemory
Modifies system certificate store
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Checks processor information in registry
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-10-16 17:59
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-16 17:59
Reported
2024-10-16 18:01
Platform
win7-20240903-en
Max time kernel
142s
Max time network
122s
Command Line
Signatures
Renames multiple (850) files with added filename extension
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\Adobe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe" | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
Checks installed software on the system
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 2444 set thread context of 2956 | N/A | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core_zh_CN.jar | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\settings.html | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Colors\Metro.xml | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Templates\1033\ExecutiveMergeLetter.dotx | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files\Windows Media Player\it-IT\WMPDMCCore.dll.mui | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_m.png | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\TASKREQ.CFG | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\ADD.GIF | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsBlankPage.html | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\EXPLR_01.MID | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0382960.JPG | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR43F.GIF | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR44F.GIF | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\POSTS.ICO | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_dot.png | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsPreviewTemplate.html | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ProjectStatusIconsMask.bmp | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\tipresx.dll.mui | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-back-static.png | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationLeft_ButtonGraphic.png | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files\Windows Media Player\fr-FR\wmplayer.exe.mui | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\js\calendar.js | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\(144DPI)redStateIcon.png | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\jhall-2.0_05.jar | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-windows.xml | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveDocumentReview\BodyPaneBackground.jpg | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waxing-gibbous_partly-cloudy.png | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_corner_bottom_right.png | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Stationery\1033\PINELUMB.HTM | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\drag.png | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0386764.JPG | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-spi-quicksearch_zh_CN.jar | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\ink\de-DE\TipBand.dll.mui | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\de-DE\calendar.html | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\square.png | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\css\flyout.css | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\System\msadc\ja-JP\msadcer.dll.mui | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\en-US\js\weather.js | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-first-quarter.png | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mshwLatin.dll.mui | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.core_5.5.0.165303.jar | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_corner_top_left.png | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\de-DE\gadget.xml | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\in_sidebar\slideshow_glass_frame.png | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\de-DE\WMM2CLIP.dll.mui | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\7.png | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\requests\vlm_cmd.xml | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\de-DE\css\settings.css | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Fonts\Foundry.xml | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD14845_.GIF | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\js\clock.js | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.core_5.5.0.165303\feature.xml | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\OMSMMS.CFG | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files\Windows Journal\es-ES\JNTFiltr.dll.mui | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files\Windows Media Player\it-IT\wmpnssci.dll.mui | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\8.png | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\System\msadc\fr-FR\msadcfr.dll.mui | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-background.png | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\flyout_background.png | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Bibliography\Style\ISO690Nmerical.XSL | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\javafx-doclet.jar | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\license.html | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe
"C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe"
C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe
"C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | onion1.pw | udp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| GB | 2.19.117.18:80 | crl.microsoft.com | tcp |
Files
memory/2444-0-0x0000000073E01000-0x0000000073E02000-memory.dmp
memory/2444-1-0x0000000073E00000-0x00000000743AB000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\CabBBB3.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarBC71.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
memory/2956-36-0x0000000000070000-0x0000000000090000-memory.dmp
memory/2956-38-0x0000000000070000-0x0000000000090000-memory.dmp
memory/2956-62-0x0000000000070000-0x0000000000090000-memory.dmp
memory/2956-58-0x0000000000070000-0x0000000000090000-memory.dmp
memory/2956-53-0x000000007EFDE000-0x000000007EFDF000-memory.dmp
memory/2956-52-0x0000000000070000-0x0000000000090000-memory.dmp
memory/2956-49-0x0000000000070000-0x0000000000090000-memory.dmp
memory/2956-46-0x0000000000070000-0x0000000000090000-memory.dmp
memory/2956-43-0x0000000000070000-0x0000000000090000-memory.dmp
memory/2956-40-0x0000000000070000-0x0000000000090000-memory.dmp
memory/2444-63-0x0000000073E00000-0x00000000743AB000-memory.dmp
C:\MSOCache\All Users\{90140000-001A-0409-0000-0000000FF1CE}-C\YOUR_FILES_ARE_DEAD.HTA
| MD5 | 9e6b8c54e0524be8dd90c966b6e95ac0 |
| SHA1 | e31b51250f757877d176b11bed4f5e1d1a927e92 |
| SHA256 | 93ca5b210c0058a890009ddd9c897ac93bc6c2679332743625ef547ae8766305 |
| SHA512 | 167daf78a8b31e8b66761b2b8f24f520bf628085a24a4d07fdde39080aa7943f302f1c5f5498843418230276485406ae5d9e40ab2614ccb80e3b7710f74e930d |
C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif
| MD5 | 4409c9e98062a5f757e3c8e3fee839bc |
| SHA1 | 6e20ffdfcb864270e763c9f4617049a821a6f401 |
| SHA256 | b8450b62b5134f0dae7eb5fce76c80148c2a8d0779cec2b3bd8bef90da05f61c |
| SHA512 | b0d518004358c42a2d409f51746af16e43de4ccd619652330b9ee7a9e63104c32d82270e8435b34e8077ec0de1554c595b6c2f98106c01b509adb2457daa4f1d |
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html
| MD5 | 183e29c93888b0d2c4d6ddbf631b82b5 |
| SHA1 | 573e5626fff28e569bf384ef3996af24a7a2f5c4 |
| SHA256 | a66c1a5eef6b01b78931da6d0f8d327acabe23bfcc6285b0477704c7a860ef78 |
| SHA512 | 9b58d02e98c6be11667a2d8b098c80f246249b8a1bf8f80ca18c26283494bd6923b568f37159b72bc220da0a51fe0ff5475b3cccfb9a14d4a6bbafc7f68d1e86 |
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html
| MD5 | 138d7f4c76025b1f7415fe5c60eabe7b |
| SHA1 | f9623da64f753e4993761af23d9da4880258c7d3 |
| SHA256 | ae3e8b032799e6cae95820c19f27d5701b3ae308874ca1e008efe7ba3ced1220 |
| SHA512 | 7ccdb148ac0dceab39a4884df0c0a334e33f5ac277e08e70939b22cb88f79e283d74c2765e59a16142742f5b71f7fe7b22c2baf6de0cd16ca8c5fb46e4e8afdd |
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt
| MD5 | 44ea6f08a52b4a8a3fb8adf59f2623b9 |
| SHA1 | 6267a7e0a48920c165116a89188b47ca988cec4a |
| SHA256 | 54987f29afbd7614df6b4f7f851644a8bf056b93ad741bc644dd025a7c2d868b |
| SHA512 | 1e632e5fb7f011174775875801452b7d5c52846a59581413ccbb196c55e5d259a90221ec0b5a50ec9b51dca0608a258487087b6f48c46dd45ba321bae3416140 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-16 17:59
Reported
2024-10-16 18:01
Platform
win10v2004-20241007-en
Max time kernel
146s
Max time network
126s
Command Line
Signatures
Renames multiple (417) files with added filename extension
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Adobe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe" | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
Checks installed software on the system
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 4148 set thread context of 1196 | N/A | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ink\ja-JP\mshwLatin.dll.mui | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-80_altform-lightunplated.png | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\MapsStoreLogo.scale-200.png | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Locales\bg.pak | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\kn.pak | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\423x173\5.jpg | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSplashLogo.scale-250.png | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.targetsize-30_altform-unplated.png | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\Dismiss.scale-80.png | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\cs-cz\ui-strings.js | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Resources\1033\msmdsrvi_xl.rll | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files\Windows Defender\fr-FR\MsMpRes.dll.mui | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_neutral_split.scale-100_kzf8qxf38zg5c\Assets\Images\SkypeWideTile.scale-100_contrast-black.png | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-80_altform-unplated_contrast-black.png | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\LTR\contrast-white\LargeTile.scale-100.png | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\es.pak | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\WorldClockWideTile.contrast-black_scale-125.png | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Images\thumb_stats_render_sm.png | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_neutral_split.scale-125_8wekyb3d8bbwe\AppxBlockMap.xml | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\StoreLargeTile.scale-100.png | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\GenericMailBadge.scale-200.png | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\download.svg | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-flag-dark.png | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\Weather_SplashScreen.scale-200.png | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2018.826.98.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraMedTile.contrast-black_scale-200.png | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\LinkedInboxWideTile.scale-150.png | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\RTL\contrast-white\SmallTile.scale-100.png | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\MapsSplashScreen.scale-200.png | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarWideTile.scale-125.png | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-32_contrast-white.png | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_2.34.28001.0_x64__8wekyb3d8bbwe\Assets\GameBar_LargeTile.scale-200.png | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\AppIcon.scale-100.png | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL087.XML | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\Cultures\OFFICE.ODF | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\183.png | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSectionGroupLargeTile.scale-100.png | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win-scrollbar\themes\dark\arrow-left.png | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\plugin.js | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\OutlookMailWideTile.scale-100.png | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\zh-cn\ui-strings.js | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\sk-sk\ui-strings.js | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BLUECALM\THMBNAIL.PNG | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ScreenSketch_10.1907.2471.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\ScreenSketchSquare150x150Logo.scale-125_contrast-white.png | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\Background_Cliffhouse.jpg | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosLogoExtensions.targetsize-16.png | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.Xbox.TCUI_1.23.28002.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\AppxBundleManifest.xml | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\DVA.api | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\sendforcomments.svg | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\he-il\ui-strings.js | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Store\Wide310x150Logo.scale-200.png | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\MixedRealityPortalSplashScreen.scale-100_contrast-black.png | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteNotebookMedTile.scale-125.png | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\EmptySearch.scale-125.png | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Welcome.pdf | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\StoreLogo.scale-150_contrast-black.png | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNotePageSmallTile.scale-400.png | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\LinkedInboxLargeTile.scale-400.png | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\eml.scale-48.png | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL082.XML | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Home\contrast-black\LargeTile.scale-125.png | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\LiveTile\W4.png | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-16.png | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\MapsSmallTile.scale-200.png | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe
"C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe"
C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe
"C:\Users\Admin\AppData\Local\Temp\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.28.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 73.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | onion1.pw | udp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.201.86.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
Files
memory/4148-0-0x0000000074742000-0x0000000074743000-memory.dmp
memory/4148-1-0x0000000074740000-0x0000000074CF1000-memory.dmp
memory/4148-2-0x0000000074740000-0x0000000074CF1000-memory.dmp
memory/1196-17-0x0000000000400000-0x0000000000420000-memory.dmp
memory/1196-19-0x0000000000400000-0x0000000000420000-memory.dmp
memory/1196-16-0x0000000000400000-0x0000000000420000-memory.dmp
memory/1196-18-0x0000000000400000-0x0000000000420000-memory.dmp
memory/1196-15-0x0000000000400000-0x0000000000420000-memory.dmp
memory/1196-22-0x0000000000400000-0x0000000000420000-memory.dmp
memory/4148-23-0x0000000074740000-0x0000000074CF1000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\78cc9626bb8d6f9d8ddf8236c197894a86f9d54a294b38c9c0b82744496b3fae.exe.log
| MD5 | da4fafeffe21b7cb3a8c170ca7911976 |
| SHA1 | 50ef77e2451ab60f93f4db88325b897d215be5ad |
| SHA256 | 7341a4a13e81cbb5b7f39ec47bb45f84836b08b8d8e3ea231d2c7dad982094f7 |
| SHA512 | 0bc24b69460f31a0ebc0628b99908d818ee85feb7e4b663271d9375b30cced0cd55a0bbf8edff1281a4c886ddf4476ffc989c283069cdcb1235ffcb265580fc6 |
C:\Program Files\YOUR_FILES_ARE_DEAD.HTA
| MD5 | 6fa12df9873683367fb01bfa86347aa9 |
| SHA1 | c1365be4e904a1f398a45a43e7fb7eb9785e3f51 |
| SHA256 | 8af969ee1632ce18afcabc7b0ce316b2efee06d227a74eb843f1288d166f530b |
| SHA512 | 2d26178273cb6c4ff905819bb7460a681d4db5d1af29786de2a4a1738237bf6fb23931abf26c8d1e23305af2446e1cc86a4b8ab29a75b1948f693d3c169e10df |
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif
| MD5 | 4409c9e98062a5f757e3c8e3fee839bc |
| SHA1 | 6e20ffdfcb864270e763c9f4617049a821a6f401 |
| SHA256 | b8450b62b5134f0dae7eb5fce76c80148c2a8d0779cec2b3bd8bef90da05f61c |
| SHA512 | b0d518004358c42a2d409f51746af16e43de4ccd619652330b9ee7a9e63104c32d82270e8435b34e8077ec0de1554c595b6c2f98106c01b509adb2457daa4f1d |
C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md
| MD5 | f57d73720bd5e7fdf711a99dd9daa0d6 |
| SHA1 | d4de234d9ec3cf360818a8d92a41420c098ec2c0 |
| SHA256 | c2b0f6920c4d6308353e15987fef2acf6d8b804ad8487b4f0754d793ffa2ed1d |
| SHA512 | a1f8654b89be42bcb242efbd2b39d2ed4f16bf74a38485a61a969e96d364ef1fb7b4dca5545f71cba3b392be11a7d546cd91f6e6544f40d40664e5ecd5710398 |
C:\Program Files\Java\jre-1.8\legal\javafx\glib.md
| MD5 | 67826868730d9eda7118a7234e9da8fe |
| SHA1 | 13c0deeaf3b70598b60eef0dc95dc346c1885e6a |
| SHA256 | 56b9d4f428a25e87f1246ddca7cb087b908c68fdb04d4eac2bd04f669055773e |
| SHA512 | f3b5a1f866239bdab2bbfcc2aa13f13823ae28289f2296411deefb6955b4fa42ab750ae2a1ea1241a388632b30e64e79296801a11f9d955ce13bb09f71d900eb |
C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md
| MD5 | 8ba76633e400e777d6ea6f2a48d04c42 |
| SHA1 | b03a971ac7164c11266a4f6057cd67ac98d59d52 |
| SHA256 | 7b94717efb7501cac5d687c84805a716c7e08b71bd843452d537ed6f62ee726d |
| SHA512 | 1b396270afb52a271633103587ebcb3e1aff7b209bb958873aec3888c185608ac5cecbf4e609ef20b6e0228fa2c5dd7106fb0f5aa5b0d57474f789ab61024cbe |
C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md
| MD5 | d14fdee0bbd8a57be56cd3ba34acdec2 |
| SHA1 | 73839973a706f0382d7e6ccdd1c9370519aedafd |
| SHA256 | 7d5daf6c58f8182f8696a8d9033af47284c8a5a865732634e08a83ac790b537d |
| SHA512 | ae605fdfe69e358aaeea0c36336b636193d9767543baeeabf48ba284623fa3f1dc07bcdf34aedae2a6ed7b8cb7359ee0c890c7c0bf4197c4e2e76e63f0ef166f |
C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md
| MD5 | 19ef396589badf75370fabc19653b77b |
| SHA1 | 1f8ee237a313c7eee369f3c40dbd6ece84d358b2 |
| SHA256 | 2eed1481724361de744cbc57d0ac0cfc2a468af5895d8074b7ba1e1fe2a31df7 |
| SHA512 | caaa54951ca533568662b25da7b3f50977a72d80346f706cd519fc6c7b53c2cdc569ecdd7ef06f51e689779459bc8c19e57e73054af189dbcfeea9611763c343 |
C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md
| MD5 | 2a971ceef8a4b890bd6ef53b29dbf088 |
| SHA1 | e7f6645d3aa7d25f244313ca9ffa7e94de831b3f |
| SHA256 | 85765922699a46cd12919f9e0d268d9e9eee10f93d25f14be2f3fcdcf1b1b577 |
| SHA512 | 802ea6598760747d2a95db8bbd9f8f27f303aa8a23ff1ac99af398b06206da93d81fd9e2060fd3386083f24bf6f728f56de6405099c6482218d8813f83dbf9dc |
C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md
| MD5 | 891c86a149e6f64989f1e83f279b83bb |
| SHA1 | 689bfc66b17659cba7d68adf0467d5e5a459166b |
| SHA256 | 2580280e249c24ffaae709dac7c03c93325e84ff3244451fc97c2fcca8965e67 |
| SHA512 | 5286c62d626f15d866d18d922fc861e1110aa5251043690fa12600c20108e8d87f444e29847f57adada1d561f8a247ce08135aa19f4a81fd11175e406b4bb0be |
C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md
| MD5 | 3d207c8a08dcec6bbe27cbc6c8f004f4 |
| SHA1 | 28589b507a412c3204dddc61a20bc0a49bd982fe |
| SHA256 | 44884a647dfbbe9914389b833c477f64db09a4a454a938f8ab0fa99b9d6f1f06 |
| SHA512 | 7b142474a84940e2c1971c43ed94145087225bb0bd79a4e61a7493a747b7aa255de25d76477205fe0f016bcc985ec2b206a3d91c0056de35a6ec017e98d564ac |
C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md
| MD5 | 0c65b950dbebf3f837bb10eaf2e5d0ff |
| SHA1 | 9acfe2c4d6dc00ba52a662c14ec43c6f07cac003 |
| SHA256 | 9617d3f6d948f5443a5ba99803372cb60512913190b2be52b2a0e2976300f6b0 |
| SHA512 | 53573fea54e008495f6679c210d60945ea7e31ec8b08022610878b20a4b396c0e97b28078255a89d648a482d174b2fc9505a4066116e202d7f0f15541a9e8b61 |
C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md
| MD5 | cfad78ad48050755725d2c4eab96be83 |
| SHA1 | 8cc65b33b9cab01412b64fc9b97b7f24f5b33f18 |
| SHA256 | 1ac46832c2b77c752363c89537a2a0732286d6a8994b161d08479164f61f38c3 |
| SHA512 | f343e9dd4c4f41835fc77289df2c98f854d05754af174696ee375fd27982e9c81540aa2eee8fbef40bdf613b4612470ae0b203ebac07024337e2d06dcb02ccf6 |
C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md
| MD5 | d313bcbcc55679e7a7e941c5476aa735 |
| SHA1 | 3506dae85c77c956e22c208d2ab0bcf41fad8e17 |
| SHA256 | ff74859e6b2571a9d2dc1a0c0e7ef290b9ed2bdfaf305f65b3ebcfe8322364ef |
| SHA512 | c9771c049472927e3e28c07a5e8600fec95ca77c0160086e1041b06696be952931ba643d59310721ac64340ee2b9059a08db451e8306081a6aadf9e7328180d4 |
C:\Program Files\Java\jre-1.8\legal\jdk\asm.md
| MD5 | c476d18e3c9f75be25c1499715c87800 |
| SHA1 | e22a677e3714607dbd51dafefd5609ea35c15808 |
| SHA256 | 2db43826393234e13a54d3cfa86aa71e5a1db88e9d38bbff957487f7f53f6719 |
| SHA512 | c4e61839bc89d496047888f0af2988938ac2601466eed5f310608c07631e7ff8c6f1fd6ded35d5211ad7f61db13d03a638e2c4e011ee65eddd0f5a56cab94b35 |
C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md
| MD5 | 0d9b3f033990729aed1f860973c731a5 |
| SHA1 | 8f991bff5974f2a02d888b656de0ec1bc450c973 |
| SHA256 | a9e551175816614f1cab77f1653e17cdd44992e874692331860ecc22dfd7675f |
| SHA512 | 2b00977d3aacab14c3ba3875411c01ed1fd5f3fe7fd86165a1004e34a990f9bcf5ad958ca49dc299f5d560f9fe0746419fd2523180b7b69c1634a00a6b3ec32a |
C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md
| MD5 | 7789b7a233513293230ca86973683399 |
| SHA1 | 4cfd93226cb5f6c2d75eae22b447cf50aea13e17 |
| SHA256 | 71c84cef4d313ea01b18ac44527aec0a7b88ccb984f5aa36119776f273f78de8 |
| SHA512 | 89b7c231f09312eca77c8da6b8f7798bb08e0b67266cd608f3a229a0700eee16e4a9cbb92d966f3a3456d9e06ee1420e12ad60841310f159840f5f75ade2ccf9 |
C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md
| MD5 | 33b5c6995a09ce9529353ba67c11714f |
| SHA1 | a9f218a51c22b4df33da535b916adecfb2cebf6d |
| SHA256 | d712b7bcfa268276cc36048ee2fbb2994af9c2560b8f6bbc02e785181aeb0b83 |
| SHA512 | 2246650537c267204e1a11e1f1c70e556526b9d7db6cb401e0e3635958ac176a7bc0cd132b6e4172ecad94674530681666263031153657fbabdeeb1f13f07c26 |
C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md
| MD5 | 27bf6fec883a8152821ec22fbe9264eb |
| SHA1 | 5cde55d10464eeacf9209a6ef942f59f3ef780c1 |
| SHA256 | d3eaf39b66517bb3b36e31347bcfc051f7d376f2b502283779e1f5ca0fbf69c1 |
| SHA512 | 598f88d051df17cd347e9778e74e62bd197fc804e535d7b44f845ff28eab3536340bff8cfa65a5060e3dd6e9e9ca3b3806c95d8df6e09b0ec78b9521f90164e6 |
C:\Program Files\Java\jre-1.8\legal\jdk\dom.md
| MD5 | 13d3cd82111691296f98990a692c6f1a |
| SHA1 | 454fc8a55ef981b49604048cd034940c69bfe09c |
| SHA256 | 6d0fa5ecd4c29c890376d71e6f56e3bdbdbc9850c98b6cf80a128868b8af08e6 |
| SHA512 | 4f05de2469748040e93707f7836362aaa06d225bc43d852a79a3e58caeb315e3954a4dc4c258bc3e597b0c3f3678e25cc5f082535f1dc534fd80184d9e9afa0b |
C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md
| MD5 | a63d0186299ad35e4b03282aa96f0bb7 |
| SHA1 | 1891a5f4abbdf9ed095e7100846c5820477eccd6 |
| SHA256 | 6d1885dfb9b728cf72d8f5e5922cbb2096030bdd9e2fbab979d939c2f669e2e8 |
| SHA512 | 37c53b2a7cf156afb6cc8a42c31bf93ef8fb32cfe9ff1224452843135b3b2b267a6d440cf0181bf8b878cb34592b41f990885dfba71dd1c4ececdeff1fe31611 |
C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md
| MD5 | 0c06a7b70c90c634c60d6e2c68092123 |
| SHA1 | 72160227cd391ff23c89fcaf5fc9da89e03002f1 |
| SHA256 | 412fe8b90f67945e6f688665c5e687c2ddcbfc808c1eca8f443c0e1e985106e9 |
| SHA512 | f68f43cf4d6436b8afe7dd8747abc5580b16e08f0b9479593ccbd6bd1480d189583f5b76f16d9c83c5a46e3effa999b1cfec94ac57fbc92db153014ceb48ca9b |
C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md
| MD5 | dffcc2102071394f85d6b97f18bcc4a3 |
| SHA1 | 5f2a239e0032c343b3ac0d8cf7caefe2a5664ed6 |
| SHA256 | e75daf67da611c3365ce9b58a147fce85349c3b72eba73ef87cbcc9d4dabf5ac |
| SHA512 | 70d249daa05d54ea9d62fb863041b33f7620bd7e3b723fe7bf3ae59e0f2b2f095ff52e1db44ff857a037f40937446b7585a054bb7f08d162ef28b34b15658b49 |
C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md
| MD5 | e2434303f6d73508ce2a724fdfad4c83 |
| SHA1 | aac468e787bf57551a5f0a304205e262c0ab0598 |
| SHA256 | a7e97a54c9b3579c117a123809b6dabc8506ac1f443b48e2ee4dd7e96a6c49c8 |
| SHA512 | 2473947d22fbe6f417033570ef71529a0aaeb98f57425e620be0d8614033146311dfcf10de5651255e8b52068184aa89c579487aa0aa4ffcea7a4b6c6fa594b0 |
C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md
| MD5 | cdbd4e4b0a2b32707741855b51e966af |
| SHA1 | 3f8bbc710b04156326ef3a766326380174d85ed8 |
| SHA256 | 0ac09e409d2fbd485757d566064f1a27e3d0a9603e008d122c57f2fe6183982d |
| SHA512 | 48c273090141ad405ac2e46f4c53b9102d6a682cca5ee9ef4334ec49205dbe1769dd7b3d56ab7966000d624e01767f7c030e9c394414319bca6c5ef88fd4d79c |
C:\Program Files\Java\jre-1.8\legal\jdk\icu.md
| MD5 | 476f006acf9d0350bf9b90c52efd8991 |
| SHA1 | c24a7aa9c3c80487fba0362fbf27c3d9f0d95f7b |
| SHA256 | 63027bc5f1d7c58cafe1d2c2cddf3ba7ed01510700ce9a7562753e667ac42f51 |
| SHA512 | e203da3afe5372c0739aaa36ba4dce6b1fe310da7585d920021376b15cb75c182a47add466ca8450d4aaa9ed67b3abdb0ed5787b215835456a2db55abe83f233 |
C:\Program Files\Java\jre-1.8\legal\jdk\joni.md
| MD5 | 5f75ef2c8a6e94da341d4b53431049f1 |
| SHA1 | 8b8d61ba4220ecba7da9f6b2693d5bccb09b6f84 |
| SHA256 | 63805dc79907f205cd7dfdb6e0f06604ab37f261cdfb46a57e94336ea14fa088 |
| SHA512 | 480a2991c4018b2cf751ebe34e4174b7e0527189f833476864c8daaa3c02a0530e1a2fdf6314beaf71144f0c89bd4a384fd1aadcf88ce79c4716250cae71758b |
C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md
| MD5 | c0f1ec05dcbefcd5df0317f98f10d5e0 |
| SHA1 | c198ed67a442960cf71eae4e31ede8465c9b1936 |
| SHA256 | 09c9ec06de5d491ee71eb3b2705fa7b51a74d4037ac66f92695c6ab2b389891c |
| SHA512 | 8259797930ca4b9c535d938c4cd1c978463fbb3b99befbf486da14b55aea22b84438f4b554d6a4f7b144015f1d42422a02426045d7248ee1e5df8bf3ec8bc899 |
C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md
| MD5 | 6c8ebfa3ac3469439016380c278b027a |
| SHA1 | f679d6a26e30c634e9e2d884af01f9e18c1e4a41 |
| SHA256 | 71ddfefabe8daf55eaf9b89498be2c5bc23ffd0da14a27b656443422d24f2b83 |
| SHA512 | 23c7e73f56fb3fcc78898050643ba05f0e7441b4edfdc97c3d52fee87a2be8f65026887f2f89bdc088a8f0afe9c4b4e72cb80a464b2def9853e3aa6c7c485f35 |
C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md
| MD5 | cd11684af62e8522320db85fa5cbf673 |
| SHA1 | 322516ee91896d8d1aec7fbd72d501ebd2962dc8 |
| SHA256 | a4055345acaffd3871b484e043052466cdcc774611bcf0ff5854417cd71bfddc |
| SHA512 | ce81116a965aa782ded4e73f415355850e311712a6ab70b931e6ee887ac21efa90212b524081b2e200d259f2ad80980d8f21ca855ed452ad0a1b519ad022b6aa |
C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md
| MD5 | 72b61a1212aeae44f1fa740a8f882523 |
| SHA1 | 6147c70bd81803bd28c6226c3ca16f508f67e084 |
| SHA256 | 0d6d799a80eb5997ac80cb90cf5b9b047961064fc129a879eec0a9008272a99f |
| SHA512 | 9f9b0d208a97c302aaab126f137f1b74e83a5e657b74553d8d3564218db6e9579646f177d9a7222c9b2e0dc22caccd0c52f219379434c04e66f73142dee41dd2 |
C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md
| MD5 | f5c2951068baeae656154437603caf35 |
| SHA1 | 135e173097ce45c2710dd4bc7f05229e675628d5 |
| SHA256 | 1f86eda2da46473846d9a494c2396ba9bccde3fe1f16d512f12634407c28708d |
| SHA512 | b9c51be257912d6b8d56f261c8cdef2e8f912e1660e0bf4193fb1abb1add250d456aaefd870e1c171388dee0085216866ec989f045cf225a6e1dde8f0f4465c5 |
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md
| MD5 | 0e69d2363dfe3e9d130c0ef6521e968d |
| SHA1 | 8d6fbf3b2752bf8a349c125892bf9b0490d84488 |
| SHA256 | 4a0d1fb0e7793c9c6543b624e8e64ddef27ce1a78bdfef9b7560cfdd1ce9bcc8 |
| SHA512 | 0b8edc066fc455f58b7e87a812f21c443964229d7b7a92f49efbd6bde0d9650f6f0bdde48b0235f6fb2d6b856863e9513c39e6528f09302febbef640dcf1c415 |
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md
| MD5 | 718a2a06353afacbfc1cd37ebf1ea7d5 |
| SHA1 | 169bf3449ee4ca06e5acc4adf4958e93c4356b58 |
| SHA256 | 83fe2db31234f9ce3b511fd23c79d60f09f6af11d52f7071a3d0f8a7281e3f44 |
| SHA512 | b3d8b5e574ef2c74db455508c6588a0f6c563589cd79d1001937f7ee5d5a45ac9ff2f14343ee5fe181d47e8fb169a0eab728ed9084730ca63d6b564a281a7db6 |
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md
| MD5 | de03d40ea834f088ef4128d3bb41227d |
| SHA1 | 424da2995ec97787510205111d7a7112a94945ea |
| SHA256 | 7011492f98b07ca18d6d56d4d11fbe82c110db973cddd6d9dbd18919f325f14b |
| SHA512 | fad6d7ea8708383ce699ea5a0931d1efffa7b458f3778f26353c838921dfc6112c980da9c92a7ce660784cfe567ca9b7e3f584c437cdbfd1523cc0061d7d9638 |
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md
| MD5 | 05e5f50fa4fb9e6d13fbf38e48540f54 |
| SHA1 | 0f62a0971838c28a9c76f14bf2668110b64d43ab |
| SHA256 | 0fe2346e19f045d16ca2736706d49b645185e40c8cac30fb98549110b7dbd541 |
| SHA512 | 542635d98b678f926dddd2530d88d1ad177bb6e1ee7a49a1068c21030c6244a71ce9cfc30540bfa518f8bab86b4c44d92dafcca0e4e9c1c685be14ea539e93a1 |
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md
| MD5 | 6aaed819ae8e0ee099d0c767051aca8f |
| SHA1 | 5e17de71ba87010d4c6262b7ca06fbcd4bf10d00 |
| SHA256 | 8bf3e6008d75fa88143165cc4964034cd0ab6981c5c5b499d91fc98c250e25ac |
| SHA512 | aa68811bfb81c36761ea915c5307116a306b5f0aaa21115ad6789fb05bf9b040b3d5c1a1164c24f13150461ad257b28cbf2d74f568280a4a74027ee205827ac9 |
C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md
| MD5 | 766b7e251eb7b9d862e0870caf3e6290 |
| SHA1 | 38f2188d041a706c29098a969fbdfcdbf566958e |
| SHA256 | 47abfd94d6e282ae8bd3ebbedbc2e064b57026ec338a86d71d026767796324e3 |
| SHA512 | f336c753e10d7303e1a8f1aad50bd796b277254db2bba7873ecfd5cb3b8ec8343f2f2ff249abdb6334ec4863db371d9c2b3f6d971b7d8664a7c1976c78434815 |
C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md
| MD5 | fcd8ec86f0d26c597d9de7f48061c4ed |
| SHA1 | dc18e00ae5baabe5f4513c3793f2bd2cbda99115 |
| SHA256 | 74bde91e9794d29541b7841d6055c69fa63542b209793b03388c357eb4921700 |
| SHA512 | 8ffc6fec2bd251b124ab763fc587c24eaad954bc58f41fa914def0259ac5a7e9f0a966d3e8b5b06ec3acffd209f546c7e923c3a082933c51036e0c7e1388d213 |
C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md
| MD5 | 763f2fc3984744f426994c807c320f6f |
| SHA1 | ddfe5d68b5285653a8a2f32c8ae256122cc6af00 |
| SHA256 | 460f1ec4cb7011d2fbaa52c60d13dff6fd59593e4b01a9b0990f7da144b753d7 |
| SHA512 | 8d5e1548bd595997435c330d824caf47d8d40451d93862470c37008976277eb4ee349d906c2903176c9d7e006964d4006e78d726a41846e5b3f4b83fc05ba037 |
C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md
| MD5 | 7f942d73919581abd3bd9b434c08f69d |
| SHA1 | 57ca60dd01bf3f1b9fa1ed3673b629697ab068ea |
| SHA256 | e60a8b21ed39273ef1fe532ddb0e88e49c8ef84033180048fe9afda5bf57a149 |
| SHA512 | df44313df6633a603ed4f7eceb42cc3c59fb18697edb3e3e53bdcb325fe4950180f48e5cd3dfdbe71bbe54365b9a24f2434ed80810f1203715a16183a340c322 |
C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md
| MD5 | d251ee4ceb2bdf6b4193a8e70acae01a |
| SHA1 | f7821d0667e1e96d0692c92ecbfe3b75148f80bd |
| SHA256 | 862e8096b8924643cc139ca0d6e1dd206071ba7c9b819616903c7fb2a3fa7ff5 |
| SHA512 | 0ff1014d58efc4d53c4b7df8e8634629149bcf76c09b3c8fb72c6c799e280f4069b4e8491d37bce84c2f6560ae0dc711f677af292aa24e0881adcacd8b1568ac |
C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md
| MD5 | 45c542b1cf6ac75935ec0282f906706d |
| SHA1 | 2850ca404b78ac4d4c4074d97a6b69a75eabd2a1 |
| SHA256 | 9c6a0eb14beb0a7cb99e3773db0c66e5d3cb156c364b8d9c1b971e488657a482 |
| SHA512 | e5f18e3ab9faee7ff5be9b4c4d90792d62ee619f4ce5ea7207f3cacd3393d363d0430033ea65e62b4a6a2b7e59d825304a0a05758b3a6b8b84f31ede459c289b |
C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md
| MD5 | 81aeda81c29d665b4bf2bdc869bfb787 |
| SHA1 | 81947bd2808f6a7d2965f2b1686175a5092ef3c0 |
| SHA256 | 881ca01cd200db40fdc99cf71b7ea6cb05a3791f706e1c70d7544d729e716268 |
| SHA512 | ed6fcd0e15df3c2713ec29ad0f94b4a4f9d616a8f391a7f9ee1d864aeec9ee6210e6ba68b36b32bdfcb0c4b72bdd8c6b4fb89e6282364cb27e9e9bf367d67981 |