6b73dba2d6e50f1bdc5bb31a8afef5f974180bf612353193a0cab3ac3b5ccac1

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
26-11-2024 00:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9ebbe7f3d0d943ed49da5f96265456cc_JaffaCakes118.exe
Size

431KB
MD5

9ebbe7f3d0d943ed49da5f96265456cc
SHA1

4805b176dcf5d84052ffde9c4cd14c7b6d8b08d2
SHA256

6b73dba2d6e50f1bdc5bb31a8afef5f974180bf612353193a0cab3ac3b5ccac1
SHA512

5ae5d9700c17af165fa3c68cb85ffb1689a5fa37e6207a4ed77bd3669e21c479b287bceefb713509903677fe10c0941f24d8296c0e2a5a8e2391d44629935e65
SSDEEP

6144:Yg9R9ROR6ee9c8b0RsrJ3n0dK2NP0RHx8D98WTBPW8fF8oABm1nKw:tNeegqwKhHSDeWTRW8fdebw

Score

8^/10

defense_evasion discovery persistence

Malware Config

Signatures

Adds policy Run key to start application 2 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

alg.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run	alg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lsass = "C:\\windows\\alg.exe"	alg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\svchost = "C:\\Windows\\svchost.exe"	alg.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

9ebbe7f3d0d943ed49da5f96265456cc_JaffaCakes118.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Control Panel\International\Geo\Nation	9ebbe7f3d0d943ed49da5f96265456cc_JaffaCakes118.exe

Executes dropped EXE 1 IoCs

Processes:

alg.exe

pid process

2136 alg.exe

Loads dropped DLL 64 IoCs

Processes:

alg.exe

pid	process
2136	alg.exe
2136	alg.exe
2136	alg.exe
2136	alg.exe
2136	alg.exe
2136	alg.exe
2136	alg.exe
2136	alg.exe
2136	alg.exe
2136	alg.exe
2136	alg.exe
2136	alg.exe
2136	alg.exe
2136	alg.exe
2136	alg.exe
2136	alg.exe
2136	alg.exe
2136	alg.exe
2136	alg.exe
2136	alg.exe
2136	alg.exe
2136	alg.exe
2136	alg.exe
2136	alg.exe
2136	alg.exe
2136	alg.exe
2136	alg.exe
2136	alg.exe
2136	alg.exe
2136	alg.exe
2136	alg.exe
2136	alg.exe
2136	alg.exe
2136	alg.exe
2136	alg.exe
2136	alg.exe
2136	alg.exe
2136	alg.exe
2136	alg.exe
2136	alg.exe
2136	alg.exe
2136	alg.exe
2136	alg.exe
2136	alg.exe
2136	alg.exe
2136	alg.exe
2136	alg.exe
2136	alg.exe
2136	alg.exe
2136	alg.exe
2136	alg.exe
2136	alg.exe
2136	alg.exe
2136	alg.exe
2136	alg.exe
2136	alg.exe
2136	alg.exe
2136	alg.exe
2136	alg.exe
2136	alg.exe
2136	alg.exe
2136	alg.exe
2136	alg.exe
2136	alg.exe

Indicator Removal: File Deletion 1 TTPs
Adversaries may delete files left behind by the actions of their intrusion activity.
defense_evasion

File Deletion
T1070.004

Drops file in Program Files directory 64 IoCs

Processes:

alg.exe

description	ioc	process
File opened for modification	\??\c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Internet Explorer\iexplore.exe	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft\Edge\Application\RCX9491.tmp	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\RCX959C.tmp	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft\EdgeUpdate_bk\MicrosoftEdgeUpdate.exe	alg.exe
File created	\??\c:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\123.0.6312.123\alg.exe	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\RCX8367.tmp	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Common Files\Java\Java Update\alg.exe	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Common Files\Oracle\Java\javapath\RCX5A0A.tmp	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Google\Update\1.3.36.371\GoogleCrashHandler64.exe	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Google\Update\1.3.36.371\RCX6A4F.tmp	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Windows Media Player\wmpconfig.exe	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\RCX4534.tmp	alg.exe
File created	\??\c:\Program Files (x86)\Common Files\Java\Java Update\alg.exe	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Google\Update\1.3.36.371\RCX69FF.tmp	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateOnDemand.exe	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RCX8DD8.tmp	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Google\Update\1.3.36.371\RCX6920.tmp	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Google\Update\DisabledGoogleUpdate.exe	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Google\Update\Install\{8A1C963D-7054-4DC6-AA98-9FBFCE5E4C3B}\RCX7188.tmp	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\RCX796B.tmp	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\RCX95EF.tmp	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\RCX7B51.tmp	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\RCX8257.tmp	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\RCX82D8.tmp	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\RCX95BD.tmp	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\RCX9632.tmp	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Google\Update\1.3.36.371\RCX6A60.tmp	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Google\Update\1.3.36.371\RCX69AE.tmp	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateComRegisterShell64.exe	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\msedge_proxy.exe	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Common Files\Microsoft Shared\ink\pipanel.exe	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Common Files\Microsoft Shared\MSInfo\msinfo32.exe	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\BHO\ie_to_edge_stub.exe	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\RCX9610.tmp	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\RCX9490.tmp	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\MicrosoftEdgeUpdate.exe	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\MicrosoftEdgeUpdateBroker.exe	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\RCX95DE.tmp	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\MicrosoftEdgeUpdateOnDemand.exe	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Windows Media Player\wmlaunch.exe	alg.exe
File created	\??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\alg.exe	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\alg.exe	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Google\Update\1.3.36.371\RCX69EE.tmp	alg.exe
File created	\??\c:\Program Files (x86)\Google\Update\alg.exe	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\alg.exe	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Windows Mail\wabmig.exe	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\alg.exe	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Google\Update\RCX6E3A.tmp	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\123.0.6312.123\alg.exe	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\BHO\RCX7830.tmp	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\BHO\alg.exe	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Windows NT\Accessories\wordpad.exe	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exe	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Internet Explorer\ieinstal.exe	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe	alg.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

9ebbe7f3d0d943ed49da5f96265456cc_JaffaCakes118.exealg.execmd.execmd.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9ebbe7f3d0d943ed49da5f96265456cc_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	alg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe

Suspicious use of WriteProcessMemory 9 IoCs

Processes:

9ebbe7f3d0d943ed49da5f96265456cc_JaffaCakes118.exealg.exe

description	pid	process	target process
PID 3488 wrote to memory of 2136	3488	9ebbe7f3d0d943ed49da5f96265456cc_JaffaCakes118.exe	alg.exe
PID 3488 wrote to memory of 2136	3488	9ebbe7f3d0d943ed49da5f96265456cc_JaffaCakes118.exe	alg.exe
PID 3488 wrote to memory of 2136	3488	9ebbe7f3d0d943ed49da5f96265456cc_JaffaCakes118.exe	alg.exe
PID 3488 wrote to memory of 1820	3488	9ebbe7f3d0d943ed49da5f96265456cc_JaffaCakes118.exe	cmd.exe
PID 3488 wrote to memory of 1820	3488	9ebbe7f3d0d943ed49da5f96265456cc_JaffaCakes118.exe	cmd.exe
PID 3488 wrote to memory of 1820	3488	9ebbe7f3d0d943ed49da5f96265456cc_JaffaCakes118.exe	cmd.exe
PID 2136 wrote to memory of 1112	2136	alg.exe	cmd.exe
PID 2136 wrote to memory of 1112	2136	alg.exe	cmd.exe
PID 2136 wrote to memory of 1112	2136	alg.exe	cmd.exe

C:\Users\Admin\AppData\Local\Temp\9ebbe7f3d0d943ed49da5f96265456cc_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\9ebbe7f3d0d943ed49da5f96265456cc_JaffaCakes118.exe"
1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3488
- C:\windows\alg.exe
  "C:\windows\alg.exe"
  2⤵
  - Adds policy Run key to start application
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2136
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c del C:\Windows\temp\*.* /q /s
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1112
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\9EBBE7~1.EXE > nul
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1820

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Indicator Removal

T1070

File Deletion

T1070.004

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe

Filesize
566KB

MD5
265ded9ed1161bd767c19b3b38977422

SHA1
f1de88416be32a25cad997f50bd5c9645d5adf34

SHA256
f0877de20644426635c5aa9aaac33a536582124188cc7048081eaf4d34c050ae

SHA512
e6f1ad5db8d5ae3841d3843a6056854e076946ca1bac6a18cad7ef10e9aa0dea8694e4d0041a7dc3f4de0a7e53fdcf36d3b5ddaa524eb4c4eb51f2c260348b68

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe

Filesize
287KB

MD5
a5a1e89d922f9d0e308391abd1e1e35b

SHA1
4480fdbbe4825a63bf8da81617b8d48cdfaf8fcc

SHA256
15052c9984705a582e4618b604cf02bd0c58faeef3698caf4a9735537f2e5e80

SHA512
86b0f35a89bad9b797f651043794a2a596e6c84c662ba7b58ddf354d3cea11ea97890e971477a092a4b0dc781e929a00aa0628ae2a2957eabfd009f34e0ccbca

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe

Filesize
719KB

MD5
799854e107d536aacf9c71cce3041406

SHA1
ea01c60c7bce0dc2109ed5755ae9a0eb7f9cc8c6

SHA256
d65cd1448f00b7715ebdd728d507d60ff523cc96f29f5b97a8e41c2574aeeae1

SHA512
832ec1282f97dd64c8e6ad97076952476e3f4b352b2c8f1b372c6d3512c94e857196473bd2fa063cd7e015091dded4f028ae8c19d2e2828be9dfe5ddbf89c05f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe

Filesize
9.8MB

MD5
a933f46943f548e37a723b06c43ad351

SHA1
4417a77828c419b6a0da1454848fef6d63d2ce6f

SHA256
0f1721c313d5bb26d2e6bb61247ee2c0751e77cb611f458fb3c6b66d0f897c85

SHA512
f3b84bfd3792bd1a6231c7cea1c1776aa66a74a023deaa8aed68405a15f71c1f7275b51dcbcd48a64caac31d6fedd186cf5a7dd8a15d5f2214c88528a8a2fb3f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe

Filesize
9.8MB

MD5
53319f71fca68a7838daeb8c00ee2e7a

SHA1
ae8bc844495664fb306879a7134e36c5fb5bb8df

SHA256
19b20547b15921fa77f3e85406c24cf57088a9437dcc8ee9a3f256b81bbd3a92

SHA512
35cd9517ac98c36c2e44c08c4c8e0ad57a0ca8a6d7b962b2531d6a5c04d3f8786d36307fbe6f6e04b4b065b1557aca7954c259dd6eeb86d5e334ebe1073715a8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe

Filesize
25.3MB

MD5
6a2e5b7b6f370826d3e15f7a57c0928c

SHA1
69ea4f4598f613102ec94dcb97d35cd286b021a4

SHA256
04a6d65261cb0c55bb4ec9934adaa8e9edc382c35d5f643280efc61bdc198eda

SHA512
83f8ff6caf580810f99aa3745600ffdffe78d6caee72fe6da379ef7347bc7e6a2c17bb0ee8488eaebe765096eb38b759eb883cf041bc1554c06bbc7f97b56b32

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe

Filesize
25.3MB

MD5
695a4d0bb85c51437d12fb40290ef869

SHA1
35a56f41bc1dfc784de1d53800767cf8653b38cc

SHA256
0b41bbb01f90bae8b0a189eea08cf9947143bc75aacc6810cfa9e290aa2245f9

SHA512
d861571532eed7838698ac9302b53f36eba57d99d0a22774ef7059637d57f3c3e55288dfb3707c44818547b0cf4dd785e718cfefc9599558150f5be56c512d7d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

Filesize
2.8MB

MD5
aaf010a5872b3fefc1bf154e6ea50595

SHA1
15b30622b2d11855b0e8589116828a4b04a295f7

SHA256
c70ea3b484988c492745670b231724e15f3c4e9ee61a65532f014a17b576b503

SHA512
cf97a1e9e4d3c1c4ce4d5b57a70fe36757a92d1e464c46462e6698838fce371e7beee8597a7b189e2e2a5df8e84aadc503ccd383573a670790ea2a6e1f5d247b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32Info.exe

Filesize
460KB

MD5
77df757f74c996087a42202ae1980bf8

SHA1
da1048c72fcbd001c6c7db7a85c85e84b180f8d0

SHA256
c2aed8c994c18e7612a9e1cdec6291cffbc8e85f5d1c80a5b7f8b00c156ac291

SHA512
9aabe7370fc0f3b50ce2ff82b462995ae0ce30b89a398c3413d4f78cc3cb1fb43873db952c10cdd9ca03939915a02d6b85d517828e17a73a3f1c39d7eec62dfc

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe

Filesize
477KB

MD5
a7876b46f79a32f9c5d7ce30db91127b

SHA1
4765e315ab00f919bfa60a486f7fae2390bc31ae

SHA256
c488c1ee818fcfa53f3b3140b558105b0c78b23fe18fa2471c90c0d21da219a1

SHA512
4a69efe83e8c1853d30347ca2330a9030db56fb1e1c8c6d2fdaf689a8f54735f0fec0a65330d37ecfd8fb3f4946ae5782400ae2fd5fe89c3af7bf62f9c32786a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe

Filesize
6.1MB

MD5
3bd4196ed8188063ef1074d8e00c1771

SHA1
136691fa4dcfe13b8802eca8c4f9b87cd9a241e4

SHA256
ecacc423efafbba1c2d131477c66f548452f3138fae9346cf257109412b54d28

SHA512
96f286d57719742431937014c6aebd1c81b84971fe273bd9ab07530938a80ad50d3a0f20ac22b7229171a24be34a21009f7c83ea4530b0a6393586cc617ea3f9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe

Filesize
574KB

MD5
7a2c1de3da789098a06caf4a7d9bb520

SHA1
507d1a679342f63f7e66315311ca83ef21a9668a

SHA256
5b3fbe06d67cc24d3f4d49f16207f31011d4f5106cca0c48b7ab1e30382609fb

SHA512
2f1aa2421bb64d166736b6468a1f44694c69eea6be44ba844711e4708df82df7d73fd617fc2334a5a8c388efdc2d9cef6ba2cc9a877ad10782b9169c4fedc000

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe

Filesize
574KB

MD5
369495f4a3a4f4ba753159b61c2afc28

SHA1
7ef113c79fda240a2be2abaf3b48da2d79f84346

SHA256
4e1f1d0c3d5df9cc11ea91ba4b1735d1551964eb923453d0a6b6efab16cef55e

SHA512
1bbb13bbdc162747c7ebd2ed618967ed78196c6b1a67d1d193c73080b1d52b1896ffa3fa5bb508b6cd43bc0f9d4cc5227f1c73df0898b8c2d9dc940793b1fdc3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exe

Filesize
522KB

MD5
9540150a1827ee3bf5903ed75af3132b

SHA1
536494af78e10acc2d1b622161ba39c940d0978e

SHA256
f4e385aa8332930ddbd285c0216da647e9c8055432e5596a51c9e026a96638a7

SHA512
9edb5463be87417be378dd151ac38a696bc0967faef4b7b585d9b451b655004d9ddbe7c63c608a8708cd0e639fa9ba56581832fe5c36318bfc166c925c94c514

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exe

Filesize
522KB

MD5
8f29c398cb48422826dc8ca17dc59987

SHA1
f0f9a449691372e3d10304003a1fb34a4ebe5660

SHA256
433b798ed19c269d7f7a620b084041b0d9a2d43a56757765936efde9b2993b12

SHA512
5bf1d53618282a105ba50ee56902206d98a9c7975e8a279b3ae9245f9bd285c81857e258d2292d780d0ee9a46651e700f4578ef0e7d60977a48749ba3a454740

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe

Filesize
213KB

MD5
20d89d1781cde87db3a8b59da816efcc

SHA1
4f6670c4dcd8d978b21d1db91e081e609f5abcd0

SHA256
4653df6eb852f717ac03d5ecdfdd5e1e2c1ac70b012049f1188e0e7d5b5f8983

SHA512
7b03a2e2c5f94a3e6164e160e3346cf0e8247471c48858dad9747dc17c8bccd20caaf2ea9f15d7e6be3e633a01536caefdeff6b384c4448c861f1e5a5ff6cf0e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe

Filesize
776KB

MD5
d2dc79706f670c8ba8cd2d0476027aaf

SHA1
6dfb1d29818c3fa5e5009edf0a01622f33d92d8d

SHA256
fc7739460a1bd76f01cb61c1610c3572dd736cc2f150ff9447062782451e54c7

SHA512
49ef9fc2107741500a7ce433451a4b18154bf8ec0aa31eceb3331cd5521e2c62ea2f2921ce8e39874f7c2f9b3b98ff7a2d3065b398e7a922c14c0c26783055e6

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe

Filesize
776KB

MD5
5eb7b7d3e53601873495da42e5646ccf

SHA1
1ddb3d527dba06c8ec612db1cbf7efc08a87f67c

SHA256
26f19d531cc9ad6881b4a3b5207e883ff169f783a2f095dff24b2d7a846ce64a

SHA512
acae4fbd0c70e54c11fb27fdbdfbde9538b6f8bf9008b68514628599af94619164596074058382e5e37c1ba4cb7909d829c8f9721bc30aaf9caa7d4b965bf719

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe

Filesize
515KB

MD5
3d875ea5fd594a9cddc634206c71e080

SHA1
fd8ebcaa84b484d41b7d479da4b863aebfa2e0b2

SHA256
9a2918351874b951e50364bae4c7c15c4e79582b818e09f5417c59d81af474a2

SHA512
244d22b0fa5fa274fe6ceb7c90b9633806dacef070345a790a9036dc2fafeed90f722e6031e223bfb4210d8e2facd51152bc3e82ef76579e40024bd356122d9f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe

Filesize
515KB

MD5
aad973933e89c4e29bd3eb25888a6603

SHA1
c01de8c1bfbde4a4219fcdfea541f5e90d96c7b3

SHA256
775d2b0b3dae15652d4125460936dc8221f4fb34830c6729b127697c5f448608

SHA512
a8dea4b56688e56efac10799c0d2ae8c261ac1074738ada05767f0230d5fcc330aacae65df766faa242fb21f93015b8ebb6922367efd9886005f2b1f4607059a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exe

Filesize
102KB

MD5
962f4fb1f6e9d787211b0132fad6e0d5

SHA1
7b7b80163e93efd81d4d841a98bc33604972dfb8

SHA256
6919f2fcf1f2f97d29b183b132e8746b03e809b36b542be8837d320e3b99ab41

SHA512
a0f5cfe8cb06c9cb4ef94ea58928a0d43cd34eb7243ec7b6c130627ca0be4a266e593ba6248706eb0e2a348d40ac61eecd9b16af55eac8074c21a915a06a404b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe

Filesize
237KB

MD5
e352fd0c9a5422eb380f327e188db1e0

SHA1
75346f9870328faef5f03045a155566a3ca072fe

SHA256
2a922ebe7edb08480baa1721ce1b5185fb5af7f64ec0f128d6a7a37711784815

SHA512
a33398457924a29715cf71c3133b09ff00a82d7b4785360109a5f3c08792571eacb20e13ee63822648c001fa91e9ff2cb22f73b8a6ce9c586163b802fcf8bab1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe

Filesize
52KB

MD5
fafcff087a9a2e0bc5097f1f18daac62

SHA1
f5c323c8a28d1992ea074a1dee6ecc1beb749c69

SHA256
8bed44823706382b3848534e1cc9d26d90511d1f195fc08f6be0045f415377ce

SHA512
30e43cab53dd0ad56a27532bf1cc832ad1f06120559c06eb298f59da5008e448a60396e7d7937451f4b7fdfb02e128b8c8765f52d1e0a3b65d452bd3367d49b3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exe

Filesize
538KB

MD5
e5e3135b1944a4d93f07dadf0aaef5c1

SHA1
11faf76a2b8883ff8f3a196148f4077aea74f1a8

SHA256
0249b3c47a5d8d8f02a20e46b1671452620150e246264e6e47d0270191c49b3f

SHA512
a313caeea9a85f46e20b0c12f51b0e1acee902dc5109c519ea90b1ff8a43f0419295a4bb2f8043ebf70582ba31ed82ccaee7542f4e3ec01b02e9e502232cc433

Download Submit
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

Filesize
1.2MB

MD5
0c749944745a06bbb12d9f042f5b1a9d

SHA1
474429d2f61f0b91530248d51a528d865f7f44a5

SHA256
905eb44115d72a5d82efa05025dd4338a4d7042e23a813a22053de79880d7e0c

SHA512
98bebaff6e0ba619519c647b8ef4709e3e58821aee27f24b5ee60916055aa82dfecef0f44909b23cb1524a0677889bc1176de255091543aae1fbf267eb992aaf

Download Submit
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe

Filesize
475KB

MD5
ee63ea5a7efbcb0a509178a37837d32a

SHA1
9c54b2e899377a4e4dd6f30f01ce87e73bf97e20

SHA256
cc657d8fbefc53ef2a07fb6ea0bb737df34831260d2e22b9affc54de5c5d7714

SHA512
3b2f12d93dd442053de612b4907ee879706306749c25b7aeef8436b4b35babc5ddcce1e648668da46af496c41e3e3462558531fb01b48b75a797968fe1012778

Download Submit
C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe

Filesize
945KB

MD5
402416fc9c5771609ff1e0e0e482f44a

SHA1
d723de6efc1a9d5d454b673e2f9cf8f6a4697ff6

SHA256
ebe8168bcdc111883cc67564e1f37f869a6f71a7796e51b97794041e245095d2

SHA512
166e37a21a737b285bc9a0cf8d5cef3b17938b6d5f025aaee743a493acc42d4f16e1aedd6a51ecb87cd1381fabc35d44e13052c24d50c94cbbca40a99bd499a3

Download Submit
C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe

Filesize
945KB

MD5
f4677d2ee53579c88aa2f9db4876122a

SHA1
e7c053e2d0b947905ada0728618f484e23a4ca34

SHA256
3a0a7da093dae541cd30b3d14ea9b225eba49cf3d97ed3cd530ccac23748999c

SHA512
f286731e7639d9a7a5af590ee121ae90e28bedc6ac10ee29c3ef456dffd6b8f4863d0401280f856d3b5a6c0204541e7a1b3fd2b68d31a259af6786122bd42102

Download Submit
C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe

Filesize
511KB

MD5
68466c7e00fcafac948e6d57fffd9ef9

SHA1
06791c16e12b6e19557c9b135062eb7f4f6e0637

SHA256
0c60768cebd5ebff0346a8d08e3872e97169dba4e11a1f5130537bafb7319ee7

SHA512
5ac31dbd65225fa9fbc2481e3d13a5c12438d8143be6a8ace1f4a1fb992a6f056b5328d5f14ec62c4aebabb27a6f11b35cf010c44e1ffdab8cb0c366f78f04bf

Download Submit
C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe

Filesize
511KB

MD5
360e7c7fb484e483035d53957e822819

SHA1
31e0ea83c0835f2e9f886603e7842155be56f267

SHA256
356487c66791c0ed5305caeb5a1f175626e942945cb54eacc6ef9dcf671b1dbc

SHA512
f09613eb8c085e18c01cc8e92e9fac649b85df2e570767fcde6d961f8bb13867ed523719f9c456fded408af510b2acd4751eb20bccf234a930234b9652346fb4

Download Submit
C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_79171\java.exe

Filesize
716KB

MD5
feb0a472ad6643c8a0dadfd8474a3cf8

SHA1
7e7d97f43da8febf1224d020bf8a0bb0ee3a3c02

SHA256
53d19e3bb61ccf1b268aa9e09d933c30d855b81b21202f6d4239d0d29207c8a2

SHA512
e0023982e3840a171f8d720c590b47d14d475264fde02088bedf9cfb26d23fce7ad0b7a5132e88672c10bd4cfd5dd233601d91f0a293612599bb7c378e6e52ac

Download Submit
C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_79171\java.exe

Filesize
716KB

MD5
1ca59f7c10bce010caf44d6044b92fe7

SHA1
e4e313ec4caf7be30169d91e95c9fc6bc94d09aa

SHA256
860a7683061fa3d49fcf91f4bf07617908d8d47415e31a8ebdca5e0e3e63cf33

SHA512
920103134f6749d64719b3f2f7df2b76fd8a4d4dcd19e60cd4bdf1f0aca7b74f3b6017c07f8b9d1bc7f86a4590f413368c55f21465b9f2b965b201f9a1a2cac1

Download Submit
C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_79171\javaw.exe

Filesize
716KB

MD5
e1cb13cc55ac84438a0f72114509c1f4

SHA1
1f79cc00a450c634fc735a54c70245380b4b6672

SHA256
a8a45ec8060ae1006b02facba14a4130ed8c7bf49fb6c2e40e033a2519ebcc0d

SHA512
c3648bc4de7034b9607808bcf2ba0f42b05055f7c7388974f9ee9b3e6ea30bf395c320626d99396d82946af8ebe0138bf79f9f344fce1680a730e5b5a3a984a8

Download Submit
C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_79171\javaws.exe

Filesize
896KB

MD5
cc21a330b2bea6101beaec8465d47f91

SHA1
4ce7107a8c186de813cf7699959460c44c497d32

SHA256
822acb565acaa9ac78081d15256b8b15b3de1a48aae4f4a1981fa6c86b1d8f98

SHA512
81c41c906e27244e306486414d5e0f33bf7c6179d17d6d26a2ca324f1d84584c18bbf1bd120d00ef59bde1769c3248ea5f2f5bd61b77f6746b34211d507b38ab

Download Submit
C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleCrashHandler.exe

Filesize
726KB

MD5
ba142ae34bb0dcf63328c96935a83bcf

SHA1
a26c4e2e4f863bf87f529e14cc73040392c3c729

SHA256
0248ca587c53fb23d5b66964dd147c42aa53ed63453b765e5bf394bb1c86b763

SHA512
32df317806ad8d6abc87bb41267db92476a04236fbebdd9ec8ac86d065271822740ff30faf22e2d7273543c99fd6dee0c4c6426442ba7bf5206ac49420a7889c

Download Submit
C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleCrashHandler.exe

Filesize
726KB

MD5
5449654e2652a61d842299d1804751a0

SHA1
e83efc289d618cd481c7254811ea8e5d70f923f7

SHA256
63539694891671c8cd463fd6f6ccab88a2b2eff251fce9d72eb3d3944c1a48f2

SHA512
135bb949e67702f35dbb71f0d81dddab9ff7a524b541db0bfe26866c4ede934d4c01784823321467f15c5e066078aa12677ed23c1856a4d28b4c295f8617e423

Download Submit
C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleCrashHandler64.exe

Filesize
824KB

MD5
da61ce67981670117efda663df260336

SHA1
42409a83ccbab16bc2c316747ee47da1c97861b7

SHA256
d74229767602ac42bf1b9f2788793f64263c9132f4abb62bac0ac8d1798c42af

SHA512
9c1497bba7c18d20b456f7c82cdabcc4d4bc32866b19327ef4cf7b088f7b863ac746bc38cee5cb20f4f0925f1bc2571d098a7918b6a522fbb737fa02434a13a8

Download Submit
C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdate.exe

Filesize
589KB

MD5
49953ffbc579687387ec41ece30e42b6

SHA1
d02d23dbe0eca9ab0dcf3fc023584258b0ead7d8

SHA256
c4a6f224d5496bbdb2314d2bcc3d4177a49884fb76cc0d83ab72d73b779f3e14

SHA512
683a8dc502370be9135abe7fd6db9049d28ddaa24ae851dcb33c861eba5425a7a37d4003505a07d016cb796fdb1ef6b3635d280939d5c83ecd4d9114f127f28c

Download Submit
C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateBroker.exe

Filesize
537KB

MD5
178cd0077e3b0047e19ca20816a4015d

SHA1
fe3d4c93e01cecdfc05ea77896b25e94767b22bb

SHA256
841ba0bff6d9d133bdbd86786716ebc704e712adf711401aeaafbd447541ec3c

SHA512
84f695d5da771ca523a05728e0c52e6d8a5cbd9bdbb2de9ccb6c4eedb41ee5c19e211cd77d6105919325c3af2992fdd2356eba85a4279ee4beebd8d4b5e2dcb8

Download Submit
C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateComRegisterShell64.exe

Filesize
243KB

MD5
d1e514fd62ae0b25db20a27de64f1104

SHA1
ebd34c9b50cd606f1ac548cf5140f76e54cf5fda

SHA256
acedccf8f889a865e4db7c25edbdb469ec9c16787e5aef9f72689a03ae4564fc

SHA512
55e2bc1c53d7f16b34054bf8ca071ffc44d9cca1e7d6f2e460a10596dd024cd22fbafb4a13f1089e3679666b95746918fcf4dc3d8615f642fbf2d987b85c3581

Download Submit
C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe

Filesize
649KB

MD5
ce742c634abfecdf12559ad0ad8dd5fd

SHA1
2d5fffaa9245c79791a1d7709b27870ae2341907

SHA256
770a3456910ddf75bd05f651a9f1f192f404711280c35ccb1028af0c06e10a38

SHA512
356a8013474c2eae81c891238f8f378e9dbd46ebb94d4dc2906bdf2ec46e23fd20fdca688995a1dc482bb2b6d006ff79284c4f85c76b17a68f19fe991add3a67

Download Submit
C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateOnDemand.exe

Filesize
164KB

MD5
4c8ebdb912df52a5c2ccf03a15b65807

SHA1
1b86e96993e6c56b2e9159e1be93dc1419dba8de

SHA256
dd2b78e98905f2435630a056fded9213443f630ca275846168fc839f34a74c8f

SHA512
ca4df625bf2af200806419cca18b6a361d51e1f1408ecd3ad4687ff6829e0bc2b40b54216f4d597c8ebebf56490ae9eb7f8a2caef37e8ac48075c4bed3efd9a0

Download Submit
C:\Program Files (x86)\Google\Update\1.3.36.371\RCX69EE.tmp

Filesize
58KB

MD5
9383abfc1cc6e8f67f170ee45da6d0b7

SHA1
3738a4e0ea923af1aabf1d28c0fe5db631b47583

SHA256
f59ac919b06a5cf43e92c075ac7f016f0ae5f7e54fec936b77dcfdf3f3bac5d4

SHA512
2cb46fe7eb3c378e6bf24f407f01277c605a699c64b96b94e71ff2858cb32ccbd210295c728a333d78ae62c439ef3bc93b8af6d1d202116001fea17d2eed8858

Download Submit
C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\RCX9611.tmp

Filesize
57KB

MD5
280e559a4cbcd606d0ab701bf4329604

SHA1
be8d3b9a32cbb75653b88982721601dd7a271c3e

SHA256
74fd4e2552861d90fef8b82a0a05012dc8756320433c3b8af4be7bf4ef2984b8

SHA512
54369347896c7c811c1269280bcfe3d497dfd15a67779ecfcc5cd7d7f277fec3b0ba8b185b9a8168289fae21f548d54af4bdb6cc31e8dfdb1b9f657ac0b867b1

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\BHO\ie_to_edge_stub.exe

Filesize
900KB

MD5
ae94157f8aa22207c8e5b0405a3f2bee

SHA1
967fc55b0cae20c658c1c68dbe8cab6a9cbe6a3e

SHA256
bbc36d760fda5565454d29da237dbb5075773358f5212a41577a272d9ea487db

SHA512
664a9f2e33cca9fd975b32dbaabf9c085184501ed5b4948fd38fe59845514f38a1997298c5157da26b653c37eae8508d2adca1b0cd8e36cb5a3f8ebd8f319e77

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\cookie_exporter.exe

Filesize
97KB

MD5
a9ae24cbb3bac0ac50c7d3c40bcee546

SHA1
79a0946be1f0493dfce30ec27253c3a1a2994dd9

SHA256
7f9f892e0c246edd3f24786fb8c61098a7a514c6d53aeb9fe2d056b16c76b2be

SHA512
0976e4e5532e8d080d5d5c1780bda588de1dcd6dce32c70690c66838f68e9c8f9a6301197e4290a3195ca4c4b5729c1b90811807cf43cbd4a6c4da9fa803b912

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

Filesize
2.0MB

MD5
d17895863c8f6ce8268edfe55fffd28b

SHA1
5814caadc9215b0699e8d92356ed2ab09ce89ca0

SHA256
50d7f3ad61e56e0f93281c08a159c37fc6062928ff98964a709b175dcd023b44

SHA512
f328a3db584cecc7fdba7ea9c3915b3ffea5e0d50e2ac4b9cd48ec925c22291bccba3a211df1095799bff3bcfe9a3303b270f613531a552d5d039a30fbae644e

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

Filesize
1.5MB

MD5
13022e8699bd322573e972abfd9c4666

SHA1
f730f388afdbf85cd3380f56b840e88090436705

SHA256
94cb4592be353d252434097213c81e8f74316dbc37a38f7cbe42dd3fc0cdb69a

SHA512
35742874bb2bfa4c64992669d7c8150346e9468e4b0dd3d0f46d77f654a0c9f34085ee9fe73bf6bda748bc06c435fa9741040f50d36bf681344075b09e894468

Download Submit
C:\Windows\alg.exe

Filesize
431KB

MD5
9ebbe7f3d0d943ed49da5f96265456cc

SHA1
4805b176dcf5d84052ffde9c4cd14c7b6d8b08d2

SHA256
6b73dba2d6e50f1bdc5bb31a8afef5f974180bf612353193a0cab3ac3b5ccac1

SHA512
5ae5d9700c17af165fa3c68cb85ffb1689a5fa37e6207a4ed77bd3669e21c479b287bceefb713509903677fe10c0941f24d8296c0e2a5a8e2391d44629935e65

Download Submit