jigsaw | 92880fa12ebc08efe411f63e623fe80225b771f493e80d4cc159f100229c5a5d

Analysis

max time kernel
149s
max time network
114s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
20/03/2025, 23:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cats.exe
Size

126KB
MD5

e0d108435c58dc9403588e4dcab68275
SHA1

7a7331423938020550ff3decd2e8b50b3ee5c87a
SHA256

61cd0131cb4bf090c5ee7761566f6f7a778e78b37d220f0506f98632a2663ee8
SHA512

2a5648ced91b75d928b4d71a8580c5bee75a5f27623f8c5071cd23b8cd85eaa8129ddb0aaf0a1fcca05fb1b7868a0fcd9306e9ddf2d3eaaf605c41cc7fde4a9e
SSDEEP

3072:7+gYdgLNp0jPilel4+800N1lknzRxqmhda40U6hrnzRxqmhda40U6hK:6gvunnhdaLlrnnhdaLl

Score

10^/10

jigsaw persistence ransomware spyware stealer

Malware Config

Signatures

Jigsaw Ransomware
Ransomware family first created in 2016. Named based on wallpaper set after infection in the early versions.
ransomware jigsaw
Jigsaw family
jigsaw
Renames multiple (3853) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Control Panel\International\Geo\Nation	cats.exe

Executes dropped EXE 1 IoCs

pid	Process
4120	Chrome32.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\firefox.exe = "C:\\Users\\Admin\\AppData\\Roaming\\Frfx\\firefox.exe"	cats.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\hi_contrast\core_icons__retina_hiContrast_bow.png	Chrome32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\WideTile.scale-400.png	Chrome32.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Median.xml.cat	Chrome32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-96_contrast-black.png	Chrome32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\LargeTile.scale-200_contrast-white.png	Chrome32.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png.cat	Chrome32.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\nb-no\ui-strings.js.cat	Chrome32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\da-dk\ui-strings.js	Chrome32.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\es-es\AppStore_icon.svg.cat	Chrome32.exe
File opened for modification	C:\Program Files\ResolvePing.zip	Chrome32.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxCalendarLargeTile.scale-150.png	Chrome32.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Advanced-Light.scale-125.png	Chrome32.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Car\RTL\contrast-white\MedTile.scale-125.png	Chrome32.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	Chrome32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\next-arrow-disabled.svg	Chrome32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png	Chrome32.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\bun.png.cat	Chrome32.exe
File created	C:\Program Files\Microsoft Office\root\rsod\osmmui.msi.16.en-us.boot.tree.dat.cat	Chrome32.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\Doughboy.scale-150.png	Chrome32.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxCalendarSplashLogo.scale-150.png	Chrome32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\WideTile.scale-100_contrast-white.png	Chrome32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\sw-KE\View3d\3DViewerProductDescription-universal.xml	Chrome32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\js\nls\root\ui-strings.js	Chrome32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\root\ui-strings.js	Chrome32.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Times New Roman-Arial.xml	Chrome32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\LargeLogo.scale-100_contrast-black.png	Chrome32.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\email\dc_logo.png.cat	Chrome32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\de-de\ui-strings.js	Chrome32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_neutral_split.scale-100_kzf8qxf38zg5c\Assets\Images\SkypeMedTile.scale-100_contrast-black.png	Chrome32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\Weather_TileLargeSquare.scale-100.png	Chrome32.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_filter-default_32.svg.cat	Chrome32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\s_agreement_filetype.svg	Chrome32.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\ui-strings.js.cat	Chrome32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\ui-strings.js	Chrome32.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\pt-br\ui-strings.js.cat	Chrome32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxGameOverlay_1.46.11001.0_neutral_split.scale-100_8wekyb3d8bbwe\AppxManifest.xml	Chrome32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-36_altform-unplated_contrast-white.png	Chrome32.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\core_icons_retina.png.cat	Chrome32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\s_close_h2x.png	Chrome32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_neutral_split.scale-100_8wekyb3d8bbwe\images\Wide310x150Logo.scale-100.png	Chrome32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\6445_48x48x32.png	Chrome32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\WorldClockSmallTile.contrast-white_scale-100.png	Chrome32.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\EmptySearch-Dark.scale-400.png	Chrome32.exe
File created	C:\Program Files\Microsoft Office\root\Templates\1033\WidescreenPresentation.potx.cat	Chrome32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteMediumTile.scale-125.png	Chrome32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteSectionGroupSmallTile.scale-100.png	Chrome32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\MusicStoreLogo.scale-200_contrast-white.png	Chrome32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\MixedRealityPortalAppList.targetsize-80_altform-unplated.png	Chrome32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\Timer3Sec.targetsize-64.png	Chrome32.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxApp_48.49.31001.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\GamesXboxHubMedTile.scale-125.png	Chrome32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Store\AppIcon.altform-unplated_targetsize-32.png	Chrome32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\S_IlluEmptyStateDCFiles_280x192.svg	Chrome32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win8-scrollbar\arrow-right.gif	Chrome32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\illustrations_retina.png	Chrome32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\root\ui-strings.js	Chrome32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-48_altform-unplated_devicefamily-colorfulunplated.png	Chrome32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\contrast-black\MixedRealityPortalAppList.targetsize-32_altform-unplated_contrast-black.png	Chrome32.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Exchange.scale-400.png	Chrome32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\SmallLogo.scale-200_contrast-white.png	Chrome32.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0016-0409-1000-0000000FF1CE.xml.cat	Chrome32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\Date.targetsize-64_contrast-white.png	Chrome32.exe
File created	C:\Program Files\Microsoft Office\root\Templates\1033\TimelessResume.dotx.cat	Chrome32.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.GetHelp_10.1706.13331.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\TinyTile.scale-125_contrast-white.png	Chrome32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Store\Square150x150Logo.scale-150.png	Chrome32.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 3592 wrote to memory of 4120	3592	cats.exe	87
PID 3592 wrote to memory of 4120	3592	cats.exe	87

C:\Users\Admin\AppData\Local\Temp\cats.exe
"C:\Users\Admin\AppData\Local\Temp\cats.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:3592
- C:\Users\Admin\AppData\Local\Google (x86)\Chrome32.exe
  "C:\Users\Admin\AppData\Local\Google (x86)\Chrome32.exe" C:\Users\Admin\AppData\Local\Temp\cats.exe
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:4120

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_remove_18.svg.cat

Filesize
720B

MD5
ec7235e2bc493ba535278020af8920e2

SHA1
cd2378d753fb2d42b1116e79fd21922542f769ba

SHA256
7a8ac2b0c15dd1189c86efde7d5c9eb44c0ced9e1df86e43f65f551e69b3ab8d

SHA512
4700053ef6f939bc35fe5764c0fc5ff0b2524fd356fb151e257db918fe43fe140db80610f0a4da41fee67ace964de9d74cd19598bae1ba272090572905f31a1d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons.png.cat

Filesize
7KB

MD5
f378204a16101eb8ad24fe72968effa7

SHA1
863e904f2b801aa79bea1f576c54af771fb4b59d

SHA256
dfc565a6aa9c6ac13b6bb390bec9db960d69e2b8a6d1936c27e4f15db837482e

SHA512
eaaf2d2ba046da2f58495bee6ca53fcc85339425c264d18684b2775ae93e3ebad66d82e381612169c58508e34069028c86a10c55253b046634b9ba03f8785c99

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons_ie8.gif.cat

Filesize
7KB

MD5
b7473ff950f9ac66b85d90f75e05fecf

SHA1
60598312e90640dfea159a6926c367e8471e1abb

SHA256
f0ed3ee9a6ea584d41f79b102620df6e48f1b1c635168d476622c3b84ea45976

SHA512
756b716dbeb75b6aa77d911c6c55ccade55db2a6228aae061345560c7f85f71f61065dfba9a56bf0dfdacce0a52060d3f47f6af349f6217ace690e6dfb669572

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons_retina.png.cat

Filesize
15KB

MD5
2b75e2f38266738fd8d4255748839e43

SHA1
d4d6855f72c5b26218e9c34c9df743587b35cd77

SHA256
f872906fe1706bf76ad169c13eb1f493de3d6375db3b324950537e4852ee1410

SHA512
17b35f398b826ea5f536669b5d444030ae0c5203dd37f4540e18038784749b61db6b06b92610571381b6fc1ff867b510378a9289c155e34db635c172600ebfec

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\new_icons.png.cat

Filesize
8KB

MD5
9aa765733000a28abc08572377ffd986

SHA1
740b69fe710dd9f925b5f367637103c41ba82055

SHA256
0b97963d45989f1db93c9dd15ae08a97a0010768938273d9d3df25ccc920076e

SHA512
19203cabd63a2bb517aec0d8f0cc6661d78a24f2b908216f62a6c3107a76cc120613d6b9eadc74b2bcd9f909b9cd7fe81ac87723e95a69be6deca7c4c62d224d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\new_icons_retina.png.cat

Filesize
17KB

MD5
edcda3b0a629dda6ba26e22693a3c71a

SHA1
f8c0286ac8c00e30695bee11be6d7df7d41e7fff

SHA256
2ff247de7879587e2db1aa725e1d19851aa719ba92599be6aeee73c48723300e

SHA512
4429fd8bb0fd5dd4156d97b858a0048222899e99f3da8484ca00214a0836ac61d6dca428906ab823ba147b0b82aab0b7f54210f3035e5da824e71596f946b457

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon.png.cat

Filesize
448B

MD5
ebcd821e2f56f76ba27323488abaf994

SHA1
5cfbdddaa9e4223f6acfbb78164792f6d4847d2d

SHA256
4279d2a1ffc3b5b26924b2d64a52d0a95f488f6b2387f1c0c41915d6fa0c2cc8

SHA512
adc46a35f3c2906450d7c8bdba26cb9475bbe2f7c688b7513520df78e793eb7f2e69fd377074d7a971e150d5b5ec35788bff8da2a2223edaa660410fc07e8a96

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_2x.png.cat

Filesize
624B

MD5
e9b5e5c8408f0c578efe570c7e86c274

SHA1
d0107226eb2584e641cda486ea993ba995a8935b

SHA256
054085288f2d56d95b4338c6898f0722519755f5a17d3dab613ecf233950b9ac

SHA512
cb5b677fb9c45e8f1c85667780be9f07c042b37f1ccff4685343dce16090d12ebbbd14606146dabb73a1cc41a849e7a879b9c72066d8b3f0fdcd81b342540d21

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover.png.cat

Filesize
400B

MD5
c922565f0cf151f9bf12387b907cd246

SHA1
d13deb6f4afc5fc7a158eb0bd666d461850ce744

SHA256
b360e502e5bb1cea6ceb6eaba8257d76ef5307381274bb0cf2c742009d6301bc

SHA512
a926b267bd917ede056815e230c9c1c400f5c6a32940b345b6f8460b021a242e879672f7ef249ee899a87ed828f1eebba29fdc5d4326e03f85ef0e37ae17f35d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover_2x.png.cat

Filesize
560B

MD5
2977ae8083df9e816906d7033ba72fc3

SHA1
ccafb3f795689e47becc37935edaa6100fc6c96c

SHA256
02b9257e2a1cbb1de7b790d644b05caa7190c436831016fed5f5629e91db9d75

SHA512
1d1c936ab093145793ee5e1e300270c373c4f18799f982eaf105c813eff43a42a337c2bbc5a31cfe814f354fc7862cef7fa965130ce1a0bc78269bcc0878b661

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon.png.cat

Filesize
400B

MD5
fa95ce0967f52d66d262736ba905a3af

SHA1
f5bd38b5515c12598360b1c1031df52fae30d1bb

SHA256
3cc38eaa61745a8d2f3c98021dbe8dba93c272c9a855bf543dec6bba77b80310

SHA512
5e0363bd5d3e47f474d914a726fc22c653ec1b139d7c58f85ff170338159afd91b01b24ac371b350a34a2ca3e6a463359a39564617959de3b3e53fa8a948e889

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png.cat

Filesize
560B

MD5
f225c7deb543fb59c9df05b5c7517bb9

SHA1
bad432d340a00436df173b3f62e1018ea69cf363

SHA256
999a34566464822bfa66c5b94ace878d8dc15749e7f50476fc4ff96ce3dd5e55

SHA512
3f2fb62404dc3109a981f6e1e6529c910257e1975724b9d3515c4688d7227b4bf115b68b14471cfd2404524080e8d91d892d91d65b96b1dd4f7f41a29e91b3d2

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png.cat

Filesize
400B

MD5
cff0ce01611958c34bdd27847eefc88a

SHA1
6d76198d6d186a0f3f89d0b6b378a7a27c1306bf

SHA256
ab5f2ed78598fa839945d5b1548bda5160442ae8c7bf3818e7804b753c8d345d

SHA512
2525ca00eb5e3db803c0ae87a71d2a98728ca2cc156352206bf5de27b4acbb090d5ee27506bbf4eca2d7cda1b73e38adfc063588658cd6ee38faed40f0657776

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png.cat

Filesize
560B

MD5
77b7c1020bdc2da51cff0eee75745a71

SHA1
abd40a3d409aaebfe0fa146842a53cc7ab12918f

SHA256
32c7542527c75932ec982d66936db62bf044405be611efa9cf8fe8aa56c1a6ca

SHA512
ed9bbdcb61fb5ce6027d658a16cc75732f17d5c8a915ce1f6b9ff2bc6e9e8ecdd153aa1330aaae065e8edd8da68c6cf9d359677f71b846c4d6a9a6a3db5a5057

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\example_icons.png.cat

Filesize
688B

MD5
cbc957379cd9196dffbc78622c256c33

SHA1
0d784a9e8ddd0e0fa9a67fe5e0ba4c352d698b00

SHA256
70a0f7efc95858c98c6954a43b9cd44ad0af87dfa77457d90bd887fbbc08ccac

SHA512
33822d276d8bbadc9cc91336d6ef4466ac6bca93211ac0a1bd29281228d6c13d4b440ab7a2c63f206de8196580b741e2cb64bf1b99884fb651fa8bff60e2de20

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\example_icons2x.png.cat

Filesize
1KB

MD5
a3769c555174bc29c55f206d6f7c4503

SHA1
bafcdfe38989f36cab2d9feffd6390685bb4f07f

SHA256
c52a0b4d5ad8333cbdc8bec2ca4f3e8139a4f69ec4f2ff890df45662963c9d13

SHA512
758f4e8a5e78ae2d9cf505db1bddbc6880389e7aeefd39c96f869f41ea350f7b6355f604c3accb33eb124abd496d65b850e967efa449f7865aac83e5fb3c88e9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\bg_pattern_RHP.png.cat

Filesize
192B

MD5
ce4feff927032243a21c94d5286b2293

SHA1
4c527a334bf036eab57486d968d67ae9907200e1

SHA256
2c8972e5b5d95a1329c2e34cad12d921004f27ba2ae62983d51466f293657353

SHA512
bb39467a6acadedf093206bc6f519f91bdb7e2670b56ad9f7bb0e050da431453472d05fcf2d30d705678d301c5bdc697f06512ef2f1a306c3a4f60974cb8c5e7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\bg_patterns_header.png.cat

Filesize
704B

MD5
9722cb94d2cc3742a03f94dc2fc9e16d

SHA1
ce6bb8d233bd27058b212e40469ce350c040f6fb

SHA256
85d9064b146bebfb54c198d48b380391892119d54210cab173d1f60527356c64

SHA512
6e3a51dcad16b823bfacb1bb5055fe2a0e99c7ed2411930cbbaefe19b2768985a193a22fb1ba59d4bc6fb614e3b72e031ceff55cb706ab1f9d5bbfd403177add

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\illustrations.png.cat

Filesize
8KB

MD5
8dbfd9a027b9b2fe81d62782db8da5b3

SHA1
13f5fa00a223b668e4d35acd0d314659cf56cd13

SHA256
c640cb056ee76dfdb10b7199d140718e40c151065c64f702b82e5fc1ab74448e

SHA512
15b7fe2589e2aed5643a35a7f53b347e8cb84b6073053939a179cd8150b85117f623f281a2232c274f080f658548d50d09bf7e7da4c9d30d9432dddde740f961

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\illustrations_retina.png.cat

Filesize
19KB

MD5
5e83d19ce55dd62a9623b7aaa76f7ccc

SHA1
116ca4010e7377286545f89800331c3580378422

SHA256
5ad16decdf2a7bb15ff70f6831b3c5912a5c7933fc93740340edecd678ded2de

SHA512
8d43bb48bab3a16f017c0f976b2297fa4f9e07121a0392b14228c7883ef758f5105653e79259751340924252e35d4c39a756baa0616db8af16c27ac4ec2d6b96

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-gb\ui-strings.js.cat

Filesize
832B

MD5
851e77fc9275c29648b2b1bed55e2a23

SHA1
c29c392ddd58f209f0560c5fb6a737a4ce174a04

SHA256
06d59f5517770b3075793a10a28b06f43c939165c776ab9918a1a93c80aa14f1

SHA512
4cb1f40a3ac7cbb22ce6c4acdf576d5563d83aa3f7f7e6b6984bdb39534a427dc5587d30c4e8a3eacb7757731f7355c3284c5cfa6ee2324118134633f05659b9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ui-strings.js.cat

Filesize
1KB

MD5
2753bbf4bba9752eb45475354723e822

SHA1
a7ca5ad1c6c28005cd04616835a5ecc2e7967d53

SHA256
82417bcba49e4c4e828822da0725c048d68b39699048f5d347cea2e478a2fac6

SHA512
21b5de52738db2e86813b364c82c5c13b1e4879aa0c1077170d3ee685c9559b229f43c188ba47787cbec8847f88d6d5415f75b012f6130afc344a4fd5ab118be

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ui-strings.js.cat

Filesize
1KB

MD5
83d20ec3593221ec20ec2186909f25e0

SHA1
bd2b5ef8ce1fde1c4369dc3f0e664f48079569ba

SHA256
ba1dbef523db186ffc7b4e9e8f695ce9b30fca6e2664c0a9cc851e9bea33bf57

SHA512
ee5ceebf9921240de4f8fd3d748175fcc4f3924d98d6d052faf71086895c55d3400ee849450032b4a84a555b539df9ab59a40f127fef5fae0ebe9d7f0c86d202

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\bun.png.cat

Filesize
2KB

MD5
3f0ff3edefa5251f1131dac64e82d772

SHA1
2ce1c2817309c4427da5efdf853c6dcf8215aa86

SHA256
51c7a9363e097980c48dfebcc006e9df5cdd9adba5db214233dfa9a305829981

SHA512
42543a68d83c4c004d465284cc026d28c7dd7318d02eb5ad47e59594826328739cd23d86028d821f2b0c0c8ed3240f0a27ea1c5e6eef16712f6deb308e69d8ce

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview.png.cat

Filesize
2KB

MD5
32f00e39292fe19e932280b416968078

SHA1
115afd93d246b9a6521b3c1dc8ccf5c72b0d876b

SHA256
735d05fbf7efb48e07a590aa8906c2ff319f998be051860f847bbc8bfe50f37b

SHA512
89435e0a855c401a476555d11862915cc2d929f01d0f173cdb389e609ae3afa09580da3652493cbcf2512342dbca8ca784387876a5b0b7f8e267341aa68246b3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview2x.png.cat

Filesize
4KB

MD5
c8f9e868a1aea2dd9b7397c24e9ba5cf

SHA1
55c36066a37a43201b5f350547a13cacfb5b027f

SHA256
fb058b65b71dbde6c5e36371cdcbfc0080f569adaa8eb867d28f11ddcacb74ab

SHA512
b1be1adfe787bc619e0d848b0c3c689849961ef01f0bb810c6f36555a77d08cfb2a6fa4aba70ed1f061659d2590d59131ff60ace86f62c633020b87cac92dc97

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small.png.cat

Filesize
304B

MD5
a22bcc661cabb372575b17de9066da40

SHA1
c03427283b0a4d741b09a2d3b067c2f1a78c1a1d

SHA256
714141f93db6844076337b7f44211a6062637687b94db2e1b0b1688468d16bc2

SHA512
08fe02e13518c7e4bbef518b4a45aa1d81b8ca66dce48a162454989fb67865e87ec02075277b1a4daaffb32a32eae2550bf10910d1e6581fbae085d84dc116a7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small2x.png.cat

Filesize
400B

MD5
51f0b18bcb60371230c5ad8fc2e65d24

SHA1
381228e70ea39e8a1686370960468ee6dbdf8066

SHA256
c227b20ea1dd73692f0a00a1944c6204de0ad0ed423ecdf3a89a0d183076686b

SHA512
7723e7b5f662b44871f079159727135880b9d9d64fa342a96aa48e36ee8abf10169758ffb10b97f712372d7dee54c65f1ffea6e732ce34b90020a1e659360bcc

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\nub.png.cat

Filesize
1008B

MD5
e210c5f0a0db030cf62a7719436027cd

SHA1
f6b5b917eba1b19354d489ba5c1a244de6a40f53

SHA256
30874e4ca0de1e6d39ec4de5d85c651211cd7b36bb35d4032ff5385f2a477e10

SHA512
6514530cf8be0a8af3c9e3d7d90d1f0836b91dc05ab91bf2d139e2f37402475817975745295a37d196eab5178b17ab84d498a276ada22bac9fa39e974fe9224a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons.png.cat

Filesize
1KB

MD5
6c1af31a65a8aa0af3ac444c1fcd4052

SHA1
9a0981ca2520c2ca9a392afd77351d7ca7bbc3ab

SHA256
ecabac55d1479435ad263a91890cfdcb57aae8a72d7ee803ee09ff21333c46c0

SHA512
4d8b951bf7faf576a43ecd963e30bee74b3386c7a084de775dbec925fa1201ea934319c850f908b216d4743a3738d3871e4edadc49fab4348cbfd5a16e83eca8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons2x.png.cat

Filesize
2KB

MD5
39d4dddbbdb60fe7873ae37a9a0fc749

SHA1
c4c633ebd697566324aea0353951e480b971508a

SHA256
8c34a040f074fbfd45a27096545d13181ec998b38ea19f2be1a3f747ea40ede3

SHA512
be09c0191be607e07becacb7c97c62a8e6e429092f9110c0f32e4118a44da5fe56e5923f9dec73ca988a21666ad2fe73f3f61fa74d1ec0817ae5f46a6e7cf6b5

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\nl-nl\ui-strings.js.cat

Filesize
848B

MD5
1dd97b1aecfcae5e22128ced03113ba0

SHA1
4220f52caa96125f92b54734253a451639ff9c10

SHA256
e0c06e6e72e3cc3d6719676e41e479e21bebc26060f034b16e37781968934e15

SHA512
a00c2cd05c13c5a519fb0d2ef6f4bfae50bfaefe682920a0453f0a0dd5b82422f19611eea271fda39ca49d6bf221ab1bd1f7c9d4d239499ce0df82a85697d6cb

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.cat

Filesize
32KB

MD5
c96abce71f38f82afb9f01f38b94d01b

SHA1
c0f8a357f694d0ffe08faf657b0cdc25ffb67e20

SHA256
1727e9adaf03a7ec2c7e5ff32352fba483fbc5dfa29885b78420ee6f98a0ba61

SHA512
3446fee726bffb90ab18c27fce89f02aca912db2fdb0a576fd7c7289e08dd8f8a73b0470cc0b9b4637595bb45b1e8b9404b5c41850409de8b1bf977326811388

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\invalid32x32.gif.cat

Filesize
160B

MD5
a8258060e35cd08265a3f658e6aa2963

SHA1
a67c6aeb6db7a488c84810feea22a2d6f7be9bc8

SHA256
e847f277e6adf5f94573c0f1b10ac15efd6ca48f34f9be52e9baec6e1f1de04b

SHA512
70ecf38aa25d92ffff7a24ea35c467c95b9a22dfdc99e0705d56527923cda574add21987ab98ae2b8c589e334141d6957a660a3e34a546c764c3e42069f50d45

Download Submit
C:\Users\Admin\AppData\Local\Google (x86)\Chrome32.exe

Filesize
126KB

MD5
e0d108435c58dc9403588e4dcab68275

SHA1
7a7331423938020550ff3decd2e8b50b3ee5c87a

SHA256
61cd0131cb4bf090c5ee7761566f6f7a778e78b37d220f0506f98632a2663ee8

SHA512
2a5648ced91b75d928b4d71a8580c5bee75a5f27623f8c5071cd23b8cd85eaa8129ddb0aaf0a1fcca05fb1b7868a0fcd9306e9ddf2d3eaaf605c41cc7fde4a9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\OTele\winword.exe.db.cat

Filesize
24KB

MD5
e73d3cd6da339eaab499152457b4d0f1

SHA1
ebf492e970db954745fa5a798e1ae97f57ba6a87

SHA256
bd4520ecdbf9505627507a5dac0ee7465e30a0d25d97a8a410ef5094fdd59797

SHA512
df74fba7763471a00c328c3f9e7383012d821313b4e74a35a6ed97b5c412786d785b3b06d61033ac2a6d5bf2698462bd0087ec98f5a30b5e0e82868e4b78473f

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.cat

Filesize
8KB

MD5
3940e266c4f59f1d3578d2bbb14fa2ec

SHA1
25fa69154c1906f43807215faec12f2d22d1247f

SHA256
aceb38aa85a1a2cc9703fae0cef2340ef0f5c492a68642452a94a6ccbb99d916

SHA512
4f00faf6e5b919a8e269c6bb29856b51ce145021d44b23cfdc711617566decc7735098537e153eb8bad4200b4d416d1f9afcbee2d9845d9090806f2425416014

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133864073375339510.txt.cat

Filesize
77KB

MD5
d925ae59a8be15588a0cc2ea17d607e6

SHA1
c423adceb55bf3bf77e5e64e730ab783b4e02247

SHA256
e4f358064478cdd0fafe02dbb26bcd0d5b4d596e46115a2f01541b9fa8fe38e9

SHA512
c3c77db3c3390d5adce8bba5e574094fe9b2b238c428e3d0ee4053786faef6e268ab1d35eccc87a459184d6839e6302550e8943e43edc315278041c584adac82

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133864074558500500.txt.cat

Filesize
47KB

MD5
ad270d383ee6f08fbfbda59cc2f144b3

SHA1
4afacf202253e61be7a250239d2d6a5c990e4cfc

SHA256
aec45472df0f5502ab36fa99d79ba98f64ccf674820790946fedf2f053f3c140

SHA512
4971f7e5bb71497eea28d55c398ecd5a213af7c30960578e0a54021b13937da58ce827ae1e85fddf08d16c4d6d68056ec80839d44c8c087e97e81760ab32d212

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133864080934343245.txt.cat

Filesize
63KB

MD5
739af9a3a9aece12691c27b2594317bf

SHA1
63481cb5eebb4994a8cd0b94c7827e0c9797636a

SHA256
5976e16b75fffd858d970e1f818e9dbfb7b037c1edc5ccea8592dae681c03d5a

SHA512
5cbaf62b7eafc0d90ee5b2b4a4e2f7656f82af71529a98fa042f25853f25ffcc177dca160a476e754ee3b45fcb97305303b04013166a71d61b8315d5e6779e01

Download Submit
C:\Users\Admin\AppData\Local\Temp\{D6C3A488-C4F3-4780-AA7F-5A477B37D207} - OProcSessId.dat.cat

Filesize
16B

MD5
a2ec71f236b0da26c756b086bd502f09

SHA1
e9dc21e143a2aba3ca9eb634ed291ddf93b32e4b

SHA256
b4805a7f3e187212efacd5c2475bc8a30ce7274f8dae65858537a7f08b866717

SHA512
a1d0f50c760c9bc3ab50053633e2fd3bdca6d0de8f256b48b5c45c8bc20a93a7e2123b09c8ce5de3c9ef013d0f2c3de165d68f7748c89d629122ae6d498e9af3

Download Submit
C:\Users\Admin\AppData\Roaming\System32Work\EncryptedFileList.txt

Filesize
437KB

MD5
755d511ed284f10696aff4c5c1d46d66

SHA1
0f3cd667aaacbd1cad749de0f17977fba97155c5

SHA256
7e43df5e0b7316b56691dc5ec5f135e110f0e1224942d48d87479b20007b67c9

SHA512
20c4ec42b147f579f624e8dc7cd04f6f5b3775ae7e0c235243e3ca6be247d91a474b0f228865375e98d759e703dbd1f242b5c7f6de8ff70a8abe6e62a9c7dec6

Download Submit
memory/3592-18-0x00007FF9699F0000-0x00007FF96A391000-memory.dmp

Filesize
9.6MB

Download
memory/3592-1-0x00007FF9699F0000-0x00007FF96A391000-memory.dmp

Filesize
9.6MB

Download
memory/3592-3-0x000000001BCB0000-0x000000001BD4C000-memory.dmp

Filesize
624KB

Download
memory/3592-6-0x00007FF9699F0000-0x00007FF96A391000-memory.dmp

Filesize
9.6MB

Download
memory/3592-0-0x00007FF969CA5000-0x00007FF969CA6000-memory.dmp

Filesize
4KB

Download
memory/3592-2-0x000000001B7E0000-0x000000001BCAE000-memory.dmp

Filesize
4.8MB

Download
memory/4120-22-0x0000000001740000-0x0000000001748000-memory.dmp

Filesize
32KB

Download
memory/4120-21-0x00007FF9699F0000-0x00007FF96A391000-memory.dmp

Filesize
9.6MB

Download
memory/4120-23-0x00007FF9699F0000-0x00007FF96A391000-memory.dmp

Filesize
9.6MB

Download
memory/4120-20-0x00007FF9699F0000-0x00007FF96A391000-memory.dmp

Filesize
9.6MB

Download
memory/4120-3881-0x00007FF9699F0000-0x00007FF96A391000-memory.dmp

Filesize
9.6MB

Download
memory/4120-3882-0x00007FF9699F0000-0x00007FF96A391000-memory.dmp

Filesize
9.6MB

Download
memory/4120-3883-0x00007FF9699F0000-0x00007FF96A391000-memory.dmp

Filesize
9.6MB

Download
memory/4120-3886-0x00007FF9699F0000-0x00007FF96A391000-memory.dmp

Filesize
9.6MB

Download
memory/4120-3887-0x00007FF9699F0000-0x00007FF96A391000-memory.dmp

Filesize
9.6MB

Download
memory/4120-19-0x00007FF9699F0000-0x00007FF96A391000-memory.dmp

Filesize
9.6MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads