jigsaw | 61cd0131cb4bf090c5ee7761566f6f7a778e78b37d220f0506f98632a2663ee8

Analysis

max time kernel
90s
max time network
91s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
21/03/2025, 14:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Chrome32.exe
Size

126KB
MD5

e0d108435c58dc9403588e4dcab68275
SHA1

7a7331423938020550ff3decd2e8b50b3ee5c87a
SHA256

61cd0131cb4bf090c5ee7761566f6f7a778e78b37d220f0506f98632a2663ee8
SHA512

2a5648ced91b75d928b4d71a8580c5bee75a5f27623f8c5071cd23b8cd85eaa8129ddb0aaf0a1fcca05fb1b7868a0fcd9306e9ddf2d3eaaf605c41cc7fde4a9e
SSDEEP

3072:7+gYdgLNp0jPilel4+800N1lknzRxqmhda40U6hrnzRxqmhda40U6hK:6gvunnhdaLlrnnhdaLl

Score

10^/10

jigsaw persistence ransomware spyware stealer

Malware Config

Signatures

Jigsaw Ransomware
Ransomware family first created in 2016. Named based on wallpaper set after infection in the early versions.
ransomware jigsaw
Jigsaw family
jigsaw
Renames multiple (3820) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation	Chrome32.exe

Executes dropped EXE 1 IoCs

pid	Process
4280	Chrome32.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\firefox.exe = "C:\\Users\\Admin\\AppData\\Roaming\\Frfx\\firefox.exe"	Chrome32.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\en-ae\ui-strings.js.cat	Chrome32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteAppList.targetsize-16.png	Chrome32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-24_altform-unplated.png	Chrome32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\LargeTile.scale-200_contrast-white.png	Chrome32.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\Classic.dotx	Chrome32.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_sendforsignature_18.svg.cat	Chrome32.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files-select\js\plugin.js.cat	Chrome32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-72_contrast-black.png	Chrome32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-white\LargeTile.scale-400_contrast-white.png	Chrome32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Viewpoints\Light\MilitaryLeft.png	Chrome32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\203.png	Chrome32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Place\contrast-white\SmallTile.scale-200.png	Chrome32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\images\s_checkbox_unselected_18.svg	Chrome32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png	Chrome32.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-il\ui-strings.js.cat	Chrome32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.targetsize-60_altform-colorize.png	Chrome32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-20_altform-unplated_contrast-black.png	Chrome32.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-white_scale-140.png	Chrome32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\SplashScreen.scale-100_contrast-black.png	Chrome32.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\133.0.6943.60\VisualElements\LogoDev.png	Chrome32.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\fr-fr\ui-strings.js.cat	Chrome32.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\da-dk\AppStore_icon.svg.cat	Chrome32.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\nub.png.cat	Chrome32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteAppList.targetsize-54_altform-unplated.png	Chrome32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-80.png	Chrome32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\hand.png	Chrome32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteSplashLogo.scale-100.png	Chrome32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-black\PeopleAppList.targetsize-64.png	Chrome32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-white\Logo.scale-100_contrast-white.png	Chrome32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\Glyph_0xe81b.png	Chrome32.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_glass_100_fdf5ce_1x400.png	Chrome32.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vreg\word.x-none.msi.16.x-none.vreg.dat	Chrome32.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\WorldClockSmallTile.contrast-white_scale-125.png	Chrome32.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\EmptyCalendarSearch.scale-150.png	Chrome32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\over-arrow-navigation.svg	Chrome32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\progress-indeterminate.gif	Chrome32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\back-arrow-disabled.svg	Chrome32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_listview.svg	Chrome32.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win8-scrollbar\themes\dark\arrow-down-pressed.gif.cat	Chrome32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageSplashScreen.scale-400.png	Chrome32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\Logo.scale-100_contrast-black.png	Chrome32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\osf\agavedefaulticon32x32.png	Chrome32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-32_contrast-black.png	Chrome32.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\js\common.js.cat	Chrome32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\check-mark-2x.png	Chrome32.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\js\nls\fr-fr\ui-strings.js.cat	Chrome32.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\js\nls\nb-no\ui-strings.js.cat	Chrome32.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml.cat	Chrome32.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsSoundRecorder_10.1906.1972.0_neutral_split.scale-200_8wekyb3d8bbwe\AppxManifest.xml	Chrome32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\Standard.targetsize-24_contrast-white.png	Chrome32.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\AttachmentPlaceholder-Light.png	Chrome32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-16_altform-unplated.png	Chrome32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-80_altform-lightunplated.png	Chrome32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.targetsize-72_altform-lightunplated.png	Chrome32.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Generic-Light.scale-100.png	Chrome32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteSplashLogo.scale-300.png	Chrome32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.contrast-black_targetsize-64.png	Chrome32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-white_targetsize-256.png	Chrome32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\Ratings\YelpLogo.svg	Chrome32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Collections\contrast-black\WideTile.scale-100_contrast-black.png	Chrome32.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\ro-ro\ui-strings.js.cat	Chrome32.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\circle_2x.png.cat	Chrome32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\sign-in.png	Chrome32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageAppList.targetsize-32.png	Chrome32.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 2912 wrote to memory of 4280	2912	Chrome32.exe	85
PID 2912 wrote to memory of 4280	2912	Chrome32.exe	85

C:\Users\Admin\AppData\Local\Temp\Chrome32.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome32.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:2912
- C:\Users\Admin\AppData\Local\Google (x86)\Chrome32.exe
  "C:\Users\Admin\AppData\Local\Google (x86)\Chrome32.exe" C:\Users\Admin\AppData\Local\Temp\Chrome32.exe
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:4280

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_remove_18.svg.cat

Filesize
720B

MD5
ec7235e2bc493ba535278020af8920e2

SHA1
cd2378d753fb2d42b1116e79fd21922542f769ba

SHA256
7a8ac2b0c15dd1189c86efde7d5c9eb44c0ced9e1df86e43f65f551e69b3ab8d

SHA512
4700053ef6f939bc35fe5764c0fc5ff0b2524fd356fb151e257db918fe43fe140db80610f0a4da41fee67ace964de9d74cd19598bae1ba272090572905f31a1d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons.png.cat

Filesize
7KB

MD5
f378204a16101eb8ad24fe72968effa7

SHA1
863e904f2b801aa79bea1f576c54af771fb4b59d

SHA256
dfc565a6aa9c6ac13b6bb390bec9db960d69e2b8a6d1936c27e4f15db837482e

SHA512
eaaf2d2ba046da2f58495bee6ca53fcc85339425c264d18684b2775ae93e3ebad66d82e381612169c58508e34069028c86a10c55253b046634b9ba03f8785c99

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons_ie8.gif.cat

Filesize
7KB

MD5
b7473ff950f9ac66b85d90f75e05fecf

SHA1
60598312e90640dfea159a6926c367e8471e1abb

SHA256
f0ed3ee9a6ea584d41f79b102620df6e48f1b1c635168d476622c3b84ea45976

SHA512
756b716dbeb75b6aa77d911c6c55ccade55db2a6228aae061345560c7f85f71f61065dfba9a56bf0dfdacce0a52060d3f47f6af349f6217ace690e6dfb669572

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons_retina.png.cat

Filesize
15KB

MD5
2b75e2f38266738fd8d4255748839e43

SHA1
d4d6855f72c5b26218e9c34c9df743587b35cd77

SHA256
f872906fe1706bf76ad169c13eb1f493de3d6375db3b324950537e4852ee1410

SHA512
17b35f398b826ea5f536669b5d444030ae0c5203dd37f4540e18038784749b61db6b06b92610571381b6fc1ff867b510378a9289c155e34db635c172600ebfec

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\new_icons.png.cat

Filesize
8KB

MD5
9aa765733000a28abc08572377ffd986

SHA1
740b69fe710dd9f925b5f367637103c41ba82055

SHA256
0b97963d45989f1db93c9dd15ae08a97a0010768938273d9d3df25ccc920076e

SHA512
19203cabd63a2bb517aec0d8f0cc6661d78a24f2b908216f62a6c3107a76cc120613d6b9eadc74b2bcd9f909b9cd7fe81ac87723e95a69be6deca7c4c62d224d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\new_icons_retina.png.cat

Filesize
17KB

MD5
edcda3b0a629dda6ba26e22693a3c71a

SHA1
f8c0286ac8c00e30695bee11be6d7df7d41e7fff

SHA256
2ff247de7879587e2db1aa725e1d19851aa719ba92599be6aeee73c48723300e

SHA512
4429fd8bb0fd5dd4156d97b858a0048222899e99f3da8484ca00214a0836ac61d6dca428906ab823ba147b0b82aab0b7f54210f3035e5da824e71596f946b457

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon.png.cat

Filesize
448B

MD5
ebcd821e2f56f76ba27323488abaf994

SHA1
5cfbdddaa9e4223f6acfbb78164792f6d4847d2d

SHA256
4279d2a1ffc3b5b26924b2d64a52d0a95f488f6b2387f1c0c41915d6fa0c2cc8

SHA512
adc46a35f3c2906450d7c8bdba26cb9475bbe2f7c688b7513520df78e793eb7f2e69fd377074d7a971e150d5b5ec35788bff8da2a2223edaa660410fc07e8a96

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_2x.png.cat

Filesize
624B

MD5
e9b5e5c8408f0c578efe570c7e86c274

SHA1
d0107226eb2584e641cda486ea993ba995a8935b

SHA256
054085288f2d56d95b4338c6898f0722519755f5a17d3dab613ecf233950b9ac

SHA512
cb5b677fb9c45e8f1c85667780be9f07c042b37f1ccff4685343dce16090d12ebbbd14606146dabb73a1cc41a849e7a879b9c72066d8b3f0fdcd81b342540d21

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover.png.cat

Filesize
400B

MD5
c922565f0cf151f9bf12387b907cd246

SHA1
d13deb6f4afc5fc7a158eb0bd666d461850ce744

SHA256
b360e502e5bb1cea6ceb6eaba8257d76ef5307381274bb0cf2c742009d6301bc

SHA512
a926b267bd917ede056815e230c9c1c400f5c6a32940b345b6f8460b021a242e879672f7ef249ee899a87ed828f1eebba29fdc5d4326e03f85ef0e37ae17f35d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover_2x.png.cat

Filesize
560B

MD5
2977ae8083df9e816906d7033ba72fc3

SHA1
ccafb3f795689e47becc37935edaa6100fc6c96c

SHA256
02b9257e2a1cbb1de7b790d644b05caa7190c436831016fed5f5629e91db9d75

SHA512
1d1c936ab093145793ee5e1e300270c373c4f18799f982eaf105c813eff43a42a337c2bbc5a31cfe814f354fc7862cef7fa965130ce1a0bc78269bcc0878b661

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon.png.cat

Filesize
400B

MD5
fa95ce0967f52d66d262736ba905a3af

SHA1
f5bd38b5515c12598360b1c1031df52fae30d1bb

SHA256
3cc38eaa61745a8d2f3c98021dbe8dba93c272c9a855bf543dec6bba77b80310

SHA512
5e0363bd5d3e47f474d914a726fc22c653ec1b139d7c58f85ff170338159afd91b01b24ac371b350a34a2ca3e6a463359a39564617959de3b3e53fa8a948e889

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png.cat

Filesize
560B

MD5
f225c7deb543fb59c9df05b5c7517bb9

SHA1
bad432d340a00436df173b3f62e1018ea69cf363

SHA256
999a34566464822bfa66c5b94ace878d8dc15749e7f50476fc4ff96ce3dd5e55

SHA512
3f2fb62404dc3109a981f6e1e6529c910257e1975724b9d3515c4688d7227b4bf115b68b14471cfd2404524080e8d91d892d91d65b96b1dd4f7f41a29e91b3d2

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png.cat

Filesize
400B

MD5
cff0ce01611958c34bdd27847eefc88a

SHA1
6d76198d6d186a0f3f89d0b6b378a7a27c1306bf

SHA256
ab5f2ed78598fa839945d5b1548bda5160442ae8c7bf3818e7804b753c8d345d

SHA512
2525ca00eb5e3db803c0ae87a71d2a98728ca2cc156352206bf5de27b4acbb090d5ee27506bbf4eca2d7cda1b73e38adfc063588658cd6ee38faed40f0657776

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png.cat

Filesize
560B

MD5
77b7c1020bdc2da51cff0eee75745a71

SHA1
abd40a3d409aaebfe0fa146842a53cc7ab12918f

SHA256
32c7542527c75932ec982d66936db62bf044405be611efa9cf8fe8aa56c1a6ca

SHA512
ed9bbdcb61fb5ce6027d658a16cc75732f17d5c8a915ce1f6b9ff2bc6e9e8ecdd153aa1330aaae065e8edd8da68c6cf9d359677f71b846c4d6a9a6a3db5a5057

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\example_icons.png.cat

Filesize
688B

MD5
cbc957379cd9196dffbc78622c256c33

SHA1
0d784a9e8ddd0e0fa9a67fe5e0ba4c352d698b00

SHA256
70a0f7efc95858c98c6954a43b9cd44ad0af87dfa77457d90bd887fbbc08ccac

SHA512
33822d276d8bbadc9cc91336d6ef4466ac6bca93211ac0a1bd29281228d6c13d4b440ab7a2c63f206de8196580b741e2cb64bf1b99884fb651fa8bff60e2de20

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\example_icons2x.png.cat

Filesize
1KB

MD5
a3769c555174bc29c55f206d6f7c4503

SHA1
bafcdfe38989f36cab2d9feffd6390685bb4f07f

SHA256
c52a0b4d5ad8333cbdc8bec2ca4f3e8139a4f69ec4f2ff890df45662963c9d13

SHA512
758f4e8a5e78ae2d9cf505db1bddbc6880389e7aeefd39c96f869f41ea350f7b6355f604c3accb33eb124abd496d65b850e967efa449f7865aac83e5fb3c88e9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\bg_pattern_RHP.png.cat

Filesize
192B

MD5
ce4feff927032243a21c94d5286b2293

SHA1
4c527a334bf036eab57486d968d67ae9907200e1

SHA256
2c8972e5b5d95a1329c2e34cad12d921004f27ba2ae62983d51466f293657353

SHA512
bb39467a6acadedf093206bc6f519f91bdb7e2670b56ad9f7bb0e050da431453472d05fcf2d30d705678d301c5bdc697f06512ef2f1a306c3a4f60974cb8c5e7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\bg_patterns_header.png.cat

Filesize
704B

MD5
9722cb94d2cc3742a03f94dc2fc9e16d

SHA1
ce6bb8d233bd27058b212e40469ce350c040f6fb

SHA256
85d9064b146bebfb54c198d48b380391892119d54210cab173d1f60527356c64

SHA512
6e3a51dcad16b823bfacb1bb5055fe2a0e99c7ed2411930cbbaefe19b2768985a193a22fb1ba59d4bc6fb614e3b72e031ceff55cb706ab1f9d5bbfd403177add

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\illustrations.png.cat

Filesize
8KB

MD5
8dbfd9a027b9b2fe81d62782db8da5b3

SHA1
13f5fa00a223b668e4d35acd0d314659cf56cd13

SHA256
c640cb056ee76dfdb10b7199d140718e40c151065c64f702b82e5fc1ab74448e

SHA512
15b7fe2589e2aed5643a35a7f53b347e8cb84b6073053939a179cd8150b85117f623f281a2232c274f080f658548d50d09bf7e7da4c9d30d9432dddde740f961

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\illustrations_retina.png.cat

Filesize
19KB

MD5
5e83d19ce55dd62a9623b7aaa76f7ccc

SHA1
116ca4010e7377286545f89800331c3580378422

SHA256
5ad16decdf2a7bb15ff70f6831b3c5912a5c7933fc93740340edecd678ded2de

SHA512
8d43bb48bab3a16f017c0f976b2297fa4f9e07121a0392b14228c7883ef758f5105653e79259751340924252e35d4c39a756baa0616db8af16c27ac4ec2d6b96

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-gb\ui-strings.js.cat

Filesize
832B

MD5
851e77fc9275c29648b2b1bed55e2a23

SHA1
c29c392ddd58f209f0560c5fb6a737a4ce174a04

SHA256
06d59f5517770b3075793a10a28b06f43c939165c776ab9918a1a93c80aa14f1

SHA512
4cb1f40a3ac7cbb22ce6c4acdf576d5563d83aa3f7f7e6b6984bdb39534a427dc5587d30c4e8a3eacb7757731f7355c3284c5cfa6ee2324118134633f05659b9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ui-strings.js.cat

Filesize
1KB

MD5
2753bbf4bba9752eb45475354723e822

SHA1
a7ca5ad1c6c28005cd04616835a5ecc2e7967d53

SHA256
82417bcba49e4c4e828822da0725c048d68b39699048f5d347cea2e478a2fac6

SHA512
21b5de52738db2e86813b364c82c5c13b1e4879aa0c1077170d3ee685c9559b229f43c188ba47787cbec8847f88d6d5415f75b012f6130afc344a4fd5ab118be

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ui-strings.js.cat

Filesize
1KB

MD5
83d20ec3593221ec20ec2186909f25e0

SHA1
bd2b5ef8ce1fde1c4369dc3f0e664f48079569ba

SHA256
ba1dbef523db186ffc7b4e9e8f695ce9b30fca6e2664c0a9cc851e9bea33bf57

SHA512
ee5ceebf9921240de4f8fd3d748175fcc4f3924d98d6d052faf71086895c55d3400ee849450032b4a84a555b539df9ab59a40f127fef5fae0ebe9d7f0c86d202

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\bun.png.cat

Filesize
2KB

MD5
3f0ff3edefa5251f1131dac64e82d772

SHA1
2ce1c2817309c4427da5efdf853c6dcf8215aa86

SHA256
51c7a9363e097980c48dfebcc006e9df5cdd9adba5db214233dfa9a305829981

SHA512
42543a68d83c4c004d465284cc026d28c7dd7318d02eb5ad47e59594826328739cd23d86028d821f2b0c0c8ed3240f0a27ea1c5e6eef16712f6deb308e69d8ce

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview.png.cat

Filesize
2KB

MD5
32f00e39292fe19e932280b416968078

SHA1
115afd93d246b9a6521b3c1dc8ccf5c72b0d876b

SHA256
735d05fbf7efb48e07a590aa8906c2ff319f998be051860f847bbc8bfe50f37b

SHA512
89435e0a855c401a476555d11862915cc2d929f01d0f173cdb389e609ae3afa09580da3652493cbcf2512342dbca8ca784387876a5b0b7f8e267341aa68246b3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview2x.png.cat

Filesize
4KB

MD5
c8f9e868a1aea2dd9b7397c24e9ba5cf

SHA1
55c36066a37a43201b5f350547a13cacfb5b027f

SHA256
fb058b65b71dbde6c5e36371cdcbfc0080f569adaa8eb867d28f11ddcacb74ab

SHA512
b1be1adfe787bc619e0d848b0c3c689849961ef01f0bb810c6f36555a77d08cfb2a6fa4aba70ed1f061659d2590d59131ff60ace86f62c633020b87cac92dc97

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small.png.cat

Filesize
304B

MD5
a22bcc661cabb372575b17de9066da40

SHA1
c03427283b0a4d741b09a2d3b067c2f1a78c1a1d

SHA256
714141f93db6844076337b7f44211a6062637687b94db2e1b0b1688468d16bc2

SHA512
08fe02e13518c7e4bbef518b4a45aa1d81b8ca66dce48a162454989fb67865e87ec02075277b1a4daaffb32a32eae2550bf10910d1e6581fbae085d84dc116a7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small2x.png.cat

Filesize
400B

MD5
51f0b18bcb60371230c5ad8fc2e65d24

SHA1
381228e70ea39e8a1686370960468ee6dbdf8066

SHA256
c227b20ea1dd73692f0a00a1944c6204de0ad0ed423ecdf3a89a0d183076686b

SHA512
7723e7b5f662b44871f079159727135880b9d9d64fa342a96aa48e36ee8abf10169758ffb10b97f712372d7dee54c65f1ffea6e732ce34b90020a1e659360bcc

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\nub.png.cat

Filesize
1008B

MD5
e210c5f0a0db030cf62a7719436027cd

SHA1
f6b5b917eba1b19354d489ba5c1a244de6a40f53

SHA256
30874e4ca0de1e6d39ec4de5d85c651211cd7b36bb35d4032ff5385f2a477e10

SHA512
6514530cf8be0a8af3c9e3d7d90d1f0836b91dc05ab91bf2d139e2f37402475817975745295a37d196eab5178b17ab84d498a276ada22bac9fa39e974fe9224a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons.png.cat

Filesize
1KB

MD5
6c1af31a65a8aa0af3ac444c1fcd4052

SHA1
9a0981ca2520c2ca9a392afd77351d7ca7bbc3ab

SHA256
ecabac55d1479435ad263a91890cfdcb57aae8a72d7ee803ee09ff21333c46c0

SHA512
4d8b951bf7faf576a43ecd963e30bee74b3386c7a084de775dbec925fa1201ea934319c850f908b216d4743a3738d3871e4edadc49fab4348cbfd5a16e83eca8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons2x.png.cat

Filesize
2KB

MD5
39d4dddbbdb60fe7873ae37a9a0fc749

SHA1
c4c633ebd697566324aea0353951e480b971508a

SHA256
8c34a040f074fbfd45a27096545d13181ec998b38ea19f2be1a3f747ea40ede3

SHA512
be09c0191be607e07becacb7c97c62a8e6e429092f9110c0f32e4118a44da5fe56e5923f9dec73ca988a21666ad2fe73f3f61fa74d1ec0817ae5f46a6e7cf6b5

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\nl-nl\ui-strings.js.cat

Filesize
848B

MD5
1dd97b1aecfcae5e22128ced03113ba0

SHA1
4220f52caa96125f92b54734253a451639ff9c10

SHA256
e0c06e6e72e3cc3d6719676e41e479e21bebc26060f034b16e37781968934e15

SHA512
a00c2cd05c13c5a519fb0d2ef6f4bfae50bfaefe682920a0453f0a0dd5b82422f19611eea271fda39ca49d6bf221ab1bd1f7c9d4d239499ce0df82a85697d6cb

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.cat

Filesize
32KB

MD5
c96abce71f38f82afb9f01f38b94d01b

SHA1
c0f8a357f694d0ffe08faf657b0cdc25ffb67e20

SHA256
1727e9adaf03a7ec2c7e5ff32352fba483fbc5dfa29885b78420ee6f98a0ba61

SHA512
3446fee726bffb90ab18c27fce89f02aca912db2fdb0a576fd7c7289e08dd8f8a73b0470cc0b9b4637595bb45b1e8b9404b5c41850409de8b1bf977326811388

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\invalid32x32.gif.cat

Filesize
160B

MD5
a8258060e35cd08265a3f658e6aa2963

SHA1
a67c6aeb6db7a488c84810feea22a2d6f7be9bc8

SHA256
e847f277e6adf5f94573c0f1b10ac15efd6ca48f34f9be52e9baec6e1f1de04b

SHA512
70ecf38aa25d92ffff7a24ea35c467c95b9a22dfdc99e0705d56527923cda574add21987ab98ae2b8c589e334141d6957a660a3e34a546c764c3e42069f50d45

Download Submit
C:\Users\Admin\AppData\Local\Google (x86)\Chrome32.exe

Filesize
126KB

MD5
e0d108435c58dc9403588e4dcab68275

SHA1
7a7331423938020550ff3decd2e8b50b3ee5c87a

SHA256
61cd0131cb4bf090c5ee7761566f6f7a778e78b37d220f0506f98632a2663ee8

SHA512
2a5648ced91b75d928b4d71a8580c5bee75a5f27623f8c5071cd23b8cd85eaa8129ddb0aaf0a1fcca05fb1b7868a0fcd9306e9ddf2d3eaaf605c41cc7fde4a9e

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.cat

Filesize
8KB

MD5
3940e266c4f59f1d3578d2bbb14fa2ec

SHA1
25fa69154c1906f43807215faec12f2d22d1247f

SHA256
aceb38aa85a1a2cc9703fae0cef2340ef0f5c492a68642452a94a6ccbb99d916

SHA512
4f00faf6e5b919a8e269c6bb29856b51ce145021d44b23cfdc711617566decc7735098537e153eb8bad4200b4d416d1f9afcbee2d9845d9090806f2425416014

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133864073326065394.txt.cat

Filesize
77KB

MD5
602492d29d70d16d370f22fd6cd1e4ed

SHA1
c34732241f1a6df71d8c26f26473d5cfc5488d8b

SHA256
2c118e57d32739ddb638038f4353144537266ebfb8c8bcd73e2e332d3d6f8c82

SHA512
1246004c4ef1e70cde71f3a082635e4017db3e83ca636b5a3b4b5b4403532cb22187bdde3f0ea7d6e1fef5812be0c8317fe45d9e6b1344ba3a9460019d5f74f6

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133864078989255826.txt.cat

Filesize
48KB

MD5
b27953fcf40d0218e4ee0860c6687112

SHA1
b188b2759c2c8d1b4b8ef5584f99d5b13d8fc7ca

SHA256
fb3609ebe5f22fcbe607d328b250376ab5911e61edc0e1dbf5552195cba224f8

SHA512
baa169bb012ac20ab7c35c16441b0e36014dc6f69e43f71b1605145cd94695591234810125efd6335e0f81be63405d994701205b64db07014efee075ca61c779

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133864081664967149.txt.cat

Filesize
65KB

MD5
3071921920ce459957e3c0e8542edab6

SHA1
83678d338f37f936347125abba2a4b29150c454e

SHA256
12f513ac45dd6b688e96fede7454d91fcc17b5af6c037cba68390b27ddbf9fbc

SHA512
d204a191ff7c4c0ff9bb817b955e2aadae82b021a484fc905665540ab2019a59b4e88e63c9d22271ef54d1a61f9d5b9acddb9cd91ba813e4a90743bf65ad91c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\{CB77A880-F05B-424D-BA38-5AA0461FEA56} - OProcSessId.dat.cat

Filesize
16B

MD5
a2ec71f236b0da26c756b086bd502f09

SHA1
e9dc21e143a2aba3ca9eb634ed291ddf93b32e4b

SHA256
b4805a7f3e187212efacd5c2475bc8a30ce7274f8dae65858537a7f08b866717

SHA512
a1d0f50c760c9bc3ab50053633e2fd3bdca6d0de8f256b48b5c45c8bc20a93a7e2123b09c8ce5de3c9ef013d0f2c3de165d68f7748c89d629122ae6d498e9af3

Download Submit
C:\Users\Admin\AppData\Roaming\System32Work\EncryptedFileList.txt

Filesize
434KB

MD5
df961b522070a8d576da282dbb2bdde7

SHA1
13a6aeceb2977b2b8e89c8d121d070fcad566269

SHA256
e1572590cac9b625402142b1f49530615fd2a984fa3d65d990e606766dad6e0b

SHA512
35eb095935827e59984a8d3cf125b246d7b7f33bac86c51c4b690911a7caf4c27d0de4e4d6b124924a67af2305de7633142f8b2d4321b979d930e4d0f4274795

Download Submit
memory/2912-3-0x000000001C2F0000-0x000000001C38C000-memory.dmp

Filesize
624KB

Download
memory/2912-0-0x00007FF99C1A5000-0x00007FF99C1A6000-memory.dmp

Filesize
4KB

Download
memory/2912-1-0x00007FF99BEF0000-0x00007FF99C891000-memory.dmp

Filesize
9.6MB

Download
memory/2912-2-0x000000001BE20000-0x000000001C2EE000-memory.dmp

Filesize
4.8MB

Download
memory/2912-16-0x00007FF99BEF0000-0x00007FF99C891000-memory.dmp

Filesize
9.6MB

Download
memory/2912-18-0x00007FF99BEF0000-0x00007FF99C891000-memory.dmp

Filesize
9.6MB

Download
memory/4280-19-0x00007FF99BEF0000-0x00007FF99C891000-memory.dmp

Filesize
9.6MB

Download
memory/4280-20-0x00007FF99BEF0000-0x00007FF99C891000-memory.dmp

Filesize
9.6MB

Download
memory/4280-21-0x0000000000BC0000-0x0000000000BC8000-memory.dmp

Filesize
32KB

Download
memory/4280-3847-0x00007FF99BEF0000-0x00007FF99C891000-memory.dmp

Filesize
9.6MB

Download
memory/4280-3848-0x00007FF99BEF0000-0x00007FF99C891000-memory.dmp

Filesize
9.6MB

Download
memory/4280-3849-0x00007FF99BEF0000-0x00007FF99C891000-memory.dmp

Filesize
9.6MB

Download
memory/4280-3852-0x00007FF99BEF0000-0x00007FF99C891000-memory.dmp

Filesize
9.6MB

Download
memory/4280-3854-0x00007FF99BEF0000-0x00007FF99C891000-memory.dmp

Filesize
9.6MB

Download
memory/4280-22-0x00007FF99BEF0000-0x00007FF99C891000-memory.dmp

Filesize
9.6MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads