globeimposter | d4604ebab2f3af2231e635c0495c4362cfb958bcbcf23bd8e4277c2e3a3e892c

Analysis

max time kernel
121s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
05/04/2025, 23:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
Size

55KB
MD5

d8d6106cbb98243c255509529915d6b7
SHA1

84198ef936b51c75a0b0a0596c0eda624ada326a
SHA256

d4604ebab2f3af2231e635c0495c4362cfb958bcbcf23bd8e4277c2e3a3e892c
SHA512

412d12ba6e0f7be101bc61d88c8b963ffc2e1d6d683ffc83717f45d8a8350c440aa78e9174132b391d3007f96d8d644024553618b282daca94d676a1eb46482f
SSDEEP

1536:+kfjkfV+KJolntwrbDSTWvTwhQMhmpdLsNy:14fIKJolntGDT5qm3Lqy

Score

10^/10

globeimposter defense_evasion discovery persistence ransomware spyware stealer

Malware Config

Signatures

GlobeImposter
GlobeImposter is a ransomware first seen in 2017.
ransomware globeimposter
Globeimposter family
globeimposter
Renames multiple (9093) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-805952410-2104024357-1716932545-1000\Control Panel\International\Geo\Nation	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-805952410-2104024357-1716932545-1000\Control Panel\International\Geo\Nation	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe

Executes dropped EXE 1 IoCs

pid	Process
2604	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-805952410-2104024357-1716932545-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\BrowserUpdateCheck = "C:\\Users\\Admin\\AppData\\Local\\2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe"	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe

Drops desktop.ini file(s) 50 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Pictures\Saved Pictures\desktop.ini	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	C:\Users\Admin\OneDrive\desktop.ini	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	C:\Users\Public\desktop.ini	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	C:\Users\Public\Downloads\desktop.ini	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	C:\Users\Public\AccountPictures\desktop.ini	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	C:\Users\Admin\Saved Games\desktop.ini	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	C:\Users\Admin\Saved Games\desktop.ini	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	C:\Users\Admin\Music\desktop.ini	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	C:\Users\Public\Music\desktop.ini	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	C:\Users\Public\Downloads\desktop.ini	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	C:\Users\Admin\Videos\desktop.ini	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	C:\Users\Admin\Favorites\desktop.ini	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	C:\Users\Admin\Downloads\desktop.ini	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	C:\Users\Admin\Documents\desktop.ini	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	C:\Users\Admin\Documents\desktop.ini	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	C:\Users\Admin\Desktop\desktop.ini	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	C:\Users\Admin\Contacts\desktop.ini	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	C:\Program Files\desktop.ini	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	F:\$RECYCLE.BIN\S-1-5-21-805952410-2104024357-1716932545-1000\desktop.ini	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	C:\Users\Public\Libraries\desktop.ini	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	C:\Users\Admin\Desktop\desktop.ini	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	C:\Users\Admin\Contacts\desktop.ini	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	C:\Program Files\desktop.ini	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	C:\Users\Admin\Pictures\Camera Roll\desktop.ini	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	C:\Users\Admin\OneDrive\desktop.ini	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	C:\Users\Public\Pictures\desktop.ini	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	C:\Users\Public\AccountPictures\desktop.ini	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	C:\Users\Admin\Searches\desktop.ini	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	C:\Users\Admin\Pictures\desktop.ini	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	C:\Users\Admin\Pictures\Saved Pictures\desktop.ini	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	C:\$Recycle.Bin\S-1-5-21-805952410-2104024357-1716932545-1000\desktop.ini	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	C:\Users\Admin\Videos\desktop.ini	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	C:\Users\Admin\Searches\desktop.ini	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	C:\Users\Admin\Pictures\desktop.ini	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	C:\Users\Admin\Music\desktop.ini	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	C:\Users\Admin\Favorites\desktop.ini	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	C:\Users\Admin\Favorites\Links\desktop.ini	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	C:\Program Files (x86)\desktop.ini	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	C:\$Recycle.Bin\S-1-5-21-805952410-2104024357-1716932545-1000\desktop.ini	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	C:\Users\Public\Music\desktop.ini	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	C:\Users\Public\Documents\desktop.ini	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	C:\Users\Public\Desktop\desktop.ini	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	C:\Users\Admin\Links\desktop.ini	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	C:\Users\Admin\Downloads\desktop.ini	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	C:\Users\Admin\3D Objects\desktop.ini	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	C:\Users\Public\Videos\desktop.ini	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	C:\Users\Public\Desktop\desktop.ini	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	C:\Users\Admin\Favorites\Links\desktop.ini	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe

Indicator Removal: File Deletion 1 TTPs
Adversaries may delete files left behind by the actions of their intrusion activity.
defense_evasion

File Deletion
T1070.004

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxMailAppList.targetsize-32_altform-unplated.png	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\CENTURY.TTF	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Controls.Ribbon.resources.dll	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\ORGCINTL.DLL	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.scale-140.png	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-file-l1-2-0.dll	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\MyriadPro-BoldIt.otf	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\de-de\ui-strings.js	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-96_altform-unplated.png	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_x64__8wekyb3d8bbwe\Assets\Preview.scale-200_layoutdir-LTR.png	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\gl-ES\View3d\3DViewerProductDescription-universal.xml	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\resources.pri	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-72_contrast-black.png	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-16_contrast-white.png	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Adobe\symbol.txt	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\zh-tw\ui-strings.js	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\js\nls\ui-strings.js	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC_F_COL.HXK	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	C:\Program Files\7-Zip\Lang\lij.txt	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\css\main.css	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\RTL\contrast-white\WideTile.scale-200.png	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.targetsize-20_altform-unplated.png	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SmallTile.scale-125.png	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-black_scale-100.png	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Client\msvcp140.dll	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jaas_nt.dll	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ui-strings.js	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\line.cur	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\Assets\Audio\Skype_Dtmf_6_Loud.m4a	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-20_altform-lightunplated.png	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2018.826.98.0_neutral_split.scale-125_8wekyb3d8bbwe\AppxBlockMap.xml	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Windows.dll	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\ro-ro\ui-strings.js	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-40_contrast-white.png	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-40_altform-unplated_contrast-white.png	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteNewNoteLargeTile.scale-150.png	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libyuy2_i422_plugin.dll	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail-pl.xrm-ms	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	C:\Program Files\7-Zip\Lang\va.txt	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\images\FileSway32x32.png	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\Cartridges\sqlpdw.xsl	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ComponentModel.dll	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\appstore.png	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\demux\libogg_plugin.dll	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\TellMeOneNote.nrr	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\zlib.md	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\MapsAppList.targetsize-96_altform-unplated_contrast-white.png	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\ExchangeWideTile.scale-150.png	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\LinkedInboxLargeTile.scale-400.png	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-white\StoreLogo.scale-200_contrast-white.png	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteAppList.scale-200.png	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTest-ppd.xrm-ms	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\nl-nl\ui-strings.js	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\ReadMe.html	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-64_altform-unplated_contrast-black.png	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\AppxSignature.p7x	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\MixedRealityPortalAppList.targetsize-60_altform-lightunplated.png	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\System.Numerics.Vectors.WindowsRuntime.dll	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\demux\libmp4_plugin.dll	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_OEM_Perp-ul-phn.xrm-ms	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\ro-ro\ui-strings.js	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\fonts\NotebookIconAnimation.ttf	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\access\libbluray-awt-j2se-1.3.2.jar	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_OEM_Perp-pl.xrm-ms	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 4108 wrote to memory of 2604	4108	cmd.exe	89
PID 4108 wrote to memory of 2604	4108	cmd.exe	89
PID 4108 wrote to memory of 2604	4108	cmd.exe	89
PID 1964 wrote to memory of 4968	1964	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe	107
PID 1964 wrote to memory of 4968	1964	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe	107
PID 1964 wrote to memory of 4968	1964	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe	107
PID 2604 wrote to memory of 1320	2604	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe	106
PID 2604 wrote to memory of 1320	2604	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe	106
PID 2604 wrote to memory of 1320	2604	2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe	106

C:\Users\Admin\AppData\Local\Temp\2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
"C:\Users\Admin\AppData\Local\Temp\2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Drops desktop.ini file(s)
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1964
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /c del C:\Users\Admin\AppData\Local\Temp\2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe > nul
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4968

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
1⤵
- Suspicious use of WriteProcessMemory
PID:4108
- C:\Users\Admin\AppData\Local\2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
  C:\Users\Admin\AppData\Local\2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Drops desktop.ini file(s)
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2604
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\system32\cmd.exe" /c del C:\Users\Admin\AppData\Local\2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe > nul
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1320

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Indicator Removal

T1070

File Deletion

T1070.004

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\CPDF_Full.aapp

Filesize
2KB

MD5
3368954cd5329db14f6f7fd6a31a009b

SHA1
e8873f346945bae6cea76654849e17b0553afb2c

SHA256
3678bbbbff5b6471313775f7838b596c0ccbf9bb37f28080db4d5a8e86bd39e1

SHA512
b1ca33c38fc30c25d1b67294fd7f15175b53293ee6140bfee5fff41eab590974df224d1428c78b14f8455eb9623725e08533b19a088a671e7c44a8028c8b14a3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\fillandsign.svg

Filesize
3KB

MD5
9cd31e0413424557165f111270eda306

SHA1
7f4c04abea84b0ab6aec50b6540566fbf5b09228

SHA256
9e2c789a8e2ac3c2e8a01abea2be76a5b0c73f7fd7f8a29c4c1ad9ae81ef9e0c

SHA512
4ac3654339b191a51d878bff8bbc3331d1a9ee8b5bda3383d0179c13d4165187f228d1300aa53a9b7df4488d8a00ec3d2359a8f11210fa48aad414d2f214537c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_cancel_18.svg

Filesize
3KB

MD5
b0b02578d1878e78b5fcd98c25bb4c6c

SHA1
e983935fd22e85c44dd4246752132048a5822b01

SHA256
8d7bd15e9f1d5b3c7c623787270e702ea804b819efed2b8ba79bc57690e412d6

SHA512
d3fdfd956036fd149c273f71886b1ab4912d6d0b11f193636e3ddcbd51a0f73b2b18cdee9c1efb0a51a6c4ff1dcaabd5ca5ed611d0da516d715b43c0ac38ea33

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_gridview_selected.svg

Filesize
2KB

MD5
1357574956ccb0db71901f4f82b21fe4

SHA1
54951d4ecc7816214fd4b05306629f283bced513

SHA256
fb09b87afb8d48d2297192f1662c4a03a601407798731c19e266e7b1b73e03c5

SHA512
e559e304291f212c83a6aa4e0bbb95c1126a4659c220df298fae956ec70daffdf4610951328c1afdd86079c81a5130b5d3c46c598195985bea645221b8fe0be4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\images\s_radio_selected_18.svg

Filesize
1KB

MD5
d70cf9630067075da2adeb82e3a6d0a0

SHA1
f1064d2571f89e741145534548dd7da1de0de4ce

SHA256
11affb229b5cf84a061e1f1de65f3418f326da6f26e1e84de733cbca6560e7ec

SHA512
7fe3cafd46fd5ad7043ccd0dc3828273dc0c1477e24edcdb83b3d2bc8a7e33e8130d184e78805548c54b58f8e66c1c0aeb8574decb6dc809a27155f14fe29037

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\de-de\ui-strings.js

Filesize
3KB

MD5
3f7aabdb4bb2e2d755c55f31f27f9966

SHA1
4ae7b14c8cb72376299eda09634d7cbf96ad246a

SHA256
0e0b1eb84bf65636a449540bca1c4e4b8723277a64a5fe983a423a8f03a3ee6e

SHA512
dc9b1b54d31727371b1ab1bdea0c791d143b9290977b474baa61c8a54d630b55899f80981b95acc349fb18795ba16f0b8edfb212245fe7c6aabb9ac196ea341f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\themes\dark\line.cur

Filesize
8KB

MD5
43e40fdbff1295817a08067693337f9c

SHA1
f7d2fa978589a0c1f50c7a6ed55e66bf80585c39

SHA256
dcc38817b51bcd435bd9a7a337c04317b3257ec4c6e1b8a2e22a2683c1bf3603

SHA512
6ad9832032bc606891111dec4978b04a46b8216cac5d2968516539a414822ff236987bd43a7da63ae932b814aaf87a9dfd179f379f9072d7ae585709b82458f5

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\themes\dark\x_2x.png

Filesize
2KB

MD5
96ce0df73bd198e4e55de24cf2b68ac9

SHA1
874536863569fcbca7534bd4932c55cbca4e2a12

SHA256
3938348b000bcafb5f3c4858cb252f448bdec352e286e936b3c154612e0bc1a6

SHA512
ede3d11c281f149dfef664a3aba2a7b1cc02f6facfc0f7448ca6c459e9476c618655d98521a6c70ec0f136d6d5eefbc8f8a4b5707c3da2d1afbe3d7e76a04a97

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\virgo_mycomputer_folder_icon.svg

Filesize
1KB

MD5
9df8ace93ce94347dc466df343841df3

SHA1
5cf1db1b7442e0a7aa67dc57d244993a525523cf

SHA256
3e084912d9df36f9353d4d72c64c0076079e5dcc0d5fced6d1b45b701e123e80

SHA512
81413a3c6ceae7c8cbf60ebfbf44ef07bfac13169637343be6cea93d4695d539e64a0ca4a6e10d245b95a386ff93e9e530ffa58b36727d284d55d422ce65e4df

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\themes\dark\icons_retina.png

Filesize
16KB

MD5
80bbc219898eedc3fb1c1b0a8697b633

SHA1
bf350d1d26154eec558f55e1048bccd49ad0c729

SHA256
4b133a59e96b2002c2b8a946a09e6dedf7b7012ba3030c048f682ef65275400c

SHA512
06fe1d9824e5f18c45089d85a53e5e8fecac2f94b0c17a91ec2c257fec99b5955563738b70e08df37dfeddeb64c4d57e197c3cd01653a925584c1c60b2e42e58

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\en-us\AppStore_icon.svg

Filesize
15KB

MD5
517a14f41d662079e062e8fa33c6a388

SHA1
cd57c628ca902d5340d8f94bab55ffd72b4b27cd

SHA256
fbc89ca7363c870e6e06ac3c245ffa90886d3ff9d4ad2ea843fd361e617bdfb5

SHA512
94d3d839f52e71b28f961add36f6ced2df927bf7d943b285148d50eb1d770e9f093b8db56cd2b665541e38bd4f841010b600fa0676835762277ffad86f24c372

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\sat_logo.png

Filesize
1KB

MD5
f896a24ff4ad82d57894a6880a40f80f

SHA1
a2b0652b38dbb283e82f2e062119787630901c5b

SHA256
ebfe03ac10be3fecbaa84f243c65be8ba91d4d9d2e79b85d349af0a624c549c6

SHA512
e923f12aeb1a04dcb3dda2001296745d4d3122d3da173e3d050a01423c5b43a8dcb89383ac45441fcbcc1527ef683aba637c9a450dd73c1a3f7f3a374a921e75

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\themes\dark\cstm_brand_preview2x.png

Filesize
5KB

MD5
7db5f8d65cd1e209d2d6944fcc25f4bd

SHA1
6072141e8bce8f6413afd8374df9ecf7f6b4bf82

SHA256
86a24d9006ca9002646988a9dcf1207afae3b604e716fc9ac5e7627615c44283

SHA512
990c10c682bbab46f9e58c2ea89acd95bb1e38ddc83095c9d650c7f46d2993660a3825c8cab98c031d777c6510445a1728b58d82ee999979cdbd02d7cd39e4c8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\ui-strings.js

Filesize
3KB

MD5
8fd595645864a264051d643b2d325b0d

SHA1
b74766722ad73f4ac7274c6935a418b1b7c0d80e

SHA256
27ceee8badb683ceb6428086dee182adb4b967ed48f24b24daf628e04b9c25c1

SHA512
3b8a0d757a7b27d30f1fb6a97626e582305f8e8d8199a5b9b4c6380fbd49f04263327edee10ec81df02dc0ff5e32c862c7ef7904caaefda926e7a14dde0f0143

Download Submit
C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-private-l1-1-0.dll

Filesize
64KB

MD5
088bf2ae27960cd286a57ec999be54df

SHA1
dd0000a4bd3e5c3674a358906b82ae6b8b1e53c2

SHA256
01241afceecb74cdf3c5304501d4a05504700b8451ec4f2688513cae4a8ad520

SHA512
93f2a7585317eae513134d0181475248b1bfb7329eb96f9584f277b5d10f72c58803d9f633434f65b7de98ec5f45f0d26d9389981c7da19edaa7aa73251e61ae

Download Submit
C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-stdio-l1-1-0.dll

Filesize
19KB

MD5
3a18d85bf2b45bf52452e8d6dc16012c

SHA1
e02e412990ec5b5a7e59709a9b9d161bee3a5cec

SHA256
fdf58dc6fcc6f7446e1ae22b72550de70ebae4ba41cc3a6add77760c76a7f1df

SHA512
6977bde8ffa567bb6daf7ec0f4fbf9b2509b52e7df94ac7112ab75f0b66634e574ba0f399b4de97a81b8dbfc77ac46a380d5e7f47b36eba7932c4ded472e2cb1

Download Submit
C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-math-l1-1-0.dll

Filesize
22KB

MD5
2ca1e73033fb49e4883479b23fb6f8d1

SHA1
cc139efe23bed8515f80bfa13a9bdc95b227a277

SHA256
007dd93c522b724fc8d5052ad9e43c76b5eddf0e200ef9ac0f18b49e2d3cf9e8

SHA512
4741e06789926bc0c9221f5e764d8ee95cb494e0e4f63578e0fb5b0f5a15341df14e29ea2676cd2c7cd40aa1768a6bd4e1aa120ddd66ca6a37ce41e7ce847ded

Download Submit
C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-synch-l1-1-0.dll

Filesize
15KB

MD5
0b90a2c47ec76c59cfbd537ce8310c98

SHA1
655a01962e7db5dabb12afdb26f59e3bf429cc32

SHA256
77be942804df586a9e459866e99c5722b1dcbe9966201e4f662325601dd62463

SHA512
d04c4e1dec639664b1ff0b5a1ef5761ca999ff4ce449e0e9a1271d4ef975084da3fb3db58043b7e9e260f170a0416826557853041dbfb7784b15f1db3f07a6c4

Download Submit
C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-locale-l1-1-0.dll

Filesize
12KB

MD5
10913e04aba180e83854daafaefd1824

SHA1
df5a2da984ca6eb0b21c2ed4ab8e846abdc0cb19

SHA256
abb61827d6159164cea57a3b7cbe4c60121f9f30f9daf0ca86aa0852642d0074

SHA512
b0cc8894dc91df8a417b64846c55cc00c56bdc26739b01e8c78ecfa4cc293185d625da69624ab2cbbb397c46567ec8dbcb1983499fbd5d827beabbd0ba6160bd

Download Submit
C:\Program Files\Java\jre-1.8\bin\j2pkcs11.dll

Filesize
73KB

MD5
616eb6875fb353382c93e420901d0783

SHA1
1c60be7838d6b56dd5d9679470f1e03e702c2700

SHA256
b5a9006a8ce592936d66e695a74481d29938fc99a91851d8c29c66f2c92ebe3a

SHA512
29ffb11ed8636822f49fe94f2ae6e00b0d0b597cb490bc1579adf513b80e7ee858c430a2ad3e32f72a1ab2ba07f8f9617c2151893e43838307fdb91557287fce

Download Submit
C:\Program Files\Java\jre-1.8\bin\orbd.exe

Filesize
25KB

MD5
f3d0d83dcedc73485171fd20ddf0fc9e

SHA1
cbf3e75382b19ef4e9648f1e721a1a1db84613f9

SHA256
c0087810489639d8fbd0dcd47e54ee30b3b499fb2177e665edc10894d6ce63e8

SHA512
018b52c55711e8ba60cd38c2507fd055eb864be736399684bc04925b71c9ba8b47894f1b721073519ff9912dd0d24878d3c2e8fc4303a937c3854428167ccda5

Download Submit
C:\Program Files\Java\jre-1.8\lib\images\cursors\invalid32x32.gif

Filesize
1KB

MD5
9fc10200d5436ff74b0733d85e519cc0

SHA1
7ae6bfc993d196adfed73fc052dd2775a4aaca94

SHA256
2b3f081b333ec018cd1c93410fb91e5e3ea836849ffa007ff2be628c6395ff4e

SHA512
ee85a9bd5731399af84465311a0b5a75be906581f9fc4c6bec02e1d89dd2cea37c7c333460727e8f9d8c0c3e5a620203e173c245af1bee807b7a3c6ab0f525e6

Download Submit
C:\Program Files\Microsoft Office\root\Client\C2R32.dll

Filesize
2.0MB

MD5
3acbe96e5c85db074f1e36205ad20c2a

SHA1
7f6b7a8ce97b8a0d95ce2e112db46146c9e72a4b

SHA256
76bbfdc796a0b72418cf5abed78144c59746ba83725969a7ece4a69c61b0169e

SHA512
b4c2a117de5023980adca02ad22f1127cfc53b92bccc36c26ac6cee422bdbbf21d6a2893a06ecc2fa61a89190114c35dc933e8afaff481b8ddcadfa5a027fe97

Download Submit
C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-stdio-l1-1-0.dll

Filesize
26KB

MD5
464860560cb8caf656bc8de066214599

SHA1
7063588cc6b417c795cd013538157f0650fb93b1

SHA256
b1e7333bd413f84616fc7d7d584f416660167a2e3bdfccd802e37417e47bc6c3

SHA512
4695990e823983edb04e4f1e15b14f36c7164fa24943800e3f37a173e42f71dbfbb7ef18421bcccfbeecd8bb29706379f028e45c514436a62fb2532e6fbfcb45

Download Submit
C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Grayscale.xml

Filesize
2KB

MD5
35a739f828c156181c36b522eadeed1d

SHA1
5fd74f8ea3a51fc559b02f53cb5b5d51fa7f0fc6

SHA256
3cf8d370b0b7fccf8ecc427c66f72c08aea1fe8c96ff7c1e5affdbef68352e63

SHA512
4153db41b5573210a349aaf200f81cc3469fd0e62eb4b8946f148cccf41ea46d5ddb19c0beafc71083983c025b26df703321321af403d7f04f4277248dd5cf35

Download Submit
C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Red.xml

Filesize
1KB

MD5
33243aaba7e76850c9693fa449350a72

SHA1
0baf37a84ee1dbc8ee0c3344e37bba772d177f4a

SHA256
d9876ea11e74e70c51ee93edc7ff465faeeab329905e79ed2ea2c5ca98329a9a

SHA512
7789db5958831eba009f7f624af226f1435e7cdacf20733ba8b1d2a38160f00ecaeda15893e027b9a76646dcaeea5de5be9c1280db05b0bb2f68b9da48a097c6

Download Submit
C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_MAK-ul-phn.xrm-ms

Filesize
20KB

MD5
12f2cb12261c933ece56b6ebe8ee4ae1

SHA1
4ec449bfbb4f3904490dcdbc98bff1ebca2ff016

SHA256
c10ff103f46058b2cec9cc2e1f249bb1d9cbcdc6227ecfb744dfe56c2e4dfd0e

SHA512
8405dbae09fee982a293f4f71cce46e9fff7c43a23a0cfbeae7b5917d02eddfa7aefa571eba0fd0f769327d8e729e1cd95cb546f72407240c89a9716e3b6897a

Download Submit
C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Retail-ul-oob.xrm-ms

Filesize
13KB

MD5
4575cd42b651e932189d0868635794e4

SHA1
b40eda31082e0b33f1ba3c1dae0f590c901d9ac9

SHA256
b5256d06323c57f3ad0b1ded994fa0aaa871dee038c777e538def74c5ad6efc6

SHA512
75845fe5a60a6fe9a82d3e0dc33e5218041de2e0a0d8c7464eaa6ab8f0d9704e93fb2465649952197295df7a47996c80b0e3b76b6ec679a8c6456529740facbf

Download Submit
C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial1-pl.xrm-ms

Filesize
12KB

MD5
ad7b00836fd49e71da48c9e200d97c26

SHA1
eb27f8c9ecf4885b21eec118a9ed8d36316466b8

SHA256
95e1b10b6156a82afe27415d9fa18001a98d6a1c345570acd795838cb176e71e

SHA512
094938fbddf1009bd0a90cf4700d7744029c16c94a4574513c55be1145ed5747fcba0e118cd732d83fab44c7b3e53669430cd26b23cd0bc11e25a1226f3aab87

Download Submit
C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription2-ul-oob.xrm-ms

Filesize
13KB

MD5
aea79963eca76510dc0c229f2764d9a4

SHA1
936160aa1921337e2d3d954190e463eb1a5295a0

SHA256
0d450406a2e84d334e5d47b7c493c73da03902c090b995c4bf428ddfa3e19a0c

SHA512
1bf31045ae5c9f28d3860444c061244ee5e312bebb85c90c9935ac080ac1cb4ccf3cd63dd8c463f96447e06e4f797f06e284a929ef45af6b75e09a3e44e83c34

Download Submit
C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription2-ul-oob.xrm-ms

Filesize
12KB

MD5
cc1febb37e917b9d6c97f7544d95265d

SHA1
6e259b9af4bbed226e6fe0fbc44a61689756b542

SHA256
d556e2563b8923462582057c7491a47eb71e27db030abd0595d1d416073291d0

SHA512
1aa4bbcf41c890651311ad228e02bedec5325914aa1bfd6cea520f7f38578aec2ba1c816da5ac0da746acb06044b8a58a084593409ac04123ce312c475feecb9

Download Submit
C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial1-ul-oob.xrm-ms

Filesize
13KB

MD5
11ea86c139d87d957ada97b6abc57500

SHA1
ddf6b8f7976fc770a37a89a649c4c951ca50c557

SHA256
33418b440e3bc354fc827913ede5c73c4825056b32b5056e9c6995faa1082cb8

SHA512
94f02786c53f7bf465137b49068b3f75a0779e07158b528f092c1375648d546c5173337eca1d669e2cc99bbd345ad4fed46ca189307f27df7492a11081997ac7

Download Submit
C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_MAK-pl.xrm-ms

Filesize
12KB

MD5
fdbaf37cb71a7bcef25b07d1cc3e093f

SHA1
ccfb092a45c2fddb28e799b063752c6063642835

SHA256
268754b086f022792ccf468e7c9c8799d6e261ae3a2a049fc339fa91a3d7b5b3

SHA512
c0af07b9614ce84611ea1ea416c9dd378fbea1d7102d7e277d51e116175489a461866220ff703e993324d355cac58096225b4b457cb4841960463dd4546a6c63

Download Submit
C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp2-ul-phn.xrm-ms

Filesize
20KB

MD5
031ddd2f2c74ee0f7f7f3567e8c50174

SHA1
6a6356995ceb7e31e768e2c4155a3575bcb8c023

SHA256
2caa299b0af9a24ab55b832fea31c14ad89e7e9880ef0a769efe6914d35eb2e8

SHA512
798297d731317db5143d4fe443288777214a3d1c1d8ad7543470f860660b01044fca9e6b42a87c5f9c7ab81ba75102651bcfdb44955d2c987f8495c22c89573b

Download Submit
C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp6-pl.xrm-ms

Filesize
12KB

MD5
cf3a0fad3c121c713767facb17ec4e88

SHA1
77a428b5719f0304f6179432a1ff687646e518a8

SHA256
4b1eb8332b8cfe59748a69eb739a3556c0e4442b66fd8a14e13dfe3c6f0e7ba3

SHA512
77779b140eaca01b8e1829497d4766b0f5e1f77bc53174117b482fb57e087effa064fadb2cc81fd53a2418761315929edd14ee52db213d8fb9b4855f31cb9945

Download Submit
C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Retail-ul-oob.xrm-ms

Filesize
13KB

MD5
9bd5e3900514e2d610fb75428af93a84

SHA1
bd1b0cc81850f095920584115eff6d4cf3bab7df

SHA256
94ff4f622464417e9b082abd0074790d4a5a1ce3fa8a65889b99b625e86cf7d6

SHA512
27c2f7fadffb7bd16e6bd6983d02602fa37b87e12ccb89bbd5831f3a8a91482b91f9b045b8a97c322e24156dc2acb5fcafa58ce016b59d95f2cc7110014d56df

Download Submit
C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_KMS_ClientC2R-ul-oob.xrm-ms

Filesize
13KB

MD5
4e51a216f6f3d1307deb2237c0a82525

SHA1
fb1d87159c3cf14cbb236016ab8dd4997d1dca86

SHA256
e0387776d087880bb92067af0aeabc2f46dffc3c145757b8b0012cdb2e2183da

SHA512
b29ed621b73a52fd2a4c30eec9d28873e825b1c36dd18df572493a71425d38612462d598e97037278c93f0b6872c51332de77409a0db9cb85587e9addaf24501

Download Submit
C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTest-ul-oob.xrm-ms

Filesize
13KB

MD5
be11c16d01c8052b9277804e94eadc75

SHA1
96cc019e8e9c624f9f9a65ca5a577e6cabc99c9e

SHA256
f74ad015a6a087d82f65fd86246c4e75c9f755f230b5c03566515d1a49619034

SHA512
00552be041b9980d7c7793621d37f2746be1f19668a3ff631b7ddcbc3d925554ce4c26d9fa3a64eec9bf299f0f26c2445e9ef759e7c5ab47d1d31b3e0ef8f127

Download Submit
C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTrial-pl.xrm-ms

Filesize
12KB

MD5
28b43a23ea58aa063d53e99196087965

SHA1
46bc9d44c828e78ad2a939093590e213d6657923

SHA256
643cf0d3720677ab9c53ce6ccc030c3bf549434c247c2e284a84c68b609953dc

SHA512
b5d420a7869d7f5f9cbf5f8ae29dc1a1f12a0abaeb2e127bf2a0c0c6febfa8471cb03b0cacbc973041bcc6e559c89963a4ad24ea601dee491cefea8a0ce09f8c

Download Submit
C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\CancelGlyph.16.GrayF.png

Filesize
2KB

MD5
df764c5be53125de4101546ea23e1e85

SHA1
de3e4db3536ad10771329806d8018ba9084f9a35

SHA256
4c4a2cffd5c74aba50a09b2fd7ccbe642f8fe553b4a157c69063461648273e2a

SHA512
302f3d9df094f046960ad9339dfdd8c044cc8542f5aa872ee3479db2808f48e54222aab7bbed73e6b7583819c07e0d48102512b78ced7bee2016d70ca963fa9f

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-conio-l1-1-0.dll

Filesize
20KB

MD5
20e15d5d0f0d016823c6425fafe1d020

SHA1
08c51b034f5855d10645fc5bcb1f94d90288adb8

SHA256
f6ed6841b4f8e739dff00d94c84fcac4614ccf6bb5fb89557cbf66832b60543c

SHA512
3925a40fe97bc5d1603f0120c615ac2738cc3dd3c4fc9b231c1f985748f706ffbdb8d73c624fa98b31eb5344c3d0a9d52c908707bb320cef1867b1bee31f7346

Download Submit
C:\Program Files\VideoLAN\VLC\locale\lo\LC_MESSAGES\vlc.mo

Filesize
27KB

MD5
3676a56c0a6c00bd62f973fef7b26aea

SHA1
9ac38dbd2af6e021f4fb0f1a1248aa169f3d2dab

SHA256
656aa33e421899de1b018674707a4d0a585774ac1457e9c652e3f5c55d0db298

SHA512
87a9b9f01560fcd217c3827e6740b566cfe4659f2a8ddc8d1676ccba26aa20785e0b76e2dcee844fb5a2e73c814f94d3c4a44f8d8c06dbb75b350a36eeb07e3a

Download Submit
C:\Program Files\VideoLAN\VLC\lua\intf\cli.luac

Filesize
45KB

MD5
65b96e156225a676a4a2ddb4ace803ae

SHA1
39cdc2a80b23b6aa26c91b8ab60a547ac370f7ff

SHA256
15823f3f401bca96971878d3693ff5771d2eec138af8406a48f9274894721615

SHA512
fa9b32b1450fb420dd55a8ce55962914290413c33a83b43e321d25670085fe81a15752e1aa3dea5bf5239662438f449f92c2be5cca233f0d76cf98b9aa264502

Download Submit
C:\Program Files\VideoLAN\VLC\plugins\demux\libnoseek_plugin.dll

Filesize
40KB

MD5
8a23d269da157b35afb358dbc3cbf5c4

SHA1
8a6087229c8e2f1fc9be32ce2795bed7fd0c1fab

SHA256
9d9bf3cfd3d063a697beb588e5749c996246b3982c76d88b25c2c870ed87ff00

SHA512
4bc113b6e9179ed838d80c15dd4b02ba1ee09341a61d2de0d9a8c2d4b7172cb8904d686214c65037455b0dce8e22185ca28bf004a4c79340212ec4598cec082d

Download Submit
C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_cycle_plugin.dll

Filesize
43KB

MD5
a4312e89d44adb47080e284fd1c0da6f

SHA1
fff046cf2e0df3324cd16ba4a4ceb9cf474b9a95

SHA256
a5612d7c0dc7795f0f83ba9f2d4061923849ebb59d772835ea1e7b43831076ee

SHA512
c164690eec5531200ccff6226b55bb89a0af3c515fc8c10a0fcde6f48429bfd9a9e12bd9a2711e2a5cd53f25abc2754b6e863c56580b322dc98038a10fe14891

Download Submit
C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_standard_plugin.dll

Filesize
73KB

MD5
558fee33a6db448dacdac8ccfcc8badb

SHA1
a27a491618d2023b44827d192d5cd9d106477fed

SHA256
2f53098b4944fe867ba9f67581c2c4938f5fb9d02230d18382a99d8f8bf4bde9

SHA512
9600d9caf98420decf6221870baa3a8b7d1bfdd9a64a1355c47c899656748d9dd9488c9037d7c7df761ba75936454180c558408c27dcf83445b5052b6897910e

Download Submit
C:\Program Files\VideoLAN\VLC\plugins\video_output\libvmem_plugin.dll

Filesize
43KB

MD5
acdf01d5414b511c864ccec8ca20b6cf

SHA1
728935cceb8a963df12495e613d1943090c7af25

SHA256
d1e64cb7ba37ab3a778b0fb8356b7391bdc4d88cdd551d9aecb7763f7f8ce77e

SHA512
2cfcbf71aee913c918805da322311f4a3e24594a0bf212f82c5f1fff3305443eceaa0924db723c3af5db6b38621b148e6a4d5a876e572f00b46dbcc809df2033

Download Submit
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\WindowsFormsIntegration.resources.dll

Filesize
18KB

MD5
2e916fb7c12787d8310ddda550aa9827

SHA1
c3e3e139d8ee52c103a59acab04bcb7b2f2063d2

SHA256
f54d01ce3aff282623932fc1bda9ad52f18e599bde4a5d8ed8c8cacfc809205f

SHA512
1b4937f55690456f80bc90dcee7bc93eb9dbb0799c9d22e50aca504e4d3e60fb5949e67c3f2886482a16e5a11c0f55bda3cf19d465152495b818f20941c42891

Download Submit
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\WindowsBase.resources.dll

Filesize
91KB

MD5
ce0f8b49ec20fc8e90cdff447184503d

SHA1
ebb317d90551332a414be520139b5159ffc40be8

SHA256
8f484079be3f6b3a7f0b52ae5b06244d21a7817c4d44a9a84a9273342f52ed18

SHA512
665c867d9054574d93679bd23eb9a510ddb3ca11aed12eb1afdd06e5d2752327de6ac0b9c6e3d8b68964350bf0ab72e892b18b8006f6719504884fc825d6a4e4

Download Submit
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\UIAutomationTypes.resources.dll

Filesize
20KB

MD5
2c62de24c6372bfc136bdfb037529dab

SHA1
4f7838066d4801d384cd1b667ee1817f1ad1973f

SHA256
5a640f505ec8d05614a33f23af73ffb030e14910920468895d449dfc0057bb5a

SHA512
078ff9bec2ab73301693de897e1265fc77db35f3493625760545514ddd4783feabcdeea7fdaf58b216706fac676361dd410427c31a9e571cac1a6f0d51964b19

Download Submit
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\ReachFramework.resources.dll

Filesize
41KB

MD5
7fefa909ca78e41f56cbc73ca3d00961

SHA1
4f53ab1a9ae6e330576b982a20d3431d83745d60

SHA256
126e3dd775f8a4f63069df91a4dd7f2d38e025dc9a27eb78071e9fbef4e8055c

SHA512
210d43ed0fa9c59adc075b1438a6824bbdd86ea4059d05ad31a5f2ae111398b7d7a3782bd41ea74293ece13bb888cefa29a1f960f5f0d068f13231d419951d9a

Download Submit
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\ReachFramework.resources.dll

Filesize
38KB

MD5
57d89e3a849fdc83eaa3bd2b040e4256

SHA1
ff170cc9a9519c24b082e469cd7e0e420fa1ba55

SHA256
4d3e5d4e55f60aa3384bbd3a943acf63f3ab5d8bd088c681174c56d8d0ba7d1f

SHA512
2936793f82eec8264df12c0980d88a831d70f9d02a2a9b7999b9055f9e24732492c8e9807a2cd9ac5fabeca0f6732671a485669e3532ce6522984ba1d900f0d7

Download Submit
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\System.Windows.Input.Manipulations.resources.dll

Filesize
18KB

MD5
46a151883541a4de1781e249b74da9df

SHA1
00acdacf76d35653551dd54450c34c16006c2864

SHA256
ecb6827a0850c1bba7da214f6d867bf306a77e87d8c6a25f7ec090bcb566c6cb

SHA512
1d1d4f2637208f03b6728707c69e934389f7f155c865bb7c6b15e9dd14d60d8c771b112d7c86e83780dd2935c0e21406bde583b523707731a2f5bc5cefa0cfea

Download Submit
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\UIAutomationProvider.resources.dll

Filesize
17KB

MD5
38c35c39f40871fad99dbef564a97684

SHA1
36a6ada22d60f5915c70b0a4328870ea1680f46c

SHA256
f2795d0e58fa2ce7cd42c8b363d35c5d5c270ce4e021fb98182280aa675c9a19

SHA512
1d5e8039e285720a7a10bc95c5744e357a10133663cfdaa9d115af106fbb39f198c31c5cf6cc490d34e159a7a5c0163eb2034d34113bedad2de026b0f33b67e6

Download Submit
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\UIAutomationProvider.resources.dll

Filesize
17KB

MD5
9dde6941b413ae49e048c14dd1f16494

SHA1
dd1b03a347db022a414279fc322ca937aa814d9e

SHA256
4edba138ae468e826049a2a43f34b9fea8554d3c63a6ad3eb59d6edeaf163e98

SHA512
7c0b2f8f88243235e14dd06fe663ca22a5f41f318bfd48041a00dfe26686135ed13c41f3c955333e80361287500725c315b25d7ac3279f68af23f1043269c06d

Download Submit
C:\Users\Admin\AppData\Local\2025-04-05_d8d6106cbb98243c255509529915d6b7_globeimposter.exe

Filesize
55KB

MD5
d8d6106cbb98243c255509529915d6b7

SHA1
84198ef936b51c75a0b0a0596c0eda624ada326a

SHA256
d4604ebab2f3af2231e635c0495c4362cfb958bcbcf23bd8e4277c2e3a3e892c

SHA512
412d12ba6e0f7be101bc61d88c8b963ffc2e1d6d683ffc83717f45d8a8350c440aa78e9174132b391d3007f96d8d644024553618b282daca94d676a1eb46482f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\clr2s0gc.default-release\activity-stream.weather_feed.json

Filesize
960B

MD5
6bb13c5bf2432ba00dd9d8cf48b13855

SHA1
6f00d6dc5278f8422dd92e52cacc9a38d0ad8d46

SHA256
140a2ccbf47e7218bd0474cb3a48bca91a655914aa392d2733daaa9e59816ad4

SHA512
e12d545ab129db7a12ad433150d4f3d3b59b8d8947fd5cf820a0248184d7828faf956e56064a16fd8c95696a4269b4af03455368981cfc6f08b9764cba01f84e

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\8970d58f-25b8-4d40-9b43-3334d29c4697.up_meta_secure

Filesize
1KB

MD5
69bac07f552868d26b376c1c1f389621

SHA1
3273c65b7831c48862f45996af82c7323273ff1c

SHA256
b9d8ea2805f1ff934352853f1d8bae698bf7b53eb9599c31369bbbe56eb496de

SHA512
dbc4387a8826ce3c80cfdc79b13fcc9a2b4757864a4497d0e64faf06e5c865bdfa1179cb3d6da2a70274665ae050d6b7288374a8cce9721a5cd5bda21a16233f

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133864073784705175.txt

Filesize
50KB

MD5
bc6b2dad0ce66131af545c25b543375c

SHA1
76887190faf899e0e4ab069f126b7d8adb5d0e81

SHA256
ddc872268a43773066fa906520aacb6e0904f288b01193d054bcb3902a1295c5

SHA512
714c0d56cfafa3937161b923ca5372b2e188e2a27dc1582a23ebd4e94cf17ca9181df727e2674a92054f989e0b39797ed6fdae07eb054485e14966a5d1dd74c8

Download Submit
C:\Users\Admin\Searches\Indexed Locations.search-ms

Filesize
1KB

MD5
837b7a868bf0ba2f844d96f67f2d5ec7

SHA1
d02002490371f187a805de506f73809231ed62e2

SHA256
47f8532820493a76a287e76c6910d9a7db160f1a4a23f937c261bec0d2ad00a9

SHA512
2418f98997c18e42846c7d231c0d3a61e2c956f5f50a53698a738f12ae142accf34361aea2cd0e1255d191019237bac295710f46e5fb562274d688b41bf2530f

Download Submit
C:\Users\Admin\Searches\Indexed Locations.search-ms

Filesize
1KB

MD5
97fcab15055e64686ad0db3c1916708a

SHA1
5b2df237374896f07aa6e32a0a4c23eeeb9b8247

SHA256
322f574251ef2c4bc5fda7ba0f3dcf1967bab35e9df88c84e3c6f3ed7788b8ed

SHA512
a7ad65b43a687cec8306629a98a2efba1af3cd06676387ed6668314fad0ebd844a4452055c5825e9d50e7e36a28439327435b1c12f852c567ce92f45f03612fc

Download Submit
C:\Users\Admin\Videos\desktop.ini

Filesize
2KB

MD5
204dca975a59de0c5f7f83d83d5c715e

SHA1
bc9a960992c4fcc2b3b7bc0e2fc16ae3767011c6

SHA256
9e7ba7b01f64049069f4e5255dfd7025614b1a8f723f2c133f0c6c6ffe243245

SHA512
b6058b17c2b66f32e18a8b1d32950b5695dfb54c246505a8994f83502c2e41866f6483437d44698f0bef931a01fb7e7a217d00b095d05c8db3ffacf9bdad77ed

Download Submit
C:\Users\Public\4DA2CFC824ABB627DDDBFB5B5F2F274979DAD48C28F48BB7F20B72E0A4A07046

Filesize
1KB

MD5
fe3a97c660d83cea4773d8cd9dd07a48

SHA1
8ee1e55c3fec1915fb8972d937e5820bffa1290e

SHA256
43d60519fc530e747da9824b5f750a3266042f45f214f4f5523c1d81e782eb1b

SHA512
2ea5aa82f77051ce113532d8b9fd5dc6640e9995debc477ffb88bcee3cf4edc385fb3eda25c78d5bb7a04ee16c5ca3ac1bb57be40a1976828dd1a4a236408109

Download Submit
C:\Users\Public\Pictures\ReadMe.html

Filesize
4KB

MD5
b5a87f4abd3a5a2f531883e5b018d624

SHA1
9e21c96834d49163f780a9133388284c8ad1cce6

SHA256
a859407893a92b62e8637c9188d7b6b7890d8df21b0d79e052ad86825eaa2671

SHA512
60fedd906a7f291855bf508812e51e5cbdc63a2f36eda0e6f4b4eafeb1f050e919f22c0e542b43e7be92e63a2fc663580df3219698e5b735077d58184a151123

Download Submit
memory/1964-904-0x0000000000400000-0x000000000040EA00-memory.dmp

Filesize
58KB

Download
memory/1964-0-0x0000000000400000-0x000000000040EA00-memory.dmp

Filesize
58KB

Download
memory/2604-1085-0x0000000000400000-0x000000000040EA00-memory.dmp

Filesize
58KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads