globeimposter | 31e98d197c6a99185b97dd573fa2cca10c3bf7259313ce402fcf9ff9e88a3433

Analysis

max time kernel
104s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
07/04/2025, 04:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
Size

53KB
MD5

577ff8c29904f863d5796a6f772722a8
SHA1

549734707d5a6ad7a262064255dc4ec51d9fbb43
SHA256

31e98d197c6a99185b97dd573fa2cca10c3bf7259313ce402fcf9ff9e88a3433
SHA512

717638c12e5410317a3d0b0cfd62abdf3fb81cb123f539a77d7f0f228ea3944d8e778c659f01bf4f8781f31f5014dbd0b4796835dc07b69e0eebb98096d552ed
SSDEEP

768:wSvZDxvuye1kVtGBk6P/v7nWlHznbkVwrEKD9yDwxVSHrowNI2tG6o/t84B5et:tDxeytM3alnawrRIwxVSHMweio3U

Score

10^/10

globeimposter defense_evasion discovery persistence ransomware spyware stealer

Malware Config

Signatures

GlobeImposter
GlobeImposter is a ransomware first seen in 2017.
ransomware globeimposter
Globeimposter family
globeimposter
Renames multiple (9093) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe

Executes dropped EXE 1 IoCs

pid	Process
4160	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\BrowserUpdateCheck = "C:\\Users\\Admin\\AppData\\Local\\2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe"	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe

Drops desktop.ini file(s) 44 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Links\desktop.ini	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
File opened for modification	C:\Users\Admin\Links\desktop.ini	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
File opened for modification	C:\Users\Public\Documents\desktop.ini	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
File opened for modification	C:\Users\Admin\Saved Games\desktop.ini	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
File opened for modification	C:\Users\Admin\Pictures\Saved Pictures\desktop.ini	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
File opened for modification	C:\Users\Admin\Pictures\Camera Roll\desktop.ini	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
File opened for modification	C:\Users\Admin\Music\desktop.ini	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
File opened for modification	C:\Users\Admin\Documents\desktop.ini	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
File opened for modification	C:\Users\Public\Music\desktop.ini	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
File opened for modification	C:\Users\Public\Desktop\desktop.ini	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
File opened for modification	C:\Users\Admin\Downloads\desktop.ini	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
File opened for modification	C:\Users\Admin\Documents\desktop.ini	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
File opened for modification	C:\Users\Admin\Desktop\desktop.ini	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
File opened for modification	C:\Users\Admin\3D Objects\desktop.ini	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
File opened for modification	C:\Program Files\desktop.ini	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
File opened for modification	C:\Program Files\desktop.ini	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
File opened for modification	C:\Users\Public\Videos\desktop.ini	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
File opened for modification	C:\Users\Public\Desktop\desktop.ini	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
File opened for modification	C:\Users\Public\AccountPictures\desktop.ini	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
File opened for modification	C:\Users\Admin\Favorites\desktop.ini	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
File opened for modification	C:\Users\Admin\3D Objects\desktop.ini	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
File opened for modification	C:\$Recycle.Bin\S-1-5-21-3975168204-1612096350-4002976354-1000\desktop.ini	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
File opened for modification	C:\$Recycle.Bin\S-1-5-21-3975168204-1612096350-4002976354-1000\desktop.ini	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
File opened for modification	C:\Users\Public\AccountPictures\desktop.ini	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
File opened for modification	C:\Users\Admin\Videos\desktop.ini	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
File opened for modification	C:\Users\Admin\Saved Games\desktop.ini	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
File opened for modification	C:\Users\Admin\Downloads\desktop.ini	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
File opened for modification	F:\$RECYCLE.BIN\S-1-5-21-3975168204-1612096350-4002976354-1000\desktop.ini	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
File opened for modification	C:\Users\Admin\Searches\desktop.ini	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
File opened for modification	C:\Users\Admin\OneDrive\desktop.ini	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
File opened for modification	C:\Users\Admin\Contacts\desktop.ini	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
File opened for modification	C:\Users\Public\Downloads\desktop.ini	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
File opened for modification	C:\Users\Admin\Pictures\desktop.ini	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
File opened for modification	C:\Program Files (x86)\desktop.ini	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
File opened for modification	C:\Users\Public\Libraries\desktop.ini	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
File opened for modification	C:\Users\Admin\Pictures\desktop.ini	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
File opened for modification	C:\Users\Admin\Music\desktop.ini	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
File opened for modification	C:\Users\Admin\Favorites\Links\desktop.ini	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
File opened for modification	C:\Users\Admin\Desktop\desktop.ini	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
File opened for modification	C:\Users\Public\desktop.ini	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
File opened for modification	C:\Users\Public\Pictures\desktop.ini	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
File opened for modification	C:\Users\Admin\Favorites\desktop.ini	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe

Indicator Removal: File Deletion 1 TTPs
Adversaries may delete files left behind by the actions of their intrusion activity.
defense_evasion

File Deletion
T1070.004

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\nb-no\ui-strings.js	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\sk-sk\ui-strings.js	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Microsoft.Msn.Weather.exe	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Templates\1033\AdjacencyReport.dotx	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Trial-ul-oob.xrm-ms	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\da-dk\ui-strings.js	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-48_altform-lightunplated_devicefamily-colorfulunplated.png	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.contrast-white_targetsize-36.png	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp5-pl.xrm-ms	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\UIAutomationProvider.dll	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderSplashScreen.contrast-black_scale-100.png	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxCalendarBadge.scale-125.png	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\AppxMetadata\CodeIntegrity.cat	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteNotebookSmallTile.scale-200.png	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Assets\AppTiles\StoreLogo.png	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\LTR\contrast-black\SmallTile.scale-100.png	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-256_altform-lightunplated.png	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxA-Generic-Dark.scale-250.png	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteNewNoteSmallTile.scale-400.png	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\attach.dll	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.dll	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\mscorlib.dll	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\da-dk\how_to_back_files.html	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\hi_contrast\aic_file_icons_retina_thumb_highContrast_wob.png	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\WinMetadata\Microsoft.UI.Xaml.winmd	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-80_altform-unplated_contrast-black.png	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\MedTile.scale-150.png	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\deploy\[email protected]	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00.UWPDesktop_14.0.27629.0_x64__8wekyb3d8bbwe\mfc140esn.dll	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.scale-100.png	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.officemui.msi.16.en-us.xml	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxA-Exchange.scale-200.png	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Controls.Ribbon.dll	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Windows.Forms.Primitives.resources.dll	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-Generic-Dark.scale-200.png	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\LargeTile.scale-400_contrast-black.png	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageBadgeLogo.scale-125_contrast-white.png	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxA-Advanced-Light.scale-300.png	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.StackTrace.dll	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-40_altform-unplated_contrast-black.png	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.scale-125_contrast-white.png	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Acrobat_visual.svg	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraLargeTile.contrast-white_scale-100.png	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_x64__8wekyb3d8bbwe\Assets\tinytile.targetsize-24_contrast-white.png	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest5-ppd.xrm-ms	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\how_to_back_files.html	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-48_altform-unplated_contrast-white.png	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\resources\strings\LocalizedStrings_nl.json	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Store\LargeTile.scale-400.png	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\DATATRANSFORMERWRAPPER.DLL	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_OEM_Perp-pl.xrm-ms	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\Assets\Images\SkypeAppList.targetsize-32_altform-unplated.png	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSectionGroupWideTile.scale-150.png	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\Background_Safety_NoObjects.jpg	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Viewpoints\Light\IsoLeft.png	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\SyncFusion.Compression.Base.dll	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-processenvironment-l1-1-0.dll	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\ReachFramework.resources.dll	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\en-ae\how_to_back_files.html	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win-scrollbar\themes\dark\vscroll-thumb.png	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxIdentityProvider_12.50.6001.0_neutral_~_8wekyb3d8bbwe\AppxBlockMap.xml	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-32.png	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\1033\how_to_back_files.html	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\rmiregistry.exe	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 6076 wrote to memory of 4160	6076	cmd.exe	88
PID 6076 wrote to memory of 4160	6076	cmd.exe	88
PID 6076 wrote to memory of 4160	6076	cmd.exe	88
PID 4272 wrote to memory of 4468	4272	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe	105
PID 4272 wrote to memory of 4468	4272	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe	105
PID 4272 wrote to memory of 4468	4272	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe	105
PID 4160 wrote to memory of 3752	4160	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe	104
PID 4160 wrote to memory of 3752	4160	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe	104
PID 4160 wrote to memory of 3752	4160	2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe	104

C:\Users\Admin\AppData\Local\Temp\2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
"C:\Users\Admin\AppData\Local\Temp\2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Drops desktop.ini file(s)
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4272
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /c del C:\Users\Admin\AppData\Local\Temp\2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe > nul
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4468

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
1⤵
- Suspicious use of WriteProcessMemory
PID:6076
- C:\Users\Admin\AppData\Local\2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
  C:\Users\Admin\AppData\Local\2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Drops desktop.ini file(s)
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:4160
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\system32\cmd.exe" /c del C:\Users\Admin\AppData\Local\2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe > nul
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3752

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Indicator Removal

T1070

File Deletion

T1070.004

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\email_initiator.gif

Filesize
3KB

MD5
f3e758428756de7d2ec2852f623abb1f

SHA1
1d578a053dade40d2077dab43de039c21edf216f

SHA256
8c637fe8e18c102f7205253e4943ccab81d395f223684d99a1f2c9301e5f9901

SHA512
f2cd43853ea40114e04dcd809cd926816e0952d42dd2c7dc443dc7360b27bfe710a4a7490a072e653e5372bbf1ebee1ea2a97adbb2f9176ab4f2857ee3618a76

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\review_email.gif

Filesize
3KB

MD5
4d88b10910e6db1694ab817085615a04

SHA1
a565438139a60372357cce1efe9aafdda78700c5

SHA256
6fbb841e624fd801b612e5b53362dea1495630c9f184565c1174d93d6b3eb0c5

SHA512
69e88bf75ff64b875ba7dfaf74db4b42b8cfcafc2e3590af0d0fa03b2ffeac4793a994d26eefe6d9ecd0c10ca4556bb433012f40b2f71d123554a2d6fac85ec4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\turnOffNotificationInTray.gif

Filesize
2KB

MD5
c3d83fa60a3de316b37b8d31b540666b

SHA1
2ce988e8d420b3395d0bcfadf9b434a6b9fa4925

SHA256
99d9b57355b657eb0e99a392a062b4a91c2f541e3d552909c8925fc68cd3b91e

SHA512
90aaa6b759344101147ad5fcf55c53f8cef0542a4e0f4d38363b70b7abed31fcf3d0303982102ad495e5b5ec6114f4ae9b76a4ad837102b2e53f90578fd81855

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\S_IlluCCFilesEmpty_180x180.svg

Filesize
8KB

MD5
b65b5371ba23fb021cef8f74e4b17f0a

SHA1
445272f019b9f85503c37a1cffca257b5bb08b91

SHA256
bce30bc3560c835d079f9b1ae8b407a14706ea4ce639bce7e3d3a7873c474cb6

SHA512
c878559673e55e5cb721f8e57da9db3b3ea740914537a3049a265ec8d429990cf2bbc1d0ea4356318fcfcd9a9b4d7447cf976d0ba070c3a3e4a77dcb53985e7e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\S_IlluError_136x136.svg

Filesize
6KB

MD5
b3dc138fbedf4ae20ffa43d5acb670c1

SHA1
005b05885cca71de10a61bc0e143adac0fa54e7b

SHA256
21b0d065db7db519c4932a5f9b685f503d3913c4dd986ff8c1766712519bdd51

SHA512
f946a9d85cbf2eb471ed93c996cd840c9a382dac5877616d0ecf19645a21f6e011197e8c42bd910b188aa457cefb1ede9938fb5d84381dded91d7faa9cc6413f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\ccloud.png

Filesize
3KB

MD5
a77cdb827274f6d8e22be4d069f6ccf3

SHA1
76a72c046bc51daa136105441cd6757f2c8a4871

SHA256
830abc9829e3ab53099a5978e6b13a90bf72372ef70555dc7895084d409ce9b4

SHA512
98baa671a051fe50c198d39b0e1e8d069e4a8c45953bebd08bd0e59b8b66768a93aa83b9d182dbe94de875eb573a191fcfc9a8f04dacd6ad2901837eed6d8fcb

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\duplicate.svg

Filesize
3KB

MD5
08ccdce7cc273bfcd0f485eac9db1970

SHA1
f8fe5cc9903995ea6b29e5421e989129c52afa5d

SHA256
40d2dda9206c33947b5b436ea49da1049ed6f89ca2cb96bed9c9969274fd9731

SHA512
4ef7aae0fef8baa98cfa0e36434377f5a4c8361af62e000c5d14d9795bf19c77247568b1a69a3f730d0ce96ef20df3034e75604d6142930bdd81555513d18060

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\hi_contrast\aic_file_icons_retina_thumb_highContrast_bow.png

Filesize
52KB

MD5
997b1e32d5bdfe5dd598ceb2067a4693

SHA1
33c857c62839f5928186a594d1ea366f60a62a7a

SHA256
85c312e04b3e1e7fce9d2e4bae804bcb3fbdc375043b10d6243eff731aa70204

SHA512
98d5ea93d1c5aac8ececf200fb9c6428e7927060459990252000c8a39074bc298d9ded8cba5dccd40e6166d32747d917c73e10d48bdacd33bb5dbbce1dbe6e41

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\s_filetype_xd.svg

Filesize
6KB

MD5
02f12b5db772c524a8520de607bb611b

SHA1
49e300a56dbbed2043f8988f48960809bf5387f7

SHA256
0baedfb8f2a52a63d913fcd7993f88709098c212f0756a07856ac237fbb53d92

SHA512
0a1467d6a424fefbf66485c57d515f1781f78dbb01a119f6b44d216e9b1f0cc7b2c31f4dc0c39635fe7c774ce26bb4d9e5d9acee874c6389863913a8544b84cb

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\s_shared_multi_filetype.svg

Filesize
3KB

MD5
5d12f40f6b54eac065ed7503ca6437be

SHA1
41677cf566ea370934a2644c399465454808ef55

SHA256
ec5d222014ab03825bde4b9065e229a2540192f4960eb3e34d265a5e6239a896

SHA512
9f48b61da4d2debdf9429954c83db67c138778d85395bd7d77b80359cdaf33e8ad92fa9cd1d2f0bf14be38821b137d42b9d3302f1c0c4a92412390f1aaf904d7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\illustrations.png

Filesize
6KB

MD5
b3b5d8b01f614b18a3a3606a7d3cc5a7

SHA1
6902c0e9d6189f219cf9019071fd731649dbbd4f

SHA256
6afc79bdad9b0a51527443562c00621a18f5750e3c521a0ece9341ee35738df2

SHA512
976570f347080d29836c119770c3cbe23a2eb1a440e2ae9da3875326c1c57fb5547e226e0d60443b16fbe503c7c116af3d2321c463391794248934976634100e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\remove.svg

Filesize
2KB

MD5
ce3f5ed434186c8e881faedf9d4b2b05

SHA1
93d864552f040b705190fd7576c43b83b4ef6f20

SHA256
1fd7bceb0439f5f421165827d3a1dd1193ce2fe6dc2ab3818a64c786c04669b5

SHA512
715d425d76e0f4545ce33f98d36f23d91e76091201b03b524eca32bbbef1fa9f6487a934f3665de8d113a19b3bf1c7e1cdb5c47afaa6059a57f3b87fbd4c4297

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_listview.svg

Filesize
3KB

MD5
c2788c5ba22960511aede11da9310ecc

SHA1
20e4e67ff5478fac8cf3c2c061442780e94bb98e

SHA256
68be1bcc28d99a2b592aea2dfe0094a7edb9a5907ca3a57f6c4c27a7c6c8e359

SHA512
db4bf55484997bfb90266927ad9fe2967d668ca07c8ae4d89dfa652592eaca47c2610f9a429d98f2a4626db93ea5019d23932c6fee0b5f55604f5236d37d5fe4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\progress_spinner.gif

Filesize
16KB

MD5
005442083b20f3a2b9effac0549be5ee

SHA1
34b61502f38fb2ea4a5616641f70d977b678b528

SHA256
a37309f4695cfa8f6a4a7703b56e227329031e77c1841c1fe216af2b059c6ce1

SHA512
7c168daf26a99ec42f832382f3cc9bf14776f8f7fcdc367c03c9d5afa479fdef405166f229dea9ca6669368dead9bcb5be72eeb34a4339a8b0a287b77b957cc9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\virgo-new-folder.svg

Filesize
3KB

MD5
b00036de3e59dafe8c745da2e33c6f80

SHA1
f6121b67a2ddb2c8fe5c1c3e29b2e4aca202dbf5

SHA256
033ed79dc435d826566c70f3f990df9c57a0f10c99bb00e40f62677f24999a1d

SHA512
41ebf57b11fbabed39894724f44363822753a2f9ce06b1484c29c2dd52222be2531291accdadd8d8886912bc4a45e57240d577bcf332bf2468300e95f3c45f5a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\new_icons.png

Filesize
10KB

MD5
bd05d41a345561da343afc8f2adab586

SHA1
448206bb2267429483c6226f58958be386760d9e

SHA256
ba83dac1a187877bb8f662713d3fabbad664dde477d409262808e80d783b5082

SHA512
7fde56304effd9c975b45f2059ce932620ea3cc97ebae874f7b147eb5589c4db9f38e98308ef8f9e7315d760c404bddcf4f66048be0255d7c19ef7fdc901bb50

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\sample-thumb.png

Filesize
8KB

MD5
5274330b737aa113d958375c905e2893

SHA1
13d1fa0ea758400fa66bf485ef976a7f5e20d7d5

SHA256
52301212c3d1361377858e5bfda1463b92b98607e8f0548479a7f1cd8bb8c2bd

SHA512
0f990e973f909fc26e2d76129233a5b40d8b0ded7ce934a0d97cc14fd8d933465662e11408fc5e64a8dd4e7f789d8d7b6225197a1f882732346e3e7b8db4cd69

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\x_2x.png

Filesize
2KB

MD5
2da27918c9c4d73bd1d1e47d99c9bac7

SHA1
a839af742e5b190e297d069362b105cc92c35358

SHA256
997e8aa509ffe2998886649c22c11c3d67a40b865874263edbac13f3870a83ce

SHA512
3394bda2603e9317329c2688ddd67bd501cc58e2dd0b86661eed2aec9d94fcc2f620d92420c832c0a95df264da9c727a9dd96974a144883e353a85224b91f156

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\ro-ro\ui-strings.js

Filesize
2KB

MD5
f95b01f5e4132b62b56ed0c27cc81237

SHA1
3efd434cd760a611f8b8cf7bd3dd2a26d96e7885

SHA256
7ba0089ee9d21f623f31a2f5ac137b086de408a14d60dedf10192ba736732699

SHA512
efad385cf96185bd40f5a17d20e21ad0e8bb1576750880fe6c6640f38a974e4f0e20c501d228ecaf51caa6a5fcb4cc1dc9634d2671ab14d00d410e057d2d3241

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themeless\protect_poster.jpg

Filesize
24KB

MD5
f390636161594343735f6ce156f2b0f5

SHA1
b1cd2913872bd4d00b7638272b12341d8ad6fa83

SHA256
c661cf5ffbf69839fa40b8f39fb35a27d1f8712d2cdd62f3ec6a461d77c87697

SHA512
2ff25d657bc34f660d73948e5acbdae771ab0afa3f42bc3f084cf04de795959b311d0c6d138be9776d22daa8295ec85788dc0d78551a2094585d47e3398dddcc

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\af_get.svg

Filesize
7KB

MD5
aa01ac4df58c1503ba6434490e2498dc

SHA1
1ecd37136af2883b77f8616cba43e0cd04ac6d21

SHA256
f303d4a5159c38ae67bb6097d45b409c721d012af515fd53e063a22c7657696c

SHA512
321d5a618ea761f9e4e8f160b285c4f5a9a79678242175aa4c2c809b9bae1a208cd9ca7ae9917cf80324c25a6325a81d41fcb38a147f2b739e1a5beb5c6a732e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\ms_get.svg

Filesize
7KB

MD5
b852df2d5bf98d5c1a45483ab2385938

SHA1
e5acd5ccb6f98c3c5be7e9a4c7a6e1946505812a

SHA256
af41e1860ddab13f27050279494f0d1a7d7641c5cfb33adf84473c15467f6b03

SHA512
771fdeb183703bec6f4c4a2e8fda8b39b0c560cd03ea4c1101a77f4bc8f28b229c26db5622afa1c68bf3bb7c8ce2a4bba6eb0ef9b4b41fa1448f6162b9ddf283

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\sign-in.png

Filesize
23KB

MD5
09544e0e750e2e80986d462e7f7245d1

SHA1
e74b131ef203aa16eb5f5366c8783d19a67f07f0

SHA256
84e2e3c5c06e04d21a83551ac3107bdfe43d0b6060977bcbec9728c2752246e8

SHA512
1e783c57015d85166ddd44519ce785b8ffb77e0c3dc495c7570c76cb1daf9620c24c2fb8170690974d27297f382d23976b1a701b1d70b3af095b07c78ae7cb66

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_fr_135x40.svg

Filesize
27KB

MD5
63d3248d607ff4c2856880743c998c52

SHA1
5c49bf5574b2c56944e3fe565bda0de16070f029

SHA256
4c89d708f03f10cd9079330068c8487a124299427e5ff8014990516488fb6df0

SHA512
535fb475363fdb7d0107a04c77576886fd5289a56138b5a16638c531fb96f5af3b5cda33a6f42345d4e962d5ead3cfbad40bdbe5ef5b8b4780be3666754b83a5

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_it_135x40.svg

Filesize
21KB

MD5
944b0e708dfb18e9b90dff71c2b98700

SHA1
1345730b1aa59630704964c94f6119f7d0a98fab

SHA256
fe6d37b0660cd74316e3ec3e8f86159977ebefd8c9111623ece8e32ace15cdac

SHA512
bf9e6ea1f30ce48edb31c96337f425013c20684f88109d63a9d365b5d40186b3711408dee8e192bcc338fc85ec0eccde7b8586877ac2c8790ccf6280fda69899

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_ja_135x40.svg

Filesize
19KB

MD5
3ad4f2a6a3bcfed6dab1fd6214f9a86d

SHA1
73cf1aa55db91beb0c655c3149bb7c39b84caae1

SHA256
f0411fb6b9e51bf4b1ca7990f4bf1823274803a0b5f1090b08459e8e83517a2c

SHA512
63a6dfddb692f798cd89e27244d1a90f0a84517360f5dec936304d28a9ec5cb3ab91c65e1c150aed09e2a5326428a63e3eb11ec16d2e1097bd5590a4c892c816

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\ko_get.svg

Filesize
7KB

MD5
3023d8613f1b9dc59ef637dc59254f4c

SHA1
4c2d4536cefb9fe453cf4527d5390be7e5a52327

SHA256
65f2bda7fe6f40876176d375d35f19197677e68ef58be87ef6c63f585b49d163

SHA512
7927243cf6f23ba7521185dca190f28ee0ed5f97a3b213b29af9bff39353885f0373004aef968f44b5ec762369efc4732d32f8faecc551cddb98793ed0ecfb55

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\hr-hr\ui-strings.js

Filesize
2KB

MD5
fe1f5357ca7d1732ae5767bfff8c813b

SHA1
23417d2e6cbec91203841281d1219c38aa3963b7

SHA256
8615f3f1f1e68db58fc02f6db8300e31a6d6d335a7198b16c95ef54a51fc522a

SHA512
3da7ec0002c0d8eb5094b588116dbb05442eb5843316a68806a365ef622557882d6c65ed956520499c6075a2d6a043e31134ea5cf78944e4a6fd047988a77571

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\themes\dark\s_thumbnailview_18.svg

Filesize
3KB

MD5
7596fc962ec90bca269ba4ec41c3a4f8

SHA1
2a707b5f18318813a52fabf99670bd746cb62b55

SHA256
45373bf0f08bb8ad704941e6e804d71eb1295f684d01d0ea6698a0f30816741e

SHA512
9b52d0b219279525ccdd3034f92a3a743d366c427724c7daf2766f5aef42f9180f7168c02a3790cc329d8a60fb6d40d62ad860dc00514fbc627ffacb1c9eed18

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\themes\dark\share_icons2x.png

Filesize
4KB

MD5
12a18e013602aace8d76f1e507f0c97a

SHA1
b3514e62ee4ca337aed226b739a18db83b76844e

SHA256
d7f43d20fcb4281cc6c5dbd50340eadcbb480628a4a078b6a479535476218f88

SHA512
ac19a4c9301411e14e001469f570fc88fb4ba8dd4bced66fdd93a0b0111626b0cfcefa7bd2fd3505937f92f5c9ae637cfa5928ad2ce10400ded375abbdfe220d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\Info2x.png

Filesize
3KB

MD5
d3a5622ec16b536926f8258cd8579e60

SHA1
73538bf26a60886bf8a44c17de3f232315196c8d

SHA256
58f4a174ce8cb99a211f4a50e6762cc8edeaaa138b0590dd2b56442c0e9f8b80

SHA512
2cbb2b1b8ce12812b1f18b2b331e5fd1f25a3b72b7954eb44b68a413e70a4ebb14e60a8f8f82810a32f40206019ad6e70f2608d0f7b0bac9752cb40cf11fef11

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\PMP\QRCode.pmp

Filesize
59KB

MD5
e72add36f4444aa34422c56eb9ef268d

SHA1
8847824fb11d28eaceac52139e574a048e081c9a

SHA256
9aeec40e593790f5ec02f7119a1aa85ae782a3eaf69e1b5de0d30f8dd9529a50

SHA512
4ce5dc8fd10698189973adbfee82b14a8cb338d7945a96016c328594f4ae4325e2e778054901d01a5ff7282733a16b5432d7a295f9fbd74f0a2cdf71322f485a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\PDDom.api

Filesize
428KB

MD5
5b17f1c7a0322ae05cab58ec846501c0

SHA1
094882787aee08cd1c58bb7f5679a6b964db3453

SHA256
6debfd202390e3ef0396b184408ae41fb037a444966a78bb0d9d0f21f088a0ad

SHA512
74d4a3feb663c709f20d2b6bd7210fedead14f20049acbf5638408ef5a97cbfd0dc3bef661f28e73ef34cb1adae2b48814e4cf01ad3d4973917ddf1f722add05

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Mac\TURKISH.TXT

Filesize
14KB

MD5
aab3f146f2620d5fe6adf03b36929054

SHA1
70972e883a834e8321ccb892395195b9f9053411

SHA256
a99b20eca07f1e9abc3721dff669d325d2ab7710fdecab01ba6a7d858400c0e6

SHA512
5ae0b1a775903565b81abcec9b7242eb5d16f49473a06c8084f8d49308c4d5ec7fee2195289eb33b40204a595ad57d10bcae5d2d1ede5179587a1d3b5af55e02

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Mac\UKRAINE.TXT

Filesize
6KB

MD5
376cd9fbe8ebea4379d62ca0c4ed6b14

SHA1
2de9d1259e29132fd4ea67adefb8f578e80a76d4

SHA256
8184c2562e771b062cebc38e49337d4a2dd204efe8ac97a5f7beeec1c64b899c

SHA512
641fd58e1b1a8b593ebf202b987e2f14d0d1ec6656c111fe0d76eadaafec485925a80a3a126b8e3d0f9e3f18c2d154c9fd08061825f3e645fc970e325c1272ba

Download Submit
C:\Program Files\Microsoft Office\root\rsod\office32ww.msi.16.x-none.boot.tree.dat

Filesize
358KB

MD5
46e8a0f1098008236b78877f5db42956

SHA1
e2beb3de0de9d3e82ccd0555785d982dfa0ea958

SHA256
4cf25d011f92881e74db1dccdb324415a25a03d760ac2f1790670e60a0636b70

SHA512
f7f423d7a3bd8a9736e5d06947af58d3e23638935acff942875a77f0d03d9018b2a8599960fc1b6b63c01f48d116f92f98ae3334e12ebd8b312de09113267c5f

Download Submit
C:\Program Files\Microsoft Office\root\vfs\Fonts\private\REFSPCL.TTF

Filesize
53KB

MD5
39e1aef64947e335872345840791d49a

SHA1
0ebd74280e43c25999d54ff46422cdd372b20aad

SHA256
f3502a7c64e126c534b384497e4749d5bb1f610f94c4b55d8fc3d9f9b37ae24f

SHA512
d1bc2cfcc6d9aec19b071065a8c5324b2a068c9a76f3876caf2dbaadfd77fe3103d8c8cbf3926d0a319b10954b62551497c07dacfc6232abdcca54f43cd8d618

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Cartridges\sql90.xsl

Filesize
135KB

MD5
3fec72d1aa55dc2e78e6e04644eec6d6

SHA1
eefdc84e483bdd442c582e94b282a2a69a18d579

SHA256
7a96834b2909f4ff07ea6a5c64184441fc8445cae9ffacbba9ad0a01abe81345

SHA512
d4c71aa24dc3ac17f9f5ab37737b58b01341dca1027e295d7aa5ec9de6fd0c70eba3142be18fdd52a4ba3200e2bd1bd1c9e15aa7a5f04c6717822c1da6c2f833

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\en\DatabaseCompare_col.hxt

Filesize
2KB

MD5
590268dcfe332b69b6e467b2131416b2

SHA1
edba043c0d0dde277bdcabc6f7e1492df821f303

SHA256
4be65dcd2d017d7b839bd7bf13fdbe5cccfa43834da35f76382d0fa02a43fa17

SHA512
b6965f5ed68fc681604f7d67aa05adb633cae339e698712686221ddfeb10d9add4ce2fd57e109191bbd7b96e7751d9f858c647dd9e67693038d6a156cae3f550

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-core-synch-l1-2-0.dll

Filesize
20KB

MD5
ded9b992e42e954eced53f09420b9b7d

SHA1
51a9d762890a74908f2871c87c9d69d5ca720180

SHA256
4da97a78dae69dc1eb9044092725dcc22084e586742f1a02bf1289973e8a0679

SHA512
4d38e83f734be271c6d10084b178ce722d826f27255caa466e2ca81e91c4670a5c69aabd0f8e18790fee294f952404483fce02f57d790d84a5998714c607464a

Download Submit
C:\Program Files\Microsoft Office\root\vfs\System\msvcp140_1.dll

Filesize
32KB

MD5
fd0a5f08400452126e080aa52ba2dc6c

SHA1
7dfc48bdfb1e21dba2181ae92439a5a47c1b5db8

SHA256
a151adc56fa586dd4dcd5cb609fd90e8ef0678c0bce126fb39ea40f46a6832a6

SHA512
38efbcff2666857409b7ecbcc9ba448cc7b5958fb1ac4766272a8b4ebc3fc5bb3775c9984d73db3c2275328805595c8947bb35574d7ae54123c41ebcb07d4ba4

Download Submit
C:\Program Files\SendRestart.mpeg

Filesize
330KB

MD5
976f14dbe8b5b01103a1c01fe0cc6064

SHA1
ccad18ebe53dbd5d7fe6ee8af418b7b286a5321b

SHA256
9406e38658f2b26cfa8c5f76f09a0a5fc7ad5054af51807561b7efb2ab232a86

SHA512
d8d994637dd92b39b962a3b9ab43aeff7a1e65008abc1bc3c1f38872724339aedf9bbc05e88689162d7d10cff085bd029d63cadfc70ab3486fe9c5a806191ee5

Download Submit
C:\Program Files\VideoLAN\VLC\locale\ro\LC_MESSAGES\vlc.mo

Filesize
617KB

MD5
b208a81531f6544e2329882302c6e87e

SHA1
696888f60dafa3ba6043ac586eff10fc89ddece3

SHA256
54f83e869d512f8a299f33753b32fd923b2c037b246ede17a6c70408ac940a2b

SHA512
e8c8a3332731c18661aafec4ef5b0a6aff83e046483e6f71c7f9befe49ee63368af8faf19334af11dd9cf4bbf9eda6d62a8566475b8c0540bb1e72a5cce6076d

Download Submit
C:\Program Files\VideoLAN\VLC\lua\http\mobile_equalizer.html

Filesize
4KB

MD5
15550ec30ce91f10cc0eab7e69a8d7b0

SHA1
eafeb2b2dea68bb13e11346b570d202de9d0a7f2

SHA256
1173455b2048be194bfeede2fd9657936b631940825e41659d85884432839945

SHA512
4263bbc5cb1413e34c8361826467961aea9c72a61b8a0f1c6c130d03ed6d791f774eb1e4ab45cdb7ee3c0e33e7e6f2d2ec44d4eaf7c76012d0f4aaff2b60abd7

Download Submit
C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libstereo_widen_plugin.dll

Filesize
45KB

MD5
9729d79739a36cf9a8533c181d639c1a

SHA1
d0d0bf399d51faa1f982380a6d5aa35363b9eb88

SHA256
00eb5fce9f1e0ade18936b9fb7e4e1589a788cee8ec702f1a5709ab5302213a2

SHA512
74dea5a552b762cd89ffd1fdf3211e3002efb3201c58887bf6be11ed4afcb693a2771ab14c4615449b49d831514e4679bb0aba94229ba2fd591048d00575e064

Download Submit
C:\Program Files\VideoLAN\VLC\plugins\spu\liblogo_plugin.dll

Filesize
49KB

MD5
e3798434ddc88af758ad7a0ffda0944a

SHA1
89e8b2d854d541263bf5814e5f137d6c83354e5a

SHA256
a2495b9d53e668515b48dc10dd8fb3b3f8734ae5326acacbc3a96f39db9eb258

SHA512
5c02901f0baafea24b9f61fba2aabb3dba3e89dfcb315856c88f7f7785c5c5b0ec8291952cbfcecfd8edd0b7442bc3930b96d93a7161c76242539eecb5ebb9ba

Download Submit
C:\Program Files\VideoLAN\VLC\plugins\video_filter\libextract_plugin.dll

Filesize
46KB

MD5
f7c1e8cabf755aedc36c9488682213c9

SHA1
e7d85260a26fe779a540a6783522a43eedfe8838

SHA256
e1b4fc09f67b0ce9a8130bfd4c034e2d285ee325358a1a3abaa4b5ea5f9f53dd

SHA512
a475b7363cdab3d16f210280d4acd2472f68980cc80505644d64a33b2ca68ceb68cf14a7b7498bd6bdf19069348e8af7e57d34c084efadd824fe2befc384f150

Download Submit
C:\Program Files\VideoLAN\VLC\plugins\video_filter\libinvert_plugin.dll

Filesize
44KB

MD5
ede8f88c0538dbed82a84643af2c2407

SHA1
7ce80a6a1be71a784f97d568ff273ea9496662d7

SHA256
ae45ae6b427762e415c36f53ed58c2806938373d05d9f02eb40c85552b0c4aeb

SHA512
1ac41a3d12c5c9a86679a0215abe2dae6687ea2b04c59d6dc89816daa7caef96803564494bf9ad9ba546c3e52a7f976e02d0a483c65eda9f92fddb0354e8dd18

Download Submit
C:\Program Files\VideoLAN\VLC\plugins\video_filter\libscale_plugin.dll

Filesize
42KB

MD5
9b11123f6cc89836c61d5321c8e2b0d0

SHA1
efddee37bf5355c78111354aa44a216e1fc33841

SHA256
0a3d0cb0ec833884d66019630963c7526f12aadd296d8bedd903fa45b1907207

SHA512
bae6e17c8d35b869374020c522fd8e4a61d13980c9face782594d08ef4cb3a303962e09fb21432073e2162079978509fec896e13e9be10a249dfe8f2d04b8332

Download Submit
C:\Users\Admin\2013_x64_000_vcRuntimeMinimum_x64.log

Filesize
172KB

MD5
6c1f25413422e16d78be0e5fcdb762c5

SHA1
79d285e936438310df193037bd6af5170d91b352

SHA256
3c9c3da7fe4ab00fb1c92983bbb9db15b9cd02108bf5e768129593500fe10db0

SHA512
2fe8a83371ea4a811f158add60a01a110e502f5cff6277383387b3a26cb2e47421a8b76b1e1dd7b199592f4fee6876f3728d5fda90255e19b13d027450332049

Download Submit
C:\Users\Admin\AppData\Local\2025-04-07_577ff8c29904f863d5796a6f772722a8_globeimposter.exe

Filesize
53KB

MD5
577ff8c29904f863d5796a6f772722a8

SHA1
549734707d5a6ad7a262064255dc4ec51d9fbb43

SHA256
31e98d197c6a99185b97dd573fa2cca10c3bf7259313ce402fcf9ff9e88a3433

SHA512
717638c12e5410317a3d0b0cfd62abdf3fb81cb123f539a77d7f0f228ea3944d8e778c659f01bf4f8781f31f5014dbd0b4796835dc07b69e0eebb98096d552ed

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\f4d41c5d09ae781\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
2KB

MD5
a4ad4ea30400a1cc3f938338d8be30f6

SHA1
896701c118b14cfe1a5fd310bff99a43a2bb3f64

SHA256
2bcc078dd3aebd3177c8ef87e86bc46b49c7912484cc64109a267656e1635b2b

SHA512
e673dec2801a07b6812af5d4d562404ccc31ad1fd4c07945bbc8fe8e199f051551ba2ae32850ba83bd7cccd1e9dd3ae8c2fd6694329a07182720b02ed10045c7

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\P0ZCEGVO\3\F-9phXC_0uAqQQFuRafyV39z6Dk.br[1].js

Filesize
4KB

MD5
dfaa1bf29f27532b60e214bf834368c1

SHA1
78afb5283ba6de0a27c0cfc3853ac7773af8dade

SHA256
78d98f5ec7e322c581ddc0e4d48c9275f2c86060b994999013d4723e76aa3cc5

SHA512
f1a17a70fb0a19688671df92b9cb154478d397799468adf59b5c0b8017978e46bc09fc86d7f5c0b987787376756a2b72043530068c41a2ce1458aa4b7e4e6978

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\P0ZCEGVO\3\pNXV2ymlrFEAOVLUgJkRBRwYFkY[1].js

Filesize
23KB

MD5
453fcdb628c67779b9fa709d88b1a0fc

SHA1
e96da76e1dba062a7614e849b15b54d7cf96a82f

SHA256
d20274845d0e120160619cb26cff72485e0b7a3f5adcef788edd2b0a2ea0403d

SHA512
95d2d6c44002df7f6f36538c76c47ed7ddb5ce6bb5e465df1fa8a393f6b0e4a05af11cf345a278d15f96c358afc5f0fcce6abed8a8e9af83b2b0d31ce471004c

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\P0ZCEGVO\3\q11NvYzJks_3Zy5BRKPM9baeQ7M.br[1].js

Filesize
3KB

MD5
78d00df74beee71db1d3fd7ee464210a

SHA1
8549f11eab29a4a8a955025cf9e47280b365bdb9

SHA256
48b2fcfa813e63b088a524945ce4281bed6ed1778d10d0faa0b9dc195f90cff0

SHA512
669091f9a629670fa9ab7864b645ea07298b43fd630ed7e60987267d5221fee71f5805e897da37028c1eb6f12fcb67088269275171d8726424762aae9de66067

Download Submit
C:\Users\Admin\Music\ConvertFromRead.asf

Filesize
336KB

MD5
d8fe3ed309e506f0c4d926bc364e1642

SHA1
3c5b1bfe3094aa84a82ac5bbdaedcb800bde8bbb

SHA256
f657ea2d297b19c0137da65fe8da3e1e7d92e0e99f70b66c8a8f47cbc7d2d9f8

SHA512
785ae1114f3a540db83f4b46acb28051be6314f3fce13d2aea50d7964847dc9f52ac7a9400f93e32af4b2bfc045f6f4a3219d156c3c2568b85bfd07256de1c85

Download Submit
C:\Users\Admin\Pictures\UnblockHide.tif

Filesize
595KB

MD5
d33da81c042ddebc8f711620c10bc4c2

SHA1
07603580d89d8e226c0297696ad7343434f0837f

SHA256
52ff3f235013c27ecb24cc78d9482eab0dba3a32cb6258afead416bbc13183b7

SHA512
e36b2e38e2e18cce3b33e60c52958b2f263c84f3124ced4d78bb0f5dbbf3ede89b0617dcad4ff6cf3ccf5955f644af8565d6978fdc3a8b62e31f05ec03947136

Download Submit
C:\Users\Admin\Searches\Everywhere.search-ms

Filesize
1KB

MD5
ddb9b2776f0edee39f0b7361a4fc9dae

SHA1
3278f5f1dbb6acd906e8420748a5d12efcb24e00

SHA256
25901a10ae9f66ca01f3116178eec3ffd0a76f01346ef6880516de789b25b620

SHA512
740612a60b541fe9a04c28c5c73224e40c2044ba0dde7b262c083ffe2f43a087a6560255c971081b3ba8cb93f30a4682f10a53af3c666a737771eff147456afa

Download Submit
C:\Users\Admin\Searches\Indexed Locations.search-ms

Filesize
1KB

MD5
f8c945406d905b30362ef9b2da8f9adc

SHA1
5bd416e442060d2d8b95088fdf193aecfa5b10cb

SHA256
239af3064c0fd6604fd3f6c3430683583753e6bb2fec55e06b8651d4a3069230

SHA512
b6f3110f55fd9ace86c2e37cc45ec2e72326508ec602ba0f584bdede29d1ee91016796508b2708adc90faf3ea2f7acdfef4e4edaa5436c0dea51580fc4327ca8

Download Submit
C:\Users\All Users\Package Cache\{BF08E976-B92E-4336-B56F-2171179476C4}v14.30.30704\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi

Filesize
181KB

MD5
8a2888fee3689b9bbda3cd9c577b6cc4

SHA1
6f390a84a8e36a8260b36bb85e063eef88ada2f4

SHA256
4b778a93a419a0469f8e47358c8331a645dc118c96ec2ff41c4821bd5171e402

SHA512
73f9ea42a436b53c869ae9b28835378cc24b540b6d60675cc1fa540d724e546dea653fe98652dbcc9610672224e16ef5d8da0e18d11ef2ebb27b2e514c25e435

Download Submit
C:\Users\Public\5D95CE0E407687C8EEBC27E7C28F78DF44DA75E3AAEB0905D7270BAF38AA16BA

Filesize
1KB

MD5
b6cd159b89305d5b1a24eb755c948501

SHA1
c2b3deed794be23ba0b864d38a2595bd447e1a0d

SHA256
d37ef79c93987015b7dc94973c3677dc2ebed9eb803f23996ff048e69c98ac49

SHA512
c8e463860f88db0531802168ac6e52d52ad5a856f0e54381fe2e79a42145786dbf7f7f0b85f5fe4c91643b94da5bdc7c1a94284aa1d9318e971ef96333df6f92

Download Submit
C:\Users\Public\Pictures\how_to_back_files.html

Filesize
4KB

MD5
4d44db1416326c1f9c761775a635a0c5

SHA1
36bf25e4f0400dd902889fd5560df3852f6db56b

SHA256
8d5668f9ad85223d22cc5d8f86d3fc363239097170aa498b2848386ca5fa690d

SHA512
a67e53131b814cdc54a49f1fa401eaccabcaca5dbd2a192ea367c797182509d9a8dda92f80439cf0353181cc13cde04dda068775d0a5b8d01c545f96c4e5e9e7

Download Submit
memory/4160-2938-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/4272-2444-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/4272-0-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads