Analysis Overview
SHA256
0c0f10e45d6600cac802471617ede4b564429a14fb2a14c7b3e6ab6fea9bc9f6
Threat Level: Known bad
The file Setup.exe was found to be: Known bad.
Malicious Activity Summary
Jigsaw Ransomware
RedLine payload
RedLine
Executes dropped EXE
Reads user/profile data of web browsers
Uses the VBS compiler for execution
Adds Run key to start application
Accesses cryptocurrency files/wallets, possible credential harvesting
Legitimate hosting services abused for malware hosting/C2
Suspicious use of SetThreadContext
Drops file in Windows directory
Drops file in Program Files directory
Unsigned PE
Modifies registry class
Checks processor information in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
NTFS ADS
Suspicious use of SetWindowsHookEx
Opens file in notepad (likely ransom note)
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SendNotifyMessage
Uses Task Scheduler COM API
Suspicious use of FindShellTrayWindow
Suspicious behavior: AddClipboardFormatListener
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-09-29 19:40
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-09-29 19:40
Reported
2023-09-29 19:49
Platform
win10-20230915-en
Max time kernel
411s
Max time network
447s
Command Line
Signatures
Jigsaw Ransomware
RedLine
RedLine payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
Reads user/profile data of web browsers
Uses the VBS compiler for execution
Accesses cryptocurrency files/wallets, possible credential harvesting
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2204032094-4125186646-761438227-1000\Software\Microsoft\Windows\CurrentVersion\Run\firefox.exe = "C:\\Users\\Admin\\AppData\\Roaming\\Frfx\\firefox.exe" | C:\Users\Admin\Desktop\jigsaw.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 1344 set thread context of 2444 | N/A | C:\Users\Admin\AppData\Local\Temp\Setup.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\duplicate.svg.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_folder-disabled_32.svg | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\themes\dark\icons_retina.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\sk-sk\ui-strings.js.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.16112.11601.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-24_altform-unplated.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.204.0_x64__kzf8qxf38zg5c\SkypeApp\Designs\Flags\small\zw_16x11.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1611.10393.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Home\contrast-white\LargeTile.scale-100.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\next-arrow-down.svg | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\uk-ua\ui-strings.js | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-white_scale-140.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.14.1181.0_x64__8wekyb3d8bbwe\Assets\Themes\Aquarium\aquarium_12h.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.204.0_x64__kzf8qxf38zg5c\SkypeApp\Designs\Emoticons\small\tongueout.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-white_scale-80.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_removeme-default_18.svg | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\plugin.js | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.ja_5.5.0.165303.jar | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\pt-br\ui-strings.js.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\ko-kr\ui-strings.js | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\selection-action-plugins\epdf\plugin.js | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.e4.ui.di_1.0.0.v20140328-2112.jar.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-oql.jar | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\hr-hr\ui-strings.js.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\es-es\ui-strings.js.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\AddressBook.png.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\sl-si\ui-strings.js | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\themes\dark\AddressBook.png.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1702.333.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.targetsize-40_altform-unplated.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\images\bg4.jpg | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.16112.11601.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-40_contrast-black.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\Assets\Logos\Square71x71\PaintSmallTile.scale-400.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\eu-es\ui-strings.js.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\sv-se\ui-strings.js.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\plugins\rhp\combinepdf-selector.js | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.7668.58071.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSectionSmallTile.scale-200.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.OneConnect_2.1701.277.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\OneConnectMedTile.scale-125.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.14.1181.0_x64__8wekyb3d8bbwe\Assets\Themes\Jumbo\mask\cardback.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\fr_get.svg.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\ro-ro\ui-strings.js.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\nb-no\ui-strings.js | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.7668.58071.0_x64__8wekyb3d8bbwe\images\6528_24x24x32.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\images\4608_20x20x32.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Red Violet.xml.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.7668.58071.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSectionWideTile.scale-125.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-Yahoo-Dark.scale-300.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1611.10393.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\RTL\LargeTile.scale-200.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\images\contrast-white\LinkedInboxSmallTile.scale-100.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.jface.text_3.9.1.v20140827-1810.jar.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-netbeans-modules-javahelp.xml.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.204.0_x64__kzf8qxf38zg5c\SkypeApp\Designs\Flags\small\im_16x11.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.7668.58071.0_x64__8wekyb3d8bbwe\images\1849_32x32x32.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1702.333.0_x64__8wekyb3d8bbwe\Assets\StopwatchLargeTile.contrast-white_scale-200.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\HomeBanner-4x.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\sk-sk\ui-strings.js.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\adobe_sign_tag.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.e4.ui.widgets.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.3DBuilder_13.0.10349.0_x64__8wekyb3d8bbwe\Assets\Workflow\NavColumn_Black\Icon_Layout.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.14.1181.0_x64__8wekyb3d8bbwe\Assets\HowToPlay\Pyramid\Control_2.jpg | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.204.0_x64__kzf8qxf38zg5c\SkypeApp\Designs\Emoticons\large\smirk.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\dragHandle.png.fun | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\telemetryrules\hxmail.exe_Rules.xml | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\images\contrast-black\ExchangeLargeTile.scale-125.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsStore_11701.1001.87.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\StoreLogo.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.BingWeather_4.18.56.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\28.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2204032094-4125186646-761438227-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2204032094-4125186646-761438227-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2204032094-4125186646-761438227-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2204032094-4125186646-761438227-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\Ransomware-Samples-main.zip:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | N/A |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | N/A |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | N/A |
| N/A | N/A | C:\Windows\system32\mspaint.exe | N/A |
| N/A | N/A | C:\Windows\system32\mspaint.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="356.0.958769618\1199403767" -parentBuildID 20221007134813 -prefsHandle 1712 -prefMapHandle 1704 -prefsLen 20858 -prefMapSize 232645 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9bde812d-34f1-4145-a185-772b4357082f} 356 "\\.\pipe\gecko-crash-server-pipe.356" 1792 259fecdae58 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="356.1.202831950\941829035" -parentBuildID 20221007134813 -prefsHandle 2136 -prefMapHandle 2132 -prefsLen 20939 -prefMapSize 232645 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {da386c63-4964-44de-aa11-a911a2cccd7f} 356 "\\.\pipe\gecko-crash-server-pipe.356" 2148 259f8172558 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="356.2.55063129\422580836" -childID 1 -isForBrowser -prefsHandle 2784 -prefMapHandle 2916 -prefsLen 20977 -prefMapSize 232645 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d8da230c-64fb-4d84-9fba-af14c635c734} 356 "\\.\pipe\gecko-crash-server-pipe.356" 2864 259874a1e58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="356.3.540580381\1890539019" -childID 2 -isForBrowser -prefsHandle 3380 -prefMapHandle 3372 -prefsLen 26402 -prefMapSize 232645 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {08ffef92-207f-42d3-bfb0-551d08f53540} 356 "\\.\pipe\gecko-crash-server-pipe.356" 3416 25987a6fa58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="356.4.490168811\2050762049" -childID 3 -isForBrowser -prefsHandle 4288 -prefMapHandle 4284 -prefsLen 26461 -prefMapSize 232645 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5d461d34-9159-4c27-a059-fe2eed4a7a65} 356 "\\.\pipe\gecko-crash-server-pipe.356" 4300 25988f3b058 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="356.5.1750399989\142681209" -childID 4 -isForBrowser -prefsHandle 4840 -prefMapHandle 4836 -prefsLen 26461 -prefMapSize 232645 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ad4016dd-83fa-4293-ba55-3fd8151086a3} 356 "\\.\pipe\gecko-crash-server-pipe.356" 4848 259892f9758 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="356.7.821303623\1013014371" -childID 6 -isForBrowser -prefsHandle 5128 -prefMapHandle 5132 -prefsLen 26461 -prefMapSize 232645 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f02d8c2a-ba4e-40d2-b927-90995116e80f} 356 "\\.\pipe\gecko-crash-server-pipe.356" 4848 259894c0358 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="356.6.1368156815\928610065" -childID 5 -isForBrowser -prefsHandle 4932 -prefMapHandle 4936 -prefsLen 26461 -prefMapSize 232645 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {65bdb1f6-f2bf-4ac2-b959-cb416ca9ac28} 356 "\\.\pipe\gecko-crash-server-pipe.356" 4924 259894bf458 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="356.8.199671038\353706924" -childID 7 -isForBrowser -prefsHandle 5680 -prefMapHandle 5684 -prefsLen 26540 -prefMapSize 232645 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c595f40d-05e9-4df0-a982-00cff20d6a3e} 356 "\\.\pipe\gecko-crash-server-pipe.356" 5700 2598afa0058 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="356.9.1527327916\1007364262" -childID 8 -isForBrowser -prefsHandle 2736 -prefMapHandle 2732 -prefsLen 26715 -prefMapSize 232645 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {987ef0b2-c9a5-4db1-9390-2e83c3ce701c} 356 "\\.\pipe\gecko-crash-server-pipe.356" 3152 25988e7a058 tab
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
C:\Users\Admin\Desktop\jigsaw.exe
"C:\Users\Admin\Desktop\jigsaw.exe"
C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe
"C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe" C:\Users\Admin\Desktop\jigsaw.exe
C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Desktop\SwitchFormat.dib"
\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s DeviceAssociationService
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="356.10.2103764938\222806652" -childID 9 -isForBrowser -prefsHandle 6452 -prefMapHandle 6244 -prefsLen 27970 -prefMapSize 232645 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {012a0389-75ac-4054-97d4-91212af23152} 356 "\\.\pipe\gecko-crash-server-pipe.356" 6460 25988e7a358 tab
C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\BackupPing.rm"
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\DismountConfirm.ini
Network
| Country | Destination | Domain | Proto |
| FI | 95.217.14.200:23989 | tcp | |
| US | 8.8.8.8:53 | 200.14.217.95.in-addr.arpa | udp |
| N/A | 127.0.0.1:50163 | tcp | |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
| US | 34.117.237.239:443 | contile.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.120.5.221:443 | getpocket.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 44.240.83.93:443 | shavar.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 34.117.65.55:443 | autopush.prod.mozaws.net | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 221.5.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.83.240.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| N/A | 127.0.0.1:50169 | tcp | |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | 196.168.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| DE | 172.217.23.206:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | plus.l.google.com | udp |
| US | 8.8.8.8:53 | plus.l.google.com | udp |
| US | 8.8.8.8:53 | 131.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.217.172.in-addr.arpa | udp |
| DE | 172.217.23.206:443 | plus.l.google.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 98.39.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| NL | 142.250.179.130:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| NL | 142.250.179.130:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 130.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 140.82.113.4:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | 4.113.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 154.110.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.111.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 140.82.113.6:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | 21.114.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.113.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | codeload.github.com | udp |
| US | 140.82.112.9:443 | codeload.github.com | tcp |
| US | 8.8.8.8:53 | codeload.github.com | udp |
| US | 8.8.8.8:53 | codeload.github.com | udp |
| US | 8.8.8.8:53 | 9.112.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.252.72.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.160.144.191:443 | prod.content-signature-chains.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| US | 2.18.121.73:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 216.58.208.110:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 216.58.208.110:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r5---sn-aigl6nl7.gvt1.com | udp |
| GB | 173.194.183.202:443 | r5---sn-aigl6nl7.gvt1.com | tcp |
| US | 8.8.8.8:53 | r5.sn-aigl6nl7.gvt1.com | udp |
| US | 8.8.8.8:53 | r5.sn-aigl6nl7.gvt1.com | udp |
| GB | 173.194.183.202:443 | r5.sn-aigl6nl7.gvt1.com | udp |
| US | 8.8.8.8:53 | 110.208.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.183.194.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.112.5:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | 5.112.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 140.82.112.21:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 8.8.8.8:53 | 21.112.82.140.in-addr.arpa | udp |
| US | 34.117.237.239:443 | contile.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | 171.252.72.23.in-addr.arpa | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
Files
memory/1344-0-0x0000000072B80000-0x000000007326E000-memory.dmp
memory/1344-1-0x00000000000D0000-0x0000000001314000-memory.dmp
memory/1344-2-0x0000000005BE0000-0x0000000005BF0000-memory.dmp
memory/1344-3-0x000000000D2C0000-0x000000000E536000-memory.dmp
memory/2444-4-0x0000000000400000-0x0000000000430000-memory.dmp
memory/2444-10-0x0000000072B80000-0x000000007326E000-memory.dmp
memory/1344-9-0x0000000072B80000-0x000000007326E000-memory.dmp
memory/2444-11-0x00000000071E0000-0x00000000071E6000-memory.dmp
memory/2444-12-0x00000000098C0000-0x00000000098D0000-memory.dmp
memory/2444-13-0x000000000AA00000-0x000000000B006000-memory.dmp
memory/2444-14-0x000000000A770000-0x000000000A87A000-memory.dmp
memory/2444-15-0x000000000A6A0000-0x000000000A6B2000-memory.dmp
memory/2444-16-0x000000000A700000-0x000000000A73E000-memory.dmp
memory/2444-17-0x000000000A880000-0x000000000A8CB000-memory.dmp
memory/2444-22-0x000000000DE90000-0x000000000DF06000-memory.dmp
memory/2444-23-0x000000000DF10000-0x000000000DFA2000-memory.dmp
memory/2444-24-0x000000000E4B0000-0x000000000E9AE000-memory.dmp
memory/2444-27-0x000000000DFB0000-0x000000000E016000-memory.dmp
memory/2444-28-0x0000000072B80000-0x000000007326E000-memory.dmp
memory/2444-29-0x00000000098C0000-0x00000000098D0000-memory.dmp
memory/2444-30-0x000000000BC50000-0x000000000BCA0000-memory.dmp
memory/2444-43-0x000000000BF70000-0x000000000C132000-memory.dmp
memory/2444-44-0x000000000C670000-0x000000000CB9C000-memory.dmp
memory/2444-409-0x0000000072B80000-0x000000007326E000-memory.dmp
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dkkukhpb.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | 302689da04daf4cfb120f6ce1feafd56 |
| SHA1 | d5152681254e2211e00377263608be7415173df7 |
| SHA256 | 1329b3b433941eea6aad28d1f44554e7a2dd55893972bfca210ef4843012adfc |
| SHA512 | 61671ca8e193432f24500c01f91e4a464aebf50280656d66efbe46e2212d9830a7aeb15777f15eaa7ce2b74519566a68583a1eaaf56069a22a337c004f4c4692 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dkkukhpb.default-release\prefs-1.js
| MD5 | 1081d25b2e6d4755d3d15665bc9f5f6f |
| SHA1 | 9c631d31f9059726f9496e51f80c028839337bd8 |
| SHA256 | 082cded39297483434f6a8831d29dad385225e3b7c3dc64739ce68e97d39b98e |
| SHA512 | 66477896cb00e8e7cc4e4fa5255e06cbed8f68a0732bae016ad5ef631cdf3ba4981e396d4a66b0436bc651cb3fe10e290ba34f816ed476017fda31cf4d643307 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dkkukhpb.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 6ead4ef2453f28d4d8798f5f7fbef02c |
| SHA1 | 5b24d2d4e1328a4c8f4ed6e33937b7cefd921f94 |
| SHA256 | 53d320a214832134d9f449e929c61aec7eba3d31ebbe1af45ab65da65c637050 |
| SHA512 | b1cb0a27f3597020a4542e5b79ef2e1736dc8f004166e895f070434e6fe73fcc35d6b61624e029b86d5bfbcfe86b620bc5729ac771fae550e79049b38ae648b2 |
C:\Users\Admin\Downloads\Ransomware-Samples-main.QH81fUqx.zip.part
| MD5 | e88a0140466c45348c7b482bb3e103df |
| SHA1 | c59741da45f77ed2350c72055c7b3d96afd4bfc1 |
| SHA256 | bab1853454ca6fdd3acd471254101db1b805b601e309a49ec7b4b1fbcfc47ad7 |
| SHA512 | 2dc9682f4fb6ea520acc505bdbe7671ab7251bf9abd25a5275f0c543a6157d7fa5325b9dce6245e035641ab831d646f0e14f6649f9464f5e97431ab1bf7da431 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dkkukhpb.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 254c2bcc5929ee1322cc49f23c5e2c3a |
| SHA1 | bb4b0ba512e60eb221f5a0a1466f2d2e6071bbec |
| SHA256 | bc8bd4d3c189f3142351430589a1af5e6663d4617758cdf33329ccf5e56251d6 |
| SHA512 | 006432fe06b7cec90b1065aede66abb483c2f0bf23c08fa127b24949e30aeccf6385aaffe080ea4f3f2b518293a9ff632fa0c62f741661e698359e0a16103c59 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dkkukhpb.default-release\prefs-1.js
| MD5 | f7439cf16854efb2cc662918711c44f8 |
| SHA1 | 01794c5c07de6d08df874ff6cf682df315f2a9a5 |
| SHA256 | 46e489932d47bb8a994c090b1fe8cd7619e9afe6d93e3a29757625ef0b89706f |
| SHA512 | 0565bce5a23eabdde1344866a3089f98251816ab1a54e07927e50680a89c6489e196c769b07d0f63d175825e8bbec9d2fd889e2c66ed1e83dc20252bcd726ea7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dkkukhpb.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 6d1a7c7de65111e22360042d7bbc632a |
| SHA1 | 0bbf9251f3ebf27b9d46b43e7762170d42ca2b39 |
| SHA256 | 50cff84fcfbd1b212a33ac4ce17e863ba50e67424cf7e91b818291f899aa7222 |
| SHA512 | f38fda7c800ba636a4baa7f6dc0b92751509de602398482c6f68dfe5294ec30457ef9dad3d709656cd5a317d18c3a1c623d85eef1945a9653f1819a705f77e89 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 85430baed3398695717b0263807cf97c |
| SHA1 | fffbee923cea216f50fce5d54219a188a5100f41 |
| SHA256 | a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e |
| SHA512 | 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dkkukhpb.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
| MD5 | 3d33cdc0b3d281e67dd52e14435dd04f |
| SHA1 | 4db88689282fd4f9e9e6ab95fcbb23df6e6485db |
| SHA256 | f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b |
| SHA512 | a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dkkukhpb.default-release\prefs-1.js
| MD5 | c7f23ce819dc042542106a6c1e8ea74d |
| SHA1 | 3df537a982f3544a4f9090d9354ff3609b6a3d6d |
| SHA256 | ff05f0b81a6192fa4cb9ba6cc049d15d8e1a6502d2a86c18c432445823cbe836 |
| SHA512 | a74b76a300c4efb81c6e0dadb5056c04e73b7c277a9406e0dabeed99ce349ca4d55ce4210fdca048a2c9598dafe79400373f33cce683e0e1887a1ff391d85eda |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dkkukhpb.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
| MD5 | fe3355639648c417e8307c6d051e3e37 |
| SHA1 | f54602d4b4778da21bc97c7238fc66aa68c8ee34 |
| SHA256 | 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e |
| SHA512 | 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | a01c5ecd6108350ae23d2cddf0e77c17 |
| SHA1 | c6ac28a2cd979f1f9a75d56271821d5ff665e2b6 |
| SHA256 | 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42 |
| SHA512 | b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dkkukhpb.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dkkukhpb.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
| MD5 | 8be33af717bb1b67fbd61c3f4b807e9e |
| SHA1 | 7cf17656d174d951957ff36810e874a134dd49e0 |
| SHA256 | e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd |
| SHA512 | 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dkkukhpb.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
| MD5 | 33bf7b0439480effb9fb212efce87b13 |
| SHA1 | cee50f2745edc6dc291887b6075ca64d716f495a |
| SHA256 | 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e |
| SHA512 | d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dkkukhpb.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
| MD5 | 688bed3676d2104e7f17ae1cd2c59404 |
| SHA1 | 952b2cdf783ac72fcb98338723e9afd38d47ad8e |
| SHA256 | 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237 |
| SHA512 | 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dkkukhpb.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
| MD5 | 937326fead5fd401f6cca9118bd9ade9 |
| SHA1 | 4526a57d4ae14ed29b37632c72aef3c408189d91 |
| SHA256 | 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81 |
| SHA512 | b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dkkukhpb.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | c7c4a3d965241fcbe3550d0345b7a9bd |
| SHA1 | 1cf0e3436206e633d6cc89cf6fa4cf90bc4d1630 |
| SHA256 | 64e2e5d022165120f595910c667ce6b122910811dc01d0159c3efbbe3e43b976 |
| SHA512 | 9a30a8e277ff9b6dcdf7766d21faaa6bba63c252a738f849fa81a227fd647f5e636f5425e199c139e15eae5e3caddef3ae5c4ba70fa48b821d31a402c318c8f9 |
memory/4908-904-0x00007FFAF5DF0000-0x00007FFAF6790000-memory.dmp
memory/4908-905-0x00007FFAF5DF0000-0x00007FFAF6790000-memory.dmp
memory/4908-906-0x0000000002450000-0x0000000002460000-memory.dmp
memory/4908-907-0x0000000002400000-0x0000000002438000-memory.dmp
memory/4908-908-0x000000001B890000-0x000000001BD5E000-memory.dmp
memory/4908-909-0x000000001B280000-0x000000001B31C000-memory.dmp
C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe
| MD5 | 2773e3dc59472296cb0024ba7715a64e |
| SHA1 | 27d99fbca067f478bb91cdbcb92f13a828b00859 |
| SHA256 | 3ae96f73d805e1d3995253db4d910300d8442ea603737a1428b613061e7f61e7 |
| SHA512 | 6ef530b209f8ec459cca66dbf2c31ec96c5f7d609f17fa3b877d276968032fbc6132ea4a45ed1450fb6c5d730a7c9349bf4481e28befaea6b119ec0ded842262 |
C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe
| MD5 | 2773e3dc59472296cb0024ba7715a64e |
| SHA1 | 27d99fbca067f478bb91cdbcb92f13a828b00859 |
| SHA256 | 3ae96f73d805e1d3995253db4d910300d8442ea603737a1428b613061e7f61e7 |
| SHA512 | 6ef530b209f8ec459cca66dbf2c31ec96c5f7d609f17fa3b877d276968032fbc6132ea4a45ed1450fb6c5d730a7c9349bf4481e28befaea6b119ec0ded842262 |
memory/4908-918-0x00007FFAF5DF0000-0x00007FFAF6790000-memory.dmp
memory/2732-919-0x00000000027A0000-0x00000000027B0000-memory.dmp
memory/2732-917-0x00007FFAF5DF0000-0x00007FFAF6790000-memory.dmp
memory/2732-920-0x00007FFAF5DF0000-0x00007FFAF6790000-memory.dmp
memory/2732-921-0x000000001BEE0000-0x000000001BEE8000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | cbe4f290d4ac61fce2014ea44d5e9e6c |
| SHA1 | dacaea25ea46b00a926bab96a572ce342d4a1b1d |
| SHA256 | 83b395dca3529f1d983e600797156136e845bcee2b20ce178246aff8954f4655 |
| SHA512 | faf69cc918f0dff8a9137a2e375e7913630d7c5877939df6c19a1d5798b836db23ee617d60c7cd1b9cb5004df7e459721903c122bd0ef63480147138cacdc1e3 |
memory/2732-932-0x00007FFAF5DF0000-0x00007FFAF6790000-memory.dmp
memory/2732-933-0x00000000027A0000-0x00000000027B0000-memory.dmp
C:\ProgramData\Microsoft\Provisioning\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\MasterDatastore.xml.fun
| MD5 | cbedb0911fdd4d66adc7bef7e898b2e4 |
| SHA1 | 563eb113d2b1064f45f594ee6f697c25bc6862d5 |
| SHA256 | d117f7dff2b8d650108c43c9d2d7ffdf0452723f8996d74283a3e9bd29587f68 |
| SHA512 | 203b347e01e67f359ae40f42b6f472f036489e9a456f2b4821fc6409fedc0502d2cfe890dd922cd32f80826f9e026f4e1023e781888ba2112287468342e7f529 |
C:\Users\Admin\AppData\Local\Temp\{61C59AE2-7E9C-484D-B51E-91DBA7203C33} - OProcSessId.dat.fun
| MD5 | 8ebcc5ca5ac09a09376801ecdd6f3792 |
| SHA1 | 81187142b138e0245d5d0bc511f7c46c30df3e14 |
| SHA256 | 619e246fc0ac11320ff9e322a979948d949494b0c18217f4d794e1b398818880 |
| SHA512 | cec50bfc6ad2f57f16da99459f40f2d424c6d5691685fa1053284f46c8c8c8a975d7bcb1f3521c4f3fbdc310cf4714e29404aa23be6021e2e267c97b090dc650 |
C:\Program Files\Java\jdk1.8.0_66\jre\lib\images\cursors\invalid32x32.gif.fun
| MD5 | 580ee0344b7da2786da6a433a1e84893 |
| SHA1 | 60f8c4dd5457e9834f5402cb326b1a2d3ca0ba7e |
| SHA256 | 98b6c2ddfefc628d03ceaef9d69688674a6bc32eb707f9ed86bc8c75675c4513 |
| SHA512 | 356d2cdea3321e894b5b46ad1ea24c0e3c8be8e3c454b5bd300b7340cbb454e71fc89ca09ea0785b373b483e67c2f6f6bb408e489b0de4ff82d5ed69a75613ba |
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.fun
| MD5 | 829165ca0fd145de3c2c8051b321734f |
| SHA1 | f5cc3af85ab27c3ea2c2f7cbb8295b28a76a459e |
| SHA256 | a193ee2673e0ba5ebc5ea6e65665b8a28bd7611f06d2b0174ec2076e22d94356 |
| SHA512 | 7d380cda12b342a770def9d4e9c078c97874f3a30cd9f531355e3744a8fef2308f79878ffeb12ce26953325cb6a17bc7e54237dfdc2ee72b140ec295676adbcb |
C:\Users\Admin\AppData\Local\Packages\DesktopView_cw5n1h2txyewy\Settings\settings.dat.fun
| MD5 | f22599af9343cac74a6c5412104d748c |
| SHA1 | e2ac4c57fa38f9d99f3d38c2f6582b4334331df5 |
| SHA256 | 36537e56d60910ab6aa548e64ca4adafdcabde9d60739013993e12ba061dfd65 |
| SHA512 | 5c8afc025e1d8342d93b7842dc7ef22eca61085857a80a08ba9b3f156ee3b814606bb32bc244bd525a7913e7915bdf3a86771d39577f4a1176ade04dc381c6d4 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dkkukhpb.default-release\AlternateServices.txt
| MD5 | be31109b85e3240093550125ca4427da |
| SHA1 | 06c5abb84f00f73f17a5fcdf3868ec4764bbea56 |
| SHA256 | 331e5f3954a08b37fad21043095c8e185807ad115a9514afc0d5c5707597b8ef |
| SHA512 | 8295860e7408afdce2259fe223b403e6e1fdbe3d9ce5dcf243121e58ceb2c7629148ddec740608d0b7ce489c2677064c1c975bdae4940d5d286b921d5ba64f69 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dkkukhpb.default-release\prefs.js
| MD5 | fbacd6ffd3e4d004e64b29fb42b36b49 |
| SHA1 | d842076475de030f5ace35d89a26d7e10188c56f |
| SHA256 | fbb2ec8b79cb1a4a19285ed338de837edb9ec707e0190e12b34ee5c9f337e93e |
| SHA512 | 0b3f284cc642e906ffe36639555dc70c51c3711e65cbea74f0fa0590d957011e15046f0ed7176719e742f790ea6cbada0fbd203c8d48cd94387428152d1559e7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dkkukhpb.default-release\SiteSecurityServiceState.txt
| MD5 | 2497935f003182a1561fa9d12606d2d9 |
| SHA1 | 8a0689ff62e731d4e16c1e55ee1054c82412b9bf |
| SHA256 | be06b2851511b857c1970447cb761935614953de923546b92d7f6ffdab10e3e5 |
| SHA512 | 5ea2b4cec23c76157c174162ce0547e79971dc561c4e849507689a075256c66784ae7ebcccf182ff3fd02f3d8219c77a4c94695f907b3032815e80f743fd0224 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{c84a7780-a0c8-45eb-b3bf-6ecff0a103e6}\0.2.filtertrie.intermediate.txt.fun
| MD5 | f405f596786198c6260d9c5c2b057999 |
| SHA1 | f8f3345eb5abc30606964a460d8eef43d3304076 |
| SHA256 | 58e3090edb9316d9141065ac654a08169f2833091e6eb3a53b5a774a61b7e30a |
| SHA512 | a0b3573dae218ade265709a6fdee5f7700c9754eb10747de5af34af340ae95909d0a8902159a735e82eb5d7091f50a7997113661a7ec3fcc2b408fb6c78a4c39 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{c84a7780-a0c8-45eb-b3bf-6ecff0a103e6}\0.1.filtertrie.intermediate.txt.fun
| MD5 | 1fd532d45d20d5c86da0196e1af3f59a |
| SHA1 | 34adcab9d06e04ea6771fa6c9612b445fe261fab |
| SHA256 | dae6420ea1d7dbe55ab9d32b04270a2b7092a9b6645ed4e87ad2c2da5fdd6bae |
| SHA512 | f778cd0256eda2c1d8724a46f82e18ab760221181f75649e49dd32e9a2558bec0e9c52c5306ad17b18ab60395d83c438742103fe9adddf808e40c3d8384ea0b0 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_remove_18.svg.fun
| MD5 | 75a585c1b60bd6c75d496d3b042738d5 |
| SHA1 | 02c310d7bf79b32a43acd367d031b6a88c7e95ed |
| SHA256 | 5ebbfc6df60e21044486a5df3cb47ccdcd7a4d5f197804555715ffd9bf6c5834 |
| SHA512 | 663a302e651b9167f4c4e6ae30028307b4d8da0dda3a0e5fd414104951d50419862fc9396c5b39fe5c4b696efd3efbf0b575688983b1d341f3ef38becf500505 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dkkukhpb.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover_2x.png.fun
| MD5 | e092d14d26938d98728ce4698ee49bc3 |
| SHA1 | 9f8ee037664b4871ec02ed6bba11a5317b9e784a |
| SHA256 | 5e8ec278a273be22199884d519a79f748801baa3a45b76e57569fdfffe96e7fb |
| SHA512 | b2fcb5d46339cdf6b5a954f2a083cf913779e57cb6e8699bc5da1fba1c370c41117b7ddefb50075622067eb7b02a20268bc047171bd883bcda4a497c2ec64ea4 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover.png.fun
| MD5 | 2884524604c89632ebbf595e1d905df9 |
| SHA1 | b6053c85110b0364766e18daab579ac048b36545 |
| SHA256 | ae2facd997527426fc4def82e0db68be29b44499bfff86a28c36f7c31b177d4f |
| SHA512 | 0b506397627823a1768796129c6b37d146821471b89338b5f2d0fd3aea707fd46a8e197ee0e298ddfb3b50eef0a0b064946006346b060f733ef19cbd5d24fc90 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_2x.png.fun
| MD5 | 409a8070b50ad164eda5691adf5a2345 |
| SHA1 | e84e10471f3775d5d706a3b7e361100c9fbfaf74 |
| SHA256 | a91790b778026db625c9dedfe1c6d94b884818b33d7977e86b2f9c2f3c500796 |
| SHA512 | 767a75edd37d29b3433040ce21cda849cd11ba549f27581f7edc6416c433ba7047c56908d40956422393ab0f35ede61617d4bd2aad0bde3d1ebd276584c858c7 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\example_icons2x.png.fun
| MD5 | 0d35b2591dc256d3575b38c748338021 |
| SHA1 | 313f42a267f483e16e9dd223202c6679f243f02d |
| SHA256 | 1ca0cfc2df0354c8d886285ae5e743d9c7cc030e1afd68ac113c0f2ce43ad5fa |
| SHA512 | f6c58c27bbde7508a866bd0e7fabadb13a4f020378cd8b8cfc0c9fa23f645d811d6cdea04b81afdf30c064c6248152e74b3e6a78ec7a3d1d19037a0db8897d7e |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\example_icons.png.fun
| MD5 | 65368c6dd915332ad36d061e55d02d6f |
| SHA1 | fb4bc0862b192ad322fcb8215a33bd06c4077c6b |
| SHA256 | 6f9c7ebec5a707de439e3fd2e278fdfa07a39465d56157b70b24f091509bf76f |
| SHA512 | 8bb9a7690aeb3c0b9e14e1a6ebc5741536d354cf2324fd74ee0c3e4ef511718f7795039a94c8d2df94b6e6d0fb1762191cb649089d1def12abdf34003f0cdd0f |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon.png.fun
| MD5 | 880833ad1399589728c877f0ebf9dce0 |
| SHA1 | 0a98c8a78b48c4b1b4165a2c6b612084d9d26dce |
| SHA256 | 7a27d891097df183fbf0031e3894bdac0ce77aef15d666ddd9f6a04e9836fb27 |
| SHA512 | 0ddf247892a72a390437390d535debf6e41d12e51b31eb4f0353b710ec380c5fbc531a48e76935088063a41aca843287d3def9c1cd46be05b8dcb69f5017a464 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ui-strings.js.fun
| MD5 | 433755fcc2552446eb1345dd28c924eb |
| SHA1 | 23863f5257bdc268015f31ab22434728e5982019 |
| SHA256 | d6c290e942ee665d71e288229423a1f1866842988eac01f886910b0ec383aa9b |
| SHA512 | de83b580ce27012a7677e1da867c91e2a42dbc6b5872dcf756ace51c2862801814665ecca997171f2e550e8b9a3de19994d2516a4e5d4d57e16c7b4b823236c0 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ui-strings.js.fun
| MD5 | 781ed8cdd7186821383d43d770d2e357 |
| SHA1 | 99638b49b4cfec881688b025467df9f6f15371e8 |
| SHA256 | a955039cd9e53674395f4b758218e4d59c89e99a0c4d2a909e49f6008b8f5dd4 |
| SHA512 | 87cb9c4288586df232200f7bbacee3dee04f31c9444902dd369ad5c392d71e9837ebf8b3bb0fcb4a5db8a879cf757e97ce248939e3316c6bf3a3fe7cbe579534 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons.png.fun
| MD5 | 72269cd78515bde3812a44fa4c1c028c |
| SHA1 | 87cada599a01acf0a43692f07a58f62f5d90d22c |
| SHA256 | 7c78b3da50c1135a9e1ecace9aea4ea7ac8622d2a87b952fc917c81010c953f7 |
| SHA512 | 3834b7a8866e8656bbdbf711fc400956e9b7a14e192758f26ccf31d8f6ab8e34f7b1983c1845dc84e45ff70555e423d54a475f6a668511d3bcbdd1d460eeb4b0 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons_ie8.gif.fun
| MD5 | eda4add7a17cc3d53920dd85d5987a5f |
| SHA1 | 863dcc28a16e16f66f607790807299b4578e6319 |
| SHA256 | 97f6348eaa48800e603d11fa22c62e10682ad919e7af2b2e59d6bd53937618f2 |
| SHA512 | d59fa9648dc7cb76a5163014f91b6d65d33aaa86fc9d9c73bf147943a3254b4c4f77f06b2e95bb8f94246a982ea466eb33dac9573dd62f40953fd23de1c1b498 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons_retina.png.fun
| MD5 | 7dbb12df8a1a7faae12a7df93b48a7aa |
| SHA1 | 07800ce598bee0825598ad6f5513e2ba60d56645 |
| SHA256 | aecde4eb94a19095495d76ef3189a9abd45bcfd41acbed7705d22b4c7d00aa77 |
| SHA512 | 96e454ebb4c96573e8edc6822290c22d425f4c7f7adbab35e6dc4b3ce04a5916ae9254c2c312c98299835ecbf3c5aa95da2939b8408ac25fbae44ba87a3795dc |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\new_icons.png.fun
| MD5 | 82a2e835674d50f1a9388aaf1b935002 |
| SHA1 | e09d0577da42a15ec1b71a887ff3e48cfbfeff1a |
| SHA256 | 904372666ca3c40f92b20317d92ca531678958affbc34591401e338146fe0ecb |
| SHA512 | b10a8e384d0bd088443a5085f5c22a296f6f4d295a053d4526690ba65846e887daec47d01cf18fdf1160db98061a8b7c4040de56e6e604451a821fadccf32698 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\new_icons_retina.png.fun
| MD5 | 150c9a9ed69b12d54ada958fcdbb1d8a |
| SHA1 | 804c540a51a8d14c6019d3886ece68f32f1631d5 |
| SHA256 | 2dee41184747742fbdc527b2023d67fecec1ccdfdf258439a06cd75d4fd33f43 |
| SHA512 | 70193ee6f0919eb14311f43b5a5da041deacb568db55fc43290ee76e17af902ac468435b37a150630ea3b7871c724073915ae5dcba3c301ac42f2d68dd598e2f |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png.fun
| MD5 | ad091690b979144c795c59933373ea3f |
| SHA1 | 5d9e481bc96e6f53b6ff148b0da8417f63962ada |
| SHA256 | 7805ac9d0e05d560023e5aabed960d842e4f3ec2aa3db45a9cfb541688e2edb1 |
| SHA512 | 23b4c799a7b25f70962e8dd0ec7286ba7150053cab7c88f5fb1efc1095c2987bd6f3572e7fb3ee4b2238958e52a763de2c84a74615df7a6d3a19a034584fd687 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png.fun
| MD5 | 2de4e157bf747db92c978efce8754951 |
| SHA1 | c8d31effbb9621aefac55cf3d4ecf8db5e77f53d |
| SHA256 | 341976b4fe312824d02512d74770a6df9e1c37123781655532bd9cd97ea65fa9 |
| SHA512 | 3042a742c38434ae3ee4fe10f7137462cdebad5cae0f9a85fb61063d15a30e1b54ac878b1af65f699c6ca1a9d2c3e58d245e54bdebfadc460cbd060836734e11 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png.fun
| MD5 | be26a499465cfbb09a281f34012eada0 |
| SHA1 | b8544b9f569724a863e85209f81cd952acdea561 |
| SHA256 | 9095e9b4759e823e96984981af41b7a9915a5ecaa6be769f89c13484cef9e0f5 |
| SHA512 | 28196e5de9670e9f63adcf648368bd3ea5926a03e28a13adc2fb69c567fba2f84e4f162637c487acb64eda2e30993f849806f2313820ba693c7e70303542d04f |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon.png.fun
| MD5 | 0c680b0b1e428ebc7bff87da2553d512 |
| SHA1 | f801dedfc3796d7ec52ee8ba85f26f24bbd2627c |
| SHA256 | 9433084e61062d2b709c1390e298ddaf3fb0226656662c04c0b7026a44dee750 |
| SHA512 | 2d1399a6bf225b048d2b12656e941ad912636acae2dec387f92f33ac80629a1e504bca63580ba73a8ed073788f697274d5eb76ea1b089f0555fd397a8f5cbbff |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\bg_patterns_header.png.fun
| MD5 | 6e333be79ea4454e2ae4a0649edc420d |
| SHA1 | 95a545127e10daea20fd38b29dcc66029bd3b8bc |
| SHA256 | 112f72ef2bc57de697b82b731775fba3f518d1ae072120cd11b732bf4a782e36 |
| SHA512 | bed5906c7373814acc8a54c1631428a17f0aa69282920447a1575d8db826afd5dab262301dc6da610ff8bb81d24ec6babd3d9fb99fd6945f1aca9cb9c76ec2c9 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\bg_pattern_RHP.png.fun
| MD5 | b8454390c3402747f7c5e46c69bea782 |
| SHA1 | e922c30891ff05939441d839bfe8e71ad9805ec0 |
| SHA256 | 76f8ed1dd50e50c7d62b804a0d6901a93e5534787d7b38467933d4c12ce98a0d |
| SHA512 | 22b26c62473e80d17c1f78df14757ccfb6c7175faa541705edc153c02baa7ab0982b5daabe8dd2c8c9efb92af81f55ccaeeecffe8ed9a0b3c26e89135ca50923 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\illustrations_retina.png.fun
| MD5 | b7c62677ce78fbd3fb9c047665223fea |
| SHA1 | 3218c7b6fd8be5e0a8b67d3953d37d5dbd0c71d8 |
| SHA256 | aa638be6e1107ed1f14e8430abedd6f6d0a837a31b1b63e6a7741d6d417eddc2 |
| SHA512 | 9e0cc29835845f2a0260a6989c1b362bac22a8e0c2825bc18f1dde812ce7868503881d2deaf951429a80b5017b6ce31e785ff524883e08d730aa38b36a2fb074 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\illustrations.png.fun
| MD5 | 3ae8789eb89621255cfd5708f5658dea |
| SHA1 | 6c3b530412474f62b91fd4393b636012c29217df |
| SHA256 | 7c5b1d8469e232a58359ccbcb89e619c81c20e6d2c7579e4292eb9a19849bc5a |
| SHA512 | f6998dbae1a2fa56f962045261a11a50b8e03573d9d4cf39083da3be341cc104e0ecf5908076f03961bcdb1356d05a7450d69940ec3aaab73623a6fe180e7051 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-gb\ui-strings.js.fun
| MD5 | 117d6f863b5406cd4f2ac4ceaa4ba2c6 |
| SHA1 | 5cac25f217399ea050182d28b08301fd819f2b2e |
| SHA256 | 73acdc730d8a9ec8f340c724b4db96fc222bb1eaf836cec69dfe3fab8d6ac362 |
| SHA512 | e10883029c1e0fbc64bec9aac0a6957a8499af255e1790843717212077926474e02b2870c5dd04b057c956b97ad4bb1747fe73e731ea61b891f4b38dd80494d7 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\bun.png.fun
| MD5 | 51da980061401d9a49494b58225b2753 |
| SHA1 | 3445ffbf33f012ff638c1435f0834db9858f16d3 |
| SHA256 | 3fb25ddd378ab756ec9faa56f16b76691cf6d9c7405bb9a09ce542a6f5b94e44 |
| SHA512 | ecc5eb2a045ce2508d461b999f16caba6cce55aa0c00b34bd73a33e0458795f93a77caff5026212912684164057be016f51dc57ec83821c2a1f2e27417c47b2c |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview.png.fun
| MD5 | 2863e8df6fbbe35b81b590817dd42a04 |
| SHA1 | 562824deb05e2bfe1b57cd0abd3fc7fbec141b7c |
| SHA256 | 7f1238332901b740cde70db622abcfb533fc02f71e93101340073552f4820dad |
| SHA512 | 7b2d95465ea66951ea05c341549535a0a939d26dbde365b212e3983e4047fa6912c37d737cb8054c41bb1a7d92586d968a0154c666572a70ebc59a4776897f38 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview2x.png.fun
| MD5 | 79f6f006c95a4eb4141d6cedc7b2ebeb |
| SHA1 | 012ca3de08fb304f022f4ea9565ae465f53ab9e8 |
| SHA256 | e9847d0839d3cf1039bebdc49820ee7813d70941347ce420990592e5e3bd998e |
| SHA512 | c143a4cf1ccfa98039b73214978722408188535ee4aa3dac08a34760b94bdf6d36ad0ff0de893da5b17fd69c96a6dfb25098ab7fec219fad1a77532113d0353e |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small2x.png.fun
| MD5 | f77086a1d20bca6ba75b8f2fef2f0247 |
| SHA1 | db7c58faaecd10e4b3473b74c1277603a75d6624 |
| SHA256 | cf10d2a22b638cf0978cf30ecaf39ecb5bb0e3ad78cd920afa433ad60cc1290d |
| SHA512 | a77a897c0b41f4052cb9546d4cfd6e0856b288b6b8583a86d6c7e79059a05b19cc2593599251581e79107235e9d5cd589c392bf490452be04ff57e944cd19df3 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\nub.png.fun
| MD5 | e03c9cd255f1d8d6c03b52fee7273894 |
| SHA1 | d0e9a9e6efd1746bc9ccb4eb8e7701c1cd707e2e |
| SHA256 | 22a34c8321384fc7682102e40d082e7812232a9109e4d4e8fa2152fda3f260f6 |
| SHA512 | d4bd002197b725316e1f1f2dd0a70ee44a82a53ac0dafa8c6b1166343adc406e147d0c4cca30d65a32aa545f1b327c6b69c0ec1d15330af48a6faa234dc4b5ac |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small.png.fun
| MD5 | b88e3983f77632fa21f1d11ac7e27a64 |
| SHA1 | 03a2b008cc3fe914910b0250ed4d49bd6b021393 |
| SHA256 | 8469b8a64e80d662eec71c50513f6d295ef4a3a9992763dbcac9d81253cef9d5 |
| SHA512 | 5bf93d4f4250ca96169f3d27d4e648cc5d6e00b7558a3ef32e07edcbae36dadb8008d7ba5f83ac3ed812b72c9d52730e866191b4de7a339df57b5697e00df50d |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons.png.fun
| MD5 | 62b1443d82968878c773a1414de23c82 |
| SHA1 | 192bbf788c31bc7e6fe840c0ea113992a8d8621c |
| SHA256 | 4e96529c023168df8dde241a9acdbf4788ea65bc35605e18febff2b2071f1e24 |
| SHA512 | 75c8604ea65e0cdd9ea74b4802930444dd16a945da1e7f0af4a9a3762259ee9eb41ea96973555d06f4814ee2f6b73ab662c6b314b97876e9628fa5d4536e771c |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons2x.png.fun
| MD5 | bca915870ae4ad0d86fcaba08a10f1fa |
| SHA1 | 7531259f5edae780e684a25635292bf4b2bb1aac |
| SHA256 | d153ed6c5ea8c2c2f1839f8dadcc730f61bd8cd86ad732bab002a258dea1d037 |
| SHA512 | 03f23de6b0ae10e63c41e73308b3844d49379c55d2df75fa1dc00771b26253d832c21081d8289f04260369df996e31273b7c0788cf3b5c78a27ec909f14a283a |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\nl-nl\ui-strings.js.fun
| MD5 | 14145467d1e7bd96f1ffe21e0ae79199 |
| SHA1 | 5db5fbd88779a088fd1c4319ff26beb284ad0ff3 |
| SHA256 | 7a75b8ec8809c460301f30e1960b13c518680792e5c743ce7e9a7f691cfafc38 |
| SHA512 | 762d499c54c5a25aba4357a50bb4e6b47451babeda84fa62cfbd649f8350bca55204ad002883b9147e78dda3dbabaae8da1dc94b716204226bb53326030772b7 |
memory/2732-5686-0x00000000027A0000-0x00000000027B0000-memory.dmp
memory/2732-5687-0x00000000027A0000-0x00000000027B0000-memory.dmp
memory/2732-5691-0x00000000027A0000-0x00000000027B0000-memory.dmp
memory/2732-5692-0x00000000027A0000-0x00000000027B0000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dkkukhpb.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | b4b62341d134f6022d9a34db79b11f7b |
| SHA1 | a73fd8b6aaab6afdd404f7f07b1ada0ff88e429c |
| SHA256 | a5bf1cbb1ea70e79ee18a543dc1909802f89e00162f88440c817521e531bb26c |
| SHA512 | 7adb3fdb28a8f350053e9856b8185baec9dd0a9235702884bf816f4477642c2664ed7f36ef6b694f5c7c14c6a1c9f1c8c8180e595f1e10700e60ad4e4e916a05 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 0c305ad9612cb4cc9923c29695e9e7f0 |
| SHA1 | c53937c0f73613e76164c1266c8a579a6e99fb19 |
| SHA256 | bf55902f523e403017d78e327000cad25725d3aad8549264045586131456ac21 |
| SHA512 | e6af0579f28d1cab068a9f9655e32eebcba02f2997bf278e91d48681aa8dcb3619541f08d7b49ebf27ccfefdd39725a45d40052463df5f8f05f8426903c92d60 |
memory/1732-5728-0x00007FF63D5A0000-0x00007FF63D698000-memory.dmp
memory/1732-5729-0x00007FFB08350000-0x00007FFB08384000-memory.dmp
memory/1732-5730-0x00007FFB06070000-0x00007FFB06324000-memory.dmp
memory/1732-5732-0x00007FFB08310000-0x00007FFB08329000-memory.dmp
memory/1732-5734-0x00007FFB082B0000-0x00007FFB082DB000-memory.dmp
memory/1732-5733-0x00007FFB082E0000-0x00007FFB08302000-memory.dmp
memory/1732-5731-0x00007FFB08330000-0x00007FFB08341000-memory.dmp
memory/1732-5736-0x00007FFB08290000-0x00007FFB082A4000-memory.dmp
memory/1732-5737-0x00007FFB08270000-0x00007FFB08281000-memory.dmp
memory/1732-5738-0x00007FFB08230000-0x00007FFB08269000-memory.dmp
memory/1732-5735-0x00007FFAF3C60000-0x00007FFAF3F31000-memory.dmp
memory/1732-5740-0x00007FFB05F80000-0x00007FFB06068000-memory.dmp
memory/1732-5741-0x00007FFAF38E0000-0x00007FFAF39C3000-memory.dmp
memory/1732-5742-0x00007FFB081F0000-0x00007FFB0822F000-memory.dmp
memory/1732-5746-0x00007FFB068E0000-0x00007FFB0690D000-memory.dmp
memory/1732-5747-0x00007FFB08180000-0x00007FFB0819A000-memory.dmp
memory/1732-5750-0x00007FFAF36E0000-0x00007FFAF38E0000-memory.dmp
memory/1732-5749-0x00007FFB068C0000-0x00007FFB068D1000-memory.dmp
memory/1732-5753-0x00007FFAF3630000-0x00007FFAF36DB000-memory.dmp
memory/1732-5755-0x00007FFB00C80000-0x00007FFB00C92000-memory.dmp
memory/1732-5756-0x00007FFB00C60000-0x00007FFB00C71000-memory.dmp
memory/1732-5757-0x00007FFAF3550000-0x00007FFAF3626000-memory.dmp
memory/1732-5760-0x00007FFB007C0000-0x00007FFB007D7000-memory.dmp
memory/1732-5762-0x00007FFB00220000-0x00007FFB00231000-memory.dmp
memory/1732-5766-0x00007FFAF3530000-0x00007FFAF3541000-memory.dmp
memory/1732-5772-0x00007FFAF3250000-0x00007FFAF34C6000-memory.dmp
memory/1732-5770-0x00007FFAF34D0000-0x00007FFAF34F1000-memory.dmp
memory/1732-5774-0x00007FFB0BE80000-0x00007FFB0BE90000-memory.dmp
memory/1732-5780-0x00007FFAF3160000-0x00007FFAF320D000-memory.dmp
memory/1732-5778-0x00007FFAF3210000-0x00007FFAF3221000-memory.dmp
memory/1732-5782-0x00007FFAF30E0000-0x00007FFAF3159000-memory.dmp
memory/1732-5783-0x00007FFAF2E00000-0x00007FFAF30D1000-memory.dmp
memory/1732-5776-0x00007FFAF3230000-0x00007FFAF3241000-memory.dmp
memory/1732-5787-0x00007FFAF2DC0000-0x00007FFAF2DD9000-memory.dmp
memory/1732-5790-0x00007FFAF2DA0000-0x00007FFAF2DB6000-memory.dmp
memory/1732-5786-0x00007FFAF2DE0000-0x00007FFAF2DF1000-memory.dmp
memory/1732-5768-0x00007FFAF3500000-0x00007FFAF3522000-memory.dmp
memory/1732-5764-0x00007FFAF7A10000-0x00007FFAF7A27000-memory.dmp
memory/1732-5759-0x00007FFB007E0000-0x00007FFB007F1000-memory.dmp
memory/1732-5754-0x00007FFB05F60000-0x00007FFB05F7B000-memory.dmp
memory/1732-5752-0x00007FFB01110000-0x00007FFB0114B000-memory.dmp
memory/1732-5751-0x00007FFAF68A0000-0x00007FFAF6937000-memory.dmp
memory/1732-5748-0x00007FFB06E00000-0x00007FFB06E11000-memory.dmp
memory/1732-5745-0x00007FFB07940000-0x00007FFB07965000-memory.dmp
memory/1732-5744-0x00007FFB081A0000-0x00007FFB081B8000-memory.dmp
memory/1732-5743-0x00007FFB081C0000-0x00007FFB081EE000-memory.dmp
memory/1732-5739-0x00007FFAF39D0000-0x00007FFAF3C60000-memory.dmp