jigsaw | b3af58566437f83301cd884feaaa2c4b6c827498969a2abbe48afc03351facb3

Resubmissions

09-10-2023 22:49

231009-2rx68aba24 10

05-11-2020 14:34

201105-wwra1hx6zn 10

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
09-10-2023 22:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b3af58566437f83301cd884feaaa2c4b6c827498969a2abbe48afc03351facb3.exe
Size

41KB
MD5

0efb06144ff6e9eb6bdc03fafa5167a7
SHA1

894bc02320d1308462ce004cf06e1bb1841d22c2
SHA256

b3af58566437f83301cd884feaaa2c4b6c827498969a2abbe48afc03351facb3
SHA512

a4e4f538ad17d32c63f5b6b5be26115931480544ca921bec09bbe0dcb0989455fb29a8ddd97c3e14b4b1250b9aa8b19aa0e0849fcf1dd57f2d3f934f7e973a96
SSDEEP

768:P/qD8gHkDXmFY26O92PdAIAabphLyUvQX9EmY17cefj:PYtNFY2noyvGp8HmN

Score

10^/10

jigsaw persistence ransomware spyware stealer

Malware Config

Signatures

Jigsaw Ransomware
Ransomware family first created in 2016. Named based on wallpaper set after infection in the early versions.
ransomware jigsaw

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Control Panel\International\Geo\Nation	b3af58566437f83301cd884feaaa2c4b6c827498969a2abbe48afc03351facb3.exe

Executes dropped EXE 1 IoCs

pid	Process
2896	AcroRd32.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Chrome32.exe = "C:\\Users\\Admin\\AppData\\Roaming\\Google (x86)\\Chrome32.exe"	b3af58566437f83301cd884feaaa2c4b6c827498969a2abbe48afc03351facb3.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\basicstylish.dotx.v315	AcroRd32.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Transit\contrast-white\MedTile.scale-125.png	AcroRd32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteNotebookLargeTile.scale-400.png	AcroRd32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosLogoExtensions.targetsize-336.png	AcroRd32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-40_altform-unplated_contrast-white.png	AcroRd32.exe
File created	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.transport.ecf_1.1.0.v20140408-1354.jar.v315	AcroRd32.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-white_scale-140.png.v315	AcroRd32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\whatsnewsrc\script\bulletin_board_construction.js	AcroRd32.exe
File created	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\console_view.png.v315	AcroRd32.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\ja-jp\ui-strings.js.v315	AcroRd32.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.views.nl_ja_4.4.0.v20140623020002.jar	AcroRd32.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\AppPackageMedTile.scale-125_contrast-white.png	AcroRd32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\MapsAppList.targetsize-72_altform-lightunplated.png	AcroRd32.exe
File created	C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-netbeans-core-output2.jar.v315	AcroRd32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\XboxApp.UI\Resources\Images\star_full.png	AcroRd32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\RTL\contrast-black\SmallTile.scale-100.png	AcroRd32.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\S_IlluCCFilesEmpty_180x180.svg.v315	AcroRd32.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\js\plugin.js.v315	AcroRd32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\notetagsUI\main.js	AcroRd32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.contrast-black_targetsize-256.png	AcroRd32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\AppIcon.targetsize-64_altform-lightunplated.png	AcroRd32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\SmallLogo.scale-200_contrast-white.png	AcroRd32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\themes\dark\rhp_world_icon_hover_2x.png	AcroRd32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\bg_get.svg	AcroRd32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\cs-cz\ui-strings.js	AcroRd32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.contrast-black_targetsize-80.png	AcroRd32.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\include\win32\jawt_md.h	AcroRd32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_folder-focus_32.svg	AcroRd32.exe
File created	C:\Program Files\7-Zip\Lang\cy.txt.v315	AcroRd32.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailAppList.targetsize-48_altform-unplated.png	AcroRd32.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\OutlookMailLargeTile.scale-100.png	AcroRd32.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\LTR\contrast-white\SmallTile.scale-125.png	AcroRd32.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\requests\browse.xml	AcroRd32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\themes\dark\cstm_brand_preview2x.png	AcroRd32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\AppxManifest.xml	AcroRd32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteNotebookWideTile.scale-200.png	AcroRd32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-48_contrast-black.png	AcroRd32.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxMailAppList.scale-200.png	AcroRd32.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\plugin.js.v315	AcroRd32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_pl_135x40.svg	AcroRd32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteNotebookSmallTile.scale-200.png	AcroRd32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\Tented\TentMobile_100x96.png	AcroRd32.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-netbeans-modules-sampler.jar	AcroRd32.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-keymap_ja.jar	AcroRd32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\es-es\ui-strings.js	AcroRd32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\themes\dark\icons_ie8.gif	AcroRd32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\es-es\ui-strings.js	AcroRd32.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\Toast.svg.v315	AcroRd32.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\s_filter_18.svg.v315	AcroRd32.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\hr-hr\ui-strings.js.v315	AcroRd32.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\RHP_icons_2x.png.v315	AcroRd32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\images\themes\dark\file_icons.png	AcroRd32.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\hu-hu\ui-strings.js.v315	AcroRd32.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.core.databinding.beans.nl_ja_4.4.0.v20140623020002.jar	AcroRd32.exe
File created	C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-charts_zh_CN.jar.v315	AcroRd32.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\spectrum_spinner.svg.v315	AcroRd32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\rename.svg	AcroRd32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\root\ui-strings.js	AcroRd32.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\uk-ua\ui-strings.js.v315	AcroRd32.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\ja-jp\ui-strings.js.v315	AcroRd32.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ba.txt	AcroRd32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-96_contrast-white.png	AcroRd32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNotePageSmallTile.scale-400.png	AcroRd32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\themes\dark\s_radio_selected_18.svg	AcroRd32.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 2192 wrote to memory of 2896	2192	b3af58566437f83301cd884feaaa2c4b6c827498969a2abbe48afc03351facb3.exe	83
PID 2192 wrote to memory of 2896	2192	b3af58566437f83301cd884feaaa2c4b6c827498969a2abbe48afc03351facb3.exe	83

C:\Users\Admin\AppData\Local\Temp\b3af58566437f83301cd884feaaa2c4b6c827498969a2abbe48afc03351facb3.exe
"C:\Users\Admin\AppData\Local\Temp\b3af58566437f83301cd884feaaa2c4b6c827498969a2abbe48afc03351facb3.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:2192
- C:\Users\Admin\AppData\Local\Adobe (x86)\AcroRd32.exe
  "C:\Users\Admin\AppData\Local\Adobe (x86)\AcroRd32.exe" C:\Users\Admin\AppData\Local\Temp\b3af58566437f83301cd884feaaa2c4b6c827498969a2abbe48afc03351facb3.exe
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:2896

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_remove_18.svg.v315

Filesize
720B

MD5
26229d32bcff65a7ca27ceff35146be1

SHA1
1310626990a46a75e1f12a9e52b3406fff73e889

SHA256
e4a831277f9c37467ff5801510767977e4edc888d3214ab9daa96f2c62538817

SHA512
acaa6cfc39a700c206bb22b4f7eaa87b1032834079714864b70fab15ef79323244b0b6ab35a425935649ef8116dffa0c846e14edd9aa61fa84924d1f131575b8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons.png.v315

Filesize
7KB

MD5
29d5b9dd8bf6f956bccc56512f2378a3

SHA1
0bb457c83b1c4e05c92623c6110291f0a6651f1f

SHA256
7db26a98e19ba8aa62aa22ed75f4ab3c4e59ad9bdaed4b33e6dab565ba3324f9

SHA512
eef62ca2dc4b52e313fce4bead64f7724d669f6303b41d4fe5300cf0f7f557dafde6b2745310e9a2844bd9b1d26a96aff1d1b81ae3e2f265c5026371c2b97f01

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons_ie8.gif.v315

Filesize
7KB

MD5
da394249b90baf9b67fda782d2828fc5

SHA1
179738d6b74da4a3fe0dcdd97fadd405a704d3ac

SHA256
a3defe4c40562bc557d80f36b2f76e46bb205754be9338db2629eaae6f0c5c6d

SHA512
d181791eaac47b2cc04a50019207c3e009fbdd790ffe3747a455e2842efc3c59ebb5a55850786632b6946b21448a62957c496d0c06d35e393421683e0105b758

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons_retina.png.v315

Filesize
15KB

MD5
6eb8fbcb77896959aeaee24a68fb8f12

SHA1
54980434566f1c6077a750450541275fdef8b6a1

SHA256
e2d7ae55d89e58c23ed6c6ceebd533255ed6a0aa6536832dfe9c540c604b3978

SHA512
565cfbc56bf4c716b40cc489a6093e663f3b41e0c60ff8b6e601d2b99b7e9b3fbbd114c3c0445815011432a2cd4e6c8def03f6fb3b7e86b417786af693293e70

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\new_icons.png.v315

Filesize
8KB

MD5
08334d2d7f69464fdf9b62d5c78de4f2

SHA1
3d1893abf506ac162423eaf5f290210ee15b3819

SHA256
4027f38888f080b4a3be0aa0863bcd25bfbb7045ce9e52ad25bd416a32209446

SHA512
980eb6931ead608e04044d403dacf55fae4c825a49dca2bf281f57ad2c0f7114de9b5a4df937fa468d6d3f3eaa65aa0a99d60338ecb0291b6493aad8df6caf5e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\new_icons_retina.png.v315

Filesize
17KB

MD5
af799ab07ba0f35e406a6daec604866c

SHA1
9677bff171d64157128e32f65d8b6b2ecd1d6905

SHA256
5a86c05a97c7d5dcfd9441a82e36b4b758ceab0bb6fb398f9c1e8e440c56f2f3

SHA512
f6cb03d1de497baf3408368ccb27a434e27f41b79b2f5da95932b2981868775d86c88aacd5fe48e2dbcfd914721af8c23b0f44f0bb80c73f109b68d4482536d3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon.png.v315

Filesize
448B

MD5
b77ad93d92419e542a10048942ba137f

SHA1
ce66ba385b76ae0db0d32fc495a089794b26ecd6

SHA256
aa2ac19279188ad6e99490b342e3ab816fc37c5d67425e1050034e1e6ca3900f

SHA512
0a8b7a993f3ad88861c43fcb509de522b87f97fa803e532fb3063c042e76f92b246b2ea9c68601db56b706aa1e5e46f95730dcecf3b81aaee106d22c19bd19dc

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_2x.png.v315

Filesize
624B

MD5
09fc591b222cb9cebaae17b91d3b15d2

SHA1
038fb09071e682b5cbc0f596ca15ede9904beed0

SHA256
e3d7b78af6dc59fde63881eabe92024aeae6a68f1348533adfaa238de6ac0a95

SHA512
11c26cf8e75d8d923a82cbf2b350759e61d702458eab818606ab933f1b95792eedb000760e3e9ef574ea4ae7e87b808a264de7820359a9ccba55c182bf9703d2

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover.png.v315

Filesize
400B

MD5
68e0c8b74de6b9578d88062fc0367806

SHA1
65b8c8ff97940b83e010a49222684f3fa82e4159

SHA256
3b57550c244f63a4a240c86a3b88358172a8295cef61929aad79c3561b99b4ae

SHA512
8741eb7ef985a9a6987141a9b050b0508c329d69a522cd7d1aab0a5dcebf166f3e4ee7ea08f911105765f27f7339cbc78217676b9cfee71bb7219a2f0fc3b83e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover_2x.png.v315

Filesize
560B

MD5
3d6133566997c35fdc0fc1f5b59a779b

SHA1
db370dd27d3f3e7fae3177d3b655247c4a2756e3

SHA256
3b931df2ea2849b5bc99ebd4bb1a8cb99ebc0cbf34744de6edbf602b78feba03

SHA512
03853781e5d5397567dc90637ff901966a1317474cf8d0620ccacc1bdfc542e5552e631282bf6b2514bae564ea699e815531e6e9dfc94f985f2a0aaebff00d68

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon.png.v315

Filesize
400B

MD5
08d284b7e207f2083a1edd6bc2873ec4

SHA1
5512df35013d9138971b67e82eb5e1ac665035e3

SHA256
eb9d21e33bab8dc17bd76ddc33c564bb0ed0ba4456da8a9d32a4e2fd353618c0

SHA512
efda4724cac5bd7f49edabcc6ae29ab399e5afd3ece6670facb55d948ed5e4499fa770797990b508fd1552d269a71a678560327a93d8bd668d7bdf22d20da583

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png.v315

Filesize
560B

MD5
60c4018ca50e8f057d73676994d90059

SHA1
8dd976c31dd4c6c46633ef774f59883c7b5d7cc1

SHA256
f5cbd4dc362cab8dccb586ed5f79b41ed228887415726f8992e3cc813736c0df

SHA512
3b2d185f557f5bc545f9e8ac0463b6bf9638937ba18f48c3595e1825a3fa0f1e8a29412ee8b3ef83d281b834396fc7bb166fca1256f4a052deac411df5a36696

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png.v315

Filesize
400B

MD5
a55f7c140c749a82e23d6aec36e61ddc

SHA1
0e7e31a04468239b28cd64bdd1132bed4326efbc

SHA256
d5ba738f2f73ff28a59227a0435114a3b41461e769f8458e60aa097870acb0c0

SHA512
06da7a559864233b962f4ec9e9ecc6daad8b6f0c916e1428991b9584d5070ab142bd28c6648e1bed8e937fedd5f3e0bcd4fdee194072918d2ea3cc92acf4ea23

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png.v315

Filesize
560B

MD5
09dde4e4df04a3e3280deb59dbfb77d5

SHA1
d35ec55e8f6b729a091c6ca9ef0acea2774f6c10

SHA256
3d83d47c7a765966b296a2b6cb1fb04f1fcf49ab309301535f9559753739c539

SHA512
d7e54361b487d17e0d6fe3fc0c0ab7cd256377706cba76791d3c89b6f8088a881216959fde6a4eedbfdac701bebca3378bd74683f8e5bae4f61a67d59ee09912

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\example_icons.png.v315

Filesize
688B

MD5
d1d699a116b6f8fc851fe910f8614d6f

SHA1
bdb1bff6b44bdba46296728a4ebb25a3d8ad29b4

SHA256
c84216e0b67004d1205d38ba25313637270aefa2e179327df5bb437bc7efdb28

SHA512
fe4303593bcd06c0fb96e8bbfc3dbb4d85e44e329ec56cda79f6b8f2c9b8f894ae3a827bed4304e0112b1cb6808f685c4647507f0f98c480c007616e7c95be50

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\example_icons2x.png.v315

Filesize
1KB

MD5
e6ef32a1f3e6af7db36f6888b4222ec7

SHA1
b0f83593802bf8c71c1891fd2871edbdf20f8896

SHA256
eb247f22194275a42a54504a445d0b5a15a26c7eccd69ac427efb0e0869cd4b0

SHA512
13c92b854d8e5c9aae2f7f509b94a91f365a4dc7d24febba63874a3d569242bd9f7e57ac550e6cb0b30cd50debb7a03bb491e63500453b534aa89a785c40232d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\bg_pattern_RHP.png.v315

Filesize
192B

MD5
d621bc570d75647e63cc8eb2a2f017fd

SHA1
80caf67123a0636daf013c6c2f5aa66c7f0d473a

SHA256
8750f22e39bbb952727ddc9c2914ad9ac41f12cd981084b4c8c0c11c492b845a

SHA512
50ae1c2c8be21edbe2c2e999643645aa0aca33cfe10a5f8d4e7142a344ab17e499e1922ea284faf7dd1211462af123a5266bcaac12b78c01c167464a9a0e2e25

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\bg_patterns_header.png.v315

Filesize
704B

MD5
b9bd85e8ab8f537bd2f2588848995c9d

SHA1
39f7a22d7c4dbf40164c1fce4b39abb2e78eeb49

SHA256
2db655baece3025096eed432d05857692f7ec1f61d992d053de75f28528e0622

SHA512
f3e6dcf7707f448295453d8065f30d00d4939ab6f804240cad72b900a6f0e006df2c43d2ed98a9ff87f5f9543ac1026e9e09b656c1f5666dd87c3378b6d9168c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\illustrations.png.v315

Filesize
8KB

MD5
010c3b14db92e84a98347639b44e6d26

SHA1
2e95bf890567ffc640483482b597ec426d8013ca

SHA256
68963208678c322561cfa69a766191485fe0e9df624cd840417c50be15d3d795

SHA512
ec0ca222d91449e87e38c48deb03eda118ad5b27f7a6ca6cc93d9ce10a9e301e0fd52c8078e2b7d95ce148b1f2d0de748ac6e7b71167be091302121f577bbaae

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\illustrations_retina.png.v315

Filesize
19KB

MD5
a52c39fafb7cc93e188f314c1ac4db1a

SHA1
a7dafc0243d7dcd26b9608b7ae2cf0f2a16071bc

SHA256
d0b446dff37e32b5e3c0fbc39478766007606a0d1471af4d09e1cac57b0f2b56

SHA512
f3282677532f2ae0ec4de911b7841fffb578a864a9c1e5ee0d5a20b180bb3079bb6ddb9ccb4e31a8dddc6ca344061135d0e8b20a8adbf76a6531ea6733b413f0

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-gb\ui-strings.js.v315

Filesize
832B

MD5
1bca8ce0f3ac8116c8314876828b3997

SHA1
b806db47355421e750985027dfc0a786dda6b437

SHA256
e9323eac402e4276be1d4ae1604968be46270a7c846e79434e287c6b49ba2bae

SHA512
f32f96698fa091b85ae818d29a34a5212092c64b734e13bd2da8e81fa2b94505baa3d9730e82b139cf3343f929082c026e6329d614dc6e818f2042e24b6e0fc8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ui-strings.js.v315

Filesize
1KB

MD5
7bfccb7929b08ce03d323f4e77cb72ff

SHA1
21b78e78f491128fb4c930e9cb1c640fd6380e77

SHA256
ab9c375e4b4c7e7612359b8d1cc6b28ca1bc17d43db690d0815f16ea22a0f5dc

SHA512
bd24ef3df934c5047558f96adcc207bf29255ac8d83a823ff2075b1da633935034cc2fb16a040937e935707d42a976f908e1a95f488516148f0579a95da61082

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ui-strings.js.v315

Filesize
1KB

MD5
4fe8a5d12a197027758f1dbce73760de

SHA1
23c3493a34418c61fe3129b01986f0c891597a39

SHA256
2bdc08cb49dd55f49cdd113ecabf2d8e66389a7b81506b7b26f6a2e24455d6b2

SHA512
4ee60af92c58fc2c4e1e3899993240923700b0ae4ad07aeab83dae36e7d77cb788087fd3474f6da8de8b036641b6fd26031e53e35b0015ed0803bfef713fe934

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\bun.png.v315

Filesize
2KB

MD5
687fb793cc4592ca45fa4098d9813273

SHA1
b0cd42d28527714f6adf9a3ff05c0f3c92a69e96

SHA256
8ce9cd590f9f4a569a48e53ff6dde7e004224ace8b3bc8578d7868c8cc330197

SHA512
234aa37af68d641e5234d9d1fa6d11f9cc1d48ee5bcf0e355decf57c014bf39ced479f9250d788de4c087902272a5145f2516496f7d6550bdab9a579790b0f2f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview.png.v315

Filesize
2KB

MD5
2419d3e01e4297849a2fe903a183ecd9

SHA1
7619d5695522713247050e407dca1a728add702e

SHA256
d6ab80b9e7f87584d47d1d9844a498a09c22ff1136d8d061fd1179390a88b79c

SHA512
91720aea42f726f8c8b6e4203a73c648fbf3442da067f102b7e37fe1d09939bb01653dbebe9bb000839326f9f7683d69be6fbdccf5c7e447e7d2355fd3aad101

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview2x.png.v315

Filesize
4KB

MD5
fb3e10364da62adff568a9da1ce9627d

SHA1
884b3d2b648c75d136aae478ccdc7926dee27e5e

SHA256
b76e339ea25be0febaa751865d60e89e941c20fe5a4a22b415b3c0e1cee09669

SHA512
2d9e2d8c8c6de92683d53b4f2b8133e522e56f2c6aeacf514acdbd98820002a26107adba102f3488e618cd58ae0537f7f2cf1526ecdbed62e386e9385d2b6dc9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small.png.v315

Filesize
304B

MD5
0095ae542c5adffaada889b2c9dd2c09

SHA1
b9a839964ab4408855c0bee8febeb26e4d2ac2fb

SHA256
edd388df803825e4af9d0c3d95ad955dfb3e4f50394115860334857e86713ef0

SHA512
a64c15dbcf0ceba40acdcdbea736882094de87cd4a8be8118275a33d6d4ab012f03a2b27dc63cfe297e13cc93e9621bf8c41b972e0bd6a633c6c0d46cf9c0c8b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small2x.png.v315

Filesize
400B

MD5
178efc5767adc6ab7a3c5efe8975428d

SHA1
8c92f759e22e40fa528b3b3c5dcc13e9938ed415

SHA256
f903fa61f67d2f86bce4205bc07fd76c1ccee8ad0cfd9b6ced6893798ae72b8d

SHA512
20fe810ff47880d151d5dcf56e14ad1d7f2975406718de25dc88f5773ca90f6db242e4a2cb2efbeac626d893f830258f94d13d4cb3dac03289a42d43baac83e0

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\nub.png.v315

Filesize
1008B

MD5
adafebeaff0393bc9b903d6dc41af646

SHA1
49f4f286b6d75ea1d451a404a2aa5e9b63b23c73

SHA256
58f23db738269034841373b1d01d1e38d74afd926a91b619ba8c460d4da38921

SHA512
b906a859b673645c2df9d40e86c18546ce0ce044ea08084716c20f18203814e60e60934c982a1ad94b87bfef56aad2f0874a14db30bf1adb7ff2a81d8b483388

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons.png.v315

Filesize
1KB

MD5
d3f17e3d334ca252e68fc0c19eecc629

SHA1
6016a661ee9480434498c21e6235cc2fc93f2944

SHA256
0074fe5168ccb0032aa5218286c2644fbf540be46b6b0db64088590bb610c7ed

SHA512
0b8b66d10291d84a3b0c35e5eeef3e1fdeb1a9b71c4aec5edfa5c5f74b8ba368bcb4f1674af8d2fc57eae14969f8eae8aa2988adbe41d45a77bc37533ef721b7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons2x.png.v315

Filesize
2KB

MD5
1c0ea1ad8c8cbcd1767f773ad03f7f33

SHA1
4af9661041c0c4a2ccba9a112729cf316f33b468

SHA256
6b122a6399c0a116e77385b213ac1112c783817561f0d28afa5fe6f776108633

SHA512
8b6f8bac62b6bc1b46fcfa7c739db3eda180ee6b43ecc2cb545ffa22803db6202b3cc5614cea2ce4e2ed4c96e0bf2a02c5e93b50889b5ec092a55384e51dff56

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\nl-nl\ui-strings.js.v315

Filesize
848B

MD5
481e2b46b802ce02f441784c68aec492

SHA1
586e52dc47161b843923f89082c0ba85d4a3df7b

SHA256
b11ca287019ad669301da80daa29027e62f8114e4a9c1278316a5f2e41cd126d

SHA512
a2b926df861f195877d662910851941af159e3c2e5b11808fbb90a49ab3a330c5ed3dd7bb27f5772ffb07ee419d3d34985f7d4504f65fd130262c0092e5e8fc9

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.v315

Filesize
32KB

MD5
1a5c07c9cb0c3c6c41c0ba0434439c0e

SHA1
de29ef83cacdd55b6754760c3c65341ee623e066

SHA256
21ed8d15b3241993cff57f0ccd220acedf8dcc1b963905b52350021c265a5a87

SHA512
21dd66c5b965a8137e72f031bab89d5c6cd737b43d26b3670fffbc44592dfe0647f908e0363ee3f76b36fec9b7051335253949c65495dcfdf8bbf8424a39cff4

Download Submit
C:\Program Files\Java\jdk1.8.0_66\jre\lib\images\cursors\invalid32x32.gif.v315

Filesize
160B

MD5
0886385c883e6319ec019dbdb8315eb6

SHA1
0014ca1ac628640303bd85fe5d0909f7e27e89fd

SHA256
f26915835c298fd96670ec6995b4f47c83339199ebdad9dad29af80158743c0f

SHA512
ec694d0a039a599a245730dc68bde906771eed376bc3d2065a9250c3754ead96a483f8722bc11f4d4001890a6ae791291f1b0e43236b9a1655797c4dabaea830

Download Submit
C:\Users\Admin\AppData\Local\Adobe (x86)\AcroRd32.exe

Filesize
41KB

MD5
0efb06144ff6e9eb6bdc03fafa5167a7

SHA1
894bc02320d1308462ce004cf06e1bb1841d22c2

SHA256
b3af58566437f83301cd884feaaa2c4b6c827498969a2abbe48afc03351facb3

SHA512
a4e4f538ad17d32c63f5b6b5be26115931480544ca921bec09bbe0dcb0989455fb29a8ddd97c3e14b4b1250b9aa8b19aa0e0849fcf1dd57f2d3f934f7e973a96

Download Submit
C:\Users\Admin\AppData\Local\Adobe (x86)\AcroRd32.exe

Filesize
41KB

MD5
0efb06144ff6e9eb6bdc03fafa5167a7

SHA1
894bc02320d1308462ce004cf06e1bb1841d22c2

SHA256
b3af58566437f83301cd884feaaa2c4b6c827498969a2abbe48afc03351facb3

SHA512
a4e4f538ad17d32c63f5b6b5be26115931480544ca921bec09bbe0dcb0989455fb29a8ddd97c3e14b4b1250b9aa8b19aa0e0849fcf1dd57f2d3f934f7e973a96

Download Submit
C:\Users\Admin\AppData\Local\Adobe (x86)\AcroRd32.exe

Filesize
41KB

MD5
0efb06144ff6e9eb6bdc03fafa5167a7

SHA1
894bc02320d1308462ce004cf06e1bb1841d22c2

SHA256
b3af58566437f83301cd884feaaa2c4b6c827498969a2abbe48afc03351facb3

SHA512
a4e4f538ad17d32c63f5b6b5be26115931480544ca921bec09bbe0dcb0989455fb29a8ddd97c3e14b4b1250b9aa8b19aa0e0849fcf1dd57f2d3f934f7e973a96

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.v315

Filesize
8KB

MD5
efe713529a38d30ad082d86cb06afa96

SHA1
cb512c276741ca759f69fc587109bc397688b3f2

SHA256
bfd7613f27f527f6ad3eea77058f41fa374f901bc59f4edc10661604009124c6

SHA512
86c4ba64c865d028cd3d159160de004ed8321533267466c572d6752dada969933dd6515f1a25eddd58f24576e18d0ff109b4af352cd2ab1745df1bcde76794ca

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{24c30759-70cb-451c-8420-b52f059918bb}\0.1.filtertrie.intermediate.txt.v315

Filesize
16B

MD5
933649fc1ab3e67c17db2247ee7d362d

SHA1
7268a86993b9d745a2da7295eca38d970a97be57

SHA256
3a649b665ee4223c6065dfbe3e85638242f006bc41506afbe7eb1b16d1f35a0b

SHA512
03da41dbe12a44930567bcf6d48a84ad6ff6b918fdb8168acb78b327ff70eb16883dfc35af88e58bb9b6d30caf112ea100abb38cec1c0991042a5179b9713917

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{24c30759-70cb-451c-8420-b52f059918bb}\0.2.filtertrie.intermediate.txt.v315

Filesize
16B

MD5
afb24e3dad248fb79c5d227901d59f08

SHA1
5f45f2c44a601b432ae1950d312bbe9992253057

SHA256
fe63b35d7703b4d5fc8b05df2847a209d3f4676217451a440587fb3de1351558

SHA512
c6169939b10fa858fa10ee405c9593e63d2b5eb49b3464d90a745db42f7d0072a09f28bb9a631f28f54ea691e22609e7714ee3fa412956f701df7e4fb4a2d3d7

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133392320368207030.txt.v315

Filesize
47KB

MD5
f46716d5bd78c47f8e2617864eccf9b7

SHA1
693041f040f04c2b60b60d336f8de321fdd003c5

SHA256
7bffecb7ea2b6ace1388e268a8e58ac750a57d59a117da9fb4bd49d48ed54e8a

SHA512
9c9fedbbebccbae457ecbcce94fcff73e320a7116819711f80f29cc5f0388d2d01f661d3b9e1b9bf733f73c2c6bfef63a0cebe0a78303a334076fae701ff44e1

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133392327690076210.txt.v315

Filesize
65KB

MD5
e172f9c2411b2d8584931f274cb1ad4f

SHA1
1bfffcf0ec48ad04bc3d842330aa2ec319903352

SHA256
32a4763ef3bbb2737acc6841e5e3773d15a55cbcfa59650ad61c560cafa2910c

SHA512
ce1e85cba86180254984d84b300a5dd9f72040d1b97a307af2bf480dc3d265e8fa916b39d2ba495c023a6ee45299c93fe786547b0264ff7acea4ff1d3fdede55

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133392367799162155.txt.v315

Filesize
75KB

MD5
c00ca5f3167326bb04b9da791f3ff831

SHA1
faeb350ef609ae5531b618dfc72258616315f8c0

SHA256
a1b9f52fa43f312bc7838fb5f9bd92fe4dedf3ceb0b87209ad54dbaf43e62010

SHA512
b29037d5a7922aff1a00e406e51ed69aa405610849df2611bcb14de7d3278b375e14e8ebcbf93e397ed264a877c655a2a0cdd10c5f9b47ed9617a4aeadcd90a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\{61925A6F-CF84-4B52-88AC-0AED96F65CFA} - OProcSessId.dat.v315

Filesize
16B

MD5
b5b7270686c0ed7cc8b209f45a00e057

SHA1
ef125d69d70409dae0f5079eb4ca7de2e02ac748

SHA256
ab1deb20552b9a7708bdfdc03c9b3248e7b97550dfd1044f7cf2e78b5a313f38

SHA512
c3d1acf3653dc891ce5b373cb7080651029dd5f32341c38c674c2ccc6aff0ccc6cc2f5367ee329124338400e13f1c06388c8c428aa09da2d4b9a8c099d3fa1bf

Download Submit
memory/2192-3-0x000000001B480000-0x000000001B51C000-memory.dmp

Filesize
624KB

Download
memory/2192-1-0x000000001BA20000-0x000000001BEEE000-memory.dmp

Filesize
4.8MB

Download
memory/2192-19-0x00007FFA5A210000-0x00007FFA5ABB1000-memory.dmp

Filesize
9.6MB

Download
memory/2192-4-0x0000000000F10000-0x0000000000F20000-memory.dmp

Filesize
64KB

Download
memory/2192-2-0x00007FFA5A210000-0x00007FFA5ABB1000-memory.dmp

Filesize
9.6MB

Download
memory/2192-0-0x00007FFA5A210000-0x00007FFA5ABB1000-memory.dmp

Filesize
9.6MB

Download
memory/2896-40-0x00007FFA5A210000-0x00007FFA5ABB1000-memory.dmp

Filesize
9.6MB

Download
memory/2896-41-0x0000000000E70000-0x0000000000E80000-memory.dmp

Filesize
64KB

Download
memory/2896-39-0x00007FFA5A210000-0x00007FFA5ABB1000-memory.dmp

Filesize
9.6MB

Download
memory/2896-22-0x0000000000EC0000-0x0000000000EC8000-memory.dmp

Filesize
32KB

Download
memory/2896-21-0x00007FFA5A210000-0x00007FFA5ABB1000-memory.dmp

Filesize
9.6MB

Download
memory/2896-18-0x00007FFA5A210000-0x00007FFA5ABB1000-memory.dmp

Filesize
9.6MB

Download
memory/2896-20-0x0000000000E70000-0x0000000000E80000-memory.dmp

Filesize
64KB

Download
memory/2896-4742-0x0000000000E70000-0x0000000000E80000-memory.dmp

Filesize
64KB

Download
memory/2896-4743-0x0000000000E70000-0x0000000000E80000-memory.dmp

Filesize
64KB

Download
memory/2896-4746-0x0000000000E70000-0x0000000000E80000-memory.dmp

Filesize
64KB

Download
memory/2896-4747-0x0000000000E70000-0x0000000000E80000-memory.dmp

Filesize
64KB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads