Analysis

  • max time kernel
    147s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-01-2024 05:43

General

  • Target

    0ec947a4f30a6ad7d055c72f5d6c1ffe7a538349f41e8156e9aa5c7a8b0d7811.exe

  • Size

    291KB

  • MD5

    5a5c745bf3e97fe2be01880132662f28

  • SHA1

    924af25d379fc88319bc55958db898dbf5054309

  • SHA256

    0ec947a4f30a6ad7d055c72f5d6c1ffe7a538349f41e8156e9aa5c7a8b0d7811

  • SHA512

    151e4a07e19350d677e049c57c971b64924150eec007e665843cb6142ec73fc06ae4145c64164d3f7f25a376a7536ac6d9b3c85180503549a0c86f09cc0ded10

  • SSDEEP

    6144:mdSK04ETTZ+4TBpvjLC4Ho/C1rCyPucrFqBFTbL39rqHRs8:moL4EnU4T/vjLTHtrCWurTpruF

Malware Config

Signatures

  • Jigsaw Ransomware

    Ransomware family first created in 2016. Named based on wallpaper set after infection in the early versions.

  • Renames multiple (3776) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Adds Run key to start application 2 TTPs 1 IoCs
  • Drops desktop.ini file(s) 2 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0ec947a4f30a6ad7d055c72f5d6c1ffe7a538349f41e8156e9aa5c7a8b0d7811.exe
    "C:\Users\Admin\AppData\Local\Temp\0ec947a4f30a6ad7d055c72f5d6c1ffe7a538349f41e8156e9aa5c7a8b0d7811.exe"
    1⤵
    • Checks computer location settings
    • Adds Run key to start application
    • Drops desktop.ini file(s)
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2616
    • C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe
      "C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe" C:\Users\Admin\AppData\Local\Temp\0ec947a4f30a6ad7d055c72f5d6c1ffe7a538349f41e8156e9aa5c7a8b0d7811.exe
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      • Suspicious use of AdjustPrivilegeToken
      PID:1512

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_remove_18.svg.zemblax

    Filesize

    720B

    MD5

    eec7951679fd5a1258bc318d0fbb0086

    SHA1

    3fcbdaa82e9d9580fb27bb6031fd14b3af828795

    SHA256

    1a1e0b2d9f7d17283976becbcba04ff2ac961492b12c1c31e21dfbe5243f7546

    SHA512

    f294af4248b00cd71b3cf7e3271e8eb98dffcb5268cbdcfd8381bf27b292fac36e27bf88b12a4efb9325d35fb1fe01b26ea8473c593a8a8110bd4b3bb92bfc41

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons.png.zemblax

    Filesize

    7KB

    MD5

    5592f7be661f831429a8cb0717feb80c

    SHA1

    7780829666a82031f3c4691cb738cd44c692db94

    SHA256

    03c77840861eef4cff3ce9440ec353f18bd32bb90a922625a9fba4bd32ed159e

    SHA512

    0290ec94ef1333e999d3566353a66ad892e158097f8c1fcf3c852d424f24e87c7ab4ec33c035792add8ca465397a552c3dc2b9501613d52f10dd734ec9b83949

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons_ie8.gif.zemblax

    Filesize

    7KB

    MD5

    fc053432be4d57afd202e051f78a3277

    SHA1

    7ca3346964c07f312f21c7110cf15e14f049a6ee

    SHA256

    3ada489eda889c9c955284f7cf23a0d723368234b0577bd85e8d09ba81faac38

    SHA512

    eb2fef5cbd0cbad288d5d15fe43ab7800287052b79f99aca8ffccbef26c4e328e68a5993c94e951353ac31459435fa0eafd0f71b47775629e363e2b1eae8254e

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons_retina.png.zemblax

    Filesize

    15KB

    MD5

    387199037075d7cf3e1eb3814de210f4

    SHA1

    465913e1bfa0cdcfdd7bcaa24dc1aae4320c7231

    SHA256

    8af76032934fbbff31ea8391bd12d2de2ff3478acdac4c7f1ea0c37eb91f165a

    SHA512

    4ae63a54a1ab7e5d642065f6ebd90cfae530fae947dae2849af43f737430b3461a0699889005fb1fc6611fba754aaf5a133192dc6edb15db39fa5e3029de5f3b

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\new_icons.png.zemblax

    Filesize

    8KB

    MD5

    41dddb122fd9fdc588ef70b3f1830b1f

    SHA1

    ff9cee0eeb911b2f83bf0fb2b0604549c5b2ed8c

    SHA256

    9ef4a0201444abeca8654b82a049ee8a390537ce7c6d6b0930f49333ba4d6052

    SHA512

    56e12866ab3751288221012b98f40b09800c7d82484851dd26bdc3557ccdbf0f86d4f780c9a6b524f1372abef358dc86a30f775172969bbdae23dbb26d7baf3d

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\new_icons_retina.png.zemblax

    Filesize

    17KB

    MD5

    70a8b2bcac04f09ebb020b826cd7e444

    SHA1

    0b9c898ca2dda8b659cf4f70d2f68761b88aa9a3

    SHA256

    3846e0de72766aea848205ef0df64448d97f55b9a2ffca7b015e727b78db2494

    SHA512

    e4e9c955fb8f8b9e6b87b4932cef924d04ddd733a33c7014f518a7319d7cec989157aa9e87be9c36a188724d6213407c95fc1e0fce080798e2aaad1c6d92e6d4

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon.png.zemblax

    Filesize

    448B

    MD5

    253a706a6452f1d9c4bc4a2688d727ff

    SHA1

    f73421b4ff27c86a73549263d60d1ae12d147a50

    SHA256

    8a5dccac9642eb8c69f0abeea9bbd16e568a7dc19941ea0699710bd61fc19de4

    SHA512

    3085b88d4d5f227413fa3a54b5a03cd94959f9aa87a4fcfb6ed9d8de8d4c43728203f41b56affddcc1e476cd38694e3105e88053f6d95f6d7c1cc90b6b978ced

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_2x.png.zemblax

    Filesize

    624B

    MD5

    3c32fcab90c66c08875f62072c674d80

    SHA1

    76a6bf7f026dab9995a381e09fe3544460b4c028

    SHA256

    0cdf9620c250303fdfdc70f99a3d00cade8fb28f6d351a1120116aec43111ce0

    SHA512

    ef3f6cffb8f0dc6c413d02b5dd99579f186f7743c1f59fada7c85fcd3d1716c27ffd643476153060fff6e66d755be5ba5db0f6a47fc83778913f3ed89b8256ad

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover.png.zemblax

    Filesize

    400B

    MD5

    83e504fbc3ccf2f02450cf5aa7fdafc9

    SHA1

    e56445751164b8e66f89b5c47a1934f9ae709fe2

    SHA256

    2c11258f87ea3b0413eab3bf0f36160095bd7c439010f93bf0de2c96907ffe39

    SHA512

    de019aac389689e479e81a0bc5014caa6fe1b401699a27fa0c5c0ac2f0be8961c91fcb7b022b8fd8308a1b0880aaa942efbd9fa91583cb0ab6cf5f4d00951280

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover_2x.png.zemblax

    Filesize

    560B

    MD5

    dcd18fb874e43303a49cd67277074fb4

    SHA1

    edf49a842ca9805ddf50db47bb45069dd4d7e15d

    SHA256

    e6f393d0b52b858315359c55dca71eaa0c2a40b5b36953ff770860b1ea44ba52

    SHA512

    2e05e34dd9fd28aea1c840550d59140f4050ac7b88a5ab7ca03186b076e73ab5019bd384673d7ee759336d7337eadcdaf3a7f9e6bf04edd3686ac330d4e0ff16

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon.png.zemblax

    Filesize

    400B

    MD5

    84a1a15b4402535b9d600e3d9cb917a1

    SHA1

    cb80673bf0f224a8350ad42bd7e9584e59ffc7ad

    SHA256

    8a76c343e900f2fddf77bc0be713ebab8a9942c6be4f698902a61e67e3856650

    SHA512

    5aa7ab4150977e2dc5b8011bb7c88749290e6b34ae1c80bbd20146a78efffb3934f30d45cee01cd18df8dd4a5d0848fbfc31d2569de9fd358ab61c2e8eadf645

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png.zemblax

    Filesize

    560B

    MD5

    3e17c708f8a89cc171e9fb77df17e588

    SHA1

    c6fbd0e78c9bad69c0ce2516a2faa8a3e2b84c27

    SHA256

    5f51e8e1f1bbb83b85717a0e665f39f5ce958ba1482c9078088aa6024f0a418e

    SHA512

    b4d8240348eff58b41bd918bd5f15065e76a8b07160c9e32604ff5c464669920ae9b6c5b1840aa90aa454fc877ca76cb832bbb597e3eb1ffc41d74ab5b28c27f

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png.zemblax

    Filesize

    400B

    MD5

    fef219dbb46c12635ef5f6a4c6edda69

    SHA1

    005ec25e5767f3deba3ac8931101db7362cfb5be

    SHA256

    9c664894b1b7d699cd642de8f22a2747249a19d32a47a3d0a4e442d513a89c13

    SHA512

    0081b6c74e636c66bdee2da5da91c4f0f1742c989909ade2b7492c6d687b8f20dbe5441de115dddffb07138d73bd5e3f9a7062a92364366443d9ba66830e450b

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png.zemblax

    Filesize

    560B

    MD5

    d3becf3ed4fca8c25b1c6f7c8403b7ad

    SHA1

    16bd2150aaeea7cc44d934a49eee2b17898474a1

    SHA256

    a190408bd684b1873c1b01bfc760f5d08e11411b7d9c00c0e4a1f5ffe59b14ca

    SHA512

    8b51bfffe5ca723f7d4d7d47d37bf615a08cd3182fa1a3106930719aa18df973f71787f521b3dfba162176f4651bbe8905f0a4cbe8a36f7aec6680576fcfeef5

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\example_icons.png.zemblax

    Filesize

    688B

    MD5

    da55a1e0a5828362402383310e42e97b

    SHA1

    ab69a5e7a1bc12b6df0623ce29f83dc1a5235422

    SHA256

    2ef4308ef84ac243a42741d72f5ae0a7791cc9ed80e05a6201f7921a69436f45

    SHA512

    d7d6e0a163770ee39603d0b4e3ce396cd69c1a4cd7cec2b1ae63cb62082b0520568d00cf320c10a7b30ccf84a57f510ca1ddfb2408132b85365f5ef4e1c5fa75

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\example_icons2x.png.zemblax

    Filesize

    1KB

    MD5

    99e75070c47372fd2f4968096fd63564

    SHA1

    f6d8f975c32b167a7eb1d15c451e74eefebe7dbe

    SHA256

    ec4e071e70fca563b716f176f7f320c1d9f89224ed6c1292960ea6eae725a5d1

    SHA512

    0ddea105ca33dc812fe635a4035254d3ff221f026484bacdbfef2030dc97e2a7f8bfedacdde2dea88baf1126b4ad512ed74a8c811a229a8a5b4c8265b50bf97d

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\bg_pattern_RHP.png.zemblax

    Filesize

    192B

    MD5

    f2bceb9d193b7c88d9d683f3deb471d0

    SHA1

    108f6533af1d80568d40f05de9c0429fa75a613e

    SHA256

    bcd262be8826efdfd5e86bfc3a7adb911193ff065a814662012680f96b397c0e

    SHA512

    630cbc2892a8ac119784cdbf2e1b9a701a2c5d4d57dd62cee06a1ed231baf3c310edcaaa892510cead627d2215d671ea09b9affe75c06abe7f52d36cc3b93644

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\bg_patterns_header.png.zemblax

    Filesize

    704B

    MD5

    c901f6f909196c9c472c5fbc71a14cbc

    SHA1

    6d75fc25096b45a79877bde4c1b3ef817f1985a5

    SHA256

    b4b23dfa958d13e09c69229beb590e4342da21ba88063c40f01f0927f052aa1f

    SHA512

    9cd37c1e6f74e7630da357060317622bed8b986fef66960e8a6d5e1186c3f49069c408afa1272adfe911224ba2c9fcf399c6a6721b9f2667f13702f4bc0a6da3

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\illustrations.png.zemblax

    Filesize

    8KB

    MD5

    eaa0c69c7b4722dbf57665ed604dfe55

    SHA1

    c02ea73f99ecfa819a746d74556eff51ef0c718f

    SHA256

    0b206bbb502a0f3fb50b3d6bf04d7309f44bb7a3ca2f2daa8502e12b8de8a968

    SHA512

    7d07751004e39160bb2577f3eb9b4d0cc00fa93bd6e08589f9315f1fe70db9f6c5fce2f0e12012bd224a67c0515668c266ab7de5fa9fb0b9ca558d97ef1ed976

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\illustrations_retina.png.zemblax

    Filesize

    19KB

    MD5

    2faa9d1a5b79ef6adb12345ca2a038d2

    SHA1

    6a68fc691796e4526168ce8ae38d456e130eea12

    SHA256

    4a725acfcba16d43f702ad02c9763839c469ceabaa5fcdb51a86ee7392a328ec

    SHA512

    a139ff10951dda2fd295f06276983378400c5366f10e1ad0900e40e09751da0e04fea7f5c88e0210107fc4cd4afb6bda068b41c2c29b3348c6818442e132e20e

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-gb\ui-strings.js.zemblax

    Filesize

    832B

    MD5

    a72f404bf1a733ba72187bab018d2c2e

    SHA1

    27ae23c3a3282d0f367fb31f4a10cdd27a3764ac

    SHA256

    ff1b2feb68469452f527f2f8b5b4dc9255c226610de0babc733ceb7dc62611ea

    SHA512

    8b045a1e278a00a3c4dcef474c217e24454ab7c4c8023cfce9b4e7ce86d26356b5315bc3c8dc63ba994ab7bc5d42f6774713227d63e16a6166bf6ec12b36c289

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ui-strings.js.zemblax

    Filesize

    1KB

    MD5

    e13acf8770662140e316e3586e47a666

    SHA1

    6608e64a013c51f39e7d6a49393460ca056d332c

    SHA256

    f5732d7a479602084c4224aba1e2885df5fc735fb01e43456357f08b2ba02ed8

    SHA512

    f9bff61c040041d058b24fb7e3a8b48f553cc09f8c0c54fa3d58cf500f5914df4cf3d72b62eae71d168af6fededcab2538dffc93f72c05301924ab00590edd8e

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ui-strings.js.zemblax

    Filesize

    1KB

    MD5

    93560c01be8ad2f3b67b7dcd7914671b

    SHA1

    9b35eb2b9c9e5972c008805acc2b5d9f9c4b907b

    SHA256

    1633292e6ea0b5889aefea3b9eb91c393f202ab8d78af7304a2a9a8bd7c864b3

    SHA512

    aa4add79b81c2b208f2b5c694b92b1e1fc3f18233177ee1e97bb36159f5d094fa26ef46bba512d8051f5f2c5c8a85ef9810ded2e2c7b2b4c7efcfa4c58de0d02

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\bun.png.zemblax

    Filesize

    2KB

    MD5

    330ebde02f5852ba1ada5129a007f9e3

    SHA1

    510921fd43aaf4c7b2b14133dabef74be4ffbf7c

    SHA256

    ded3a4b0b046310801f5aeba10b6b3a3613245cff7f3824738b68aae31d92917

    SHA512

    a4e25ba756819e468e6a75305d3436b1012997eff917e0bcc616025b370b1a83e5a1566f8d07a90ff08d5a0f045bdfcf8fef59de22c4d7b000423fd3fa889524

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview.png.zemblax

    Filesize

    2KB

    MD5

    80b4ac3331fa9a908e79ff728cbea2e7

    SHA1

    a560d81a1c8c7c4b98e3a117b6a83ea17e179a44

    SHA256

    fae2f094dd10ef401142636c18ba4491a773a232ae49395bee25093e3183e592

    SHA512

    d8c67c377364da266fa1e96e6e4d85512de4c398b741bc7c9cb256a286139372a2e2392b6b999637e6c4a85abd785b7b61a6a33b471d07dc1f8c66374ff380e8

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview2x.png.zemblax

    Filesize

    4KB

    MD5

    1b7b3c75b6bc8239ee804511f50fb37b

    SHA1

    7ef84226c26a4926688b99acffa422f079086db3

    SHA256

    fbb4d36895ef92ac9cd35f5cda071448bed859644f04b736604982a86f2d10dd

    SHA512

    99aefd677f341271c39445c32a8150473eb09540669a2b3c5c23f0db9812bf51f9fbf939089c55c9cb69bbe25f998bf92954fb54b8eadbfb17beeb9cc88494c2

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small.png.zemblax

    Filesize

    304B

    MD5

    e4a1ea37b55b76f106894055b85cacc5

    SHA1

    d2eca45dd6d4573e7b0bf5aef92f82f468546081

    SHA256

    6df30bb47e3927cd1806747f96907346e3ae274f1545d66de7b4f8709b35466e

    SHA512

    45ed9b69abc226cc065fafc4056510f5efe7ae80af756430f8b8abebe5372699e2722d70d074d604dc899bff0fd1013fe737d95f0663bcdf82e0ab0fd4f7dc38

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small2x.png.zemblax

    Filesize

    400B

    MD5

    0d8c943cf95933792afdd9da68dba4fd

    SHA1

    56a08306e3ac7539446df12a0540b4612ba41f0e

    SHA256

    2f399abad4ec5760dde566fe8250b02ec7c70c6b71fb8172486e26a5dc47e87e

    SHA512

    43ea388ad95b2e5dd0dfff57f6423c4a88accb1ad5e2507a65bf52b572f699bd2cae953bd90c3d166dbc74fe07532e5e7bd4f952f53563139602a90b464a6619

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\nub.png.zemblax

    Filesize

    1008B

    MD5

    3a1368e59206bd2bde0001b28747777f

    SHA1

    3276dde5953a97431301085fa7aa9b87c83976e6

    SHA256

    4c92ea301b73096255167e1e33dae64752766b7deb4d42e6b66230a8cc2d8bb9

    SHA512

    fe1d18b737d58fabe78ec7d42b3d1bac5dc9c50682fb96a265465c710f383451460af85bdd2e36095f907a0ff8bd8923ec15d8ed83a84cdb1761e0e4ad1a33a7

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons.png.zemblax

    Filesize

    1KB

    MD5

    25ff937463801283bb0e6b496b6e1782

    SHA1

    149f8c24fb67cc5346089b558e6e7b47e9819880

    SHA256

    53b3c5497cccb56a31d9b35ad2133261fb1d5edab4eff7245712b11d26d52d60

    SHA512

    7e6bb6e887b8c06f1f711a43baf8632a1ff5a98b686058d9671b04e6848343973af50eb2113f201182459608ee1009f7caa303bd7d29d119e658f022b0e9a56b

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons2x.png.zemblax

    Filesize

    2KB

    MD5

    a2fd009312cc3519092430efd56f11ab

    SHA1

    eeef564d324ae946240e2ce0e1ba0093169ac497

    SHA256

    1c70b02cb23030f9023f57325d7e28c5dba6e6fc938e631d71b959fa97dab0b1

    SHA512

    acfea8a4d5692a811d4b66abc766f116044fe871c2c77d2da2b1c11bc118aa052b6cc2926b228a280f4f2d3ca48a8a4307c69e0fee5f260fa07134c08fcda333

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\nl-nl\ui-strings.js.zemblax

    Filesize

    848B

    MD5

    d30d41e29d98a6bb19ecb2db7bac6f53

    SHA1

    9a2ed87651e2f490195311e06262efa23372b577

    SHA256

    2f694978bf8a08c1552ba7fb7711202434d8d9bc503e42b72639100457696ca0

    SHA512

    7528f49ec2bec670e36ca099e174549fe097ce3a7191f282bdd760f3f5ec5dd85ff3245c3d5e21694d0f6327e158c19f832612608f32277894931ab8e544f97b

  • C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.zemblax

    Filesize

    32KB

    MD5

    a2be3f24265a2b503525ad49d3b027b3

    SHA1

    3f85c3822246d61a2d34bdb821f4ec821f8e0117

    SHA256

    bcf7f12bdfe1951523662dead56fae489e1468dc9a35a3ab0ba1291f3554d98d

    SHA512

    43eae937ce7aa162cbbae26d11c53a7fcff217378381df5d073b0db8558b36dcdf83e7c2a30b912c292c93332f55f3bc7402bf40a8bffb0d3a5f753819fcce02

  • C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\invalid32x32.gif.zemblax

    Filesize

    160B

    MD5

    03186ca0229630a6928fa98ef4c3391b

    SHA1

    8deed189ee4ae64db770d5755f9c199c8213eaa9

    SHA256

    f171defc92b8fda921aae4bd1696d3252effc17dff52b567e19559ab29f287bc

    SHA512

    5a712127004b6506fbe562f2eb402e8a40844cb4a6edeb010c833bf552be784cf4ce560cd0235367823d7f77c38e80b83e2f3cafb6e1d613944a9b38c8f886ab

  • C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe

    Filesize

    54KB

    MD5

    f61dd5aaa7d987cd636860ed532ca2dc

    SHA1

    ef3817a989ff0843e16ff936a78f1daab37ca68e

    SHA256

    3401d0a4b7c8cf1c6073115f5e5c8b0b70cd2757d5da5a6625b1aae8d9e707a2

    SHA512

    660e4b97a71b7a01366f23945e6890d2b23afd771424fee16137f129e6794811b294e330b87446e17155c666c09873a55b8b0e0280f16b5f03698011e3fc4075

  • C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe

    Filesize

    291KB

    MD5

    5a5c745bf3e97fe2be01880132662f28

    SHA1

    924af25d379fc88319bc55958db898dbf5054309

    SHA256

    0ec947a4f30a6ad7d055c72f5d6c1ffe7a538349f41e8156e9aa5c7a8b0d7811

    SHA512

    151e4a07e19350d677e049c57c971b64924150eec007e665843cb6142ec73fc06ae4145c64164d3f7f25a376a7536ac6d9b3c85180503549a0c86f09cc0ded10

  • C:\Users\Admin\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.zemblax

    Filesize

    8KB

    MD5

    4103c9fcbc7a13f7f1f59db8b1a6f8d8

    SHA1

    667b20b4121f5a59281fac7efa7a25772363eb90

    SHA256

    fefbc7f7a542d9d578045180068bc67c8113ce549be48ad19119b89692aa4a10

    SHA512

    7e517270b31a898afe6d5b966e1032984415e59b8b8c2a24bb972e1583c61489123d691fbd0ed9baf9396c2679eaa44391a2247ebc2b94b63ca55830a399a6e5

  • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{cb8362bd-b99f-4152-8e80-4befcd6702a9}\0.1.filtertrie.intermediate.txt.zemblax

    Filesize

    16B

    MD5

    ca16683a524406d6b375296bdd58273a

    SHA1

    1e054372b227a9c43e4ce085886022c639656884

    SHA256

    72126522826ca9da163d4072f3d096a0902e020272709f92e563ecf9a3c58d68

    SHA512

    2cd48b3cec807eb105086151d3c6a2ef8420deda1da529fb97f85f0853cd840381e7b7ec38209e08cf26cf9047eb329393eaebfc085bfd6366255355082f0f35

  • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{cb8362bd-b99f-4152-8e80-4befcd6702a9}\0.2.filtertrie.intermediate.txt.zemblax

    Filesize

    16B

    MD5

    83bc2ff46c75be2c5d608c0f57d62dac

    SHA1

    6267ff14b9bda104ae5cf6839fe95389eabbc005

    SHA256

    f392e6549e27257c01fcae204c77adcd2f7e2d05d3387984c180c9490b989165

    SHA512

    8c2e6a50a5f3091160c158a06e7c4dc4e8c1a4399a716586c8bfddb9af38eb28049711c2bd24d4fdc32b661b2d7a4147221db7b38b5960e4435ec2661e077a7e

  • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133477619084460292.txt.zemblax

    Filesize

    77KB

    MD5

    b3c16132b35b31683bf20646e7b4e456

    SHA1

    f8be173ccdfe588bedf1bea0b0d9bc7f9f87ccaa

    SHA256

    c354b20bf8b74608c18f408bfc44ec8772875a5f42ed00222d7456d8bf092bce

    SHA512

    24c4b98f2dd1b49805763f233d136b3fbf18c7746a0aad2ebd1010008f2b94430e5b2c0e225eae730d20513d627e06c3fda8180009d399bf27ac0a05db41c4d8

  • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133477621685071964.txt.zemblax

    Filesize

    47KB

    MD5

    cb3a0f735c035a43aed9dac826552a93

    SHA1

    2c840ef6c2b7942b33d9c52e7466ad20017931dd

    SHA256

    54409e74464d843f601d17a4f54f56c0894a5ae7633669c3c08582b1dc3ac121

    SHA512

    3f7021dd6ec240ba44c8ad3ecfe9f7d066c561e9ef45944214a8764914ebb11e3dbe4d50c9377d537b4b239ca8431d1581594f385fb4ecb4504f451a94db3816

  • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133477626419841993.txt.zemblax

    Filesize

    64KB

    MD5

    21597d216b01e7115e937ddc726264bb

    SHA1

    273530b313b8c6639e624545d165726c5ea8246a

    SHA256

    53fd8c094484463a71e8c97b8bd3324613febf2c92fc519e09a2c23ee7655e08

    SHA512

    72ab2b9e6af48cb2ba89088b8d2e34eb3caf421c6ab7c69c95cf7537ce8a00de992f4c38f771d089a108c4aac3e8c97bd80eb93c0f2eabc3115ddab924774dab

  • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133477660934803060.txt.zemblax

    Filesize

    74KB

    MD5

    b1c950226fd5522925205033c8497674

    SHA1

    8fdaaa47378aacb7028066fbdd2c2af8583e76e8

    SHA256

    529c99d573dc09f1da6dbdc49af0e963db2b6d5ea576ca4b4ed8bc4ac6d95700

    SHA512

    e13b7c7529bbbb3c72df1b34d539e34e629db4621acf7a0fdefd3fcc30c992413e01943d9fe7157f63ee0e7742967df5a4b0386c5816f8583103010c647bb83b

  • C:\Users\Admin\AppData\Local\Temp\{18D88F6C-2FD4-452B-85E6-E9048BAB471A} - OProcSessId.dat.zemblax

    Filesize

    16B

    MD5

    826ba14567ed55f5b8379572f2f4c18f

    SHA1

    058d2dd1512aff32324c5c82f56ee6bb3db11fdb

    SHA256

    485e5116cf106b073e5a4277b6f73ebbc97546aef23bccae4ddd5cfd7ca9ca16

    SHA512

    9256d414e06142134d260206fd763fdcd0002e66a2ece26ed295a1c5f761659b545bb7c81fefa1d0a72478e3dd71343dd653e65bdf66954c4991e3ee0bb57911

  • memory/1512-594-0x0000000074530000-0x0000000074AE1000-memory.dmp

    Filesize

    5.7MB

  • memory/1512-188-0x00000000024F0000-0x0000000002500000-memory.dmp

    Filesize

    64KB

  • memory/1512-4133-0x00000000024F0000-0x0000000002500000-memory.dmp

    Filesize

    64KB

  • memory/1512-343-0x00000000024F0000-0x0000000002500000-memory.dmp

    Filesize

    64KB

  • memory/1512-4130-0x00000000024F0000-0x0000000002500000-memory.dmp

    Filesize

    64KB

  • memory/1512-595-0x0000000074530000-0x0000000074AE1000-memory.dmp

    Filesize

    5.7MB

  • memory/1512-596-0x00000000024F0000-0x0000000002500000-memory.dmp

    Filesize

    64KB

  • memory/1512-597-0x00000000024F0000-0x0000000002500000-memory.dmp

    Filesize

    64KB

  • memory/1512-598-0x00000000024F0000-0x0000000002500000-memory.dmp

    Filesize

    64KB

  • memory/1512-180-0x0000000074530000-0x0000000074AE1000-memory.dmp

    Filesize

    5.7MB

  • memory/1512-342-0x00000000024D0000-0x00000000024D1000-memory.dmp

    Filesize

    4KB

  • memory/1512-182-0x00000000024F0000-0x0000000002500000-memory.dmp

    Filesize

    64KB

  • memory/1512-184-0x0000000074530000-0x0000000074AE1000-memory.dmp

    Filesize

    5.7MB

  • memory/1512-186-0x00000000024F0000-0x0000000002500000-memory.dmp

    Filesize

    64KB

  • memory/2616-47-0x0000000004B50000-0x0000000004B83000-memory.dmp

    Filesize

    204KB

  • memory/2616-69-0x0000000004B50000-0x0000000004B83000-memory.dmp

    Filesize

    204KB

  • memory/2616-29-0x0000000004B50000-0x0000000004B83000-memory.dmp

    Filesize

    204KB

  • memory/2616-25-0x0000000004B50000-0x0000000004B83000-memory.dmp

    Filesize

    204KB

  • memory/2616-23-0x0000000004B50000-0x0000000004B83000-memory.dmp

    Filesize

    204KB

  • memory/2616-21-0x0000000004B50000-0x0000000004B83000-memory.dmp

    Filesize

    204KB

  • memory/2616-17-0x0000000004B50000-0x0000000004B83000-memory.dmp

    Filesize

    204KB

  • memory/2616-13-0x0000000004B50000-0x0000000004B83000-memory.dmp

    Filesize

    204KB

  • memory/2616-178-0x0000000074530000-0x0000000074AE1000-memory.dmp

    Filesize

    5.7MB

  • memory/2616-33-0x0000000004B50000-0x0000000004B83000-memory.dmp

    Filesize

    204KB

  • memory/2616-35-0x0000000004B50000-0x0000000004B83000-memory.dmp

    Filesize

    204KB

  • memory/2616-43-0x0000000004B50000-0x0000000004B83000-memory.dmp

    Filesize

    204KB

  • memory/2616-45-0x0000000004B50000-0x0000000004B83000-memory.dmp

    Filesize

    204KB

  • memory/2616-11-0x0000000004B50000-0x0000000004B83000-memory.dmp

    Filesize

    204KB

  • memory/2616-49-0x0000000004B50000-0x0000000004B83000-memory.dmp

    Filesize

    204KB

  • memory/2616-51-0x0000000004B50000-0x0000000004B83000-memory.dmp

    Filesize

    204KB

  • memory/2616-164-0x00000000050F0000-0x00000000050F1000-memory.dmp

    Filesize

    4KB

  • memory/2616-53-0x0000000004B50000-0x0000000004B83000-memory.dmp

    Filesize

    204KB

  • memory/2616-67-0x0000000004B50000-0x0000000004B83000-memory.dmp

    Filesize

    204KB

  • memory/2616-27-0x0000000004B50000-0x0000000004B83000-memory.dmp

    Filesize

    204KB

  • memory/2616-59-0x0000000004B50000-0x0000000004B83000-memory.dmp

    Filesize

    204KB

  • memory/2616-65-0x0000000004B50000-0x0000000004B83000-memory.dmp

    Filesize

    204KB

  • memory/2616-61-0x0000000004B50000-0x0000000004B83000-memory.dmp

    Filesize

    204KB

  • memory/2616-63-0x0000000004B50000-0x0000000004B83000-memory.dmp

    Filesize

    204KB

  • memory/2616-57-0x0000000004B50000-0x0000000004B83000-memory.dmp

    Filesize

    204KB

  • memory/2616-55-0x0000000004B50000-0x0000000004B83000-memory.dmp

    Filesize

    204KB

  • memory/2616-41-0x0000000004B50000-0x0000000004B83000-memory.dmp

    Filesize

    204KB

  • memory/2616-37-0x0000000004B50000-0x0000000004B83000-memory.dmp

    Filesize

    204KB

  • memory/2616-39-0x0000000004B50000-0x0000000004B83000-memory.dmp

    Filesize

    204KB

  • memory/2616-31-0x0000000004B50000-0x0000000004B83000-memory.dmp

    Filesize

    204KB

  • memory/2616-19-0x0000000004B50000-0x0000000004B83000-memory.dmp

    Filesize

    204KB

  • memory/2616-15-0x0000000004B50000-0x0000000004B83000-memory.dmp

    Filesize

    204KB

  • memory/2616-7-0x0000000004B50000-0x0000000004B83000-memory.dmp

    Filesize

    204KB

  • memory/2616-9-0x0000000004B50000-0x0000000004B83000-memory.dmp

    Filesize

    204KB

  • memory/2616-5-0x0000000002450000-0x0000000002460000-memory.dmp

    Filesize

    64KB

  • memory/2616-2-0x0000000074530000-0x0000000074AE1000-memory.dmp

    Filesize

    5.7MB

  • memory/2616-1-0x0000000002450000-0x0000000002460000-memory.dmp

    Filesize

    64KB

  • memory/2616-0-0x0000000074530000-0x0000000074AE1000-memory.dmp

    Filesize

    5.7MB

  • memory/2616-6-0x0000000004B50000-0x0000000004B83000-memory.dmp

    Filesize

    204KB