Analysis

  • max time kernel
    119s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-05-2024 03:18

General

  • Target

    37fa8fa315d60727ebce5fafa56690b8_JaffaCakes118.exe

  • Size

    240KB

  • MD5

    37fa8fa315d60727ebce5fafa56690b8

  • SHA1

    599c28e16fda50ab1377e900678084ae28557090

  • SHA256

    e398c99bd0f61a4590594dc912e4d4ad23c306df6bd00274e2756d1a28f3ef80

  • SHA512

    cc900fb64eececdd030be5d6b79ef4213f128cae0f4314e77ced24df573d54a68350c2bcd3c5f448e4c640d336ef4888bc2b9a5a6fca1ba39668df4b43c50b09

  • SSDEEP

    6144:6KprPZVxYg036R2eqHzs5oP+8fgsOznWqZajzCrY4Fi/f:HXxk3RHzsmP+agVznWqZa/Cr7AX

Malware Config

Signatures

  • Jigsaw Ransomware

    Ransomware family first created in 2016. Named based on wallpaper set after infection in the early versions.

  • Renames multiple (3737) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Adds Run key to start application 2 TTPs 1 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\37fa8fa315d60727ebce5fafa56690b8_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\37fa8fa315d60727ebce5fafa56690b8_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:4380
    • C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe
      "C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe" C:\Users\Admin\AppData\Local\Temp\37fa8fa315d60727ebce5fafa56690b8_JaffaCakes118.exe
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      PID:5024

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_remove_18.svg.fun

    Filesize

    720B

    MD5

    3c850ae7b9ab50e5e797d3e4341f4f9d

    SHA1

    e54074a8008b9b918bdc6fb20439968aa2a279fa

    SHA256

    1b17081243f71d71db1dcec4bb78722a2b002b481a539d1c3a9e848cb4acb601

    SHA512

    f487b32c693f47b45673d8bb47897cac320cfe437ffe668662604e89c958b673fda740d6fe18b59cdb52b652a42b441f033571eb06925b39ebba28f0dc916963

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons.png.fun

    Filesize

    7KB

    MD5

    534b7c9a1805e0e6180adc84758a2b4d

    SHA1

    caeb7c9f783cdf209eedc03b1ea8470a73b5036f

    SHA256

    5c0966427ac186debe9083b621d8638c9e09183c5f3d6cd4980df8cc6dc5cd7e

    SHA512

    07845d98327f37ac26babd261a4a5a925e0fa12bc009abfb213a71d2fd77b3ec9c5001836b69caff4b828eaf2b53a89964eb49edcccab91e9e06b2b42a531c21

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons_ie8.gif.fun

    Filesize

    7KB

    MD5

    ee0acfcb02cff62fcb6ec76d43c4c32b

    SHA1

    f29cf14b56f39cd0354e3f60a30d08ab86d99d54

    SHA256

    2460782b53bc19c1b041b5578ccca4a95f461ddcb0c1f3d6e42432f094711b69

    SHA512

    15d2e0fa1f2d6e0e57245c428335a28a33f48ac2cf98dd387ba37b861d2489333aa65e75b0963d8a4b3cb60084c9e79ee1a916481911ffdaae2358a0737e5508

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons_retina.png.fun

    Filesize

    15KB

    MD5

    b73eaac928d9787e2afe4a1ff3f45a30

    SHA1

    f4964c577bb5a4718f7da0cfde373749764441f2

    SHA256

    4d5b8021c13fb3e6aa7083321624e18a643d501265d803af94ee355af1ad03c1

    SHA512

    37ef8b0541e64542b9d12941b2905a02332cb8fdd020bf165026704f646245a01442f56ca5ef7477bbc75afccb931e388ba004e0008ae5f58e765bed569281cf

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\new_icons.png.fun

    Filesize

    8KB

    MD5

    da7bc981eda289065716f1c878e38c1a

    SHA1

    b2c94b060b0dae5060d76abfa86c75e2825d6c33

    SHA256

    5625bf2a9d7e65f31c3c161b950f88d48fd656cb7559b4f3948f704196cdb564

    SHA512

    781c0b526ede47a09681db35ae6da52c6bbec535a60ee907bb2058f4543fa432b9ed4f87c4bef2e27ea52ca9aabe1184b40ce36595ae70b3786c7c0c2449c0ca

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\new_icons_retina.png.fun

    Filesize

    17KB

    MD5

    7645b12d6dfc942553806c0b0e362ed5

    SHA1

    c2ff5bf6a56dba43eef3536705b5ab63d999bb98

    SHA256

    ddbecdf15a08b0e94df9393f2ad6ee44808fbdfa29170cd14bfd7471681f8a20

    SHA512

    dffb143435044abf504dcab22a65550a2440a7dbc22cb1fc855e2dca1164c81cefd1a6c6ff2a609d873caf86e352adf5a64e42b882c0260dee7cc6c9340e0553

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon.png.fun

    Filesize

    448B

    MD5

    d80c5f158bf8bec8eab4162c965e1679

    SHA1

    58f2328a0b3160304c655be876b74b4c39f2a30e

    SHA256

    eda4e8f5c11f2caeedf1f295bab96e139f5a3119fa0f29f1350f766c6ca30d14

    SHA512

    26f8448822912dc95d5e24fe01b3bc78c6ad7d75d79a874a851e44f51ab7bb6e0853dd7b781d0b25dd7fe5f81664fc1358c1bac0a5dcbdd841eb177e95d22e13

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_2x.png.fun

    Filesize

    624B

    MD5

    2d6d426534832f6eaff70d22d860477b

    SHA1

    e60b7960d1b900b3fe23345008f4d05e11342f8e

    SHA256

    0e76dd0f23a21773dd2278549efe2cfd46f4811e3b2a90c0f92cc84fa1155366

    SHA512

    1ee0aa251e0157c430a9a85b5ba1b20698a86b007e422e74d1a2d00d5e45969f31106c8556b40c77a2da49818268f4c7262a038f4b9330434f148239f9f868d4

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover.png.fun

    Filesize

    400B

    MD5

    b7a3142e2b042b1e151813636cc5449b

    SHA1

    de3f9676c1ee994b12cc89caca6f50ee171dbac7

    SHA256

    1919360f56ce55c16484c601c3a774d59c1e55498145b763d843de61aaf84135

    SHA512

    3dd44540cdac3b3482119c56123c4019d84698d5344c742c67ee64981132a727b16d7887420f7bba0501c816e927f8afc84a761538d26e3185171f335de0f96f

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover_2x.png.fun

    Filesize

    560B

    MD5

    28976c776342c1c3a10d9aad763873bc

    SHA1

    f82a3786f6a97dc5cd1bfcdd592b3c11f42d360a

    SHA256

    448cf3bdd8ebd076e49daafd07d93de6e6e96bcc2da46de80de7c1e792873fa0

    SHA512

    f67458e526eace17c7d4fcfdd45fa6691228408be48e699bc02b8c65fca59ceb8664af1a82185d252f8603cc1067d9d46b5284eec0d9c59539182b01d521874d

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon.png.fun

    Filesize

    400B

    MD5

    9102fa6329a127240a6328afcedeb0fa

    SHA1

    97a94a57d562a9fd6be239d4b7fa96964b3e7914

    SHA256

    49419e76d7f39303fac0f15fab4c2e9a6ee9383fafbe48f85832110b28b03c00

    SHA512

    673ff5985f3dae863cc0e21beee64c5d7349b482ec6634418190ef0497b87bfdef5e584cc0bca1f7f12a9ca185827ba408800171311ba8f1f4bf99f078a05dff

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png.fun

    Filesize

    560B

    MD5

    bc888d163a1e609f025bd6ca502561b5

    SHA1

    dfa4b57ecaa1991c2feb40707aee960ed31e73ee

    SHA256

    1d3f4a53c9bcee8392ec420f928b743e70d1619cf031706e42794c00ae015472

    SHA512

    fd44f071096db62a0bf3f675597eb162ec811f0a843def0be4208706144193c73339682bd5692d670ee03def36386efba7b21bc657ef69f9a318e167f1ed73fa

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png.fun

    Filesize

    400B

    MD5

    896ee128b4e5939d16e31ecf0fbceede

    SHA1

    0fd04f6fe0b93adad223ff5575e21fb760da2e7e

    SHA256

    961b219e72446776be44e8cf59a47db9d39c186529ba11ed7bcdf4812499b9b1

    SHA512

    39aa48fb1a9c92348bb26b1444b9596de60ec08233ab012f81eec6a4f2b1b15042611db5c4957f14e065a216be71a5b874d33ec234927d214987d54f606687f8

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png.fun

    Filesize

    560B

    MD5

    2df8fafef83dde3e4bc4440da277688a

    SHA1

    bb4d76da7ed09d7ce4475f51b1630d01b084738d

    SHA256

    565301d7db61e1d897573e4e9723f76fd478965522ab7a895feeddf546ad269f

    SHA512

    fd059578cdd8b478f878a619fae2f471fc7aadaeca85e786c08bcbfe499d454c8372501bbbb20de25628b6c777148596b4cd2811f736e51fcee6d3b41d39f5c2

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\example_icons.png.fun

    Filesize

    688B

    MD5

    f089fca7a848d3d554fcbeeeee5a95a6

    SHA1

    a3e9943ca3b24f0ad45ac1710019745b25b1f8c8

    SHA256

    882289c7edb355fcb2b58b6952fb519fb088684d9aed1c6f539ec67e2a643a9f

    SHA512

    8582b33f464159213367883f1235ac1e1f5f56d45477264c00dc0a2241a66ae01a8b2269dbd2fc659059d300dd137789cda1b5022df286566ccde81d72b53bd7

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\example_icons2x.png.fun

    Filesize

    1KB

    MD5

    bbcb71a011a0bfd490b0476d26a89ef9

    SHA1

    254205d760f1d0a7dbbb9f8590c50930dfd8ea09

    SHA256

    950dd46bb6627f4a68a7e14049f2ab9a932445ba08ce2ef881fe0c1d5a33ca71

    SHA512

    e3ac965020573235ea2235ec9c1b7e5d3be8cae8ded4901229e4d8644f7910651fe248f065722da32705b31d3a3d8976ec4afc751ad059d7f734d6f4ab66d664

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\bg_pattern_RHP.png.fun

    Filesize

    192B

    MD5

    4e53828540ba4d3227328455ce76227a

    SHA1

    a4f9d2e44e514a1e5497899ff1e634b0fa574c0f

    SHA256

    2fe371f90de820f072ff0f500c4b205631a405d3836a5d093a412f35d1998fbb

    SHA512

    2dfd0da11ab285d0f2b7be1de5b8b08d70d778723772d77574e21c54e7beb92300d97ef06eb58579e5ecdbe0e74738ce5643854dea4578af2f1a46586b711c88

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\bg_patterns_header.png.fun

    Filesize

    704B

    MD5

    40b0b4fdcc8ae4734d629196a52725fe

    SHA1

    b2aee05d2bff7897009439719eba91c17f56748d

    SHA256

    d3ef37f0006f7be8ba4a7fcdd534823a2cc284f01ed38c4c5f9939d0d416f577

    SHA512

    b4c5afecc6c571c5b41d20093c73bd07ede695eed8cdb249a14d051d9f72dae3c7d35e139c69f528f2d7fae4d5c8d887e5438da9a41ff5532c0e52e3a0c67f12

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\illustrations.png.fun

    Filesize

    8KB

    MD5

    48fea98fbc2da0eab74bfd7e4f48855a

    SHA1

    ddbe3900851126bb00094287a48c9a5ef4a12ca4

    SHA256

    aa68531d9d64a5dbad885fe8b8fd8369a91488308e18725a676ebe5dda65a46a

    SHA512

    7174105ceab6eba3532c3c318cf5dfe4a9ff037416766d9553b6b174f422b8dabba1ce693ebdfcd94ea11da2d34ead0a228ebaf419579c88780cc34c033aad51

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\illustrations_retina.png.fun

    Filesize

    19KB

    MD5

    d01ec8c5e9a15bfb0638a87a790d0be7

    SHA1

    8ff4e9368a4544b796be9bcd5430b0cac966e4f9

    SHA256

    4548c20c987b9a96cda8a3141ddfca557b9b277dec4db476c293ed26ab8cc1fd

    SHA512

    0009fd66b57676c421190c483a56c7f17eeb4a4919e458648a474dd331c59b9aa961777d217ef320e850e73dfb1e89148d16e490dd2cc8e0ea954d23955608c8

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-gb\ui-strings.js.fun

    Filesize

    832B

    MD5

    48c27591284004f93644dd530c1e4049

    SHA1

    2cd82abbceb84abf9a153a301d3a3c92c01a7e9f

    SHA256

    8e79d7ae1309ca75e3841d67792fd327c7d1be458ef43d93c5ee28b82f38c1f0

    SHA512

    fd7f148fe3f246fe9f24b23353413dd56ab6067ecbb51f1e0432a40dd4e383e6327a30ad176b3fa64f7c9b1610c7eea458c9b2b948950ff0117ee1d1cf84065b

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ui-strings.js.fun

    Filesize

    1KB

    MD5

    e4d0679a0705f5bfd2fc82ffbc326daf

    SHA1

    103f733495643af3226a9cdb78bcd1ef23b1c3c4

    SHA256

    eb10903b4ad7089337c6d90cf0f035cc1c7a87905aa77880a526d3fc3f71e0cd

    SHA512

    cb26c9cc492ed6515db6e25d45d4daabd57ca79c5ac8c8b222c1af506575b56235bcfd631a8ef20ab53225351d620afcaf61dd2531e07a282ac8106146f7d0bf

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ui-strings.js.fun

    Filesize

    1KB

    MD5

    fdb2c0ef484b172f1f6c33bee4f5eb14

    SHA1

    c0d6213ee655213462dc2a8113d2484d2b4b2642

    SHA256

    0117345163acafc8e7b6849929766295a95c672940e3d039c4f40415b0143275

    SHA512

    df0809af6636ffb9274c3d4ce9d59dfb7318b99ee8153eb93218c57ae71b62051547ecaaa96d22375f41e5a3d3c099dae8b420e9e2ebcdc9995c48d12a296d68

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\bun.png.fun

    Filesize

    2KB

    MD5

    ce559d8f407057f1be997f03450a5df1

    SHA1

    5abfd77def5d1356465fd1b33d9819da4018772d

    SHA256

    e252f14fcb4b1c606608aed7bdd63325ec18f894eec6d0cc390003fbe234f7bf

    SHA512

    310ab69a7a6e9be68ef0aae4e6d6112f5d6b18c4aca0cd9399622f52cf73304273ada785fdde2066f14788008e83f29fc829118310eb98f0fb38016ed1d9a137

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview.png.fun

    Filesize

    2KB

    MD5

    28e106f9fc44892aa67840c95879cf2d

    SHA1

    5014e5e7c38b9423f8712e6020872093378c422a

    SHA256

    f37d4a737282a5983e5433add88d26273e2188380bc49c602bd4f41306679f2c

    SHA512

    3aa4cded44788c77d322a12dcd23e40003a031c342ce0674e20e4bb1cbdd74fb8b3ef538b42a47d6a39c4839b2b3aefb666407cbfa11a45b772a3633dcd810d2

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview2x.png.fun

    Filesize

    4KB

    MD5

    be4d7f71358aeb0bbbf3da2e887327eb

    SHA1

    8909decb2b9e1ee4962c510bfdb965f5583be41a

    SHA256

    54f9cc47001b19159c7fb9cee685b90e3d74832de69d0734beb48280c3eec89f

    SHA512

    239671ffc2ff706cf4ee669a8cf09c932a8055270fd76f3e3ab5c538fb62791130f02a2561e58d7cc3855d0ac4ff5d9f4983cf0e4ac64a50c459b78c052b5a08

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small.png.fun

    Filesize

    304B

    MD5

    2312556b85f2fa2ff929808fd00d374c

    SHA1

    8ab79829b8ca16535261ab93b54f7930b0d1a9f5

    SHA256

    ba622a0e122ff3282cc2d754fb59f9b0f097bf5f39f2444e875a9b5d2966486f

    SHA512

    f390d8c6c14068b09389aff95ab7775b635d7ff2e957ef2886312969760087b38dd9b8c05806f6ed9360d71908f4975ed8712bdc17cd1125e5f9a8c1a4b6677f

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small2x.png.fun

    Filesize

    400B

    MD5

    05d5eed613a6c44f94c91e59dd91f0ca

    SHA1

    1c150e45b7395767a8356070bb8d88674b8b8a0c

    SHA256

    f9da291ef0a9fe4af726fd05ac75520179acdaf5ba0e42f239db81434100041c

    SHA512

    d09b0a57f5044b3bd8fa8c263db28a5a4a9a4bb0d3d3d1cfaa022925c26019eb80704fc3366215e594ce1718decf895c47ad963626ae3e3a11ad87e18ab2f963

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\nub.png.fun

    Filesize

    1008B

    MD5

    0ab8e4714a6837ead8fc3de5acb6fb75

    SHA1

    eb63ab926aee97d251d3bdd774d6c31e1488fab3

    SHA256

    7c6cae3a3f3b1b492fbed41fd3a286a8f82edf6c2ffa9513eef7f0ad06a5fa90

    SHA512

    cd4e7d1f3dd810ee7258b75b605780fa6e49dc9472f03942a1add946b3963110cc0d2481a303026eb54a1b9947d31bfd5e6704675e7996232429c998176248df

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons.png.fun

    Filesize

    1KB

    MD5

    24564c009c6c28b2c4eb6903c521a21e

    SHA1

    4821977b23851ea36ba82f104e6284ae33b37a6c

    SHA256

    c428f8fa80c9254365c58613776c7c158434618d09d543bf49e10dc1adfbed5f

    SHA512

    f64115da93e89224b82d5788235e51cc3803e78b099f2370a7d52a10b9fa6a82c54ba73e2c5c0bf5cd1cc3d4ca375bd97468acc311afd332be9d6980aecd3f4f

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons2x.png.fun

    Filesize

    2KB

    MD5

    f5b69e4b5e6c1454d403e0f71e069a5f

    SHA1

    072710d0b0fc22b99967066d58883004ccf5b1a5

    SHA256

    81fcc23b87b29335d44e0c20919960be52d7541beea2752f9ee76d785f52645b

    SHA512

    318e54377b3ad83c5af0c2c14515e9c809eddf76c130f485a0f7d1e3bc7f9309dfff280185e4886afb5fb0deb1aa604aa2edb8b098114d5e03c371051da13409

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\nl-nl\ui-strings.js.fun

    Filesize

    848B

    MD5

    2a905dacd837f155477c0825afd7d97c

    SHA1

    941901b3752cd6a6be0aee243a98a3299d4dbab0

    SHA256

    f2dbecc0121480571b753757542ce1a580f738c0182f335f4d46c331bb66ca92

    SHA512

    46fed4b283944f19d83e72459b5fb95d098d3424d84b8a54b6b40a8523a9abc89c99d1b99ea0566c91a4c3beaef0a89a4f28424f29cf99e63a4f90492f5641bb

  • C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.fun

    Filesize

    32KB

    MD5

    9cfee6c4eb67101674cd4c136b19247e

    SHA1

    b5802651983ea22376d7c3e46ec396c0a24186ab

    SHA256

    123e9d73e51376eaf486a0a99fae496094807d725db4faa34b1da7040dd3bb40

    SHA512

    bf985cd10d540706597ec508d9914b889b967ca04e6efe754f2981efc4f659100ad078c9d55c97643b8dc273c2dc1c432141366d45465c838d2d858eac38a355

  • C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\invalid32x32.gif.fun

    Filesize

    160B

    MD5

    7bd31afefecc33ea1ce4d68e4747d075

    SHA1

    1f9a19ec5a29df36865ba77217914ed2700f8a43

    SHA256

    e2c4d17c1afed9177aa9b96a20769f55fa2402e3f7c0b794aa0afccbf25daba8

    SHA512

    c7a12dedc792ea8dc00910c43a2d4d52562098b6ef6fb20ef6d1a02f1c6a6cecef5cb38b053b292321f8aecaf0f5fe4724748e0d71ba0d0023153ef5c657fe30

  • C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe

    Filesize

    240KB

    MD5

    37fa8fa315d60727ebce5fafa56690b8

    SHA1

    599c28e16fda50ab1377e900678084ae28557090

    SHA256

    e398c99bd0f61a4590594dc912e4d4ad23c306df6bd00274e2756d1a28f3ef80

    SHA512

    cc900fb64eececdd030be5d6b79ef4213f128cae0f4314e77ced24df573d54a68350c2bcd3c5f448e4c640d336ef4888bc2b9a5a6fca1ba39668df4b43c50b09

  • C:\Users\Admin\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.fun

    Filesize

    8KB

    MD5

    128dd6be3deae00d0316ef6b34ed8cbf

    SHA1

    091f89029909efa4de1e77cdecdad0d0f8728eba

    SHA256

    a2be57d9d357edd89219d5b13c76d250760282dbc83bdc1b401a6eb52f4ab5ca

    SHA512

    ce782ccf7d0cc5945b008c5df06d0bc60a2211e202e98e73fd81a509852f5e661a5b05411835459e7b70b75d025380467eaef4201d05f6511392aa3ac32a2fcf

  • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{c2066bf6-8098-4d79-bae9-cfb04f518f0f}\0.1.filtertrie.intermediate.txt.fun

    Filesize

    16B

    MD5

    7a2702066f8ae5a41e121d332716da77

    SHA1

    865efd2386c7a98269a78e0a49bf22d3b3bbf192

    SHA256

    d9890327a81687b1542e3c1d4832e5fa0696ebfef0c18f77f2358e3da8a09087

    SHA512

    f2ff55c97cc1443c9f26646da59cd55abc2138de6b74a286ff5a7e7f9fc07903c350c47b7e6b851399af50089b07c1b9ca21c44530a014cdb66ee285b302cfa3

  • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{c2066bf6-8098-4d79-bae9-cfb04f518f0f}\0.2.filtertrie.intermediate.txt.fun

    Filesize

    16B

    MD5

    e8cf79e9349143759d4ada1f443608a7

    SHA1

    71ff76ad0b4c578a9b6bceb4995fe744adbd518d

    SHA256

    0ccdab07f860abeb38663e3415540034115f822cb004d84c2fc99ae076ed88ff

    SHA512

    0bb8493a48b799438cd1d6fc769c3f3ce0c302b66d7759457558e44a01a1e2bccd50dc565dff7758838cd0f28b8bcf3f63da62a85610e26116e234de8ec9d4ce

  • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133586086594688776.txt.fun

    Filesize

    77KB

    MD5

    1c5e94e8e734dd05bc2f112b90fdde79

    SHA1

    fedc1cdc25f17b267a7f9728093b7533df4bbb8d

    SHA256

    2e41ed1f79b9d35f5c456cf1229a075028f45da7d630e90bb16256224e8a10b3

    SHA512

    87c9953a192305bf3ce3106a00932f304e495fb9a8b1270aaf86fa83cf88d9f67c60783c6f9babdd64c69452637d8b57c19d67b9c1f4c0147c2febf6ac2bbf3c

  • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133586091897989945.txt.fun

    Filesize

    48KB

    MD5

    d68865d622c42ac52e7fc7924c9c5a2b

    SHA1

    7709b86af02b8bb7eef0794d460b7be42b510d29

    SHA256

    249ec7e6229836b627b3999cb05b7b61fad3c51cc3d75408aea73a6b80eceb94

    SHA512

    6ba836f98d11ef0a329b87be013fe112efa3f3e56c829da89ffbdbc9b26723f0098bed5f2cd764cff042bb9c9aa3fe270d9a5f377820a0e7536a94b920dcd417

  • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133586094768785820.txt.fun

    Filesize

    66KB

    MD5

    9b3a2d6ddfc264d3af55652fae0ca8a8

    SHA1

    b291c3c5a067f19355eed89c4063907c3bdcabf0

    SHA256

    7e7f47d1d4a88892da2024a3617dbd3bdc9e8ad4d3396ec659905e61a2eeccaa

    SHA512

    fb7988810b845f3d8b4030c235641cda48a12ba433d1d8b5572133a489d536095f58d5b14384bbe7266def75657154f10501d8c7c4b3455e6108d87a590e232f

  • C:\Users\Admin\AppData\Local\Temp\{75FB3354-8703-4BDB-AF42-0C36D3516F3D} - OProcSessId.dat.fun

    Filesize

    16B

    MD5

    bee170ea54aa2d72463f533de0c2fc71

    SHA1

    8eb53e2f1bbfe30326f8745d48ac2f94e85e5974

    SHA256

    9a8520991c071633598679cd3098f88c0789d3aa67e6114cec21033c2ab37960

    SHA512

    bcc05419a2f18209d57c27469ea524dade64c1fd984657fcbd2eed5368e18ea183b02323fae33f355115aeecb847e012b1d0b57cf8983751747e9ab0f8f59b4c

  • memory/4380-8-0x00007FFCAA540000-0x00007FFCAAEE1000-memory.dmp

    Filesize

    9.6MB

  • memory/4380-0-0x00007FFCAA7F5000-0x00007FFCAA7F6000-memory.dmp

    Filesize

    4KB

  • memory/4380-2-0x000000001B6C0000-0x000000001BB8E000-memory.dmp

    Filesize

    4.8MB

  • memory/4380-1-0x00007FFCAA540000-0x00007FFCAAEE1000-memory.dmp

    Filesize

    9.6MB

  • memory/4380-3-0x000000001BB90000-0x000000001BC2C000-memory.dmp

    Filesize

    624KB

  • memory/4380-19-0x00007FFCAA540000-0x00007FFCAAEE1000-memory.dmp

    Filesize

    9.6MB

  • memory/5024-18-0x00007FFCAA540000-0x00007FFCAAEE1000-memory.dmp

    Filesize

    9.6MB

  • memory/5024-20-0x00007FFCAA540000-0x00007FFCAAEE1000-memory.dmp

    Filesize

    9.6MB

  • memory/5024-21-0x00007FFCAA540000-0x00007FFCAAEE1000-memory.dmp

    Filesize

    9.6MB

  • memory/5024-22-0x0000000000990000-0x0000000000998000-memory.dmp

    Filesize

    32KB

  • memory/5024-410-0x00007FFCAA540000-0x00007FFCAAEE1000-memory.dmp

    Filesize

    9.6MB

  • memory/5024-411-0x00007FFCAA540000-0x00007FFCAAEE1000-memory.dmp

    Filesize

    9.6MB

  • memory/5024-3767-0x00007FFCAA540000-0x00007FFCAAEE1000-memory.dmp

    Filesize

    9.6MB

  • memory/5024-3768-0x00007FFCAA540000-0x00007FFCAAEE1000-memory.dmp

    Filesize

    9.6MB

  • memory/5024-3771-0x00007FFCAA540000-0x00007FFCAAEE1000-memory.dmp

    Filesize

    9.6MB

  • memory/5024-3772-0x00007FFCAA540000-0x00007FFCAAEE1000-memory.dmp

    Filesize

    9.6MB