Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

7

Documents/...er.exe

windows10-2004-x64

10

Documents/...ll.exe

windows10-2004-x64

3

Documents/...aw.exe

windows10-2004-x64

10

Documents/...ky.exe

windows10-2004-x64

10

Documents/...31.exe

windows10-2004-x64

1

Documents/...3 .exe

windows10-2004-x64

3

Documents/...d9.dll

windows10-2004-x64

10

027cc450ef...ju.dll

windows10-2004-x64

10

ee29b9c013...bc6.js

windows10-2004-x64

3

fe2e5d0543...L9.rtf

windows10-2004-x64

1

Documents/...uy.hta

windows10-2004-x64

10

Documents/...st.exe

windows10-2004-x64

7

Documents/...39.exe

windows10-2004-x64

6

Documents/...5c.exe

windows10-2004-x64

Documents/...00.exe

windows10-2004-x64

7

Supplement...16.scr

windows10-2004-x64

3

Documents/...ZSFwgb

windows10-2004-x64

1

Documents/...96.exe

windows10-2004-x64

5

Documents/...ed.exe

windows10-2004-x64

10

Documents/...70.exe

windows10-2004-x64

9

Documents/...67.exe

windows10-2004-x64

1

Documents/...56.exe

windows10-2004-x64

1

Documents/...ab.exe

windows10-2004-x64

8

Documents/...3a.exe

windows10-2004-x64

8

Documents/...73.exe

windows10-2004-x64

8

ed01ebfbc9...aa.exe

windows10-2004-x64

10

Documents/...aa.exe

windows10-2004-x64

10

Resubmissions

22/08/2024, 18:43 UTC

240822-xc563asamh 10

21/08/2024, 17:16 UTC

240821-vtjnaathnq 10

30/06/2024, 00:59 UTC

240630-bcjr6svbkk 10

20/06/2024, 02:02 UTC

240620-cf43ysxbnk 10

20/06/2024, 01:44 UTC

240620-b5v1xawemk 10

19/06/2024, 01:10 UTC

240619-bjmseavfmp 10

18/06/2024, 20:40 UTC

240618-zfwsxawdpa 10

18/06/2024, 13:45 UTC

240618-q2vcjawdle 10

Analysis

  • max time kernel
    149s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/06/2024, 01:44 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Documents/Ransomware.Jigsaw/jigsaw.exe

  • Size

    283KB

  • MD5

    2773e3dc59472296cb0024ba7715a64e

  • SHA1

    27d99fbca067f478bb91cdbcb92f13a828b00859

  • SHA256

    3ae96f73d805e1d3995253db4d910300d8442ea603737a1428b613061e7f61e7

  • SHA512

    6ef530b209f8ec459cca66dbf2c31ec96c5f7d609f17fa3b877d276968032fbc6132ea4a45ed1450fb6c5d730a7c9349bf4481e28befaea6b119ec0ded842262

  • SSDEEP

    6144:7fukPLPvucHiQQQ4uuy9ApZbZWxcZt+kTfMLJTOAZiYSXjjeqXus:7fu5cCT7yYlWi8kTfMLJTOAZiYSXjyqX

Score
10/10
jigsawpersistenceransomwarespywarestealer

Malware Config

Signatures

  • Jigsaw Ransomware

    Ransomware family first created in 2016. Named based on wallpaper set after infection in the early versions.

    ransomwarejigsaw
  • Renames multiple (3817) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 39 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 53 IoCs
  • Suspicious use of SendNotifyMessage 51 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Jigsaw\jigsaw.exe
    "C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Jigsaw\jigsaw.exe"
    1⤵
    • Checks computer location settings
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:1544
    • C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe
      "C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe" C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Jigsaw\jigsaw.exe
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      • Suspicious use of FindShellTrayWindow
      PID:4836
  • C:\Windows\system32\taskmgr.exe
    "C:\Windows\system32\taskmgr.exe" /4
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:3896
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3332

Network

  • flag-us
    DNS
    97.17.167.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    97.17.167.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    240.221.184.93.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    240.221.184.93.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    23.159.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    23.159.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    g.bing.com
    Remote address:
    8.8.8.8:53
    Request
    g.bing.com
    IN A
    Response
    g.bing.com
    IN CNAME
    g-bing-com.dual-a-0034.a-msedge.net
    g-bing-com.dual-a-0034.a-msedge.net
    IN CNAME
    dual-a-0034.a-msedge.net
    dual-a-0034.a-msedge.net
    IN A
    204.79.197.237
    dual-a-0034.a-msedge.net
    IN A
    13.107.21.237
  • flag-us
    GET
    https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8wHbQtjI8bYbnib1LQh6vpDVUCUzvhb_1vK9wPixYMF2AQH7KB-KwF8zzvVFp7qw45C0Vt_MxYv1VIAdQGt7ESRLHr4dSBjp3CII-8Sf9N1-vj4CPcwtktxrKuXYdYUkNxuZkWhM9_QpD81GuprpwnuR-vrOUoKZnfrgy7SVwJD7OugUI%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZm9uZWRyaXZlLmxpdmUuY29tJTJmJTNmb2NpZCUzZGNtbTA3YjdkbnU0%26rlid%3D870260f9d04317db35c106917c8e1071&TIME=20240611T200043Z&CID=531098720&EID=531098720&tids=15000&adUnitId=11730597&localId=w:C1FAC51E-94AB-DC02-D523-5673D6AE25E6&deviceId=6896198597095321&muid=C1FAC51E94ABDC02D5235673D6AE25E6
    Remote address:
    204.79.197.237:443
    Request
    GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8wHbQtjI8bYbnib1LQh6vpDVUCUzvhb_1vK9wPixYMF2AQH7KB-KwF8zzvVFp7qw45C0Vt_MxYv1VIAdQGt7ESRLHr4dSBjp3CII-8Sf9N1-vj4CPcwtktxrKuXYdYUkNxuZkWhM9_QpD81GuprpwnuR-vrOUoKZnfrgy7SVwJD7OugUI%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZm9uZWRyaXZlLmxpdmUuY29tJTJmJTNmb2NpZCUzZGNtbTA3YjdkbnU0%26rlid%3D870260f9d04317db35c106917c8e1071&TIME=20240611T200043Z&CID=531098720&EID=531098720&tids=15000&adUnitId=11730597&localId=w:C1FAC51E-94AB-DC02-D523-5673D6AE25E6&deviceId=6896198597095321&muid=C1FAC51E94ABDC02D5235673D6AE25E6 HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MUID=15B52F415D2564752C303BE55CC56598; domain=.bing.com; expires=Tue, 15-Jul-2025 01:44:42 GMT; path=/; SameSite=None; Secure; Priority=High;
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 9DBF7236B7EE41C89B09AFE4F7583E2A Ref B: LON04EDGE1022 Ref C: 2024-06-20T01:44:42Z
    date: Thu, 20 Jun 2024 01:44:42 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8wHbQtjI8bYbnib1LQh6vpDVUCUzvhb_1vK9wPixYMF2AQH7KB-KwF8zzvVFp7qw45C0Vt_MxYv1VIAdQGt7ESRLHr4dSBjp3CII-8Sf9N1-vj4CPcwtktxrKuXYdYUkNxuZkWhM9_QpD81GuprpwnuR-vrOUoKZnfrgy7SVwJD7OugUI%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZm9uZWRyaXZlLmxpdmUuY29tJTJmJTNmb2NpZCUzZGNtbTA3YjdkbnU0%26rlid%3D870260f9d04317db35c106917c8e1071&TIME=20240611T200043Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:C1FAC51E-94AB-DC02-D523-5673D6AE25E6&deviceId=6896198597095321&muid=C1FAC51E94ABDC02D5235673D6AE25E6
    Remote address:
    204.79.197.237:443
    Request
    GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8wHbQtjI8bYbnib1LQh6vpDVUCUzvhb_1vK9wPixYMF2AQH7KB-KwF8zzvVFp7qw45C0Vt_MxYv1VIAdQGt7ESRLHr4dSBjp3CII-8Sf9N1-vj4CPcwtktxrKuXYdYUkNxuZkWhM9_QpD81GuprpwnuR-vrOUoKZnfrgy7SVwJD7OugUI%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZm9uZWRyaXZlLmxpdmUuY29tJTJmJTNmb2NpZCUzZGNtbTA3YjdkbnU0%26rlid%3D870260f9d04317db35c106917c8e1071&TIME=20240611T200043Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:C1FAC51E-94AB-DC02-D523-5673D6AE25E6&deviceId=6896198597095321&muid=C1FAC51E94ABDC02D5235673D6AE25E6 HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=15B52F415D2564752C303BE55CC56598; _EDGE_S=SID=159ACF7B69F16E7E264ADBDF68316FC2
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MSPTC=K2tKqeFRaExDkZbVdGH51xvxOwlQNrUdbThGFCQ-nPA; domain=.bing.com; expires=Tue, 15-Jul-2025 01:44:43 GMT; path=/; Partitioned; secure; SameSite=None
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: D1849F3192BB46909A51F3C363509C5A Ref B: LON04EDGE1022 Ref C: 2024-06-20T01:44:43Z
    date: Thu, 20 Jun 2024 01:44:42 GMT
  • flag-be
    GET
    https://www.bing.com/aes/c.gif?RG=23aabe4e42e448339d9170699b77b19c&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T200043Z&adUnitId=11730597&localId=w:C1FAC51E-94AB-DC02-D523-5673D6AE25E6&deviceId=6896198597095321
    Remote address:
    88.221.83.187:443
    Request
    GET /aes/c.gif?RG=23aabe4e42e448339d9170699b77b19c&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T200043Z&adUnitId=11730597&localId=w:C1FAC51E-94AB-DC02-D523-5673D6AE25E6&deviceId=6896198597095321 HTTP/2.0
    host: www.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=15B52F415D2564752C303BE55CC56598
    Response
    HTTP/2.0 200
    cache-control: private,no-store
    pragma: no-cache
    vary: Origin
    p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 4A1AB9BED0354C7A858F216DC28272BF Ref B: DUS30EDGE0320 Ref C: 2024-06-20T01:44:43Z
    content-length: 0
    date: Thu, 20 Jun 2024 01:44:43 GMT
    set-cookie: _EDGE_S=SID=159ACF7B69F16E7E264ADBDF68316FC2; path=/; httponly; domain=bing.com
    set-cookie: MUIDB=15B52F415D2564752C303BE55CC56598; path=/; httponly; expires=Tue, 15-Jul-2025 01:44:43 GMT
    alt-svc: h3=":443"; ma=93600
    x-cdn-traceid: 0.b753dd58.1718847883.1daee9
  • flag-us
    DNS
    26.35.223.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    26.35.223.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    237.197.79.204.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    237.197.79.204.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    187.83.221.88.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    187.83.221.88.in-addr.arpa
    IN PTR
    Response
    187.83.221.88.in-addr.arpa
    IN PTR
    a88-221-83-187deploystaticakamaitechnologiescom
  • flag-us
    DNS
    196.249.167.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    196.249.167.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    157.123.68.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    157.123.68.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    18.31.95.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    18.31.95.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    21.236.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    21.236.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    199.111.78.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    199.111.78.13.in-addr.arpa
    IN PTR
    Response
  • 204.79.197.237:443
    https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8wHbQtjI8bYbnib1LQh6vpDVUCUzvhb_1vK9wPixYMF2AQH7KB-KwF8zzvVFp7qw45C0Vt_MxYv1VIAdQGt7ESRLHr4dSBjp3CII-8Sf9N1-vj4CPcwtktxrKuXYdYUkNxuZkWhM9_QpD81GuprpwnuR-vrOUoKZnfrgy7SVwJD7OugUI%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZm9uZWRyaXZlLmxpdmUuY29tJTJmJTNmb2NpZCUzZGNtbTA3YjdkbnU0%26rlid%3D870260f9d04317db35c106917c8e1071&TIME=20240611T200043Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:C1FAC51E-94AB-DC02-D523-5673D6AE25E6&deviceId=6896198597095321&muid=C1FAC51E94ABDC02D5235673D6AE25E6
    tls, http2
    2.4kB
     9.0kB
     19
    15

    HTTP Request

    GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8wHbQtjI8bYbnib1LQh6vpDVUCUzvhb_1vK9wPixYMF2AQH7KB-KwF8zzvVFp7qw45C0Vt_MxYv1VIAdQGt7ESRLHr4dSBjp3CII-8Sf9N1-vj4CPcwtktxrKuXYdYUkNxuZkWhM9_QpD81GuprpwnuR-vrOUoKZnfrgy7SVwJD7OugUI%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZm9uZWRyaXZlLmxpdmUuY29tJTJmJTNmb2NpZCUzZGNtbTA3YjdkbnU0%26rlid%3D870260f9d04317db35c106917c8e1071&TIME=20240611T200043Z&CID=531098720&EID=531098720&tids=15000&adUnitId=11730597&localId=w:C1FAC51E-94AB-DC02-D523-5673D6AE25E6&deviceId=6896198597095321&muid=C1FAC51E94ABDC02D5235673D6AE25E6

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8wHbQtjI8bYbnib1LQh6vpDVUCUzvhb_1vK9wPixYMF2AQH7KB-KwF8zzvVFp7qw45C0Vt_MxYv1VIAdQGt7ESRLHr4dSBjp3CII-8Sf9N1-vj4CPcwtktxrKuXYdYUkNxuZkWhM9_QpD81GuprpwnuR-vrOUoKZnfrgy7SVwJD7OugUI%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZm9uZWRyaXZlLmxpdmUuY29tJTJmJTNmb2NpZCUzZGNtbTA3YjdkbnU0%26rlid%3D870260f9d04317db35c106917c8e1071&TIME=20240611T200043Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:C1FAC51E-94AB-DC02-D523-5673D6AE25E6&deviceId=6896198597095321&muid=C1FAC51E94ABDC02D5235673D6AE25E6

    HTTP Response

    204
  • 88.221.83.187:443
    https://www.bing.com/aes/c.gif?RG=23aabe4e42e448339d9170699b77b19c&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T200043Z&adUnitId=11730597&localId=w:C1FAC51E-94AB-DC02-D523-5673D6AE25E6&deviceId=6896198597095321
    tls, http2
    1.5kB
     5.4kB
     17
    12

    HTTP Request

    GET https://www.bing.com/aes/c.gif?RG=23aabe4e42e448339d9170699b77b19c&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T200043Z&adUnitId=11730597&localId=w:C1FAC51E-94AB-DC02-D523-5673D6AE25E6&deviceId=6896198597095321

    HTTP Response

    200
  • 8.8.8.8:53
    97.17.167.52.in-addr.arpa
    dns
    71 B
     145 B
     1
    1

    DNS Request

    97.17.167.52.in-addr.arpa

  • 8.8.8.8:53
    240.221.184.93.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    240.221.184.93.in-addr.arpa

  • 8.8.8.8:53
    23.159.190.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    23.159.190.20.in-addr.arpa

  • 8.8.8.8:53
    g.bing.com
    dns
    56 B
     151 B
     1
    1

    DNS Request

    g.bing.com

    DNS Response

    204.79.197.237
    13.107.21.237

  • 8.8.8.8:53
    26.35.223.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    26.35.223.20.in-addr.arpa

  • 8.8.8.8:53
    237.197.79.204.in-addr.arpa
    dns
    73 B
     143 B
     1
    1

    DNS Request

    237.197.79.204.in-addr.arpa

  • 8.8.8.8:53
    187.83.221.88.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    187.83.221.88.in-addr.arpa

  • 8.8.8.8:53
    196.249.167.52.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    196.249.167.52.in-addr.arpa

  • 8.8.8.8:53
    157.123.68.40.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    157.123.68.40.in-addr.arpa

  • 8.8.8.8:53
    18.31.95.13.in-addr.arpa
    dns
    70 B
     144 B
     1
    1

    DNS Request

    18.31.95.13.in-addr.arpa

  • 8.8.8.8:53
    21.236.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    21.236.111.52.in-addr.arpa

  • 8.8.8.8:53
    199.111.78.13.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    199.111.78.13.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_remove_18.svg.fun
    Filesize

    720B

    MD5

    75a585c1b60bd6c75d496d3b042738d5

    SHA1

    02c310d7bf79b32a43acd367d031b6a88c7e95ed

    SHA256

    5ebbfc6df60e21044486a5df3cb47ccdcd7a4d5f197804555715ffd9bf6c5834

    SHA512

    663a302e651b9167f4c4e6ae30028307b4d8da0dda3a0e5fd414104951d50419862fc9396c5b39fe5c4b696efd3efbf0b575688983b1d341f3ef38becf500505

    Download Submit

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons.png.fun
    Filesize

    7KB

    MD5

    72269cd78515bde3812a44fa4c1c028c

    SHA1

    87cada599a01acf0a43692f07a58f62f5d90d22c

    SHA256

    7c78b3da50c1135a9e1ecace9aea4ea7ac8622d2a87b952fc917c81010c953f7

    SHA512

    3834b7a8866e8656bbdbf711fc400956e9b7a14e192758f26ccf31d8f6ab8e34f7b1983c1845dc84e45ff70555e423d54a475f6a668511d3bcbdd1d460eeb4b0

    Download Submit

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons_ie8.gif.fun
    Filesize

    7KB

    MD5

    eda4add7a17cc3d53920dd85d5987a5f

    SHA1

    863dcc28a16e16f66f607790807299b4578e6319

    SHA256

    97f6348eaa48800e603d11fa22c62e10682ad919e7af2b2e59d6bd53937618f2

    SHA512

    d59fa9648dc7cb76a5163014f91b6d65d33aaa86fc9d9c73bf147943a3254b4c4f77f06b2e95bb8f94246a982ea466eb33dac9573dd62f40953fd23de1c1b498

    Download Submit

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons_retina.png.fun
    Filesize

    15KB

    MD5

    7dbb12df8a1a7faae12a7df93b48a7aa

    SHA1

    07800ce598bee0825598ad6f5513e2ba60d56645

    SHA256

    aecde4eb94a19095495d76ef3189a9abd45bcfd41acbed7705d22b4c7d00aa77

    SHA512

    96e454ebb4c96573e8edc6822290c22d425f4c7f7adbab35e6dc4b3ce04a5916ae9254c2c312c98299835ecbf3c5aa95da2939b8408ac25fbae44ba87a3795dc

    Download Submit

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\new_icons.png.fun
    Filesize

    8KB

    MD5

    82a2e835674d50f1a9388aaf1b935002

    SHA1

    e09d0577da42a15ec1b71a887ff3e48cfbfeff1a

    SHA256

    904372666ca3c40f92b20317d92ca531678958affbc34591401e338146fe0ecb

    SHA512

    b10a8e384d0bd088443a5085f5c22a296f6f4d295a053d4526690ba65846e887daec47d01cf18fdf1160db98061a8b7c4040de56e6e604451a821fadccf32698

    Download Submit

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\new_icons_retina.png.fun
    Filesize

    17KB

    MD5

    150c9a9ed69b12d54ada958fcdbb1d8a

    SHA1

    804c540a51a8d14c6019d3886ece68f32f1631d5

    SHA256

    2dee41184747742fbdc527b2023d67fecec1ccdfdf258439a06cd75d4fd33f43

    SHA512

    70193ee6f0919eb14311f43b5a5da041deacb568db55fc43290ee76e17af902ac468435b37a150630ea3b7871c724073915ae5dcba3c301ac42f2d68dd598e2f

    Download Submit

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon.png.fun
    Filesize

    448B

    MD5

    880833ad1399589728c877f0ebf9dce0

    SHA1

    0a98c8a78b48c4b1b4165a2c6b612084d9d26dce

    SHA256

    7a27d891097df183fbf0031e3894bdac0ce77aef15d666ddd9f6a04e9836fb27

    SHA512

    0ddf247892a72a390437390d535debf6e41d12e51b31eb4f0353b710ec380c5fbc531a48e76935088063a41aca843287d3def9c1cd46be05b8dcb69f5017a464

    Download Submit

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_2x.png.fun
    Filesize

    624B

    MD5

    409a8070b50ad164eda5691adf5a2345

    SHA1

    e84e10471f3775d5d706a3b7e361100c9fbfaf74

    SHA256

    a91790b778026db625c9dedfe1c6d94b884818b33d7977e86b2f9c2f3c500796

    SHA512

    767a75edd37d29b3433040ce21cda849cd11ba549f27581f7edc6416c433ba7047c56908d40956422393ab0f35ede61617d4bd2aad0bde3d1ebd276584c858c7

    Download Submit

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover.png.fun
    Filesize

    400B

    MD5

    2884524604c89632ebbf595e1d905df9

    SHA1

    b6053c85110b0364766e18daab579ac048b36545

    SHA256

    ae2facd997527426fc4def82e0db68be29b44499bfff86a28c36f7c31b177d4f

    SHA512

    0b506397627823a1768796129c6b37d146821471b89338b5f2d0fd3aea707fd46a8e197ee0e298ddfb3b50eef0a0b064946006346b060f733ef19cbd5d24fc90

    Download Submit

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover_2x.png.fun
    Filesize

    560B

    MD5

    e092d14d26938d98728ce4698ee49bc3

    SHA1

    9f8ee037664b4871ec02ed6bba11a5317b9e784a

    SHA256

    5e8ec278a273be22199884d519a79f748801baa3a45b76e57569fdfffe96e7fb

    SHA512

    b2fcb5d46339cdf6b5a954f2a083cf913779e57cb6e8699bc5da1fba1c370c41117b7ddefb50075622067eb7b02a20268bc047171bd883bcda4a497c2ec64ea4

    Download Submit

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon.png.fun
    Filesize

    400B

    MD5

    0c680b0b1e428ebc7bff87da2553d512

    SHA1

    f801dedfc3796d7ec52ee8ba85f26f24bbd2627c

    SHA256

    9433084e61062d2b709c1390e298ddaf3fb0226656662c04c0b7026a44dee750

    SHA512

    2d1399a6bf225b048d2b12656e941ad912636acae2dec387f92f33ac80629a1e504bca63580ba73a8ed073788f697274d5eb76ea1b089f0555fd397a8f5cbbff

    Download Submit

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png.fun
    Filesize

    560B

    MD5

    be26a499465cfbb09a281f34012eada0

    SHA1

    b8544b9f569724a863e85209f81cd952acdea561

    SHA256

    9095e9b4759e823e96984981af41b7a9915a5ecaa6be769f89c13484cef9e0f5

    SHA512

    28196e5de9670e9f63adcf648368bd3ea5926a03e28a13adc2fb69c567fba2f84e4f162637c487acb64eda2e30993f849806f2313820ba693c7e70303542d04f

    Download Submit

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png.fun
    Filesize

    400B

    MD5

    2de4e157bf747db92c978efce8754951

    SHA1

    c8d31effbb9621aefac55cf3d4ecf8db5e77f53d

    SHA256

    341976b4fe312824d02512d74770a6df9e1c37123781655532bd9cd97ea65fa9

    SHA512

    3042a742c38434ae3ee4fe10f7137462cdebad5cae0f9a85fb61063d15a30e1b54ac878b1af65f699c6ca1a9d2c3e58d245e54bdebfadc460cbd060836734e11

    Download Submit

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png.fun
    Filesize

    560B

    MD5

    ad091690b979144c795c59933373ea3f

    SHA1

    5d9e481bc96e6f53b6ff148b0da8417f63962ada

    SHA256

    7805ac9d0e05d560023e5aabed960d842e4f3ec2aa3db45a9cfb541688e2edb1

    SHA512

    23b4c799a7b25f70962e8dd0ec7286ba7150053cab7c88f5fb1efc1095c2987bd6f3572e7fb3ee4b2238958e52a763de2c84a74615df7a6d3a19a034584fd687

    Download Submit

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\example_icons.png.fun
    Filesize

    688B

    MD5

    65368c6dd915332ad36d061e55d02d6f

    SHA1

    fb4bc0862b192ad322fcb8215a33bd06c4077c6b

    SHA256

    6f9c7ebec5a707de439e3fd2e278fdfa07a39465d56157b70b24f091509bf76f

    SHA512

    8bb9a7690aeb3c0b9e14e1a6ebc5741536d354cf2324fd74ee0c3e4ef511718f7795039a94c8d2df94b6e6d0fb1762191cb649089d1def12abdf34003f0cdd0f

    Download Submit

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\example_icons2x.png.fun
    Filesize

    1KB

    MD5

    0d35b2591dc256d3575b38c748338021

    SHA1

    313f42a267f483e16e9dd223202c6679f243f02d

    SHA256

    1ca0cfc2df0354c8d886285ae5e743d9c7cc030e1afd68ac113c0f2ce43ad5fa

    SHA512

    f6c58c27bbde7508a866bd0e7fabadb13a4f020378cd8b8cfc0c9fa23f645d811d6cdea04b81afdf30c064c6248152e74b3e6a78ec7a3d1d19037a0db8897d7e

    Download Submit

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\bg_pattern_RHP.png.fun
    Filesize

    192B

    MD5

    b8454390c3402747f7c5e46c69bea782

    SHA1

    e922c30891ff05939441d839bfe8e71ad9805ec0

    SHA256

    76f8ed1dd50e50c7d62b804a0d6901a93e5534787d7b38467933d4c12ce98a0d

    SHA512

    22b26c62473e80d17c1f78df14757ccfb6c7175faa541705edc153c02baa7ab0982b5daabe8dd2c8c9efb92af81f55ccaeeecffe8ed9a0b3c26e89135ca50923

    Download Submit

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\bg_patterns_header.png.fun
    Filesize

    704B

    MD5

    6e333be79ea4454e2ae4a0649edc420d

    SHA1

    95a545127e10daea20fd38b29dcc66029bd3b8bc

    SHA256

    112f72ef2bc57de697b82b731775fba3f518d1ae072120cd11b732bf4a782e36

    SHA512

    bed5906c7373814acc8a54c1631428a17f0aa69282920447a1575d8db826afd5dab262301dc6da610ff8bb81d24ec6babd3d9fb99fd6945f1aca9cb9c76ec2c9

    Download Submit

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\illustrations.png.fun
    Filesize

    8KB

    MD5

    3ae8789eb89621255cfd5708f5658dea

    SHA1

    6c3b530412474f62b91fd4393b636012c29217df

    SHA256

    7c5b1d8469e232a58359ccbcb89e619c81c20e6d2c7579e4292eb9a19849bc5a

    SHA512

    f6998dbae1a2fa56f962045261a11a50b8e03573d9d4cf39083da3be341cc104e0ecf5908076f03961bcdb1356d05a7450d69940ec3aaab73623a6fe180e7051

    Download Submit

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\illustrations_retina.png.fun
    Filesize

    19KB

    MD5

    b7c62677ce78fbd3fb9c047665223fea

    SHA1

    3218c7b6fd8be5e0a8b67d3953d37d5dbd0c71d8

    SHA256

    aa638be6e1107ed1f14e8430abedd6f6d0a837a31b1b63e6a7741d6d417eddc2

    SHA512

    9e0cc29835845f2a0260a6989c1b362bac22a8e0c2825bc18f1dde812ce7868503881d2deaf951429a80b5017b6ce31e785ff524883e08d730aa38b36a2fb074

    Download Submit

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-gb\ui-strings.js.fun
    Filesize

    832B

    MD5

    117d6f863b5406cd4f2ac4ceaa4ba2c6

    SHA1

    5cac25f217399ea050182d28b08301fd819f2b2e

    SHA256

    73acdc730d8a9ec8f340c724b4db96fc222bb1eaf836cec69dfe3fab8d6ac362

    SHA512

    e10883029c1e0fbc64bec9aac0a6957a8499af255e1790843717212077926474e02b2870c5dd04b057c956b97ad4bb1747fe73e731ea61b891f4b38dd80494d7

    Download Submit

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ui-strings.js.fun
    Filesize

    1KB

    MD5

    433755fcc2552446eb1345dd28c924eb

    SHA1

    23863f5257bdc268015f31ab22434728e5982019

    SHA256

    d6c290e942ee665d71e288229423a1f1866842988eac01f886910b0ec383aa9b

    SHA512

    de83b580ce27012a7677e1da867c91e2a42dbc6b5872dcf756ace51c2862801814665ecca997171f2e550e8b9a3de19994d2516a4e5d4d57e16c7b4b823236c0

    Download Submit

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ui-strings.js.fun
    Filesize

    1KB

    MD5

    781ed8cdd7186821383d43d770d2e357

    SHA1

    99638b49b4cfec881688b025467df9f6f15371e8

    SHA256

    a955039cd9e53674395f4b758218e4d59c89e99a0c4d2a909e49f6008b8f5dd4

    SHA512

    87cb9c4288586df232200f7bbacee3dee04f31c9444902dd369ad5c392d71e9837ebf8b3bb0fcb4a5db8a879cf757e97ce248939e3316c6bf3a3fe7cbe579534

    Download Submit

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\bun.png.fun
    Filesize

    2KB

    MD5

    51da980061401d9a49494b58225b2753

    SHA1

    3445ffbf33f012ff638c1435f0834db9858f16d3

    SHA256

    3fb25ddd378ab756ec9faa56f16b76691cf6d9c7405bb9a09ce542a6f5b94e44

    SHA512

    ecc5eb2a045ce2508d461b999f16caba6cce55aa0c00b34bd73a33e0458795f93a77caff5026212912684164057be016f51dc57ec83821c2a1f2e27417c47b2c

    Download Submit

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview.png.fun
    Filesize

    2KB

    MD5

    2863e8df6fbbe35b81b590817dd42a04

    SHA1

    562824deb05e2bfe1b57cd0abd3fc7fbec141b7c

    SHA256

    7f1238332901b740cde70db622abcfb533fc02f71e93101340073552f4820dad

    SHA512

    7b2d95465ea66951ea05c341549535a0a939d26dbde365b212e3983e4047fa6912c37d737cb8054c41bb1a7d92586d968a0154c666572a70ebc59a4776897f38

    Download Submit

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview2x.png.fun
    Filesize

    4KB

    MD5

    79f6f006c95a4eb4141d6cedc7b2ebeb

    SHA1

    012ca3de08fb304f022f4ea9565ae465f53ab9e8

    SHA256

    e9847d0839d3cf1039bebdc49820ee7813d70941347ce420990592e5e3bd998e

    SHA512

    c143a4cf1ccfa98039b73214978722408188535ee4aa3dac08a34760b94bdf6d36ad0ff0de893da5b17fd69c96a6dfb25098ab7fec219fad1a77532113d0353e

    Download Submit

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small.png.fun
    Filesize

    304B

    MD5

    b88e3983f77632fa21f1d11ac7e27a64

    SHA1

    03a2b008cc3fe914910b0250ed4d49bd6b021393

    SHA256

    8469b8a64e80d662eec71c50513f6d295ef4a3a9992763dbcac9d81253cef9d5

    SHA512

    5bf93d4f4250ca96169f3d27d4e648cc5d6e00b7558a3ef32e07edcbae36dadb8008d7ba5f83ac3ed812b72c9d52730e866191b4de7a339df57b5697e00df50d

    Download Submit

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small2x.png.fun
    Filesize

    400B

    MD5

    f77086a1d20bca6ba75b8f2fef2f0247

    SHA1

    db7c58faaecd10e4b3473b74c1277603a75d6624

    SHA256

    cf10d2a22b638cf0978cf30ecaf39ecb5bb0e3ad78cd920afa433ad60cc1290d

    SHA512

    a77a897c0b41f4052cb9546d4cfd6e0856b288b6b8583a86d6c7e79059a05b19cc2593599251581e79107235e9d5cd589c392bf490452be04ff57e944cd19df3

    Download Submit

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\nub.png.fun
    Filesize

    1008B

    MD5

    e03c9cd255f1d8d6c03b52fee7273894

    SHA1

    d0e9a9e6efd1746bc9ccb4eb8e7701c1cd707e2e

    SHA256

    22a34c8321384fc7682102e40d082e7812232a9109e4d4e8fa2152fda3f260f6

    SHA512

    d4bd002197b725316e1f1f2dd0a70ee44a82a53ac0dafa8c6b1166343adc406e147d0c4cca30d65a32aa545f1b327c6b69c0ec1d15330af48a6faa234dc4b5ac

    Download Submit

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons.png.fun
    Filesize

    1KB

    MD5

    62b1443d82968878c773a1414de23c82

    SHA1

    192bbf788c31bc7e6fe840c0ea113992a8d8621c

    SHA256

    4e96529c023168df8dde241a9acdbf4788ea65bc35605e18febff2b2071f1e24

    SHA512

    75c8604ea65e0cdd9ea74b4802930444dd16a945da1e7f0af4a9a3762259ee9eb41ea96973555d06f4814ee2f6b73ab662c6b314b97876e9628fa5d4536e771c

    Download Submit

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons2x.png.fun
    Filesize

    2KB

    MD5

    bca915870ae4ad0d86fcaba08a10f1fa

    SHA1

    7531259f5edae780e684a25635292bf4b2bb1aac

    SHA256

    d153ed6c5ea8c2c2f1839f8dadcc730f61bd8cd86ad732bab002a258dea1d037

    SHA512

    03f23de6b0ae10e63c41e73308b3844d49379c55d2df75fa1dc00771b26253d832c21081d8289f04260369df996e31273b7c0788cf3b5c78a27ec909f14a283a

    Download Submit

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\nl-nl\ui-strings.js.fun
    Filesize

    848B

    MD5

    14145467d1e7bd96f1ffe21e0ae79199

    SHA1

    5db5fbd88779a088fd1c4319ff26beb284ad0ff3

    SHA256

    7a75b8ec8809c460301f30e1960b13c518680792e5c743ce7e9a7f691cfafc38

    SHA512

    762d499c54c5a25aba4357a50bb4e6b47451babeda84fa62cfbd649f8350bca55204ad002883b9147e78dda3dbabaae8da1dc94b716204226bb53326030772b7

    Download Submit

  • C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.fun
    Filesize

    32KB

    MD5

    829165ca0fd145de3c2c8051b321734f

    SHA1

    f5cc3af85ab27c3ea2c2f7cbb8295b28a76a459e

    SHA256

    a193ee2673e0ba5ebc5ea6e65665b8a28bd7611f06d2b0174ec2076e22d94356

    SHA512

    7d380cda12b342a770def9d4e9c078c97874f3a30cd9f531355e3744a8fef2308f79878ffeb12ce26953325cb6a17bc7e54237dfdc2ee72b140ec295676adbcb

    Download Submit

  • C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\invalid32x32.gif.fun
    Filesize

    160B

    MD5

    580ee0344b7da2786da6a433a1e84893

    SHA1

    60f8c4dd5457e9834f5402cb326b1a2d3ca0ba7e

    SHA256

    98b6c2ddfefc628d03ceaef9d69688674a6bc32eb707f9ed86bc8c75675c4513

    SHA512

    356d2cdea3321e894b5b46ad1ea24c0e3c8be8e3c454b5bd300b7340cbb454e71fc89ca09ea0785b373b483e67c2f6f6bb408e489b0de4ff82d5ed69a75613ba

    Download Submit

  • C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe
    Filesize

    283KB

    MD5

    2773e3dc59472296cb0024ba7715a64e

    SHA1

    27d99fbca067f478bb91cdbcb92f13a828b00859

    SHA256

    3ae96f73d805e1d3995253db4d910300d8442ea603737a1428b613061e7f61e7

    SHA512

    6ef530b209f8ec459cca66dbf2c31ec96c5f7d609f17fa3b877d276968032fbc6132ea4a45ed1450fb6c5d730a7c9349bf4481e28befaea6b119ec0ded842262

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_32.db
    Filesize

    24B

    MD5

    60476a101249aedff09a43e047040191

    SHA1

    de5b6a0adc7de7180e19286cf0f13567278cdb64

    SHA256

    35bc77a06bfdde8c8f3a474c88520262b88c7b8992ee6b2d5cf41dddc77a83fb

    SHA512

    f1d2dcc562a36434c6c6405ec4eac7ecfa76fc5a940114da6f94495b77584a132d5d82ad3556df749490be096cfd238fa8b484b7c734cbc4d074e963e5d451f4

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db
    Filesize

    7KB

    MD5

    1cdf68b133f4457723f43556d5d67fff

    SHA1

    4e316e73403c91b5e923f3750f34c1726b2f20bd

    SHA256

    3a2754bb548becd29a3dfdb117fc67812b0c8ca34acf0a7eb8afd559e6e8c2a4

    SHA512

    2db3b7185a28d19a97cd3b8d71c81782f5b2293616ee965851aea7521fdf869d95b453594fc4de34547b4050e2fdcc893125c87b330dd85d73aaf53e75beb868

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.fun
    Filesize

    8KB

    MD5

    f22599af9343cac74a6c5412104d748c

    SHA1

    e2ac4c57fa38f9d99f3d38c2f6582b4334331df5

    SHA256

    36537e56d60910ab6aa548e64ca4adafdcabde9d60739013993e12ba061dfd65

    SHA512

    5c8afc025e1d8342d93b7842dc7ef22eca61085857a80a08ba9b3f156ee3b814606bb32bc244bd525a7913e7915bdf3a86771d39577f4a1176ade04dc381c6d4

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{fbf257de-6570-4630-902c-10acf3a7613b}\0.1.filtertrie.intermediate.txt.fun
    Filesize

    16B

    MD5

    1fd532d45d20d5c86da0196e1af3f59a

    SHA1

    34adcab9d06e04ea6771fa6c9612b445fe261fab

    SHA256

    dae6420ea1d7dbe55ab9d32b04270a2b7092a9b6645ed4e87ad2c2da5fdd6bae

    SHA512

    f778cd0256eda2c1d8724a46f82e18ab760221181f75649e49dd32e9a2558bec0e9c52c5306ad17b18ab60395d83c438742103fe9adddf808e40c3d8384ea0b0

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{fbf257de-6570-4630-902c-10acf3a7613b}\0.2.filtertrie.intermediate.txt.fun
    Filesize

    16B

    MD5

    f405f596786198c6260d9c5c2b057999

    SHA1

    f8f3345eb5abc30606964a460d8eef43d3304076

    SHA256

    58e3090edb9316d9141065ac654a08169f2833091e6eb3a53b5a774a61b7e30a

    SHA512

    a0b3573dae218ade265709a6fdee5f7700c9754eb10747de5af34af340ae95909d0a8902159a735e82eb5d7091f50a7997113661a7ec3fcc2b408fb6c78a4c39

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133626047950574231.txt.fun
    Filesize

    77KB

    MD5

    c408fe54ebacb4f32d787b81ef224d39

    SHA1

    e3d2528a5ff4a52c9e2d9ab562a04a2c710da1c7

    SHA256

    99262dd9d9e4a7219143051937efbd2a98fe5db1d1e60dbfc2bc6601fc01efc8

    SHA512

    7556ab93b16b72f3c9d619b30e574b67f95a1983ed5dd05e63ef33b23893ab3768b4d139691b4fb36490c1d5170854bb954aa17adc8446eb204847caa20e0012

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133626052813607644.txt.fun
    Filesize

    48KB

    MD5

    4f162a341c5623f4f9fb48bde1bd8687

    SHA1

    3c4f2000b4b73b9e32eb8bc28f2a9b50c06bfef9

    SHA256

    aaacfbd30fec8f67ef3119075b1ce9e81afc6b7ceffc6e9f55c5fa6fcd13ce46

    SHA512

    3b6d1146b4a75c5d4def3d80a2981baaaabf016580b0671b65195b555263a05139c2c79b15efa2cfcc24ce3aada0e1c643bec9ef0dc9a12aee454eeeeea8ead8

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133626055682919415.txt.fun
    Filesize

    66KB

    MD5

    0c4039e2bc1d499f82cc957a90885637

    SHA1

    01ca3eedaf8d2ea5311722a37755285288b72fac

    SHA256

    c08e5c75b9dc71a283489dd7e3fd97b55fd5c7a8e1032d1b19ba780f693c39e3

    SHA512

    27fa753b784246affa1f4e911595503af53a422e5938b481649392c7d8efc1d3ccda19a45d0abad2027298b2dc1f7599dd0bed95c96c9fd05938a978e32d4b6a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\{B183C939-E702-4E16-9D1E-A5DC9F11A6FB} - OProcSessId.dat.fun
    Filesize

    16B

    MD5

    8ebcc5ca5ac09a09376801ecdd6f3792

    SHA1

    81187142b138e0245d5d0bc511f7c46c30df3e14

    SHA256

    619e246fc0ac11320ff9e322a979948d949494b0c18217f4d794e1b398818880

    SHA512

    cec50bfc6ad2f57f16da99459f40f2d424c6d5691685fa1053284f46c8c8c8a975d7bcb1f3521c4f3fbdc310cf4714e29404aa23be6021e2e267c97b090dc650

    Download Submit

  • memory/1544-0-0x00007FFAAF405000-0x00007FFAAF406000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1544-22-0x00007FFAAF150000-0x00007FFAAFAF1000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/1544-1-0x00007FFAAF150000-0x00007FFAAFAF1000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/1544-2-0x0000000000A50000-0x0000000000A88000-memory.dmp

    Filesize

    224KB

    Download

  • memory/1544-4-0x000000001B5F0000-0x000000001BABE000-memory.dmp

    Filesize

    4.8MB

    Download

  • memory/1544-5-0x000000001BB60000-0x000000001BBFC000-memory.dmp

    Filesize

    624KB

    Download

  • memory/1544-3-0x00007FFAAF150000-0x00007FFAAFAF1000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/3896-3856-0x0000024271350000-0x0000024271351000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3896-3866-0x0000024271350000-0x0000024271351000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3896-3863-0x0000024271350000-0x0000024271351000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3896-3864-0x0000024271350000-0x0000024271351000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3896-3865-0x0000024271350000-0x0000024271351000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3896-3867-0x0000024271350000-0x0000024271351000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3896-3868-0x0000024271350000-0x0000024271351000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3896-3862-0x0000024271350000-0x0000024271351000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3896-3858-0x0000024271350000-0x0000024271351000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3896-3857-0x0000024271350000-0x0000024271351000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4836-19-0x00007FFAAF150000-0x00007FFAAFAF1000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/4836-3855-0x00007FFAAF150000-0x00007FFAAFAF1000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/4836-3854-0x00007FFAAF150000-0x00007FFAAFAF1000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/4836-3851-0x00007FFAAF150000-0x00007FFAAFAF1000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/4836-3850-0x00007FFAAF150000-0x00007FFAAFAF1000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/4836-3849-0x00007FFAAF150000-0x00007FFAAFAF1000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/4836-268-0x00007FFAAF150000-0x00007FFAAFAF1000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/4836-23-0x000000001B030000-0x000000001B038000-memory.dmp

    Filesize

    32KB

    Download

  • memory/4836-21-0x00007FFAAF150000-0x00007FFAAFAF1000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/4836-20-0x00007FFAAF150000-0x00007FFAAFAF1000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/4836-3899-0x00007FFAAF150000-0x00007FFAAFAF1000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/4836-269-0x00007FFAAF150000-0x00007FFAAFAF1000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/4836-270-0x00007FFAAF150000-0x00007FFAAFAF1000-memory.dmp

    Filesize

    9.6MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.