jigsaw | 25c6eb273edceebb6b4d3f6d382a3890ab1b5575b0605e95e8c02375a5c83964

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
07/08/2024, 19:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

25c6eb273edceebb6b4d3f6d382a3890ab1b5575b0605e95e8c02375a5c83964.exe
Size

141KB
MD5

5ae42f93bb14b553f52bd15845b0992b
SHA1

f390fab5e976495686e13bac55fb7c6600cb04f9
SHA256

25c6eb273edceebb6b4d3f6d382a3890ab1b5575b0605e95e8c02375a5c83964
SHA512

d3b9494e1d5ee9c20ca019d5e65f1fa83f3b3ee875001c3a5abf36503af4b94fc2bd8e75fae430b7c0b94d74f7e23ae3af228ee8602e7ee685d9e7ddb1ec3858
SSDEEP

3072:wOXwqohogPKl0eIR8ex4z+nbZGfXIPqPy+YU2Xt+1:zngPKlP2844z+nbZGfXIC6+E9+

Score

10^/10

jigsaw persistence ransomware spyware stealer

Malware Config

Signatures

Jigsaw Ransomware
Ransomware family first created in 2016. Named based on wallpaper set after infection in the early versions.
ransomware jigsaw
Renames multiple (3752) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Control Panel\International\Geo\Nation	25c6eb273edceebb6b4d3f6d382a3890ab1b5575b0605e95e8c02375a5c83964.exe

Executes dropped EXE 1 IoCs

pid	Process
2364	Firefx32.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Acrobt32.exe = "C:\\Users\\Admin\\AppData\\Roaming\\Adb\\Acrobt32.exe"	25c6eb273edceebb6b4d3f6d382a3890ab1b5575b0605e95e8c02375a5c83964.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSectionMedTile.scale-400.png	Firefx32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\LargeTile.scale-100_contrast-black.png	Firefx32.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-black_scale-180.png.sux	Firefx32.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxA-Generic-Light.scale-300.png	Firefx32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\pdf-ownership-rdr-de_de.gif	Firefx32.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad.xml	Firefx32.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-black_scale-100.png.sux	Firefx32.exe
File created	C:\Program Files\Microsoft Office\root\Templates\1033\EssentialLetter.dotx.sux	Firefx32.exe
File created	C:\Program Files\Microsoft Office\root\rsod\onenotemui.msi.16.en-us.boot.tree.dat.sux	Firefx32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-96_contrast-black.png	Firefx32.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\officeinventoryagentfallback.xml	Firefx32.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxMailSplashLogo.scale-100.png	Firefx32.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	Firefx32.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_filter-down_32.svg.sux	Firefx32.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\themes\dark\s_close.png.sux	Firefx32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_x64__8wekyb3d8bbwe\Assets\NewNotePlaceholder-light.png	Firefx32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\MoviesAnywhereLogoWithTextDark.scale-100.png	Firefx32.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppPackageWideTile.scale-125.png	Firefx32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\Weather_TileMediumSquare.scale-100.png	Firefx32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\AppIcon.targetsize-96_altform-unplated_contrast-black.png	Firefx32.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\themes\dark\dd_arrow_small.png.sux	Firefx32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-32.png	Firefx32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubSplashScreen.scale-100.png	Firefx32.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.123\VisualElements\LogoBeta.png.sux	Firefx32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\eu-es\ui-strings.js	Firefx32.exe
File opened for modification	C:\Program Files (x86)\Microsoft.NET\RedistList\AssemblyList_4_client.xml	Firefx32.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\IC_WelcomeBanner.scale-100.png	Firefx32.exe
File created	C:\Program Files\7-Zip\Lang\gl.txt.sux	Firefx32.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailLargeTile.scale-400.png	Firefx32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\AppCS\webviewBoot.min.js	Firefx32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\LockScreenLogo.scale-200.png	Firefx32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\LargeLogo.scale-100_contrast-black.png	Firefx32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\MediumTile.scale-100_contrast-black.png	Firefx32.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\StoreMedTile.scale-100.png	Firefx32.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\da-dk\ui-strings.js.sux	Firefx32.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\AppxManifest.xml	Firefx32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\LiveTiles\avatar310x150.png	Firefx32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Dial\Filter.png	Firefx32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\GetStartedSplash.scale-200.png	Firefx32.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\OutlookMailLargeTile.scale-100.png	Firefx32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\WideLogo.scale-200_contrast-black.png	Firefx32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedLargeTile.scale-100.png	Firefx32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\SmallTile.scale-400_contrast-white.png	Firefx32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\he-il\ui-strings.js	Firefx32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\ScreenSketchSquare150x150Logo.scale-125_contrast-white.png	Firefx32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-72_altform-unplated_contrast-white.png	Firefx32.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\StopwatchLargeTile.contrast-white_scale-125.png	Firefx32.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\OutlookMailBadge.scale-125.png	Firefx32.exe
File opened for modification	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0018-0409-1000-0000000FF1CE.xml	Firefx32.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png.sux	Firefx32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-white\PeopleAppList.targetsize-96_altform-lightunplated.png	Firefx32.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\nb-no\ui-strings.js.sux	Firefx32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-96.png	Firefx32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteNewNoteMedTile.scale-150.png	Firefx32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\trash.gif	Firefx32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png	Firefx32.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\SwipeTeachingCalloutArchiveImage.layoutdir-RTL.gif	Firefx32.exe
File created	C:\Program Files\Java\jre-1.8\lib\images\cursors\invalid32x32.gif.sux	Firefx32.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\inline-error-2x.png.sux	Firefx32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\tr-tr\ui-strings.js	Firefx32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.NET.Native.Runtime.2.2_2.2.27328.0_x64__8wekyb3d8bbwe\AppxManifest.xml	Firefx32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-72_altform-unplated_contrast-black.png	Firefx32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\BadgeLogo.scale-125_contrast-white.png	Firefx32.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_gridview.svg.sux	Firefx32.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 3864 wrote to memory of 2364	3864	25c6eb273edceebb6b4d3f6d382a3890ab1b5575b0605e95e8c02375a5c83964.exe	86
PID 3864 wrote to memory of 2364	3864	25c6eb273edceebb6b4d3f6d382a3890ab1b5575b0605e95e8c02375a5c83964.exe	86

C:\Users\Admin\AppData\Local\Temp\25c6eb273edceebb6b4d3f6d382a3890ab1b5575b0605e95e8c02375a5c83964.exe
"C:\Users\Admin\AppData\Local\Temp\25c6eb273edceebb6b4d3f6d382a3890ab1b5575b0605e95e8c02375a5c83964.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:3864
- C:\Users\Admin\AppData\Local\Firefx\Firefx32.exe
  "C:\Users\Admin\AppData\Local\Firefx\Firefx32.exe" C:\Users\Admin\AppData\Local\Temp\25c6eb273edceebb6b4d3f6d382a3890ab1b5575b0605e95e8c02375a5c83964.exe
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:2364

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_remove_18.svg.sux

Filesize
720B

MD5
21c0faaf8a4a2b1a46291b568a4cdc38

SHA1
4f76a965e0b7d0fff6379ca66914f9f526a3f886

SHA256
34360660433d98510a134ba6f2f22cacc4a7109e8dbf3c8cc87f61e4db4bb215

SHA512
8247db4e87d17624c9e2c81315941176a551bdfb30cd324b719f6e0177d9bfe7be5c6f0f56d826efab490a947cdd2ba65ef07f303e65d77a80fd521415cf9eca

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons.png.sux

Filesize
7KB

MD5
c496d647cf23d50f20ad63863b324d51

SHA1
fd01375f166cee9e64fb59ade2122e179c91f9c2

SHA256
5cd258e0e45a18a2f743cd2e6739e9aabd515e96b1ac141d449041fb0812f6cb

SHA512
4425bdf11a6797e2439dbbbc957396d37c566ffc32f4a04b60dbb64de5eedc4a1529201747fab5345dcd719663e756e667df081c060ea774efe041e5d063f3ba

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons_ie8.gif.sux

Filesize
7KB

MD5
7034bad393a229ef843ff38811efe8dc

SHA1
aefbd3f992c31084a13d8c07466de4277e386ae0

SHA256
210f977bc4859fced371deb21c3baaedcf7880f63ae0a909d69f850a457558a0

SHA512
4cea5a06782912d6105a29e3bc0bb31fd106a53b2a4411fff1358405e495ee1b03b39a7998c4a47968bf9e48fdc0af7953f0aaaea7ab2de887df3dd55d0ad9a1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons_retina.png.sux

Filesize
15KB

MD5
116e30d68982a483b8d9b2718f4e74db

SHA1
6d094f6b3aa0d85b89c3966488e873a57d342848

SHA256
3e65fa264a08a69f2c382bdd179b74b2a1c5a83a54ea831d77deb64e483767c2

SHA512
02f8928d07c561276d61e977cdc0ea48d02b1390b0d0c5792dbc0c705db92250b5aa3bef27b3b8c5972425ca4b9fd22ff1662bb5534c4ce2339b7903a866b867

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\new_icons.png.sux

Filesize
8KB

MD5
974b24211868b7e671ab884f28fd8f19

SHA1
ea3f190b2c20b5f71819283ffd33de90f17b6195

SHA256
0a85a188f06b1bfa20433a60aa84de719f7da97aed290dabd6b3462ac1b99cff

SHA512
12cf2d83c78796f7381ec2e9db05aed4ea18882f5589f3ec902b3585afd4bd1fb80c785edfb29ef93e34d41dc2a8bbbaa376eadeba2e4be38dd259d8f2c73ba1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\new_icons_retina.png.sux

Filesize
17KB

MD5
24378ef9b85977067275a6ee8020df87

SHA1
f003f7a20be8beaf460dc018b3cba5986acc2a5b

SHA256
5436bf414883100114e3771fa2cdab16e3a2177eb72af63e384b8c721c18749f

SHA512
4b33c18e32d60e82644bd3ac29ff024194bf0aff5b8b1bd1535d33d08763459511be5c3f58435b606bef1545d9394e5195767d66bbfa0b1c83f053ec8b4682db

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon.png.sux

Filesize
448B

MD5
0b66ef5602e794f7bc47a9db0308b42e

SHA1
a1518cee5dcb3dcaf0805d9babfb99f5025e0c32

SHA256
99a0eb160b9c01b890e281e2b03553ed8ca56adf884c5d6b00d01c2be42b31f5

SHA512
3f1bc97c55fea64c25ead10ededf531d132ffe568e2f950736680796f8e5427a8157f618a0619809b6fd3ac12858a568532b221da610b7fa20993f70fea8885d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_2x.png.sux

Filesize
624B

MD5
f6c0e34e79f26aa1a180cc0bb38f7c89

SHA1
f9a677dac65b1ddc8134f3393fe703e559c4a523

SHA256
c912683926b1294eea4e8b2e0f3c5aef98869ad0c7456b72d0eb204e18e82aab

SHA512
45fa1063dc5c5a98aae755be77840a24fef9c6c708fa3ae43426e76f7241f337210cca231fbaa2eec6f3f01624413f126fa9592945d1d828f9228733f5519bb2

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover.png.sux

Filesize
400B

MD5
3cf7008bebad42339307763d59954716

SHA1
4c8d94c3252badd8408f319f69405de08e3c18dd

SHA256
7d65df45ef3a62d37be6ffca5df815a51b92c076e8d951bc64d75ac2a8e641d4

SHA512
60efd5ae5f0a33597e282ecf9b531477b31b0f5c34aad24019adb464c7e56b06a9e30153568e5c0264ac7e217e4f3fc22f15e76551b9197d98470f4314ef26c1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover_2x.png.sux

Filesize
560B

MD5
d3ee78dd53c3d7d090c1b315cfe70d9b

SHA1
5efb6f5fa85c90ed2dbfae84a6da6eb5d1e0602e

SHA256
559af1f11dfcdaef6013da3ff38ae05d5b9bd1cc97dabd0c3cbb555a0d60d6b5

SHA512
1c8809ed6b8c37380b997d2d2b4d4c3239a7a6318bf1149e93c0929f5a8410295bdb6409ca6f23efe885a17e267ff169e6616443bc546ccdeb57bfe1d84e7e76

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon.png.sux

Filesize
400B

MD5
9d7dd72e69b5b5346b89fc22cb9bb943

SHA1
7f20ff5f3dc70447dfd18e316e0e8947cc12dc04

SHA256
f2c9400c5268727b7f871b2b3fa14747d8e851fa07c416ce5097342ffac96866

SHA512
ec3b6b0635df75fdf026c9f530a042193f063507963bd54f8e0d0f9c68af561017cefb197bf7d8f653a24ca7c7a0621804c416cbeb6e7df57dd6d250ad1a583c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png.sux

Filesize
560B

MD5
eae2f5e5205b2695712ca06c000f4fdc

SHA1
aaee4714dc38c38fb48c7e772ee992979b7870e1

SHA256
1f19fd404ee573e60f146f650b93a57f239019e45e2ba9fd55f0b03653de3151

SHA512
eaca007ea89d97c8022518a3b8b668eb42d9238669f294865c4dddb9a0f1dc6a43aae89bf5ca75dc434591235d51e4d4c266838cb10f6d47d57cdddd0e9361cb

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png.sux

Filesize
400B

MD5
fead9021449ba4d70c9a2c1008bf354b

SHA1
6e42d923da36351ca86f73a3fb3e57f7ef0768fc

SHA256
f151d263386d9a7ab027870bf9245e66a24d494b021df2db6611787e73f56e9b

SHA512
517b1086a3f38c14682dabf3b2449e871ab3673ec148fcc374d15bd0699b3df86ea45db1574b59dde8acd725540dceae9204fa598b985cccfd60e1ac811374ac

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png.sux

Filesize
560B

MD5
f14236fa90adcb641c6ff9e0ac386ac4

SHA1
6b95310b64d04292a06b586b4aadc884394b3856

SHA256
299cfce447d8c14a3565212529e93c4bc241ce12ac0e5155c5502da5bd80ed51

SHA512
4d365d711b8cfc94e608a8ce932a8bf3c5bbf7ec5a1ae62f0aadfb0990f7684143575213f7606347acec4ed5d2a4070e87041ad2ce6790d45156e2292f7344a3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\example_icons.png.sux

Filesize
688B

MD5
9cf005844cdb8d4a33e5101ee652e488

SHA1
f2540bbd37469faea459bd8c4d3cfdf1b6828b2d

SHA256
0387267a812e8894cbd39d3341e66227932e64734f0b26edbd03604760e6ec2e

SHA512
3ed0972b687af56411c1ccb9c219fd4d20acbb100a96061bbe18dffc421c51b7dfd128de361ffdac9bad492b6ace9c59e89c18c744d1829635a80e16b027deca

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\example_icons2x.png.sux

Filesize
1KB

MD5
7fa2b52327ff0bd46d7daed042166584

SHA1
193eba808c01dc0cabba2044fd6e2e7e7274a748

SHA256
4940a5ae7c6a9079b3f5d46f03b9745ac00dabe947f93d59dce390f4800174e8

SHA512
4cc5c0ca02899ba0c2ed2ee80f165f2c0e62333a647cea50795e8cc8d8ab5a01c20e579a163a171d890158c8a3c85b8c81f66779d3a4fa976e4a47f10ae88a64

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\bg_pattern_RHP.png.sux

Filesize
192B

MD5
30e2b9ee5c260cc5d3e658149592bf48

SHA1
397fa04062c37fb2342c26ac2d35cafe49860a03

SHA256
c8c184453abae1028d07d3bb633c0a88c7715ecb7ae9d11fc132ed031a0b0ceb

SHA512
21151b697b61e3f685fa469e829c5d29a6d7cd31b671236e5010b1a6bebdae48c0906a36561a2a844caf348e09f64563356751390d48458ceb83c6841b9e080f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\bg_patterns_header.png.sux

Filesize
704B

MD5
7ca036acfc2feda9da5c3e5bc7bb4da5

SHA1
1714e8bcbc0fde14d5f1c9073661dedc07d10f1d

SHA256
a80dd08084d1915fd3f6e396954aab73fdc03fc7d7856af08b9fa70a3e2b22f0

SHA512
62e65a855b1332de5f6876d7e6ece18c4c40f44411b45689e392d56b7f4be52f81c4bc6966b8a03e24883bd974bfdb2ed893c1cb8bd31d8337ad9679c1789290

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\illustrations.png.sux

Filesize
8KB

MD5
9a3162dea40fa0c4d7525db8e2e1380d

SHA1
2ad2ffb91d1ca26e7c2ca11c97c22cc438bffc71

SHA256
fd15fe36089ed2483a9cfe8a427dcef7a5de6501c3e016e2c86592765bfae7b2

SHA512
07bfa3ff730ada74807419d7e8b79ae4eb3708d34a2c25a6e577cd75651ad2e880f50784afc7a4f1f6b17186b19fcc87faffde1cdfa6949e72ae665a20319fc6

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\illustrations_retina.png.sux

Filesize
19KB

MD5
7a23a4d7b9bb6d9eb40bf466585dee1c

SHA1
c3b99f5f166a40b95ba6f888d0a2156f413d2f3e

SHA256
2427ce05c7d1c081f490c8065c4b3d394b5afe988541f03538734c5009cdc9cc

SHA512
6362e531aab7e09d920237f46f73d9fcc5a8c34b86207d91ee5c7de3c3ecb2e11cc78e0ef6751be4ef667a210d6af292ae1a8e48e44eb9ed993eaaece0471818

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-gb\ui-strings.js.sux

Filesize
832B

MD5
4c4a48ecc2c7aa38eb006ec6371a13c5

SHA1
4cc9f7292af0a75d01b1b6c413999f88d7ca2fc0

SHA256
23013643709107b90f07183ec2f258a59134595943a22dd045563f24099c94cf

SHA512
9eb2b783683f809ac445bcd6ac23512c2e61dbea2d55ac58bbbd8fe3579ad5e67fcce536890314b8281e7abaae232cf69fea9791d5c31987af6a42282550ffb4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ui-strings.js.sux

Filesize
1KB

MD5
3cda32c6a88d337439bc289a13d2f063

SHA1
175a319085d810153cae4440e19ab7970f0d2d95

SHA256
2aa8da2ebdc0eaced1ace0f97d3d0b4317961f7e00ecc6c821f4634be3887713

SHA512
5afce555199075d909802ab530571a0cfd2a0289c02f55268e33a228200b44ca20ce0de70b9ca7ebfde644aef8486f664351a100c67be41f76e3e6b631d3ddea

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ui-strings.js.sux

Filesize
1KB

MD5
17208047357e251d6b876cf738cbe9e7

SHA1
53d9cf550a4106460c8c6e72302ec0bcdf9a7bf0

SHA256
8a78d3dc1e98a56e589bb878bfd82d5c39c988dfeb437b48ef2d9ddde19c097e

SHA512
ea949db8e490c925464cd667205f0824651769af6464a93afaebc42e6a16fc472fb732241cad022f0644b0246cc1c2d84c88b08e38cd4f62fd2cffede5a3c0e4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\bun.png.sux

Filesize
2KB

MD5
f6256a575ca25c5a8b158a242527921a

SHA1
67174cdd13edf27d5c2ac09fbe7f5cb3232d9a7e

SHA256
c76552b1afdfdb230ca5260cd4b05184c44eadd8230468f613c114d66fe3857e

SHA512
f418c6a587e320202100dec4b627c067f6292fdd294e9e020e088d66df9191f3b816cce74a3fdbb45b9fb329dd63a796e5bd66179ff93a3c4c64874f8ff2d497

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview.png.sux

Filesize
2KB

MD5
85bf68fb4d50289f665bb6620a193b33

SHA1
e7dcf3a7d7ec1166f0f082c99843b2b2080f566c

SHA256
39671079482bea0d9510e145913f0f773f7c38d06683e78e953f215e19e0a233

SHA512
46c212b68c9783c3624a4bee88c7b80cbf30eb96e4a586bad1a7bdc0c0c7652e2facc6a6d1fd26af1b1dcefa9c53091e6c6ec9521fca5c9146943c6e68cbaafb

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview2x.png.sux

Filesize
4KB

MD5
be83145c81e70e46e1469bd56fc1f34c

SHA1
6552c6664e2d394c00f56cf85451aeee4db78975

SHA256
0433a7473a3085f18544b9a552400f2645ef0467daccc41c0df0210844ed6ae7

SHA512
883db98d1a253463b4fadfd167acadf0b1b42a53d60246ef7bce8c3ebdccaff849ebb9199ee5d40bb9a812e106fc51268124612d653480a1ac91071ebd421de5

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small.png.sux

Filesize
304B

MD5
30ebf39b6dfaeca598c01a8eaf35291a

SHA1
8750df916a1b5bee77a950e66df783bc7be4fb9c

SHA256
dacce43ef882bbd47de6b01ea4545ddb836f2d3dc315be91be13284f4ce4d6fc

SHA512
0b2e2a00c6088ff61407eb9df4fba3533619327483aa194d8e16f1d72a0a63437d4afad6af3c67eff54dfa4bbbcfbc02bee7bb0f3be75c5eff0aa4b2ef8dfc27

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small2x.png.sux

Filesize
400B

MD5
96a822016a5d4db1d5ff82c30b7aa9c2

SHA1
d52f6a386b45aa26afd9ecfe23854a2ba22a5129

SHA256
064ddb302ecf285bb1d8b6ac91a38c40c8eabd3983a793dbcf7a7b915a342a0e

SHA512
2df2885b78c82da1b5c44fd8c0394a5379df1d7db24f9ea81ff5ccf9604d52f61ec9d14672e3e01d73706662e0ae0034eb8b2459d478835edfc1f281ea536edb

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\nub.png.sux

Filesize
1008B

MD5
2558d2ff9f13d4bcc68bc32b50bbac21

SHA1
ff1c223fb4d1c3f311a476e2a4b3b7abb03f1ea7

SHA256
c7393d662103935d109ae81e7a3cbb61e9577706a4fee3c301512da8508d259a

SHA512
168eb8ace89fb2c25518270a4a42f1b231ee7ad059d7a32aabea4493a25d974b15018e3a8b68d529af62a38c9b078c0b64955ab48338bb9384d4a5a4ae796553

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons.png.sux

Filesize
1KB

MD5
cdaeec5e0457008500355aca83facf12

SHA1
3bf1415b1a50b6caf844ec6f6c3fd4ce487d1886

SHA256
b4bd74c5d6298932b963c7d9e379f906de7c2e7e058a9df9b6ab897de0fcf0aa

SHA512
283ce945c5b81f1aa4fddd8aef7cf00ea153c3615023bea74f5d55d940d0ed0b4ed116604f71c2a939926fa242e8fd6d9ac6f03c95fc8f36d17a5b8ea69a51d9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons2x.png.sux

Filesize
2KB

MD5
564c149c4e452f8a03612c0dfeddebd5

SHA1
14ce0f490cb83a78cbd37c193ebbc1f05fdd86c7

SHA256
a41acf7b864d06ac69ae9c3c3bc82accff70ad7fdb6678ffbb2026f33559599b

SHA512
90fa9771733c3a30b9900bee66c5d483152c2d46f448f66bf42a15dccf5d0d888b194bf50a53562e9f62acfe0c05d266896f746f40b964482903228bf0c2279b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\nl-nl\ui-strings.js.sux

Filesize
848B

MD5
0360337a25ef8dec2663ff26ee5f31de

SHA1
b2e1efddae7692a04a775c4fceef08163201b033

SHA256
797dbf0f8ab613cf526062d08414c210b91ca59abdb35f334eab522692536747

SHA512
512e2ee64001301effff01c0c26c91d8420a146b995838ebe3eb040d9658926f0b4e0f0c5e86c227f867230bd0730f882ef20d77fba49d4e842efc0cb13d2361

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.sux

Filesize
32KB

MD5
889171521a6bafcea0f8795e4339983f

SHA1
1903f17dff23f40bb75c1db4c26791fcecc28640

SHA256
b6fb54107272f905bcd7e2d946a043fd12bb03f6d82d30d19ee644eb8d900799

SHA512
d8106da4c4c7db2b462e6f41a05753e1a5d3b14223b2bf204171b29a782660f6c1c163fb9063c77423d71744845f043b663ecbecc6ff7ac5546d15f9297b0c8f

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\invalid32x32.gif.sux

Filesize
160B

MD5
5b326b71d8037583d8e5089f1545d147

SHA1
9094b79da0269550935b5a440edd7229ce62a511

SHA256
ae12f342841b3e33dc82dd2da45c33809e454d7495386bda05a19549487588a6

SHA512
c1423eb5e81ed881175f88f3fef0b960561ffda2fa496d1abf21bec67e438ba305ffc83a802497b9ba08db2eb5a76e20fb3aa17732b61e9a3bfddcd3b145ce1b

Download Submit
C:\Users\Admin\AppData\Local\Firefx\Firefx32.exe

Filesize
141KB

MD5
5ae42f93bb14b553f52bd15845b0992b

SHA1
f390fab5e976495686e13bac55fb7c6600cb04f9

SHA256
25c6eb273edceebb6b4d3f6d382a3890ab1b5575b0605e95e8c02375a5c83964

SHA512
d3b9494e1d5ee9c20ca019d5e65f1fa83f3b3ee875001c3a5abf36503af4b94fc2bd8e75fae430b7c0b94d74f7e23ae3af228ee8602e7ee685d9e7ddb1ec3858

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.sux

Filesize
8KB

MD5
a28595721cac5cad0c4f8176faa63490

SHA1
c76c778cdfabf9a1977e9b284ff1e4f0a5a8c9ed

SHA256
586254d6baf51f41684a547e8a27e70a9493808d5e7b7d64d23fd4b750b84568

SHA512
6d3411282aa3ce7cff6cc33d4f12ccb69423396ec3b361b689a90fe9f60b908dd44da8ccdb5cf5ca3970a5251cb65bd2bfcb97ad0bb84f0b3ea186d5101ba0d7

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{996ee04c-1f48-452e-b360-441b39aa9853}\0.1.filtertrie.intermediate.txt.sux

Filesize
16B

MD5
7da72dd349b6c936d9b90141f032dc43

SHA1
1a40708dffe513147c38f4167a6bad17668d3cad

SHA256
28f6a9936f5623ea91f9f78930ebe2f7fc7fe0d8e0f2439c7f920c749fb87004

SHA512
7e9366837f637f2753557c4b4492f9dcff3a339f36e72dbde67d51d70814a978bdb18180e30b509bf353def57bc4b081dd6e6cb9484ee7bd66d95dd1de261af4

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{996ee04c-1f48-452e-b360-441b39aa9853}\0.2.filtertrie.intermediate.txt.sux

Filesize
16B

MD5
15c32341a0c0fde367708eff952bfd3a

SHA1
9bc12cf71359aeb0ef38bd6ae38e2ea320f54657

SHA256
f3b5c622ae0406316663be09965ccb6322f900171ded7b1e8b86eeb50a3afe1b

SHA512
5e2cfc94cc4f042e7253cc4ec6fb98f202a7ab899d244afb189f8ebcdb06b874b385ee685acb135ea4a7c32503328f754d0866ea596ba45bae7379da86875eee

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133670754071440191.txt.sux

Filesize
77KB

MD5
637cf11b070115a325070ebbb31b3afd

SHA1
fb47f15b87b1149fda6fd5f7327cb7f0ad288922

SHA256
353d8e458c88f416e2591f29fb396289ad734d778f71bb8611d4d85ab1e5f3e8

SHA512
5a6e269a37a199008b2969e3db27fd235ec6ccfa9ce7dd2d80fa5e681c35e09c93d2ed6fffc85ec91ca35ab3ff8ed69b4d55209227b763e9045c104daec7ecf4

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133670757193503748.txt.sux

Filesize
47KB

MD5
e23030e8a76a8d79abc3020cbf1c60f1

SHA1
88271411d6e9f6c6c467ab64cc1662bc4708dd5a

SHA256
f2774b0e53ea7c371b63f9c60e771e2ef959fac841832ffe4fd90278ee43a8e2

SHA512
b07064716da61aac529bed479b7d47bc24de1bf69676dfd962985434070d2a1b8fcd14fbd3ebcbf75bcde12ef6b2287fe4a461e1ca8b3ea3f522fbf7c38456ba

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133670763096491428.txt.sux

Filesize
65KB

MD5
bae16aa2b4f48b7f41c9a3fb98f9f154

SHA1
e24a6b78b8ccbe610ea1302c470cbcbc4d54a7f7

SHA256
51e58383cf8585817e34a31a648ab91bbc851974f056b85203696c35f4280885

SHA512
9ed682928670d868408229b10b625686e2bd8baa1f48ce85835450b2a719ad3e9435acea415ce1696a9d008e2b188259443077310b67ae5e222d765fd67e9845

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133670803408587226.txt.sux

Filesize
75KB

MD5
eef697599db0b91d5e890de0efc25f9b

SHA1
7411b7759984457368dc0f0cdc1e113d7ab1d47a

SHA256
67c787cd58c5dc256ab25980127cf8ce7d41349d1de70238e9834e177ae480af

SHA512
daf145747d313974e5806c7746a09f2d3896365ed2df2be003c7190303aef7ed38694bfac8adcba164ab75ce09321114a048deca8454a60f36f87205e6c90b4f

Download Submit
C:\Users\Admin\AppData\Local\Temp\{3A53D03A-4D92-4E09-BF02-9A6042E71CD0} - OProcSessId.dat.sux

Filesize
16B

MD5
e5e33914546cba9e511ec3b2931d9bda

SHA1
e8294b9f6e00a0161fdbef75446c126fd03cb524

SHA256
0a329d31831bc64ddee858d5afd46235a5ea7a34d13b7a9c11c5b1ca1cbd25ac

SHA512
f54bd3b3fa873318cfb132cc96328ff25bf9cc57097393ced2c775797ecd3eb22c20b215edcd39737f43e0cc5a1e102d8fe17b5feb156b92fd0a48519b1fc580

Download Submit
memory/2364-269-0x00007FFC3A5B0000-0x00007FFC3AF51000-memory.dmp

Filesize
9.6MB

Download
memory/2364-21-0x00007FFC3A5B0000-0x00007FFC3AF51000-memory.dmp

Filesize
9.6MB

Download
memory/2364-3789-0x00007FFC3A5B0000-0x00007FFC3AF51000-memory.dmp

Filesize
9.6MB

Download
memory/2364-23-0x0000000000970000-0x0000000000978000-memory.dmp

Filesize
32KB

Download
memory/2364-22-0x00007FFC3A5B0000-0x00007FFC3AF51000-memory.dmp

Filesize
9.6MB

Download
memory/2364-268-0x00007FFC3A5B0000-0x00007FFC3AF51000-memory.dmp

Filesize
9.6MB

Download
memory/2364-270-0x00007FFC3A5B0000-0x00007FFC3AF51000-memory.dmp

Filesize
9.6MB

Download
memory/2364-3788-0x00007FFC3A5B0000-0x00007FFC3AF51000-memory.dmp

Filesize
9.6MB

Download
memory/2364-3785-0x00007FFC3A5B0000-0x00007FFC3AF51000-memory.dmp

Filesize
9.6MB

Download
memory/2364-3784-0x00007FFC3A5B0000-0x00007FFC3AF51000-memory.dmp

Filesize
9.6MB

Download
memory/2364-20-0x00007FFC3A5B0000-0x00007FFC3AF51000-memory.dmp

Filesize
9.6MB

Download
memory/3864-19-0x00007FFC3A5B0000-0x00007FFC3AF51000-memory.dmp

Filesize
9.6MB

Download
memory/3864-7-0x00007FFC3A5B0000-0x00007FFC3AF51000-memory.dmp

Filesize
9.6MB

Download
memory/3864-1-0x00007FFC3A5B0000-0x00007FFC3AF51000-memory.dmp

Filesize
9.6MB

Download
memory/3864-4-0x000000001B410000-0x000000001B4AC000-memory.dmp

Filesize
624KB

Download
memory/3864-3-0x000000001BA50000-0x000000001BF1E000-memory.dmp

Filesize
4.8MB

Download
memory/3864-2-0x0000000000D90000-0x0000000000D9C000-memory.dmp

Filesize
48KB

Download
memory/3864-0-0x00007FFC3A865000-0x00007FFC3A866000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads