jigsaw | 31823040d8ccb20eab0b8653d01af370a6537017e69ead69f6f7b73d6ef7ac14

Analysis

max time kernel
149s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
16-10-2024 08:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4c153eacdfa8807f1c8fd98e5267da4b_JaffaCakes118.exe
Size

2.3MB
MD5

4c153eacdfa8807f1c8fd98e5267da4b
SHA1

ce42e2c694ca4737ae68d3c9e333554c55afee27
SHA256

31823040d8ccb20eab0b8653d01af370a6537017e69ead69f6f7b73d6ef7ac14
SHA512

b2352099a41460c5c210774e5e63f85bd3c8898b58a3348444b35f233fdac50d2cedec68b7695a10109c3493f430c1e85fe039352d66756c5f6f9e9b0793d851
SSDEEP

24576:oF0rCLbf5rqziUnd5l1kqo/wvX0muSOcFjiWrO/iK1ubRM24RWCJG6h/ekExcZ4R:q607QiUnx1k4B9iWrTbi2AhDRek1Z4

Score

10^/10

jigsaw persistence ransomware spyware stealer

Malware Config

Signatures

Jigsaw Ransomware
Ransomware family first created in 2016. Named based on wallpaper set after infection in the early versions.
ransomware jigsaw
Renames multiple (3739) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation	4c153eacdfa8807f1c8fd98e5267da4b_JaffaCakes118.exe

Executes dropped EXE 1 IoCs

pid	Process
2388	drpbx.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\firefox.exe = "C:\\Users\\Admin\\AppData\\Roaming\\Frfx\\firefox.exe"	4c153eacdfa8807f1c8fd98e5267da4b_JaffaCakes118.exe

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\assembly\Desktop.ini	drpbx.exe
File created	C:\Windows\assembly\Desktop.ini	drpbx.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\FrameworkList.xml	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\libs\require\2.1.15\require.min.js.kkk	drpbx.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\en-il\ui-strings.js	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\it-it\ui-strings.js.kkk	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_x64__8wekyb3d8bbwe\Assets\tinytile.targetsize-24_altform-unplated_contrast-white.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-48_contrast-white.png	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\selector.js.kkk	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\SmallTile.scale-400_contrast-white.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteNotebookWideTile.scale-400.png	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\hu-hu\ui-strings.js.kkk	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.scale-100.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\BadgeLogo.scale-400_contrast-white.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\RTL\contrast-white\LargeTile.scale-200.png	drpbx.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\nl-nl\ui-strings.js	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteAppList.targetsize-48_altform-unplated.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-80_altform-unplated_contrast-black.png	drpbx.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\resources.jar	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNotePageMedTile.scale-100.png	drpbx.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_delete_18.svg	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_anonymoususer_24.svg.kkk	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageAppList.scale-125.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-white\MedTile.scale-125_contrast-white.png	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files-select\js\plugin.js.kkk	drpbx.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\ca-es\ui-strings.js	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Download_on_the_App_Store_Badge_pt_135x40.svg.kkk	drpbx.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\osfFPA\addins.xml	drpbx.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\da-dk\ui-strings.js	drpbx.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\images\themes\dark\checkmark-2x.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\Background_Safety_Objects.jpg	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\Win10\Classic\Klondike.Wide.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Generic-Dark.scale-250.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxGameOverlay_1.46.11001.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\GamesXboxHubSmallTile.scale-100.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\Scrubbing_icons.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\OrientationControlInnerCircleHover.png	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\ro-ro\ui-strings.js.kkk	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteNotebookMedTile.scale-125.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageStoreLogo.scale-100.png	drpbx.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Times New Roman-Arial.xml	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNotePageMedTile.scale-200.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarAppList.scale-150.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-125_8wekyb3d8bbwe\AppxBlockMap.xml	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\AppList.scale-125.png	drpbx.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\da-dk\ui-strings.js	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\themes\dark\illustrations_retina.png.kkk	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\ca-es\ui-strings.js.kkk	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\en-us\AppStore_icon.svg.kkk	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_2.34.28001.0_x64__8wekyb3d8bbwe\Assets\MixerBranding\mixer_logo.png	drpbx.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\pl-pl\ui-strings.js	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedSmallTile.scale-100_contrast-black.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2018.826.98.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraSplashScreen.contrast-black_scale-125.png	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\fr-ma\ui-strings.js.kkk	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\1850_32x32x32.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.contrast-white_targetsize-72.png	drpbx.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png	drpbx.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\sv-se\ui-strings.js	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\root\ui-strings.js.kkk	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteNotebookSmallTile.scale-100.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.SkypeApp_14.53.77.0_neutral_split.scale-125_kzf8qxf38zg5c\Assets\Images\SkypeMedTile.scale-125_contrast-black.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2018.826.98.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraSplashScreen.scale-125.png	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\images\themes\dark\s_radio_selected_18.svg.kkk	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\fr-ma\ui-strings.js.kkk	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxAccountsStoreLogo.scale-100.png	drpbx.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\de-de\ui-strings.js	drpbx.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	drpbx.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\assembly	drpbx.exe
File created	C:\Windows\assembly\Desktop.ini	drpbx.exe
File opened for modification	C:\Windows\assembly\Desktop.ini	drpbx.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	2964	4c153eacdfa8807f1c8fd98e5267da4b_JaffaCakes118.exe
Token: 33	2964	4c153eacdfa8807f1c8fd98e5267da4b_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2964	4c153eacdfa8807f1c8fd98e5267da4b_JaffaCakes118.exe
Token: SeDebugPrivilege	2388	drpbx.exe
Token: 33	2388	drpbx.exe
Token: SeIncBasePriorityPrivilege	2388	drpbx.exe
Token: 33	2388	drpbx.exe
Token: SeIncBasePriorityPrivilege	2388	drpbx.exe
Token: 33	2388	drpbx.exe
Token: SeIncBasePriorityPrivilege	2388	drpbx.exe
Token: 33	2388	drpbx.exe
Token: SeIncBasePriorityPrivilege	2388	drpbx.exe
Token: 33	2388	drpbx.exe
Token: SeIncBasePriorityPrivilege	2388	drpbx.exe
Token: 33	2388	drpbx.exe
Token: SeIncBasePriorityPrivilege	2388	drpbx.exe
Token: 33	2388	drpbx.exe
Token: SeIncBasePriorityPrivilege	2388	drpbx.exe
Token: 33	2388	drpbx.exe
Token: SeIncBasePriorityPrivilege	2388	drpbx.exe
Token: 33	2388	drpbx.exe
Token: SeIncBasePriorityPrivilege	2388	drpbx.exe
Token: 33	2388	drpbx.exe
Token: SeIncBasePriorityPrivilege	2388	drpbx.exe
Token: 33	2388	drpbx.exe
Token: SeIncBasePriorityPrivilege	2388	drpbx.exe
Token: 33	2388	drpbx.exe
Token: SeIncBasePriorityPrivilege	2388	drpbx.exe
Token: 33	2388	drpbx.exe
Token: SeIncBasePriorityPrivilege	2388	drpbx.exe
Token: 33	2388	drpbx.exe
Token: SeIncBasePriorityPrivilege	2388	drpbx.exe
Token: 33	2388	drpbx.exe
Token: SeIncBasePriorityPrivilege	2388	drpbx.exe
Token: 33	2388	drpbx.exe
Token: SeIncBasePriorityPrivilege	2388	drpbx.exe
Token: 33	2388	drpbx.exe
Token: SeIncBasePriorityPrivilege	2388	drpbx.exe
Token: 33	2388	drpbx.exe
Token: SeIncBasePriorityPrivilege	2388	drpbx.exe
Token: 33	2388	drpbx.exe
Token: SeIncBasePriorityPrivilege	2388	drpbx.exe
Token: 33	2388	drpbx.exe
Token: SeIncBasePriorityPrivilege	2388	drpbx.exe
Token: 33	2388	drpbx.exe
Token: SeIncBasePriorityPrivilege	2388	drpbx.exe
Token: 33	2388	drpbx.exe
Token: SeIncBasePriorityPrivilege	2388	drpbx.exe
Token: 33	2388	drpbx.exe
Token: SeIncBasePriorityPrivilege	2388	drpbx.exe
Token: 33	2388	drpbx.exe
Token: SeIncBasePriorityPrivilege	2388	drpbx.exe
Token: 33	2388	drpbx.exe
Token: SeIncBasePriorityPrivilege	2388	drpbx.exe
Token: 33	2388	drpbx.exe
Token: SeIncBasePriorityPrivilege	2388	drpbx.exe
Token: 33	2388	drpbx.exe
Token: SeIncBasePriorityPrivilege	2388	drpbx.exe
Token: 33	2388	drpbx.exe
Token: SeIncBasePriorityPrivilege	2388	drpbx.exe
Token: 33	2388	drpbx.exe
Token: SeIncBasePriorityPrivilege	2388	drpbx.exe
Token: 33	2388	drpbx.exe
Token: SeIncBasePriorityPrivilege	2388	drpbx.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 2964 wrote to memory of 2388	2964	4c153eacdfa8807f1c8fd98e5267da4b_JaffaCakes118.exe	87
PID 2964 wrote to memory of 2388	2964	4c153eacdfa8807f1c8fd98e5267da4b_JaffaCakes118.exe	87

C:\Users\Admin\AppData\Local\Temp\4c153eacdfa8807f1c8fd98e5267da4b_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\4c153eacdfa8807f1c8fd98e5267da4b_JaffaCakes118.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2964
- C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe
  "C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe" C:\Users\Admin\AppData\Local\Temp\4c153eacdfa8807f1c8fd98e5267da4b_JaffaCakes118.exe
  2⤵
  - Executes dropped EXE
  - Drops desktop.ini file(s)
  - Drops file in Program Files directory
  - Drops file in Windows directory
  - Suspicious use of AdjustPrivilegeToken
  PID:2388

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_remove_18.svg.kkk

Filesize
720B

MD5
29a408170ffe16e9e29ac5727962195d

SHA1
1c37d8242159d376cbb4821b5db65b9fd182c210

SHA256
6c51edc47a2807addebaa82a37d7d641068f1f63a31b7b99a4a9dfb8e9800691

SHA512
a625c6a010dce4ac37ee098e487c4e6634042985b69f7d2f99a38d350684ffe82593d5c3869f2c736821ddeaf04dbcda968674a6132131133fa0e21e5d734f59

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons.png.kkk

Filesize
7KB

MD5
2ebfbb36a79471f5710188d276e7d03c

SHA1
b774f47d5d0e043070bac8caadfd962e12242e6b

SHA256
cb52aae0724d4e958b7b3472c067f6c4315f4a73e7a784939450d34f33f454bb

SHA512
8eae9f50ec7bb1d3cd89e06278a1b7581eeeb858687adfa653186e2c7d722cd3f54359eb728945564a0b79776869140e086199bc14775c0860bbcb2a9d4d4627

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons_ie8.gif.kkk

Filesize
7KB

MD5
06f03686581599505887047735aad07e

SHA1
f3076888652e3bcc4fadd33bc101321b2e402494

SHA256
76ed85b29798700d01fb167a93d7368e1ab617e64797b76f3f49c248fa033898

SHA512
755b5253c9fcf0f95383b1eb6cb15dc996f503595e81c5af0fa6a3b6d4253429f1fe000279cc961ab35f59322acdbad226c16795405764239fa1db8dd9c9abdf

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons_retina.png.kkk

Filesize
15KB

MD5
93463a6765e65056c87ce3822cac2907

SHA1
d544758b93403ff5fcdc36af0e2cd5888939c5b7

SHA256
143b5d0e5aad18e43067d7427c08d7be0f45d2315c4e047208e38f9364fed193

SHA512
f5fd7681275a9e7930101d0c44d6953cfe6b87dcbca7171ce9bd1d5a05d99cb248c84c3c710b5e8a312bc6076e4c710f98d48d81938e4cd4389b1035fe43ba10

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\new_icons.png.kkk

Filesize
8KB

MD5
c689f5ee91a3ad650dddbe269fb91298

SHA1
de973b1c7d4e72cc4768779eb39c8a49604c46b0

SHA256
960cf54856c67209a7f72b7e7a17757741eb3292e4f1d3c440be83a354cfa5cf

SHA512
4644dfb5e6db3c427aa387c19e1020a55695e5802cb8c7731129dd44d5c6b07ec55208fcced555120f725dc98a8b2c89f14d9ca756da9361dcf8bc93717b37d9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\new_icons_retina.png.kkk

Filesize
17KB

MD5
bcb909053ff2ff38553678ceaded5bd5

SHA1
a74b633d1282fb2fe2730474a01976f9c45a7de8

SHA256
6a666ae7367bef8cd52e2ef15a93e6b69316499fba56622ca9de7c289dc87ccb

SHA512
4cae019c28ec62ba880f84ec62c96ac5c2d8010effe58e5926fadd3e19377d249bf13e6adc80912ed98c3eba65f1f6f41280d4055d833fe3d28a07588d88e98a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon.png.kkk

Filesize
448B

MD5
9df060250e40980abc61d0b48728d4c4

SHA1
dc9e791a795079dd715b4ccea94b08715e53a59b

SHA256
991bf0fbc8783bfc4e13202e8dd9a7586435834e3b2a46160dfa3f37d413692d

SHA512
90fcac1ed3fd1e573849aaeb770f4d4d69b430d8e29c13f706fa955c2772ee537fe368b9371bdcfa7f07e595e87367864dfaa5a290474e8b1871e309f2ca4d63

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_2x.png.kkk

Filesize
624B

MD5
c0addc6e84ea4ea99f2305668be3cbfa

SHA1
8ddb58ae89ecfa2bd97a57015a9c3d00fbe9c183

SHA256
4784b90849e8a8a643958c9f82e408477001a4ae18551569e6c79602c1ec8c5c

SHA512
6bf20b7c3a13472f2125aec7292f17dd1d903d0efdfcc7149a76e566f9045bade672502c1c37d9d179db2f474934759c852b586f98400071fbda352080258cd0

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover.png.kkk

Filesize
400B

MD5
666aefad45f46d6853942c2b95c3ae10

SHA1
4afcd7e7212e5bc2fa8c4d7a0ecc77d806852d08

SHA256
48de13f3fa2edb30f17aea3620cf5580677ba1849d97f2d2ca5ed4201980cbc0

SHA512
8e4342045ea12364efbf330918cd38ebb32945ed2777cc7b1bbfa9b4f6f6870af490d10a5bbd8352ce31a1b6e813bfeca0a02abc80f53050737f05985259faf7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover_2x.png.kkk

Filesize
560B

MD5
139a62653e6657745091a60530914484

SHA1
70916e4f2f1fcde07a036cc18ab0fe682ffd9c81

SHA256
591d63df9400e7ad3e81a3fe9b2da472bbea73cf59aaa3dd9be9702153b305e1

SHA512
fd9e767e53f13aa701119fa5a1bf436b8e357cb01ac5e9eb6bc0222c9ddca15e9a40266d3509bdf4ed2e7e57e3b14a67056fffc3cec76a89f8dee9858aca9320

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon.png.kkk

Filesize
400B

MD5
95b2ccb8c1bceecb1e205a7873d86e36

SHA1
8943ee85f7319be77d1b234b8eb52bc76cdb4a60

SHA256
e470cfd620db9961285f982ea7df4c02add4cf13b9ee2c9d66625eb7f7880ae5

SHA512
19f19d4964b55a504335c3f100033cd9ef5385d538d7bdab18438e6a7e72afc02be40d3038bab8361eade8e0d131d8f15ffa7b37a662c5ffac5dbf9265b2552c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png.kkk

Filesize
560B

MD5
647203592e26f92c93396df37cb20724

SHA1
7dd45d5c9728452a2fe5b7d7c885a4e630435341

SHA256
aa797faa0fa7225b1d49e26fc7ff2eec5011c05d2a831ded970255df22c70b81

SHA512
32383c1dbaed0d178c070034f1186a5e4b032323a2017546ac552fd1b50550926b782c1c4e956e173866de306756b7cc6352c49f506bec074268846b0c820d4e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png.kkk

Filesize
400B

MD5
d44a13706db694a304ad90016adede5a

SHA1
a3a163564f7d70846702dd4c86e21b35a54283ed

SHA256
4086caacf845109ee04978330ddfc983f9f854ca20ed4b1e1e0de099da92fb43

SHA512
c1e39b2f1fc4d02e44962383865ec3b70c00dad77e3c795d633116dfbc550a08a146ec2ec47c58937ec426fe004d97a658e9c474de37b1bff6e613b28366e37d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png.kkk

Filesize
560B

MD5
b1b0dafb860c7217d3055d0f933081f3

SHA1
472252976b360261f977b471e56cbe30cc8aef3a

SHA256
8df508c0ac3d35f8302e97f273d780d8205b9410a924df4455959911e58fac55

SHA512
13d9888220dd307496f02cf37b024fde3aefc71d2d7cffc4890ddc7548dec7e872521a38c473f1eac9d4df09ab70651f8ce7de70a6a60d4a08201e1642fc8728

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\example_icons.png.kkk

Filesize
688B

MD5
71beddf5e6b987d95ff93064ecd1b28c

SHA1
0cbd3304ea405193b3b704aa14a1b5ebc9bcb6eb

SHA256
b279485b869bdc7a872e269d6f96058bdd26ce43f9fba617103b5092b5f4da02

SHA512
dbcadef4c108e9e090cee4049431dc0fc06082e8c6221845646a94c504024f6d369cfba0b1c63b2e63bdd43076e35d46a72c0b61c03a9baf26b4ed63430a485e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\example_icons2x.png.kkk

Filesize
1KB

MD5
5f3d9f0e6d3205c2a42e36e74ddd5135

SHA1
963b55d7f03d00361b8f6b7bfc2ee192db6d2397

SHA256
62d7ca0c341425e48f2f935122742861aab1b82d925e36279880c90c22afa686

SHA512
baaa1a9a5b160469319c0e4d81aeccc03de0ac0744897dfc8fe661590213c8c824be93a7897146b429df796c60e2ced98c0d61dc94ef0a4d6b6caa8faec10b2b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\bg_pattern_RHP.png.kkk

Filesize
192B

MD5
3c8831c9282918db2fd0b8b908faa569

SHA1
866a0f6c39467156142ce428400a6f6198af063e

SHA256
5de4b1c143d50c427cea38380fd2a5ea6166e5e9adb8059ecb70bbae193121d1

SHA512
23185d5b81a6d4b4e1b9d6ad2be10bef860da9149a4ed00c78052d66abee312bc0d66d0bbe6c2cc2c1f3760aada94f9716f953e479ac4be4bab5cbc021857ff8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\bg_patterns_header.png.kkk

Filesize
704B

MD5
29063541403d2c6472fc14f04f0bf55a

SHA1
d1d0ecd570920f826461b04fb2e31ef9b3896285

SHA256
700e5f564c857c033b462a905e0329e1e3864191f251aa778e590b132438fcb4

SHA512
8818acfc36214faaf33b8e110c51c43422ee7a6197e4e2f21cde9f62ff0cc277451e1974b383f69135d773c54a0b43c939588f9b5d42020964b6d9cf0eb4c441

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\illustrations.png.kkk

Filesize
8KB

MD5
5bd48a40cab8f44d2461c0613d332684

SHA1
65c2bc325faf10e531633518d7d335658de90707

SHA256
af2ae9548058151f6b56da0c29feb27f9402ef0a0dbf935d29d1c1304591b809

SHA512
f96c3f732534455e2fb51b76ccee5a0d076d943c0e8b93095a4fdfd37ddb3fbd77e8415adf30158599b87ab2cf941b864f6194339b70e024a51b1c86638f0a5d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\illustrations_retina.png.kkk

Filesize
19KB

MD5
5440afcf6f581cffaf3ee6d96096d764

SHA1
3b291d0e5f54b8e60b2ccb0f18a7a446bb358a17

SHA256
1a6c8c6795ff7796c265a2615be0ed7689296031f287e139df703def01a99505

SHA512
6d1da555ef190c0117a92b03fd0bdf1927f4b66bef1c8f9e653e47ce36148045717b1f57bd21e3699a27287f6361bab33629bf3ccaa49a8d8a71fdb25b2a6431

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-gb\ui-strings.js.kkk

Filesize
832B

MD5
cad31bdd810cf0a5ea27e477bf36a71c

SHA1
64f7a790bf1ab10881141d94c3105ee0d0db4912

SHA256
1169a53a5b985233b0e4702ce118c58962f4764762a36a909265173d0f3a6a23

SHA512
059566e97f21c4df8f10bc274ca05d074591f47d0accd1f6969ea98df0a7f763e596b058a1e7f837dbe302fc1583f111029158cbd648e5aef33c725b8be540da

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ui-strings.js.kkk

Filesize
1KB

MD5
f5bfb177a12b9f20f0dae986c5f1ab98

SHA1
a687c7c0c4f2e555af4a0f771fd92581fc7f3dc9

SHA256
f3cf6a411f5fe4e769a28ec3efa535835d364d42c8273acffc8111016a5536e5

SHA512
cfd45f414eaaae3e5722118531ca11c733e57dc6cc728bef0cd307c36179814918757a3ac5901bbc55f1360ceceffadd3b88c41cfe04cdb2309c3e24910e97f4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ui-strings.js.kkk

Filesize
1KB

MD5
0c6d95125e24cffcd015af65700bd75b

SHA1
5eecdfb09c43c4d6f95fe59d40749f4cc944964a

SHA256
cfce39cb1d86245173f1c91ff9780fe81e06b872b8cba8c8e60946ec70bfca52

SHA512
f95c4ed9db7fc8d52f84408a6df88290c2cf0c90a2567418b1a4aeccf2de93375d43afd2ede265efda89cae975fd56f741b48b53f2b60ed8659f6ceee560382b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\bun.png.kkk

Filesize
2KB

MD5
bd8d3db8b130cfe717afc9c122ec9c94

SHA1
40abc62267f30036d9b544e969420dcde6e8a19b

SHA256
fa410268b6204531c77957986a262c37a53883eee104ac4a7e56eb6367e623b1

SHA512
a5f3d43dc93e777942e9083141e5d6cb32f60d86f2fee47c66450aefd8082615b8b7d8db7da051399b297bd89673572f4aaf2c89141ba18c3fc9201a185b6683

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview.png.kkk

Filesize
2KB

MD5
6b1f7dfe312cbc857be7fbeb4ca79a0d

SHA1
1c748f056143be429f5ed118c043c0fe1a3b67d6

SHA256
a86d93a9af9005fc2018ca9fcd829b18181d5e0efa63c9248f8262918be6ade2

SHA512
a7b2cea78053c0a409df24c19460e409f9bc977c7f5224db02be6d44826fdf6c7dcafed1b57d11e84bfd82729352559ae783a2e6b40ebae211d93057aef75b28

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview2x.png.kkk

Filesize
4KB

MD5
900862c45569112668ffa952e4736cc0

SHA1
109e8d4aa47c05cbca46d16056655ad70f2b091c

SHA256
33d44a69227cb3e80ab37ca36ed12ee3fbfbf182b4fb9b87fed28c54a16f83cc

SHA512
9a6504fcf813b8664320c6ead573086e1f7b162a743c236deb2217cd65a0d2784aa544f9d13db361854885955802a88d167261adffcbd00a223faef7dcb69a4e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small.png.kkk

Filesize
304B

MD5
1b8202298443947c8908acdcb5718a52

SHA1
50169d66e7001f1bde1a4f8905489d78e2754b2c

SHA256
a560bb056367841475b6d2e053dfa1904d0863d6a40ad59ce8a1c8c1ebfa48ad

SHA512
7a9442a83255d5a20ff1a859a4b705f7481bd6e05dd8210f6802e611ed957d8d676d61d49d49eeabcd3d718e85c4b8dd6d6cf1f67eca86adcfb411513eba194e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small2x.png.kkk

Filesize
400B

MD5
d1f632ec601dbb78e902b0b1b19022be

SHA1
2dd5cb5f6659aa747a15caf692817af2ffcd1f19

SHA256
744d21d201df5c2e8547f06af1a3a540c77dcdb95dafbd04bc191dd4c919386a

SHA512
efa9a54476ff9dada9393c63527d41ea5e30b2cb43eae86021cb450de3760a269a093596d32f0c0585b2b4c4d8094087084d46aecefe17e6d7f6ffa66803639f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\nub.png.kkk

Filesize
1008B

MD5
a5d1aed6719d241e779478a2d11e92c5

SHA1
e6861e0a1dee7832abd4f822f8b779dd668a3c5b

SHA256
fcb78b1fe239e0f9ea9401724320b1c751764f336df6c1c5230bd0733a777a64

SHA512
3fdefc37df36024a965c79d0c0bb4d82d3c30233a895eb902d04ea24f05b24d7bbdd4000ef9452701f56065106d4e0afba3e341a3f54026ce29641321b2c898f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons.png.kkk

Filesize
1KB

MD5
91a943103fd079736de37521ff610672

SHA1
b4dbb8d307b3dc05460fb979327f1244ee9b71da

SHA256
0d907545ea897345683d01eefe0be48e6b4d66c2c5f0422fc27cd66ff9a5775d

SHA512
1daf8c73b19b5caab1d38fc84df67f8176a89a50554d476089ee96c3d566e0c6c802aa17540e6eb779f79c6bc9f22742c5e294c9bfcebc0e66956d006833b96d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons2x.png.kkk

Filesize
2KB

MD5
32f8d4915397cad38828996c475dff0a

SHA1
ea4fab34804b610ab1a5abf5ce712f0d51629009

SHA256
a46b9b729ae3340b00b50bc245ecc7e101869779040886ed480c6d324aabb17a

SHA512
fffa16d10134f517b09452103c9e96925c1aa817a851a085bb0a02adeba8445a663f59b666c930e665fed2dcb84cf3a63070fd81b60381e6786c6491978b0bcd

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\nl-nl\ui-strings.js.kkk

Filesize
848B

MD5
24c59b42a296a8c4b4658185bb58154d

SHA1
cfb55a1a0009cae6d1d01a88cdb8f7af081f8692

SHA256
d52a3b8cae9e4713c7dfe0ea9d55662b80e68b60ffc2d25dabd80634841167ab

SHA512
b3aa79e775dc231458794adc4af95196d9f2ea028e340f29ac04f474294f6713a9da099c86b3da20889163f6ec41f59a766b70f0e2fedc587022f1107470613a

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.kkk

Filesize
32KB

MD5
9bf1204dd02ebce5b9ea86a12b5dab23

SHA1
b0a46783409c48cc05e1f7b7385989a2afc83d98

SHA256
bd7b91a5891a65d0a55509ac09642b2b33646f21e0a19453094bfafb76348e22

SHA512
ae4e43453c0b9dfd08f75340bb81f81babb87f08d34dafc60b5d2a588baa46e315e527665c4e464b19ebccfd775307a5e76efea8a0b075743335962ccdd033eb

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\invalid32x32.gif.kkk

Filesize
160B

MD5
c55a44def54d2d4ad446279e2396fd53

SHA1
f77e9719392509d2faadeb953d40a3810c100b83

SHA256
257c16c6967bc37b43934987963025ef860d83c198a5a0dc380f72638d6b47f6

SHA512
bd8f3b07592b9036ccd6778cf98e1604ee4e93f3273aed09869dd8ecd1a5c084bf2cadca3eb718c09bbc20487f19ad8848f8dc6e613b5b6155df741fd43a0c59

Download Submit
C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe

Filesize
2.3MB

MD5
4c153eacdfa8807f1c8fd98e5267da4b

SHA1
ce42e2c694ca4737ae68d3c9e333554c55afee27

SHA256
31823040d8ccb20eab0b8653d01af370a6537017e69ead69f6f7b73d6ef7ac14

SHA512
b2352099a41460c5c210774e5e63f85bd3c8898b58a3348444b35f233fdac50d2cedec68b7695a10109c3493f430c1e85fe039352d66756c5f6f9e9b0793d851

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.kkk

Filesize
8KB

MD5
e13fe9c7429238a99ac7db11842fb884

SHA1
ef32fa3b7d7d39449e6ef43a4b67c8cf495cb366

SHA256
14b9522354ed528a9708e4e88c073b63ccbc8730a5d98e206c67d654f3f28f50

SHA512
c24b84dd2d12ae1361578503276fe94e97d1ca27796f3311add97c734a388840200fe2c6f0dc89d0608c6b0c690e2d8cca2e655187278f6b1122b98de9ec43b8

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727656290145573.txt.kkk

Filesize
77KB

MD5
b3efa4f1f5ba0c662826ffcf47a74a70

SHA1
31e238f8b616f53167b546a6db0a28b21a635694

SHA256
fff629a9a1a210f6f9291237f937812e48d26c60b39a85a78ce0c2f737263e66

SHA512
ff97f791f17ef5c0e64635d762ae347ad8cf8d7f40a7481833212db40ef0039cf8fa2c93a18b71a3a94b44a715a0201f5806ef10c32fce09abdad7f6d9bc52a5

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727657695736094.txt.kkk

Filesize
47KB

MD5
d733917dfec4b68b09e2fa5efeff5b55

SHA1
81503afd1bef4bd468c10713fc2c1c7f36e8ff55

SHA256
43e791f1f01d589388bc6282a8ff764a175f210c8819255deeab47e84736ed67

SHA512
fab7846194cdc470e0a1da0e03e17782115b9345a0001cb8c73ec9478565cc56487695dcf3a74260269036b8f4a89757d35f19f8e358d71e7e469059a25ec0af

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727664505006447.txt.kkk

Filesize
65KB

MD5
f8242778dccd8b3db2958cd69f2b3281

SHA1
f4840cc67923a9fb1cc8484e49de4072795348b7

SHA256
5d3afae3a5dbe6d5d4b9c99c3e2aaa80644f30d3e4ccc27572c9bd34f52e91c3

SHA512
d802275d0c0b89f575e6a9620f838b236e7635427b5f6883d400a24b15105a1eefea32d790ed12c98d367390a4bd5cc36faf46da2b6bfe80e0f10c570e8ee52a

Download Submit
C:\Users\Admin\AppData\Local\Temp\{FC02EC35-2F41-46E4-A7FA-C69B630ABEE5} - OProcSessId.dat.kkk

Filesize
16B

MD5
f676080bd90886ac2ecf680ac3162244

SHA1
30a721d56041472fcf0c255c3c05c89b76093101

SHA256
6e658c85e1ac3f1599673a2374ad5e8fb94520fe68b3f6eefdf108c42acc6414

SHA512
b654a04f020ca0ccb0e9f7ab964e0d6a998b15b02ec47cbcccfd1274b99fddeccdca688b1d39e3d82de28610624f8765b1f5ac52895072f7c4cdb824f1658960

Download Submit
C:\Users\Admin\AppData\Roaming\System32Work\EncryptedFileList.txt

Filesize
425KB

MD5
f4cb3d3df4dc4c033dc7b968a3e9ed91

SHA1
980f8233f9157a146cf0f315930b466d1211cbd9

SHA256
d3bd562d5fd7eb7c80cced9db0c93eca2033d5398c4b021f638bd53f5b384d5f

SHA512
53bf73a3d3ce45e5c604f4ccbbbc1e47a5a54fab99fdd2b637d2ba61ec1f59a3a0740ff0303e1c5f9acf52f0ef820760be2581e9a6397f9b39529fc1e6267577

Download Submit
memory/2388-27-0x000000001FF40000-0x00000000200AA000-memory.dmp

Filesize
1.4MB

Download
memory/2388-3779-0x00007FFE57170000-0x00007FFE57B11000-memory.dmp

Filesize
9.6MB

Download
memory/2388-261-0x00007FFE57170000-0x00007FFE57B11000-memory.dmp

Filesize
9.6MB

Download
memory/2388-3785-0x00007FFE57170000-0x00007FFE57B11000-memory.dmp

Filesize
9.6MB

Download
memory/2388-3784-0x00007FFE57170000-0x00007FFE57B11000-memory.dmp

Filesize
9.6MB

Download
memory/2388-3783-0x00007FFE57170000-0x00007FFE57B11000-memory.dmp

Filesize
9.6MB

Download
memory/2388-3780-0x00007FFE57170000-0x00007FFE57B11000-memory.dmp

Filesize
9.6MB

Download
memory/2388-3778-0x00007FFE57170000-0x00007FFE57B11000-memory.dmp

Filesize
9.6MB

Download
memory/2388-260-0x00007FFE57170000-0x00007FFE57B11000-memory.dmp

Filesize
9.6MB

Download
memory/2388-22-0x00007FFE57170000-0x00007FFE57B11000-memory.dmp

Filesize
9.6MB

Download
memory/2388-39-0x00007FFE57170000-0x00007FFE57B11000-memory.dmp

Filesize
9.6MB

Download
memory/2388-24-0x00007FFE57170000-0x00007FFE57B11000-memory.dmp

Filesize
9.6MB

Download
memory/2388-23-0x00007FFE57170000-0x00007FFE57B11000-memory.dmp

Filesize
9.6MB

Download
memory/2388-25-0x0000000001990000-0x0000000001998000-memory.dmp

Filesize
32KB

Download
memory/2388-26-0x00007FFE57170000-0x00007FFE57B11000-memory.dmp

Filesize
9.6MB

Download
memory/2388-32-0x00007FFE57170000-0x00007FFE57B11000-memory.dmp

Filesize
9.6MB

Download
memory/2964-21-0x00007FFE57170000-0x00007FFE57B11000-memory.dmp

Filesize
9.6MB

Download
memory/2964-7-0x000000001D480000-0x000000001D570000-memory.dmp

Filesize
960KB

Download
memory/2964-0-0x00007FFE57425000-0x00007FFE57426000-memory.dmp

Filesize
4KB

Download
memory/2964-6-0x000000001D2D0000-0x000000001D36C000-memory.dmp

Filesize
624KB

Download
memory/2964-1-0x00007FFE57170000-0x00007FFE57B11000-memory.dmp

Filesize
9.6MB

Download
memory/2964-2-0x00007FFE57170000-0x00007FFE57B11000-memory.dmp

Filesize
9.6MB

Download
memory/2964-3-0x000000001C6F0000-0x000000001CBBE000-memory.dmp

Filesize
4.8MB

Download
memory/2964-4-0x000000001CBC0000-0x000000001CECE000-memory.dmp

Filesize
3.1MB

Download
memory/2964-5-0x0000000001A20000-0x0000000001A46000-memory.dmp

Filesize
152KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads