jigsaw | 917809beb6566079dbb6b686107756d9eb3ff4543f6b41ef327cea7497118457

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
22-10-2024 07:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6984a724843fb60130a965a9fc317f2d_JaffaCakes118.exe
Size

1.5MB
MD5

6984a724843fb60130a965a9fc317f2d
SHA1

1ad9f8695c10adb69bdebd6bdc39b119707d500e
SHA256

917809beb6566079dbb6b686107756d9eb3ff4543f6b41ef327cea7497118457
SHA512

54d951c140df296b4fedff9225fee0e0660ee0f92a8790a7321da46334beb966a03a4d44bb0c9baac91cd53f1c81a84e7a35fc74aa67c8697590e87964e8420a
SSDEEP

24576:yL6O/FARFbJT83lUK17IXe5E/VjyL048Gjnz/tARwh/jriCHT:uDFsfalN7Ae54yj1jz/tAC

Score

10^/10

jigsaw persistence ransomware spyware stealer

Malware Config

Signatures

Jigsaw Ransomware
Ransomware family first created in 2016. Named based on wallpaper set after infection in the early versions.
ransomware jigsaw
Renames multiple (3728) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation	6984a724843fb60130a965a9fc317f2d_JaffaCakes118.exe

Executes dropped EXE 1 IoCs

pid	Process
2632	drpbx.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\firefox.exe = "C:\\Users\\Admin\\AppData\\Roaming\\Frfx\\firefox.exe"	6984a724843fb60130a965a9fc317f2d_JaffaCakes118.exe

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File created	C:\Windows\assembly\Desktop.ini	drpbx.exe
File opened for modification	C:\Windows\assembly\Desktop.ini	drpbx.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\BadgeLogo.scale-200.png	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_filter-default_32.svg.kkk	drpbx.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\pl-pl\ui-strings.js	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small.png.kkk	drpbx.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\AUTHORS.txt	drpbx.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-white_scale-140.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageAppList.targetsize-64_contrast-white.png	drpbx.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\ext\nashorn.jar	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.NET.Native.Framework.1.7_1.7.25531.0_x64__8wekyb3d8bbwe\AppxManifest.xml	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-16_altform-unplated_contrast-white.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\8.png	drpbx.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win8-scrollbar\themes\dark\arrow-up-pressed.gif	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png.kkk	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteNotebookLargeTile.scale-400.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\CalculatorAppList.contrast-black_scale-100.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarWideTile.scale-400.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-72_altform-unplated_contrast-white.png	drpbx.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ga.txt	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\TimerWideTile.contrast-white_scale-200.png	drpbx.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Franklin Gothic.xml.kkk	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\MixedRealityPortalMedTile.scale-100_contrast-black.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNotePageMedTile.scale-200.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\Square44x44\PaintAppList.targetsize-256.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\StoreWideTile.scale-200.png	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\init.js.kkk	drpbx.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\NewCommentRTL.White.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\LTR\contrast-white\WideTile.scale-125.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\trace.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteSmallTile.scale-100.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\AppCS\Assets\FaceReco_Illustration_SM.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNotePageWideTile.scale-150.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.targetsize-64.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubWideTile.scale-200_contrast-black.png	drpbx.exe
File created	C:\Program Files\Microsoft Office\root\Templates\1033\RedAndBlackLetter.dotx.kkk	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCalculator_10.1906.55.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\CalculatorMedTile.contrast-white_scale-125.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\LTR\contrast-black\LargeTile.scale-100.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Store\AppIcon.targetsize-256_contrast-white.png	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\COPYING.LGPLv2.1.txt.kkk	drpbx.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\images\themes\dark\checkmark-2x.png	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\cs-cz\ui-strings.js.kkk	drpbx.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\progress_spinner2x.gif	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\download.svg.kkk	drpbx.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\ui-strings.js	drpbx.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons_retina.png	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\ui-strings.js.kkk	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_comment_18.svg.kkk	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\HomeBanner-4x.png.kkk	drpbx.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\nl-nl\ui-strings.js	drpbx.exe
File opened for modification	C:\Program Files\7-Zip\Lang\lv.txt	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\TimerMedTile.contrast-white_scale-100.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailLargeTile.scale-100.png	drpbx.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\OneNote\SendToOneNote-PipelineConfig.xml	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxGamingOverlay_2.34.28001.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\GameBar_StoreLogo.scale-125.png	drpbx.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\EdgeWebView.dat	drpbx.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_selectlist_checkmark_18.svg	drpbx.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\zh-cn\ui-strings.js	drpbx.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\de_get.svg	drpbx.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\pt-br\PlayStore_icon.svg	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_neutral_split.scale-125_8wekyb3d8bbwe\images\Square44x44Logo.scale-125.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxApp_48.49.31001.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\GamesXboxHubAppList.scale-125_contrast-white.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_x64__8wekyb3d8bbwe\Assets\TinyTile.scale-200_contrast-black.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteSectionGroupSmallTile.scale-100.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxMailAppList.targetsize-96.png	drpbx.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vreg\osm.x-none.msi.16.x-none.vreg.dat	drpbx.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\assembly	drpbx.exe
File created	C:\Windows\assembly\Desktop.ini	drpbx.exe
File opened for modification	C:\Windows\assembly\Desktop.ini	drpbx.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 4376 wrote to memory of 2632	4376	6984a724843fb60130a965a9fc317f2d_JaffaCakes118.exe	88
PID 4376 wrote to memory of 2632	4376	6984a724843fb60130a965a9fc317f2d_JaffaCakes118.exe	88

C:\Users\Admin\AppData\Local\Temp\6984a724843fb60130a965a9fc317f2d_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\6984a724843fb60130a965a9fc317f2d_JaffaCakes118.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:4376
- C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe
  "C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe" C:\Users\Admin\AppData\Local\Temp\6984a724843fb60130a965a9fc317f2d_JaffaCakes118.exe
  2⤵
  - Executes dropped EXE
  - Drops desktop.ini file(s)
  - Drops file in Program Files directory
  - Drops file in Windows directory
  PID:2632

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_remove_18.svg.kkk

Filesize
720B

MD5
7d28ce0ba401ba8dd93e441557312e27

SHA1
8f2e45abff1acc67b5f12bfa9f4bf9ec589271c0

SHA256
defedd5e8cc6cfe4db2e131a879d3f5915e0ebc9bb90b6b12d4cf581c24d946e

SHA512
ce1f6f944b97e1de5dce133b10b5bd6e02350b1ffb14ff650d86b1163a7c5e74965bd22adc5782f52808004e9b905deb806266c180d4f32c993e7a9a9271bfc2

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons.png.kkk

Filesize
7KB

MD5
ed236c3f72720da5614cbbfb3c3bb2a5

SHA1
cfe9b6454735e3a3a117b5ec448320ff5453d04b

SHA256
059c211fdfd11da155aebf6488ccfa02fb0bed166fa42e9f12691adfbd969b16

SHA512
4fd7bf16b9083beae2b1324159e32306a2a1a1a38f42d89c263a1a4a9f8f1eaa8dfa1cc84c10eaae080a4ce83a415579b1ecd55a0be4b4a0899a1243fa4c0a84

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons_ie8.gif.kkk

Filesize
7KB

MD5
cba8246727dbc21bae9bbf18ff42009e

SHA1
ee8c41e98e544fbddec84080feeec94376effd60

SHA256
935ef67226599dd1b212eeaf9919f44ea4f27af43dc268233af4f8eee2c3ca5e

SHA512
21edac6957c5865df625962bc88af3ed35fe65a2fcf5c99235c257b6bf9ae3369e61547f3397dbfb6afeb9a046b5e77c498c058b1e9fabdd395033f182566db0

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons_retina.png.kkk

Filesize
15KB

MD5
dde304962cd6543e7a649c04c61244de

SHA1
4104fdd7255b2003e267c037442cd2c679554dbb

SHA256
02980bc13ef1de458257f89b42e6b51582dd1d92832cde10af33c39a785b2ddb

SHA512
e36b03e40484d187be760cde135c2c1a8519cc72adab504d6f84faeeebf1c4236e0e3e6d8b510d9f5e3fa559c36b5cce6b037e3101481327f99129f2c56d656f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\new_icons.png.kkk

Filesize
8KB

MD5
d02f259e116a847b3492ba1a9628e701

SHA1
379412ca6dc2d33476799a61e6381e4b571b7d21

SHA256
bee9966d95af8191a029687132c5bb47d0a2f25bb2265143605add653ee1ffcb

SHA512
8f92eff07e48431dc927a09393fe6cbfd936927c764c3435f4f13992a79c9ea7f75244259a2b0347c5c3f830d720f2f9848d4219480bdb60296f9a219319564d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\new_icons_retina.png.kkk

Filesize
17KB

MD5
b9548adaf5bd45e157a78ce1c1f25b30

SHA1
72ef40d9c3771b34b086d9f7a2af06198e87a013

SHA256
7da465ed628969f24f1fd472768306c72a20524c04f01bd02d2061a934885f3a

SHA512
e8f3f418663eab02ceb856b755943e41e3f48a4bb0e985008794aba87b0c5a63672d45990470fbd4eb8f226747941c802f38bc17c3d90ee40149754a4ed8de0b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon.png.kkk

Filesize
448B

MD5
951da6b36aa25281f6357236cb5d5dea

SHA1
fbad822cddc479c85838a4af2627cae1ae2e4c02

SHA256
29640622fb3172ec6fa84b35e44948146198ff6394d52912e7b0c7bb18ec5ce7

SHA512
288096880420521f63d3cfeebfa9be4c35d0f3cf29b060e65d7e57a3310d86ddb3705ebd4814d62f774bbe218a8b35b5596777190057201a837ba1a756549d56

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_2x.png.kkk

Filesize
624B

MD5
07d99b4b74dee959e7a53a13ae660651

SHA1
4a8e94ff788c6f4071b8dd875e3fda531853f0b2

SHA256
beb88a3b461c0cb8760ddf376ab28eb93293414706dcdeb40019de478faa7b9c

SHA512
be2f75536ee1c8dc5502fe887a4cbd9d660f562d7bcce936a8ba83e0d013f51b40de89c84352f767509510d46a5f1c7d6c1c4c4f2da1a23475c379fe8496cb09

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover.png.kkk

Filesize
400B

MD5
535c471575598ee497542ba800f43b68

SHA1
049f8c3100ff5443a6fd8d2d080d159addc1c252

SHA256
ae8fb61dae6eed080f0e339960d14a70060c2c3397ac6d14a23be6c7105c3d0c

SHA512
028406892946046bd5951c4274b8abccf396e527603101e07486e41396dc9f9d16462c3a3b16ffadf039f64b6c1d18a53e520896da52b3e5ba235fdbedc04818

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover_2x.png.kkk

Filesize
560B

MD5
7287c0427cf18ba83f9a219ebc4525da

SHA1
051b936e7132ad9e2ff1639713453fb460202ea2

SHA256
3e040f66622407b68b421d77704e679aca059a0ced497ba0f83a1d96e687f2c5

SHA512
e4366c72be85c6d683d71cb1a50887ac1750ad224d11b0721c1ba066ecc53369ed574ba14e575784d143198c10512bebe71494fe9632b09c005a6f1570062994

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon.png.kkk

Filesize
400B

MD5
007e112e8999dad096e9358b141cdf4b

SHA1
7f9a59f90a85415ca68c915edd22e3a14686fd26

SHA256
e374e1061df747c1d728887eb048dfe936da0785e4c0bebc168170745a596021

SHA512
b641eddab1c36628f2b3d5ee8d09a58064a9cafce2e977f0f54fc1853b270999ecfdf40472e46462db7bfd418e71f4c256588930f7efdd17128188dcbc3ab147

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png.kkk

Filesize
560B

MD5
a37820d45c6fcfc863e0453eea05c8e8

SHA1
a2e59d9519e9a258d726fb60250207a2c013890d

SHA256
7a1df5a6b3d6b789fc885b76d1e90f0421b4586db6d6c8295faa2196657de6dc

SHA512
6e021d92286f72c5d4b0076034828b49391ba2844995ff08cd0b3e2c5a64ee8885859df0645a230f085f1c1a0ce81da5b1cfde544a9ea5b325b882502494fa7e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png.kkk

Filesize
400B

MD5
45da9bc57c2ef3ee002f5fd523c0a2dc

SHA1
4d07ccfc7ad6ecec2852aba9c4b26d216cf487b6

SHA256
f55c1b90b5c83da92dbd83eb70562d7db5ac25dcbb5f7a3966a73193f65c8cd9

SHA512
d848e3cd7886915017639a8b6c3c47a0f167ef3deef47eba850cd2756f2736bb17637bd2e5ff864a3a70406d2c4ec8e6f1a091540a0b7abdf1495942d53f8032

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png.kkk

Filesize
560B

MD5
1db85d48848611964784f2f4dd502c17

SHA1
82be29c6d72312eaf7e59ac446508b0d7fae5c9b

SHA256
13eb812cd76692aef58060b2e1553dde49b8a5527ea16a69d2180914dc322b44

SHA512
6ad63b21aa032b0e68b746cb5feb7024c3d51e1a8a1c71a7bc97de0e01d5f9bcfa7f11e3bc56021735249bc98cf2b9a2c7e50623187fd3a329a59c0a1c647153

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\example_icons.png.kkk

Filesize
688B

MD5
eb41149614d06f068fc4abc5677784b3

SHA1
c95cd4ee7b69a0076d2d2f03a50bee62ea717a7a

SHA256
f7e03e84502b89853a01417505f8caa3932a0704fe6205dffe3a4d028ea217b4

SHA512
2c681441726cf77b5a91d3f20c6885154bc6d864ab6febd758c745f18de395390948f4d358d6b09f53a01bc4020abc08b78c680f4521279202fab77ffc7ccd59

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\example_icons2x.png.kkk

Filesize
1KB

MD5
4f79f9fb647e78e13a1fa2edb88ab023

SHA1
8adddb443a464a3424adc867fe03ddbe219faeff

SHA256
a577266c9de1e57f08a09bedff838c04b10f54f36a7284e9cd5608afc37422dc

SHA512
467c0a906e451b1959056eab0e7703f7b6a1e53fbd7b74bcf589d39b125e6f486f70e6c33c0d0f471d2e12d81d77620dd23ad2a4c4e508498387b14803b3158d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\bg_pattern_RHP.png.kkk

Filesize
192B

MD5
204f037c97e6553314115f3ad03dafe6

SHA1
c39a584d7cc40754ed6219075b6bc74974d7dd85

SHA256
b394d64726ec44bfdd795f663a0fcf0c1b5110a6ae1d27cb40c4e2e7a5425194

SHA512
69e0cb3e1e6a35397b68d9970f3974d319b17888c103f8bc64829d83044c9fe799d4b5c2385c403ddb5fe9221fe1fa02aed825b7444b1bc7a2c09360b4727033

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\bg_patterns_header.png.kkk

Filesize
704B

MD5
17b3a910213e629d06ce1a398c45b9e1

SHA1
ee503333ad0b2be8c1ce926f31b81f63103d9417

SHA256
85e5f0c2d8d1ebcb30861d7fb81235e10788cc9f2b18fccb7a7b464aad4fb533

SHA512
8d4b653be1751675e8a3698e7c76dc422da2e1150a21d81e428691de1cdb98cddcb6891d1a7cb06e0922502a0d2383157e3b20ace41d92d590ba6fd156996f22

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\illustrations.png.kkk

Filesize
8KB

MD5
892bd7cc5ec29696d5e8966bd1515b02

SHA1
2421ebf3bf8a7a4662d6904aa7285026905a828b

SHA256
c803dc291588ac9f55ef24beac1a866d5278c5cd875bc26ccb21595a3404e713

SHA512
acfe1a49a1164cdeb6ebb6dbcdda20d7619ac0de86469364848a201f6a384007b0f6d1f18fad312e551b152acae3fded7754d3e5810e40abde2b805bb59e03ef

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\illustrations_retina.png.kkk

Filesize
19KB

MD5
3ba2dcfc45e890cfc2c31e5ee419b3f5

SHA1
bf02170be361ca18b5f3582e3c4334ec8071a3d1

SHA256
8516a63c80c8fd260efba9a2b812f92816d801d529a2ea5df14bd42945e546d9

SHA512
3b7e3a3f8c6a035460fa17db77c5f5f8c58a7babe676f5c2d390c6878368fdd59ea5ad6fddaa51b93d7d87609e3487e811e6f951f5bef447e5a0d1a60476c972

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-gb\ui-strings.js.kkk

Filesize
832B

MD5
2136839f452453a1baa83f4818394c79

SHA1
d0e575412ecd26b01ceb5bfeef5cfcc88d5a1398

SHA256
7818b6a432f723c9cc102e774a53cc678cb684eefda7580cee21d0352f087d6c

SHA512
11c8507509b4f833326f584b79b78672f9e17ef28460ec06eb1ed44aa44631a0c35fe65bb01f887b424c72251c943709029f4c55bfd3b7fa9026c070c1758f0a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ui-strings.js.kkk

Filesize
1KB

MD5
fb46c8cb01a45153c0a533258491862c

SHA1
27520cb5e7ce1be41a75f6299b3b975d94671dca

SHA256
7c7381ec5e7a61dd4d79835dcecd2131394964d076eafa1d44f681ed6cef057b

SHA512
b763bd13e8e93291ea025030fe675ec062ef66f62962a2b4a0fc5ea07a58d30be0377a52e64bcf754a2e4de85f8e02ab8d5e7395e26869ec54d4f8837c77d265

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ui-strings.js.kkk

Filesize
1KB

MD5
2730565980631d732eb5fef093b255ad

SHA1
ed4f1b666ac10600b4a115732d9f463b4ba92511

SHA256
4b5304f4485af5f2451e92442b55472082998856ba98a614c9430c4151e8a341

SHA512
f41b55e1eaa0c2f9dde36f99897eaa6df514a6d34f829f3a147e8fcfcbd31d291d28ee695712cf0a271db60f4c1c7415289faee5107b3e17a2e533d8635f516f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\bun.png.kkk

Filesize
2KB

MD5
63d445b08245500c284306c0577cc573

SHA1
2a0d56d9ef99627eece83db9c7a8c3e556ffbc43

SHA256
ff3fd6adaa2ddce2a893d738924638b9d54d08514592233b8cbb1c2f95e5ec9b

SHA512
20cd944336705600888989dd298608e270bcfd21404fcab0a3c6dbf478e9216a77478c4704da5f5d8fcb15b524f4b2207d003ab3b5a5c267cb3c376641262a1a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview.png.kkk

Filesize
2KB

MD5
2b67548f88816552aa5886351c4051b0

SHA1
b8e94bfd1ef2d7a13b9cbb8de1b85ce3d353cc87

SHA256
e4e68d5f45a2f2db538c59ebae37a0ab4ab76fc687cd93edb3dd75804c488cc8

SHA512
ec1fc6a36c10711f45c60b1dc82e7d24db5bb9ccfbc1456a1531f46d4fac7fc8a5597ecb8a4a68446460df7dd47424eba7589884803356d1c311d42ed6ccab50

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview2x.png.kkk

Filesize
4KB

MD5
9ffb4981808155072321b540f2350340

SHA1
39d42fa84356359e794afffecf6b81212a306161

SHA256
7e39ad3a6619558f4df5e9f298360c9e0448bf717a066c4610a99d37c56172f4

SHA512
afa63d6660d862b199f639768f3cb0310b9d46b4dc2f51e18207efbc1bae01098906c614055d591fbf276376fb78cb2bc622324dceec2615d08a7943c3851a03

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small.png.kkk

Filesize
304B

MD5
4f308cd73a326f0a23de8c5e802353bb

SHA1
c827c4f9c4d082c773ff906b17ee2af8a956966e

SHA256
b176f3c6d7fdc704cc5cf8f5df63ed99e8a52be1fbdebdc3f9b91d378558417c

SHA512
f6482c2aa977504b286326e1c7b956b7e7239717cb6b132d4b0b75021e3e2e4c21f19ac8626ad3ca9e5b5cbfcc5427c7a3dd44831fcaabc1108fc808619cd823

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small2x.png.kkk

Filesize
400B

MD5
bc0e8080df41cf716ef6aac8776c8ae5

SHA1
c05f70d26b84db9a4dd6438cf31a717a6c39916c

SHA256
2e00d49ef2a4595c7fa3fec2bf75114beb3d1f84a0f7c881729b3e841a2adc29

SHA512
6a3287a1b8755d1c86d3f0f96158b05a5dab8a2bf514323ec4b91dbb12792bd7d974743717f7f8774a19183a8f240b8efa2a7643fa30d2e7517fa31d2ff506d9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\nub.png.kkk

Filesize
1008B

MD5
cba97ef1259d9931ab47b83099618114

SHA1
33827174a430ff4e297b663132e940c9dddd1a59

SHA256
e13ba4f0063dcb5a648c17ba0f5ebac311ab4f15893e9ac381d755abf152deeb

SHA512
8f63fcbd4fc622d6fb15e19c218bfd183f64b35c8b09a0b72300cfae37fc48744c7b6533d4f417702fedd17f8e4fe5d8aaa6272e47c9fa71b0388418b8e09dc3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons.png.kkk

Filesize
1KB

MD5
fcd24f27c76fd2de82b10748e52b43c9

SHA1
80b8cd978a2893959badd887b49183ca5b8436e9

SHA256
95a5ac91c42fd9faec2d230cc515a73c4b2cd4c5886139c53f5307e3942029bf

SHA512
68517ad9173f3c5b3c9cfb6b1118dadb90f590af9dfad7c3597e33f1b9dbbb40f3a628f36aa824831eb01805cfd390135d0f826b79ab8d7e55f001edd5f33a07

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons2x.png.kkk

Filesize
2KB

MD5
1a347aceace0b54886d9c100155126f1

SHA1
15537e570894256cef004922a1a6b24985e5c0e4

SHA256
14d8d9e341a427c4d2b25cb84c7f8e60d894973a634cd7d9c5027205ccc79694

SHA512
6e8eae8aac17dae513b495382f194843b4e4e639736f665624f962ecf836a9c86410bcaad70f81f7f767bd80e91991e4d546b3594db621c1ce24cec697f6e615

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\nl-nl\ui-strings.js.kkk

Filesize
848B

MD5
5ea1eca50a02de97993046512c786409

SHA1
77d46c47b991c4aebe240d5114d13189d8e4b7ec

SHA256
5e4e6f5642e0ee410f56f53c872883933f5b077745da45133eb64a2cceffe59f

SHA512
a94b9d849bb0e2f3172889730cc8b02e27add016bfcf26cb18da6f509829112eabc0a19657f65965eda456d66a587ea810bbe1cd51878757d09f3867409eaad2

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.kkk

Filesize
32KB

MD5
2df284ffe74c80be2a75227c29a6a136

SHA1
df417ca4cf9d3c351c9507880033bbd834a540fe

SHA256
a4caaa733ee8a2624eac85105b432d84f3388445991357d6ce8f346102466d73

SHA512
2ca65ebefe6d0f0172ec888419cf5a26e0ee68118a60bd25ff9559e0efd09334d652ee99551ac8f2fa08eedf48c2ea210e6d9bb816b4c590232630ac0fed4625

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\invalid32x32.gif.kkk

Filesize
160B

MD5
b16fd07123004cfed3e26fb61a6e9dfb

SHA1
ddc160b3212067d497c4acf4437c0c2129ae5bbe

SHA256
8ae6419c9f9d2487b4f90ed9371de3abc811a0584743c7c4c3938c270b46bb40

SHA512
22a1aae8f390a4e3756908b333e5bfdf1ef49898a856bf920f491dcfa7237bdb21499ef4577525ce8fc5b08df97259d2538e4a09d3e9caa19ac815ae4a8d1b37

Download Submit
C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe

Filesize
1.5MB

MD5
6984a724843fb60130a965a9fc317f2d

SHA1
1ad9f8695c10adb69bdebd6bdc39b119707d500e

SHA256
917809beb6566079dbb6b686107756d9eb3ff4543f6b41ef327cea7497118457

SHA512
54d951c140df296b4fedff9225fee0e0660ee0f92a8790a7321da46334beb966a03a4d44bb0c9baac91cd53f1c81a84e7a35fc74aa67c8697590e87964e8420a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.kkk

Filesize
8KB

MD5
46113f621821034d9bcdbbc4b7901764

SHA1
3d8a63faee4096f3717c3866488ef0936ced2e11

SHA256
a41d12b4f238a601d90a84e3c845cd07ed01f67800e2f44e01217e1b9dc33379

SHA512
0ab06152291a006d1ee0b662e956d95d64a9b197b89e13770424057f774a47bd99f57c997494516cb6a29d71ee4e4ea6f370a70c9ce6e4e2b48a1f46eaff9290

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727662742439442.txt.kkk

Filesize
77KB

MD5
17f7e7b423669b4edab3118836b28752

SHA1
b7fc6fecb2e9858fe1e1d93ecba31ea429f40f09

SHA256
fc0a0977465e8ce9b18444a2a5afad879abf7fe618176b53a5da7214aab10e48

SHA512
0a4f80947b6e91176c2ad05e2f1873e7090548bee63fa93f43dc6fc85dfae24c4cab992fbc3568a842ddb9c09ade56e3c1a6da1cc0f9655e1b01f85fd9a7110c

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727664412580892.txt.kkk

Filesize
47KB

MD5
5c96cc6bda192a6f989b13c3624c93eb

SHA1
619a97120630679be4e21e065cf4d5483868318f

SHA256
7d83276c81b65dc45ca4201a216e3fc9f2c5e2b7d2a587ecdf92d1814cde6069

SHA512
711a2572737551e094a4ed85130e1f1310349ded4354986a8a34402525c364d9c99c1627e1802446a880ecc710a3c742102f299692b8f564dfe604f0242b37ca

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727670038515250.txt.kkk

Filesize
65KB

MD5
4b911965d216d85dead62519f0c956c2

SHA1
1007c246f8e1ac4d81fa684fa0c8b3e36f85fcd4

SHA256
d472b5ad959c69b90d78e12bb4b15cd8d997112963b874ab33bf49c2d84f0ed3

SHA512
0246228360570828cb705bb32a7f2f660b7c2fdd8adf2f80427471994973123502f5b3d700f9b8064b3c26f696425f5ab45a2118f7f4dd5da6d99c82a0e0e8ac

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133740561750433460.txt.kkk

Filesize
75KB

MD5
7b7ce4318888b9ded0eebe289254a67f

SHA1
f3d285289a5c8f6738a1a437e83bb7b847fbef4b

SHA256
c68ad3bc410918d7146c76e007720d580859b4794ba1207e9a33f2582d250f51

SHA512
48c9cb3cd6d67ea34f61f65b15f3aeb7ad23d54f69ed87c6a0f9df6a8df834aaa1fd18e92c47417ec6b498349e700919345b992dd4d37001445ce18e7fd810fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\{1C05152C-4F1F-4733-992D-62BCB7CCD4DF} - OProcSessId.dat.kkk

Filesize
16B

MD5
0c1d780021c5b23a385952eea404ebb6

SHA1
72ff2126b462cb558fd8fe62190507ef04c9f0e2

SHA256
c82c14ceb938e372e5b714924a8cf82e14ed33880b6bd301d70ca06e095e0c8b

SHA512
7d1869354f56eda976cda689ca1dd4bd3255909b2219a663eea9b8c35152d2e5aa3869f3f7e6e2d78fddb1ee65c1587167f5c070fdbed2ab26f67789f6c4bc16

Download Submit
C:\Users\Admin\AppData\Roaming\System32Work\EncryptedFileList.txt

Filesize
424KB

MD5
681494858c4e513d84f5535e77ef1454

SHA1
c0b73ae857141f8ba3808e8cec78c1eca2aa20cb

SHA256
cc3801692ceca420da9183777f92830425a0dd3487aaea04329f2aaead42b62f

SHA512
a87d1e570137097bd8b35dfe66f0eeb81bd3b78350ab26c4622eeaa59971fa3fc5c35611c2c42dab359d720571b80896de82c2e8030df0d415f041760223292d

Download Submit
memory/2632-3758-0x00007FFBB9F90000-0x00007FFBBA931000-memory.dmp

Filesize
9.6MB

Download
memory/2632-3762-0x00007FFBB9F90000-0x00007FFBBA931000-memory.dmp

Filesize
9.6MB

Download
memory/2632-23-0x0000000001850000-0x0000000001858000-memory.dmp

Filesize
32KB

Download
memory/2632-3765-0x000000001FBF0000-0x000000001FC62000-memory.dmp

Filesize
456KB

Download
memory/2632-24-0x00007FFBB9F90000-0x00007FFBBA931000-memory.dmp

Filesize
9.6MB

Download
memory/2632-3763-0x00007FFBB9F90000-0x00007FFBBA931000-memory.dmp

Filesize
9.6MB

Download
memory/2632-22-0x00007FFBB9F90000-0x00007FFBBA931000-memory.dmp

Filesize
9.6MB

Download
memory/2632-3759-0x00007FFBB9F90000-0x00007FFBBA931000-memory.dmp

Filesize
9.6MB

Download
memory/2632-21-0x00007FFBB9F90000-0x00007FFBBA931000-memory.dmp

Filesize
9.6MB

Download
memory/2632-19-0x00007FFBB9F90000-0x00007FFBBA931000-memory.dmp

Filesize
9.6MB

Download
memory/4376-4-0x000000001BFC0000-0x000000001C48E000-memory.dmp

Filesize
4.8MB

Download
memory/4376-3-0x000000001B990000-0x000000001BAE6000-memory.dmp

Filesize
1.3MB

Download
memory/4376-0-0x00007FFBBA245000-0x00007FFBBA246000-memory.dmp

Filesize
4KB

Download
memory/4376-1-0x00007FFBB9F90000-0x00007FFBBA931000-memory.dmp

Filesize
9.6MB

Download
memory/4376-20-0x00007FFBB9F90000-0x00007FFBBA931000-memory.dmp

Filesize
9.6MB

Download
memory/4376-5-0x000000001BC90000-0x000000001BD2C000-memory.dmp

Filesize
624KB

Download
memory/4376-2-0x00007FFBB9F90000-0x00007FFBBA931000-memory.dmp

Filesize
9.6MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads