Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29-11-2024 07:58

General

  • Target

    BitGenerator.exe

  • Size

    2.0MB

  • MD5

    e57af3c82f33302d9736c178410bce30

  • SHA1

    edd2f34ec0ea57edde129253790f70f5c0390bb0

  • SHA256

    607f1607762645b684f13cffccfbe4bc326f24707953dc0cfb80aff22def8df0

  • SHA512

    ef2f763b1349c23597bf16bcb6d03066b1d1f51eb59e61448d4955ac12d0d1e614428d4040285915021ad71aaadc202dcae97308a45cc20d339bcffd5a2d2c40

  • SSDEEP

    49152:3pVsby44mK/P4sFPfYQ1dNhq7LZw9PZOAIYZ4:Znmk9FIeDeZw9MAIe

Malware Config

Signatures

  • Jigsaw Ransomware

    Ransomware family first created in 2016. Named based on wallpaper set after infection in the early versions.

  • Jigsaw family
  • Renames multiple (3753) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Adds Run key to start application 2 TTPs 1 IoCs
  • Drops desktop.ini file(s) 2 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\BitGenerator.exe
    "C:\Users\Admin\AppData\Local\Temp\BitGenerator.exe"
    1⤵
    • Checks computer location settings
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:3156
    • C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe
      "C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe" C:\Users\Admin\AppData\Local\Temp\BitGenerator.exe
      2⤵
      • Executes dropped EXE
      • Drops desktop.ini file(s)
      • Drops file in Program Files directory
      • Drops file in Windows directory
      PID:644

Network

  • flag-us
    DNS
    8.8.8.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.8.8.8.in-addr.arpa
    IN PTR
    Response
    8.8.8.8.in-addr.arpa
    IN PTR
    dnsgoogle
  • flag-us
    DNS
    58.55.71.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    58.55.71.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    83.210.23.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    83.210.23.2.in-addr.arpa
    IN PTR
    Response
    83.210.23.2.in-addr.arpa
    IN PTR
    a2-23-210-83deploystaticakamaitechnologiescom
  • flag-us
    DNS
    140.32.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    140.32.126.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    140.32.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    140.32.126.40.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    133.211.185.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    133.211.185.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    97.17.167.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    97.17.167.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    97.17.167.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    97.17.167.52.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    217.106.137.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    217.106.137.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    217.106.137.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    217.106.137.52.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    53.210.109.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    53.210.109.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    171.39.242.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    171.39.242.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    24.139.73.23.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    24.139.73.23.in-addr.arpa
    IN PTR
    Response
    24.139.73.23.in-addr.arpa
    IN PTR
    a23-73-139-24deploystaticakamaitechnologiescom
  • flag-us
    DNS
    98.209.201.84.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    98.209.201.84.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    14.227.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    14.227.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    btc.blockr.io
    drpbx.exe
    Remote address:
    8.8.8.8:53
    Request
    btc.blockr.io
    IN A
    Response
No results found
  • 8.8.8.8:53
    8.8.8.8.in-addr.arpa
    dns
    66 B
    90 B
    1
    1

    DNS Request

    8.8.8.8.in-addr.arpa

  • 8.8.8.8:53
    58.55.71.13.in-addr.arpa
    dns
    70 B
    144 B
    1
    1

    DNS Request

    58.55.71.13.in-addr.arpa

  • 8.8.8.8:53
    83.210.23.2.in-addr.arpa
    dns
    70 B
    133 B
    1
    1

    DNS Request

    83.210.23.2.in-addr.arpa

  • 8.8.8.8:53
    140.32.126.40.in-addr.arpa
    dns
    144 B
    158 B
    2
    1

    DNS Request

    140.32.126.40.in-addr.arpa

    DNS Request

    140.32.126.40.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    146 B
    144 B
    2
    1

    DNS Request

    95.221.229.192.in-addr.arpa

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    133.211.185.52.in-addr.arpa
    dns
    73 B
    147 B
    1
    1

    DNS Request

    133.211.185.52.in-addr.arpa

  • 8.8.8.8:53
    97.17.167.52.in-addr.arpa
    dns
    142 B
    145 B
    2
    1

    DNS Request

    97.17.167.52.in-addr.arpa

    DNS Request

    97.17.167.52.in-addr.arpa

  • 8.8.8.8:53
    217.106.137.52.in-addr.arpa
    dns
    146 B
    147 B
    2
    1

    DNS Request

    217.106.137.52.in-addr.arpa

    DNS Request

    217.106.137.52.in-addr.arpa

  • 8.8.8.8:53
    53.210.109.20.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    53.210.109.20.in-addr.arpa

  • 8.8.8.8:53
    171.39.242.20.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    171.39.242.20.in-addr.arpa

  • 8.8.8.8:53
    24.139.73.23.in-addr.arpa
    dns
    71 B
    135 B
    1
    1

    DNS Request

    24.139.73.23.in-addr.arpa

  • 8.8.8.8:53
    98.209.201.84.in-addr.arpa
    dns
    72 B
    132 B
    1
    1

    DNS Request

    98.209.201.84.in-addr.arpa

  • 8.8.8.8:53
    14.227.111.52.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    14.227.111.52.in-addr.arpa

  • 8.8.8.8:53
    btc.blockr.io
    dns
    drpbx.exe
    59 B
    125 B
    1
    1

    DNS Request

    btc.blockr.io

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_remove_18.svg.kkk

    Filesize

    720B

    MD5

    29a408170ffe16e9e29ac5727962195d

    SHA1

    1c37d8242159d376cbb4821b5db65b9fd182c210

    SHA256

    6c51edc47a2807addebaa82a37d7d641068f1f63a31b7b99a4a9dfb8e9800691

    SHA512

    a625c6a010dce4ac37ee098e487c4e6634042985b69f7d2f99a38d350684ffe82593d5c3869f2c736821ddeaf04dbcda968674a6132131133fa0e21e5d734f59

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons.png.kkk

    Filesize

    7KB

    MD5

    2ebfbb36a79471f5710188d276e7d03c

    SHA1

    b774f47d5d0e043070bac8caadfd962e12242e6b

    SHA256

    cb52aae0724d4e958b7b3472c067f6c4315f4a73e7a784939450d34f33f454bb

    SHA512

    8eae9f50ec7bb1d3cd89e06278a1b7581eeeb858687adfa653186e2c7d722cd3f54359eb728945564a0b79776869140e086199bc14775c0860bbcb2a9d4d4627

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons_ie8.gif.kkk

    Filesize

    7KB

    MD5

    06f03686581599505887047735aad07e

    SHA1

    f3076888652e3bcc4fadd33bc101321b2e402494

    SHA256

    76ed85b29798700d01fb167a93d7368e1ab617e64797b76f3f49c248fa033898

    SHA512

    755b5253c9fcf0f95383b1eb6cb15dc996f503595e81c5af0fa6a3b6d4253429f1fe000279cc961ab35f59322acdbad226c16795405764239fa1db8dd9c9abdf

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons_retina.png.kkk

    Filesize

    15KB

    MD5

    93463a6765e65056c87ce3822cac2907

    SHA1

    d544758b93403ff5fcdc36af0e2cd5888939c5b7

    SHA256

    143b5d0e5aad18e43067d7427c08d7be0f45d2315c4e047208e38f9364fed193

    SHA512

    f5fd7681275a9e7930101d0c44d6953cfe6b87dcbca7171ce9bd1d5a05d99cb248c84c3c710b5e8a312bc6076e4c710f98d48d81938e4cd4389b1035fe43ba10

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\new_icons.png.kkk

    Filesize

    8KB

    MD5

    c689f5ee91a3ad650dddbe269fb91298

    SHA1

    de973b1c7d4e72cc4768779eb39c8a49604c46b0

    SHA256

    960cf54856c67209a7f72b7e7a17757741eb3292e4f1d3c440be83a354cfa5cf

    SHA512

    4644dfb5e6db3c427aa387c19e1020a55695e5802cb8c7731129dd44d5c6b07ec55208fcced555120f725dc98a8b2c89f14d9ca756da9361dcf8bc93717b37d9

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\new_icons_retina.png.kkk

    Filesize

    17KB

    MD5

    bcb909053ff2ff38553678ceaded5bd5

    SHA1

    a74b633d1282fb2fe2730474a01976f9c45a7de8

    SHA256

    6a666ae7367bef8cd52e2ef15a93e6b69316499fba56622ca9de7c289dc87ccb

    SHA512

    4cae019c28ec62ba880f84ec62c96ac5c2d8010effe58e5926fadd3e19377d249bf13e6adc80912ed98c3eba65f1f6f41280d4055d833fe3d28a07588d88e98a

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon.png.kkk

    Filesize

    448B

    MD5

    9df060250e40980abc61d0b48728d4c4

    SHA1

    dc9e791a795079dd715b4ccea94b08715e53a59b

    SHA256

    991bf0fbc8783bfc4e13202e8dd9a7586435834e3b2a46160dfa3f37d413692d

    SHA512

    90fcac1ed3fd1e573849aaeb770f4d4d69b430d8e29c13f706fa955c2772ee537fe368b9371bdcfa7f07e595e87367864dfaa5a290474e8b1871e309f2ca4d63

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_2x.png.kkk

    Filesize

    624B

    MD5

    c0addc6e84ea4ea99f2305668be3cbfa

    SHA1

    8ddb58ae89ecfa2bd97a57015a9c3d00fbe9c183

    SHA256

    4784b90849e8a8a643958c9f82e408477001a4ae18551569e6c79602c1ec8c5c

    SHA512

    6bf20b7c3a13472f2125aec7292f17dd1d903d0efdfcc7149a76e566f9045bade672502c1c37d9d179db2f474934759c852b586f98400071fbda352080258cd0

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover.png.kkk

    Filesize

    400B

    MD5

    666aefad45f46d6853942c2b95c3ae10

    SHA1

    4afcd7e7212e5bc2fa8c4d7a0ecc77d806852d08

    SHA256

    48de13f3fa2edb30f17aea3620cf5580677ba1849d97f2d2ca5ed4201980cbc0

    SHA512

    8e4342045ea12364efbf330918cd38ebb32945ed2777cc7b1bbfa9b4f6f6870af490d10a5bbd8352ce31a1b6e813bfeca0a02abc80f53050737f05985259faf7

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover_2x.png.kkk

    Filesize

    560B

    MD5

    139a62653e6657745091a60530914484

    SHA1

    70916e4f2f1fcde07a036cc18ab0fe682ffd9c81

    SHA256

    591d63df9400e7ad3e81a3fe9b2da472bbea73cf59aaa3dd9be9702153b305e1

    SHA512

    fd9e767e53f13aa701119fa5a1bf436b8e357cb01ac5e9eb6bc0222c9ddca15e9a40266d3509bdf4ed2e7e57e3b14a67056fffc3cec76a89f8dee9858aca9320

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon.png.kkk

    Filesize

    400B

    MD5

    95b2ccb8c1bceecb1e205a7873d86e36

    SHA1

    8943ee85f7319be77d1b234b8eb52bc76cdb4a60

    SHA256

    e470cfd620db9961285f982ea7df4c02add4cf13b9ee2c9d66625eb7f7880ae5

    SHA512

    19f19d4964b55a504335c3f100033cd9ef5385d538d7bdab18438e6a7e72afc02be40d3038bab8361eade8e0d131d8f15ffa7b37a662c5ffac5dbf9265b2552c

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png.kkk

    Filesize

    560B

    MD5

    647203592e26f92c93396df37cb20724

    SHA1

    7dd45d5c9728452a2fe5b7d7c885a4e630435341

    SHA256

    aa797faa0fa7225b1d49e26fc7ff2eec5011c05d2a831ded970255df22c70b81

    SHA512

    32383c1dbaed0d178c070034f1186a5e4b032323a2017546ac552fd1b50550926b782c1c4e956e173866de306756b7cc6352c49f506bec074268846b0c820d4e

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png.kkk

    Filesize

    400B

    MD5

    d44a13706db694a304ad90016adede5a

    SHA1

    a3a163564f7d70846702dd4c86e21b35a54283ed

    SHA256

    4086caacf845109ee04978330ddfc983f9f854ca20ed4b1e1e0de099da92fb43

    SHA512

    c1e39b2f1fc4d02e44962383865ec3b70c00dad77e3c795d633116dfbc550a08a146ec2ec47c58937ec426fe004d97a658e9c474de37b1bff6e613b28366e37d

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png.kkk

    Filesize

    560B

    MD5

    b1b0dafb860c7217d3055d0f933081f3

    SHA1

    472252976b360261f977b471e56cbe30cc8aef3a

    SHA256

    8df508c0ac3d35f8302e97f273d780d8205b9410a924df4455959911e58fac55

    SHA512

    13d9888220dd307496f02cf37b024fde3aefc71d2d7cffc4890ddc7548dec7e872521a38c473f1eac9d4df09ab70651f8ce7de70a6a60d4a08201e1642fc8728

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\example_icons.png.kkk

    Filesize

    688B

    MD5

    71beddf5e6b987d95ff93064ecd1b28c

    SHA1

    0cbd3304ea405193b3b704aa14a1b5ebc9bcb6eb

    SHA256

    b279485b869bdc7a872e269d6f96058bdd26ce43f9fba617103b5092b5f4da02

    SHA512

    dbcadef4c108e9e090cee4049431dc0fc06082e8c6221845646a94c504024f6d369cfba0b1c63b2e63bdd43076e35d46a72c0b61c03a9baf26b4ed63430a485e

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\example_icons2x.png.kkk

    Filesize

    1KB

    MD5

    5f3d9f0e6d3205c2a42e36e74ddd5135

    SHA1

    963b55d7f03d00361b8f6b7bfc2ee192db6d2397

    SHA256

    62d7ca0c341425e48f2f935122742861aab1b82d925e36279880c90c22afa686

    SHA512

    baaa1a9a5b160469319c0e4d81aeccc03de0ac0744897dfc8fe661590213c8c824be93a7897146b429df796c60e2ced98c0d61dc94ef0a4d6b6caa8faec10b2b

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\bg_pattern_RHP.png.kkk

    Filesize

    192B

    MD5

    3c8831c9282918db2fd0b8b908faa569

    SHA1

    866a0f6c39467156142ce428400a6f6198af063e

    SHA256

    5de4b1c143d50c427cea38380fd2a5ea6166e5e9adb8059ecb70bbae193121d1

    SHA512

    23185d5b81a6d4b4e1b9d6ad2be10bef860da9149a4ed00c78052d66abee312bc0d66d0bbe6c2cc2c1f3760aada94f9716f953e479ac4be4bab5cbc021857ff8

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\bg_patterns_header.png.kkk

    Filesize

    704B

    MD5

    29063541403d2c6472fc14f04f0bf55a

    SHA1

    d1d0ecd570920f826461b04fb2e31ef9b3896285

    SHA256

    700e5f564c857c033b462a905e0329e1e3864191f251aa778e590b132438fcb4

    SHA512

    8818acfc36214faaf33b8e110c51c43422ee7a6197e4e2f21cde9f62ff0cc277451e1974b383f69135d773c54a0b43c939588f9b5d42020964b6d9cf0eb4c441

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\illustrations.png.kkk

    Filesize

    8KB

    MD5

    5bd48a40cab8f44d2461c0613d332684

    SHA1

    65c2bc325faf10e531633518d7d335658de90707

    SHA256

    af2ae9548058151f6b56da0c29feb27f9402ef0a0dbf935d29d1c1304591b809

    SHA512

    f96c3f732534455e2fb51b76ccee5a0d076d943c0e8b93095a4fdfd37ddb3fbd77e8415adf30158599b87ab2cf941b864f6194339b70e024a51b1c86638f0a5d

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\illustrations_retina.png.kkk

    Filesize

    19KB

    MD5

    5440afcf6f581cffaf3ee6d96096d764

    SHA1

    3b291d0e5f54b8e60b2ccb0f18a7a446bb358a17

    SHA256

    1a6c8c6795ff7796c265a2615be0ed7689296031f287e139df703def01a99505

    SHA512

    6d1da555ef190c0117a92b03fd0bdf1927f4b66bef1c8f9e653e47ce36148045717b1f57bd21e3699a27287f6361bab33629bf3ccaa49a8d8a71fdb25b2a6431

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-gb\ui-strings.js.kkk

    Filesize

    832B

    MD5

    cad31bdd810cf0a5ea27e477bf36a71c

    SHA1

    64f7a790bf1ab10881141d94c3105ee0d0db4912

    SHA256

    1169a53a5b985233b0e4702ce118c58962f4764762a36a909265173d0f3a6a23

    SHA512

    059566e97f21c4df8f10bc274ca05d074591f47d0accd1f6969ea98df0a7f763e596b058a1e7f837dbe302fc1583f111029158cbd648e5aef33c725b8be540da

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ui-strings.js.kkk

    Filesize

    1KB

    MD5

    f5bfb177a12b9f20f0dae986c5f1ab98

    SHA1

    a687c7c0c4f2e555af4a0f771fd92581fc7f3dc9

    SHA256

    f3cf6a411f5fe4e769a28ec3efa535835d364d42c8273acffc8111016a5536e5

    SHA512

    cfd45f414eaaae3e5722118531ca11c733e57dc6cc728bef0cd307c36179814918757a3ac5901bbc55f1360ceceffadd3b88c41cfe04cdb2309c3e24910e97f4

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ui-strings.js.kkk

    Filesize

    1KB

    MD5

    0c6d95125e24cffcd015af65700bd75b

    SHA1

    5eecdfb09c43c4d6f95fe59d40749f4cc944964a

    SHA256

    cfce39cb1d86245173f1c91ff9780fe81e06b872b8cba8c8e60946ec70bfca52

    SHA512

    f95c4ed9db7fc8d52f84408a6df88290c2cf0c90a2567418b1a4aeccf2de93375d43afd2ede265efda89cae975fd56f741b48b53f2b60ed8659f6ceee560382b

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\bun.png.kkk

    Filesize

    2KB

    MD5

    bd8d3db8b130cfe717afc9c122ec9c94

    SHA1

    40abc62267f30036d9b544e969420dcde6e8a19b

    SHA256

    fa410268b6204531c77957986a262c37a53883eee104ac4a7e56eb6367e623b1

    SHA512

    a5f3d43dc93e777942e9083141e5d6cb32f60d86f2fee47c66450aefd8082615b8b7d8db7da051399b297bd89673572f4aaf2c89141ba18c3fc9201a185b6683

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview.png.kkk

    Filesize

    2KB

    MD5

    6b1f7dfe312cbc857be7fbeb4ca79a0d

    SHA1

    1c748f056143be429f5ed118c043c0fe1a3b67d6

    SHA256

    a86d93a9af9005fc2018ca9fcd829b18181d5e0efa63c9248f8262918be6ade2

    SHA512

    a7b2cea78053c0a409df24c19460e409f9bc977c7f5224db02be6d44826fdf6c7dcafed1b57d11e84bfd82729352559ae783a2e6b40ebae211d93057aef75b28

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview2x.png.kkk

    Filesize

    4KB

    MD5

    900862c45569112668ffa952e4736cc0

    SHA1

    109e8d4aa47c05cbca46d16056655ad70f2b091c

    SHA256

    33d44a69227cb3e80ab37ca36ed12ee3fbfbf182b4fb9b87fed28c54a16f83cc

    SHA512

    9a6504fcf813b8664320c6ead573086e1f7b162a743c236deb2217cd65a0d2784aa544f9d13db361854885955802a88d167261adffcbd00a223faef7dcb69a4e

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small.png.kkk

    Filesize

    304B

    MD5

    1b8202298443947c8908acdcb5718a52

    SHA1

    50169d66e7001f1bde1a4f8905489d78e2754b2c

    SHA256

    a560bb056367841475b6d2e053dfa1904d0863d6a40ad59ce8a1c8c1ebfa48ad

    SHA512

    7a9442a83255d5a20ff1a859a4b705f7481bd6e05dd8210f6802e611ed957d8d676d61d49d49eeabcd3d718e85c4b8dd6d6cf1f67eca86adcfb411513eba194e

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small2x.png.kkk

    Filesize

    400B

    MD5

    d1f632ec601dbb78e902b0b1b19022be

    SHA1

    2dd5cb5f6659aa747a15caf692817af2ffcd1f19

    SHA256

    744d21d201df5c2e8547f06af1a3a540c77dcdb95dafbd04bc191dd4c919386a

    SHA512

    efa9a54476ff9dada9393c63527d41ea5e30b2cb43eae86021cb450de3760a269a093596d32f0c0585b2b4c4d8094087084d46aecefe17e6d7f6ffa66803639f

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\nub.png.kkk

    Filesize

    1008B

    MD5

    a5d1aed6719d241e779478a2d11e92c5

    SHA1

    e6861e0a1dee7832abd4f822f8b779dd668a3c5b

    SHA256

    fcb78b1fe239e0f9ea9401724320b1c751764f336df6c1c5230bd0733a777a64

    SHA512

    3fdefc37df36024a965c79d0c0bb4d82d3c30233a895eb902d04ea24f05b24d7bbdd4000ef9452701f56065106d4e0afba3e341a3f54026ce29641321b2c898f

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons.png.kkk

    Filesize

    1KB

    MD5

    91a943103fd079736de37521ff610672

    SHA1

    b4dbb8d307b3dc05460fb979327f1244ee9b71da

    SHA256

    0d907545ea897345683d01eefe0be48e6b4d66c2c5f0422fc27cd66ff9a5775d

    SHA512

    1daf8c73b19b5caab1d38fc84df67f8176a89a50554d476089ee96c3d566e0c6c802aa17540e6eb779f79c6bc9f22742c5e294c9bfcebc0e66956d006833b96d

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons2x.png.kkk

    Filesize

    2KB

    MD5

    32f8d4915397cad38828996c475dff0a

    SHA1

    ea4fab34804b610ab1a5abf5ce712f0d51629009

    SHA256

    a46b9b729ae3340b00b50bc245ecc7e101869779040886ed480c6d324aabb17a

    SHA512

    fffa16d10134f517b09452103c9e96925c1aa817a851a085bb0a02adeba8445a663f59b666c930e665fed2dcb84cf3a63070fd81b60381e6786c6491978b0bcd

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\nl-nl\ui-strings.js.kkk

    Filesize

    848B

    MD5

    24c59b42a296a8c4b4658185bb58154d

    SHA1

    cfb55a1a0009cae6d1d01a88cdb8f7af081f8692

    SHA256

    d52a3b8cae9e4713c7dfe0ea9d55662b80e68b60ffc2d25dabd80634841167ab

    SHA512

    b3aa79e775dc231458794adc4af95196d9f2ea028e340f29ac04f474294f6713a9da099c86b3da20889163f6ec41f59a766b70f0e2fedc587022f1107470613a

  • C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.kkk

    Filesize

    32KB

    MD5

    9bf1204dd02ebce5b9ea86a12b5dab23

    SHA1

    b0a46783409c48cc05e1f7b7385989a2afc83d98

    SHA256

    bd7b91a5891a65d0a55509ac09642b2b33646f21e0a19453094bfafb76348e22

    SHA512

    ae4e43453c0b9dfd08f75340bb81f81babb87f08d34dafc60b5d2a588baa46e315e527665c4e464b19ebccfd775307a5e76efea8a0b075743335962ccdd033eb

  • C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\invalid32x32.gif.kkk

    Filesize

    160B

    MD5

    c55a44def54d2d4ad446279e2396fd53

    SHA1

    f77e9719392509d2faadeb953d40a3810c100b83

    SHA256

    257c16c6967bc37b43934987963025ef860d83c198a5a0dc380f72638d6b47f6

    SHA512

    bd8f3b07592b9036ccd6778cf98e1604ee4e93f3273aed09869dd8ecd1a5c084bf2cadca3eb718c09bbc20487f19ad8848f8dc6e613b5b6155df741fd43a0c59

  • C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe

    Filesize

    2.0MB

    MD5

    e57af3c82f33302d9736c178410bce30

    SHA1

    edd2f34ec0ea57edde129253790f70f5c0390bb0

    SHA256

    607f1607762645b684f13cffccfbe4bc326f24707953dc0cfb80aff22def8df0

    SHA512

    ef2f763b1349c23597bf16bcb6d03066b1d1f51eb59e61448d4955ac12d0d1e614428d4040285915021ad71aaadc202dcae97308a45cc20d339bcffd5a2d2c40

  • C:\Users\Admin\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.kkk

    Filesize

    8KB

    MD5

    e13fe9c7429238a99ac7db11842fb884

    SHA1

    ef32fa3b7d7d39449e6ef43a4b67c8cf495cb366

    SHA256

    14b9522354ed528a9708e4e88c073b63ccbc8730a5d98e206c67d654f3f28f50

    SHA512

    c24b84dd2d12ae1361578503276fe94e97d1ca27796f3311add97c734a388840200fe2c6f0dc89d0608c6b0c690e2d8cca2e655187278f6b1122b98de9ec43b8

  • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727662832033209.txt.kkk

    Filesize

    77KB

    MD5

    2654ff2a194d89f9422982fe7edde20d

    SHA1

    27831c1f0fd99d412f14a790e53a1903042f853f

    SHA256

    b5b0044eaaf5feb6875dc05dc3e6adaae9055a7ba9077c1091a2e8db96d596a8

    SHA512

    3d1637e66b1b7bcd39c379661a7909208f3a9f1815ff86a8d3c20129e1cc962fa97163329ca8f086beda34cf2ad526a5c218be563b872e963f91a304e38d9962

  • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727665100703612.txt.kkk

    Filesize

    47KB

    MD5

    1d31b711661d22b5d16f0ea233809913

    SHA1

    54cd07c1f58fb0efd97a27367a6070b7cab1ef45

    SHA256

    7885cb479ccffc64d67fa25817aefe40f25a4c2f7ed4a1f2b720ba95dfc560fe

    SHA512

    89f92dbff51e9eb8da808bc79542c5934bf22daae5366ee29c8c34db5937a0fad0eff5eefe32b3c041f78706fc324cd0c2489eb7758e69529f74b7611a302c5f

  • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727671148703052.txt.kkk

    Filesize

    65KB

    MD5

    f8242778dccd8b3db2958cd69f2b3281

    SHA1

    f4840cc67923a9fb1cc8484e49de4072795348b7

    SHA256

    5d3afae3a5dbe6d5d4b9c99c3e2aaa80644f30d3e4ccc27572c9bd34f52e91c3

    SHA512

    d802275d0c0b89f575e6a9620f838b236e7635427b5f6883d400a24b15105a1eefea32d790ed12c98d367390a4bd5cc36faf46da2b6bfe80e0f10c570e8ee52a

  • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133773408594886784.txt.kkk

    Filesize

    74KB

    MD5

    dac4900d24627fe6c05e33650185bfde

    SHA1

    963db6310d1fa405c95a8ffbeda6d0d038c7d4e0

    SHA256

    b7b431626bd92db9c9abf6d381e5736d13e212e1de427d5f65f0e9ce4d5f18e3

    SHA512

    5caefc469df6afca58d45b66bf7798e3f1b0062243e75c4d6eddab467aaef9751e1bcedbdd4a0af760270033d64963870fa3a0c3aa7cad9aa0b183bf2c74158c

  • C:\Users\Admin\AppData\Local\Temp\{708A459D-8621-4AA7-9180-98F478AE5A12} - OProcSessId.dat.kkk

    Filesize

    16B

    MD5

    f676080bd90886ac2ecf680ac3162244

    SHA1

    30a721d56041472fcf0c255c3c05c89b76093101

    SHA256

    6e658c85e1ac3f1599673a2374ad5e8fb94520fe68b3f6eefdf108c42acc6414

    SHA512

    b654a04f020ca0ccb0e9f7ab964e0d6a998b15b02ec47cbcccfd1274b99fddeccdca688b1d39e3d82de28610624f8765b1f5ac52895072f7c4cdb824f1658960

  • C:\Users\Admin\AppData\Roaming\System32Work\EncryptedFileList.txt

    Filesize

    426KB

    MD5

    0e27ee7f46ea6f92f39eb7e5dba503a0

    SHA1

    880e30c98c425ada8b1a37a3210f7e19c896a9ec

    SHA256

    adb3cdf5b31f3a324f79fb6b733b3e63f5f74ad50773d58cda29ccb0053bb98c

    SHA512

    2e97c8b6e63e011c9989929f1968a5352c481b7ca9dea4b62f4fe40674a2a7ef8bc4ef457f531a86d530112db91bcf6e5fb7a401565b15bd271a8b927125a384

  • memory/644-3783-0x00007FFFFEB90000-0x00007FFFFF531000-memory.dmp

    Filesize

    9.6MB

  • memory/644-3787-0x00007FFFFEB90000-0x00007FFFFF531000-memory.dmp

    Filesize

    9.6MB

  • memory/644-23-0x00000000017D0000-0x00000000017D8000-memory.dmp

    Filesize

    32KB

  • memory/644-3790-0x000000001FD50000-0x000000001FDC2000-memory.dmp

    Filesize

    456KB

  • memory/644-24-0x00007FFFFEB90000-0x00007FFFFF531000-memory.dmp

    Filesize

    9.6MB

  • memory/644-20-0x00007FFFFEB90000-0x00007FFFFF531000-memory.dmp

    Filesize

    9.6MB

  • memory/644-21-0x00007FFFFEB90000-0x00007FFFFF531000-memory.dmp

    Filesize

    9.6MB

  • memory/644-3788-0x00007FFFFEB90000-0x00007FFFFF531000-memory.dmp

    Filesize

    9.6MB

  • memory/644-3784-0x00007FFFFEB90000-0x00007FFFFF531000-memory.dmp

    Filesize

    9.6MB

  • memory/644-22-0x00007FFFFEB90000-0x00007FFFFF531000-memory.dmp

    Filesize

    9.6MB

  • memory/3156-19-0x00007FFFFEB90000-0x00007FFFFF531000-memory.dmp

    Filesize

    9.6MB

  • memory/3156-3-0x000000001C1A0000-0x000000001C30A000-memory.dmp

    Filesize

    1.4MB

  • memory/3156-4-0x000000001C8E0000-0x000000001CDAE000-memory.dmp

    Filesize

    4.8MB

  • memory/3156-1-0x00007FFFFEB90000-0x00007FFFFF531000-memory.dmp

    Filesize

    9.6MB

  • memory/3156-0-0x00007FFFFEE45000-0x00007FFFFEE46000-memory.dmp

    Filesize

    4KB

  • memory/3156-5-0x000000001C5B0000-0x000000001C64C000-memory.dmp

    Filesize

    624KB

  • memory/3156-2-0x00007FFFFEB90000-0x00007FFFFF531000-memory.dmp

    Filesize

    9.6MB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.