General Info

URL

https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Jigsaw/Ransomware.Jigsaw.zip?raw=true

Full analysis
https://app.any.run/tasks/715ec816-5a90-4ac1-bac0-ee54280caac8
Verdict
Malicious activity
Analysis date
14/01/2022, 20:56:07
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

jigsaw

ransomware

bad

Indicators:

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
300 seconds
Additional time used
240 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 11.0.9600.19596 KB4534251
  • Adobe Acrobat Reader DC (20.013.20064)
  • Adobe Flash Player 32 ActiveX (32.0.0.453)
  • Adobe Flash Player 32 NPAPI (32.0.0.453)
  • Adobe Flash Player 32 PPAPI (32.0.0.453)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.74)
  • FileZilla Client 3.51.0 (3.51.0)
  • Google Chrome (86.0.4240.198)
  • Google Update Helper (1.3.36.31)
  • Java 8 Update 271 (8.0.2710.9)
  • Java Auto Updater (2.8.271.9)
  • Microsoft .NET Framework 4.5.2 (4.5.51209)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
  • Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (German) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
  • Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
  • Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
  • Mozilla Firefox 83.0 (x86 en-US) (83.0)
  • Mozilla Maintenance Service (83.0.0.7621)
  • Notepad++ (32-bit x86) (7.9.1)
  • Opera 12.15 (12.15.1748)
  • QGA (2.14.33)
  • Skype version 8.29 (8.29)
  • VLC media player (3.0.11)
  • WinRAR 5.91 (32-bit) (5.91.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Hyphenation Parent Package English
  • IE Spelling Parent Package English
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • InternetExplorer Package TopLevel
  • KB2479943
  • KB2491683
  • KB2506212
  • KB2506928
  • KB2532531
  • KB2533552
  • KB2533623
  • KB2534111
  • KB2545698
  • KB2547666
  • KB2552343
  • KB2560656
  • KB2564958
  • KB2574819
  • KB2579686
  • KB2585542
  • KB2604115
  • KB2620704
  • KB2621440
  • KB2631813
  • KB2639308
  • KB2640148
  • KB2653956
  • KB2654428
  • KB2656356
  • KB2660075
  • KB2667402
  • KB2676562
  • KB2685811
  • KB2685813
  • KB2685939
  • KB2690533
  • KB2698365
  • KB2705219
  • KB2719857
  • KB2726535
  • KB2727528
  • KB2729094
  • KB2729452
  • KB2731771
  • KB2732059
  • KB2736422
  • KB2742599
  • KB2750841
  • KB2758857
  • KB2761217
  • KB2770660
  • KB2773072
  • KB2786081
  • KB2789645
  • KB2799926
  • KB2800095
  • KB2807986
  • KB2808679
  • KB2813347
  • KB2813430
  • KB2820331
  • KB2834140
  • KB2836942
  • KB2836943
  • KB2840631
  • KB2843630
  • KB2847927
  • KB2852386
  • KB2853952
  • KB2857650
  • KB2861698
  • KB2862152
  • KB2862330
  • KB2862335
  • KB2864202
  • KB2868038
  • KB2871997
  • KB2872035
  • KB2884256
  • KB2891804
  • KB2893294
  • KB2893519
  • KB2894844
  • KB2900986
  • KB2908783
  • KB2911501
  • KB2912390
  • KB2918077
  • KB2919469
  • KB2923545
  • KB2931356
  • KB2937610
  • KB2943357
  • KB2952664
  • KB2968294
  • KB2970228
  • KB2972100
  • KB2972211
  • KB2973112
  • KB2973201
  • KB2977292
  • KB2978120
  • KB2978742
  • KB2984972
  • KB2984976
  • KB2984976 SP1
  • KB2985461
  • KB2991963
  • KB2992611
  • KB2999226
  • KB3004375
  • KB3006121
  • KB3006137
  • KB3010788
  • KB3011780
  • KB3013531
  • KB3019978
  • KB3020370
  • KB3020388
  • KB3021674
  • KB3021917
  • KB3022777
  • KB3023215
  • KB3030377
  • KB3031432
  • KB3035126
  • KB3037574
  • KB3042058
  • KB3045685
  • KB3046017
  • KB3046269
  • KB3054476
  • KB3055642
  • KB3059317
  • KB3060716
  • KB3061518
  • KB3067903
  • KB3068708
  • KB3071756
  • KB3072305
  • KB3074543
  • KB3075226
  • KB3078667
  • KB3080149
  • KB3086255
  • KB3092601
  • KB3093513
  • KB3097989
  • KB3101722
  • KB3102429
  • KB3102810
  • KB3107998
  • KB3108371
  • KB3108664
  • KB3109103
  • KB3109560
  • KB3110329
  • KB3115858
  • KB3118401
  • KB3122648
  • KB3123479
  • KB3126587
  • KB3127220
  • KB3133977
  • KB3137061
  • KB3138378
  • KB3138612
  • KB3138910
  • KB3139398
  • KB3139914
  • KB3140245
  • KB3147071
  • KB3150220
  • KB3150513
  • KB3155178
  • KB3156016
  • KB3159398
  • KB3161102
  • KB3161949
  • KB3170735
  • KB3172605
  • KB3179573
  • KB3184143
  • KB3185319
  • KB4019990
  • KB4040980
  • KB4474419
  • KB4490628
  • KB4524752
  • KB4532945
  • KB4536952
  • KB4567409
  • KB958488
  • KB976902
  • KB982018
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • Package 21 for KB2984976
  • Package 38 for KB2984976
  • Package 45 for KB2984976
  • Package 59 for KB2984976
  • Package 7 for KB2984976
  • Package 76 for KB2984976
  • PlatformUpdate Win7 SRV08R2 Package TopLevel
  • ProfessionalEdition
  • RDP BlueIP Package TopLevel
  • RDP WinIP Package TopLevel
  • RollupFix
  • UltimateEdition
  • WUClient SelfUpdate ActiveX
  • WUClient SelfUpdate Aux TopLevel
  • WUClient SelfUpdate Core TopLevel
  • WinMan WinIP Package TopLevel

Behavior activities

MALICIOUS SUSPICIOUS INFO
Application was dropped or rewritten from another process
  • Jigsaw Ransomware.exe (PID: 3404)
  • drpbx.exe (PID: 756)
Drops executable file immediately after starts
  • Jigsaw Ransomware.exe (PID: 3404)
Changes the autorun value in the registry
  • Jigsaw Ransomware.exe (PID: 3404)
Actions looks like stealing of personal data
  • drpbx.exe (PID: 756)
Steals credentials from Web Browsers
  • drpbx.exe (PID: 756)
Modifies files in Chrome extension folder
  • drpbx.exe (PID: 756)
Checks supported languages
  • WinRAR.exe (PID: 2292)
  • Jigsaw Ransomware.exe (PID: 3404)
  • drpbx.exe (PID: 756)
Reads the computer name
  • WinRAR.exe (PID: 2292)
  • Jigsaw Ransomware.exe (PID: 3404)
  • drpbx.exe (PID: 756)
Executable content was dropped or overwritten
  • WinRAR.exe (PID: 2292)
  • Jigsaw Ransomware.exe (PID: 3404)
Starts itself from another location
  • Jigsaw Ransomware.exe (PID: 3404)
Drops a file with a compile date too recent
  • drpbx.exe (PID: 756)
Creates files in the user directory
  • Jigsaw Ransomware.exe (PID: 3404)
  • drpbx.exe (PID: 756)
Creates files in the program directory
  • drpbx.exe (PID: 756)
Reads Environment values
  • drpbx.exe (PID: 756)
Reads the computer name
  • firefox.exe (PID: 2744)
  • firefox.exe (PID: 1768)
  • firefox.exe (PID: 3812)
  • firefox.exe (PID: 3388)
  • firefox.exe (PID: 2300)
  • firefox.exe (PID: 1792)
Checks supported languages
  • firefox.exe (PID: 1768)
  • firefox.exe (PID: 3464)
  • firefox.exe (PID: 3388)
  • firefox.exe (PID: 2300)
  • firefox.exe (PID: 2744)
  • firefox.exe (PID: 3812)
  • firefox.exe (PID: 1792)
Application launched itself
  • firefox.exe (PID: 3812)
  • firefox.exe (PID: 3464)
Checks Windows Trust Settings
  • firefox.exe (PID: 3812)
Creates files in the program directory
  • firefox.exe (PID: 3812)
Reads the date of Windows installation
  • firefox.exe (PID: 3812)
Creates files in the user directory
  • firefox.exe (PID: 3812)
Reads CPU info
  • firefox.exe (PID: 3812)
Manual execution by user
  • Jigsaw Ransomware.exe (PID: 3404)
  • WinRAR.exe (PID: 2292)
Dropped object may contain Bitcoin addresses
  • drpbx.exe (PID: 756)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Screenshots

Processes

Total processes
48
Monitored processes
10
Malicious processes
2
Suspicious processes
0

Behavior graph

+
start drop and start firefox.exe no specs firefox.exe firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs winrar.exe jigsaw ransomware.exe drpbx.exe
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
3464
CMD
"C:\Program Files\Mozilla Firefox\firefox.exe" "https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Jigsaw/Ransomware.Jigsaw.zip?raw=true"
Path
C:\Program Files\Mozilla Firefox\firefox.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Mozilla Corporation
Description
Firefox
Version
83.0
Modules
Image
c:\windows\system32\wintrust.dll
c:\windows\system32\ntdll.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\windows\system32\sechost.dll
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\msasn1.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\kernel32.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\windows\system32\msvcrt.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\windows\system32\imm32.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\windows\system32\apphelp.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\rpcrt4.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\windows\system32\user32.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\windows\system32\dbghelp.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\windows\system32\advapi32.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\windows\system32\msctf.dll
c:\windows\system32\version.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\lpk.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll

PID
3812
CMD
"C:\Program Files\Mozilla Firefox\firefox.exe" https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Jigsaw/Ransomware.Jigsaw.zip?raw=true
Path
C:\Program Files\Mozilla Firefox\firefox.exe
Indicators
Parent process
firefox.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Mozilla Corporation
Description
Firefox
Version
83.0
Modules
Image
c:\windows\system32\wldap32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\profapi.dll
c:\windows\system32\avrt.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\ntmarta.dll
c:\program files\mozilla firefox\d3dcompiler_47.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\kbdus.dll
c:\program files\mozilla firefox\xul.dll
c:\windows\system32\uxtheme.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\windows\system32\crypt32.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\firefox.exe
c:\program files\mozilla firefox\mozglue.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\psapi.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ntdll.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\windows\system32\dwrite.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\windows\system32\version.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\program files\mozilla firefox\lgpllibs.dll
c:\windows\system32\dbghelp.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\msvcrt.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\advapi32.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\nss3.dll
c:\windows\system32\lpk.dll
c:\windows\system32\wintrust.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\windows\system32\msctf.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\windows\system32\winmm.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\nsi.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\windows\system32\ws2_32.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\imm32.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wship6.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\wbemcomn2.dll
c:\windows\system32\winsta.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\npmproxy.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\netprofm.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wpc.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\samcli.dll
c:\windows\system32\mscms.dll
c:\windows\system32\samlib.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\netutils.dll
c:\windows\system32\d2d1.dll
c:\windows\system32\propsys.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\audioses.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\secur32.dll
c:\program files\mozilla firefox\softokn3.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\wininet.dll
c:\windows\system32\winhttp.dll
c:\program files\mozilla firefox\freebl3.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
c:\program files\mozilla firefox\nssckbi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\webio.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\actxprxy.dll
c:\program files\winrar\winrar.exe
c:\windows\system32\cscapi.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wshext.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\slc.dll
c:\windows\system32\cscui.dll
c:\windows\system32\windowspowershell\v1.0\pwrshsip.dll
c:\windows\system32\msisip.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\imageres.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\sxs.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\shdocvw.dll

PID
2744
CMD
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3812.0.1603837660\694914555" -parentBuildID 20201112153044 -prefsHandle 1136 -prefMapHandle 828 -prefsLen 1 -prefMapSize 238726 -appdir "C:\Program Files\Mozilla Firefox\browser" - 3812 "\\.\pipe\gecko-crash-server-pipe.3812" 1224 gpu
Path
C:\Program Files\Mozilla Firefox\firefox.exe
Indicators
No indicators
Parent process
firefox.exe
User
admin
Integrity Level
MEDIUM
Exit code
1
Version:
Company
Mozilla Corporation
Description
Firefox
Version
83.0
Modules
Image
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\wship6.dll
c:\windows\system32\wshqos.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\lgpllibs.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\kernel32.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\nsi.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\dxva2.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\rpcrt4.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\mozilla firefox\xul.dll
c:\windows\system32\ole32.dll
c:\windows\system32\version.dll
c:\windows\system32\shlwapi.dll
c:\program files\mozilla firefox\d3dcompiler_47.dll
c:\windows\system32\wshtcpip.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\msvcrt.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\windows\system32\usp10.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\atl.dll
c:\windows\system32\powrprof.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\shell32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\evr.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\windows\system32\lpk.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\advapi32.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\sechost.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\dbghelp.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\crypt32.dll
c:\windows\system32\wintrust.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\windows\system32\cryptbase.dll
c:\program files\mozilla firefox\nss3.dll
c:\windows\system32\avrt.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\mf.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\windows\system32\winmm.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\oleaut32.dll

PID
3388
CMD
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3812.6.1406186389\2018630751" -childID 1 -isForBrowser -prefsHandle 3124 -prefMapHandle 3120 -prefsLen 245 -prefMapSize 238726 -parentBuildID 20201112153044 -appdir "C:\Program Files\Mozilla Firefox\browser" - 3812 "\\.\pipe\gecko-crash-server-pipe.3812" 3136 tab
Path
C:\Program Files\Mozilla Firefox\firefox.exe
Indicators
No indicators
Parent process
firefox.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Mozilla Corporation
Description
Firefox
Version
83.0
Modules
Image
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\sechost.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\windows\system32\msvcrt.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\windows\system32\user32.dll
c:\windows\system32\kernel32.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\advapi32.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\wsock32.dll
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\rpcrt4.dll
c:\windows\system32\crypt32.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\windows\system32\wintrust.dll
c:\program files\mozilla firefox\nss3.dll
c:\windows\system32\nsi.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\windows\system32\gdi32.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\winmm.dll
c:\windows\system32\usp10.dll
c:\windows\system32\version.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\windows\system32\msctf.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\program files\mozilla firefox\lgpllibs.dll
c:\windows\system32\dbghelp.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\windows\system32\lpk.dll
c:\windows\system32\nlaapi.dll
c:\program files\mozilla firefox\xul.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\ole32.dll
c:\windows\system32\avrt.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wship6.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\devobj.dll
c:\program files\mozilla firefox\d3dcompiler_47.dll
c:\windows\system32\samcli.dll
c:\windows\system32\shell32.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\samlib.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\wpc.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\winrnr.dll

PID
1768
CMD
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3812.13.793667954\349675716" -childID 2 -isForBrowser -prefsHandle 1992 -prefMapHandle 2012 -prefsLen 6644 -prefMapSize 238726 -parentBuildID 20201112153044 -appdir "C:\Program Files\Mozilla Firefox\browser" - 3812 "\\.\pipe\gecko-crash-server-pipe.3812" 1964 tab
Path
C:\Program Files\Mozilla Firefox\firefox.exe
Indicators
No indicators
Parent process
firefox.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Mozilla Corporation
Description
Firefox
Version
83.0
Modules
Image
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\windows\system32\kernel32.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\windows\system32\rpcrt4.dll
c:\program files\mozilla firefox\nss3.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\msctf.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\version.dll
c:\windows\system32\imm32.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\windows\system32\msvcrt.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\windows\system32\nsi.dll
c:\program files\mozilla firefox\lgpllibs.dll
c:\windows\system32\winmm.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\wintrust.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\windows\system32\wsock32.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\program files\mozilla firefox\xul.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\windows\system32\dbghelp.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\windows\system32\netutils.dll
c:\windows\system32\samcli.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\wpc.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\samlib.dll
c:\windows\system32\shell32.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\wship6.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\cryptbase.dll
c:\program files\mozilla firefox\d3dcompiler_47.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\ole32.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\avrt.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\shlwapi.dll
c:\program files\mozilla firefox\softokn3.dll
c:\program files\mozilla firefox\freebl3.dll

PID
1792
CMD
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3812.20.2080788669\1574985923" -childID 3 -isForBrowser -prefsHandle 3600 -prefMapHandle 2040 -prefsLen 7399 -prefMapSize 238726 -parentBuildID 20201112153044 -appdir "C:\Program Files\Mozilla Firefox\browser" - 3812 "\\.\pipe\gecko-crash-server-pipe.3812" 3612 tab
Path
C:\Program Files\Mozilla Firefox\firefox.exe
Indicators
No indicators
Parent process
firefox.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Mozilla Corporation
Description
Firefox
Version
83.0
Modules
Image
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\mozglue.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\windows\system32\nsi.dll
c:\windows\system32\sechost.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\profapi.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\xul.dll
c:\windows\system32\user32.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\oleaut32.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\windows\system32\usp10.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\cryptbase.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\kernel32.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\windows\system32\msvcrt.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\ntdll.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\ws2_32.dll
c:\program files\mozilla firefox\lgpllibs.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\program files\mozilla firefox\d3dcompiler_47.dll
c:\windows\system32\version.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\nss3.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\shell32.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\crypt32.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wship6.dll
c:\windows\system32\wpc.dll
c:\windows\system32\samlib.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\netutils.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\samcli.dll
c:\program files\mozilla firefox\softokn3.dll
c:\program files\mozilla firefox\freebl3.dll

PID
2300
CMD
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3812.27.1427973711\1723732071" -childID 4 -isForBrowser -prefsHandle 3832 -prefMapHandle 3828 -prefsLen 7470 -prefMapSize 238726 -parentBuildID 20201112153044 -appdir "C:\Program Files\Mozilla Firefox\browser" - 3812 "\\.\pipe\gecko-crash-server-pipe.3812" 3844 tab
Path
C:\Program Files\Mozilla Firefox\firefox.exe
Indicators
No indicators
Parent process
firefox.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Mozilla Corporation
Description
Firefox
Version
83.0
Modules
Image
c:\windows\system32\rpcrt4.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\lpk.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\windows\system32\version.dll
c:\windows\system32\shlwapi.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\msvcrt.dll
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\dbghelp.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\crypt32.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\wintrust.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\mozilla firefox\nss3.dll
c:\windows\system32\wsock32.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\program files\mozilla firefox\lgpllibs.dll
c:\windows\system32\shell32.dll
c:\windows\system32\avrt.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\windows\system32\winmm.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\windows\system32\ws2_32.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\wship6.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\dwrite.dll
c:\program files\mozilla firefox\xul.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\devobj.dll
c:\windows\system32\profapi.dll
c:\windows\system32\d3d11.dll
c:\program files\mozilla firefox\d3dcompiler_47.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\wshtcpip.dll

PID
2292
CMD
"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Ransomware.Jigsaw.zip"
Path
C:\Program Files\WinRAR\WinRAR.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Alexander Roshal
Description
WinRAR archiver
Version
5.91.0
Modules
Image
c:\windows\system32\secur32.dll
c:\windows\system32\ehstorapi.dll
c:\windows\system32\profapi.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\samlib.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\imageres.dll
c:\windows\system32\samcli.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\user32.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\davclnt.dll
c:\windows\system32\usp10.dll
c:\windows\system32\wkscli.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\program files\winrar\winrar.exe
c:\windows\system32\advapi32.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.24542_none_5c0717c7a00ddc6d\gdiplus.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\shell32.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\propsys.dll
c:\windows\system32\sechost.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\riched20.dll
c:\windows\system32\ntlanman.dll
c:\windows\system32\davhlpr.dll
c:\windows\system32\wmasf.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cscui.dll
c:\windows\system32\slc.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\mpr.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\imm32.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\audiodev.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\portabledeviceapi.dll
c:\windows\system32\winsta.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\ehstorshell.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\drprov.dll
c:\windows\system32\wmvcore.dll
c:\windows\system32\duser.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\dui70.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\rsaenh.dll

PID
3404
CMD
"C:\Users\admin\Desktop\Jigsaw Ransomware.exe"
Path
C:\Users\admin\Desktop\Jigsaw Ransomware.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Description
Firefox
Version
37.0.2.5583
Modules
Image
c:\windows\system32\lpk.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\users\admin\desktop\jigsaw ransomware.exe
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\imm32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\profapi.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\mscorlib\23349d393ecff063c3152fcf5229b2ab\mscorlib.ni.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorjit.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.drawing\8f5842a3d4d666059db685b319e3a5b3\system.drawing.ni.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
c:\windows\system32\ole32.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\sechost.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system\e10fc0c922927179f29b495cf47d62dc\system.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.windows.forms\91efd50cedcf22003233d52464c01816\system.windows.forms.ni.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\cryptbase.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\urlmon.dll
c:\users\admin\appdata\local\drpbx\drpbx.exe
c:\windows\system32\propsys.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\shfolder.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.xml\992b101b45c1e2e5563fee65ab5fd691\system.xml.ni.dll
c:\windows\system32\devobj.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\secur32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\wininet.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.core\3b259d3ceb1962e723584a04cfab357a\system.core.ni.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\userenv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\version.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\cryptsp.dll

PID
756
CMD
"C:\Users\admin\AppData\Local\Drpbx\drpbx.exe" C:\Users\admin\Desktop\Jigsaw?Ransomware.exe
Path
C:\Users\admin\AppData\Local\Drpbx\drpbx.exe
Indicators
Parent process
Jigsaw Ransomware.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Description
Firefox
Version
37.0.2.5583
Modules
Image
c:\windows\system32\advapi32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll
c:\users\admin\appdata\local\drpbx\drpbx.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
c:\windows\system32\usp10.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\imm32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\user32.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll
c:\windows\system32\shell32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\msctf.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\mscorlib\23349d393ecff063c3152fcf5229b2ab\mscorlib.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system\e10fc0c922927179f29b495cf47d62dc\system.ni.dll
c:\windows\system32\clbcatq.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.drawing\8f5842a3d4d666059db685b319e3a5b3\system.drawing.ni.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorjit.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.windows.forms\91efd50cedcf22003233d52464c01816\system.windows.forms.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.core\3b259d3ceb1962e723584a04cfab357a\system.core.ni.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\shfolder.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.24542_none_5c0717c7a00ddc6d\gdiplus.dll
c:\windows\microsoft.net\framework\v2.0.50727\culture.dll
c:\windows\microsoft.net\framework\v2.0.50727\diasymreader.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\windowscodecs.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\version.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\credssp.dll
c:\windows\system32\nsi.dll
c:\windows\system32\webio.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.xml\992b101b45c1e2e5563fee65ab5fd691\system.xml.ni.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\dnsapi.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.configuration\94fe1557aab4bc059482da7d99e97641\system.configuration.ni.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\wship6.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\rasadhlp.dll

Registry activity

Total events
70357
Read events
0
Write events
83
Delete events
0

Modification events

PID
Process
Operation
Key
Name
Value
3464
firefox.exe
write
HKEY_CURRENT_USER\Software\Mozilla\Firefox\Launcher
C:\Program Files\Mozilla Firefox\firefox.exe|Launcher
5A9458A070000000
3812
firefox.exe
write
HKEY_CURRENT_USER\Software\Mozilla\Firefox\Launcher
C:\Program Files\Mozilla Firefox\firefox.exe|Browser
449B58A070000000
3812
firefox.exe
write
HKEY_CURRENT_USER\Software\Mozilla\Firefox\Launcher
C:\Program Files\Mozilla Firefox\firefox.exe|Telemetry
0
3812
firefox.exe
write
HKEY_CURRENT_USER\Software\Mozilla\Firefox\Default Browser Agent
C:\Program Files\Mozilla Firefox|SecurityContentSignatureRootHash
97:E8:BA:9C:F1:2F:B3:DE:53:CC:42:A4:E6:57:7E:D6:4D:F4:93:C2:47:B4:14:FE:A0:36:81:8D:38:23:56:0E
3812
firefox.exe
write
HKEY_CURRENT_USER\Software\Mozilla\Firefox\Default Browser Agent
C:\Program Files\Mozilla Firefox|DisableDefaultBrowserAgent
0
3812
firefox.exe
write
HKEY_CURRENT_USER\Software\Mozilla\Firefox\DllPrefetchExperiment
C:\Program Files\Mozilla Firefox\firefox.exe
0
3812
firefox.exe
write
HKEY_CURRENT_USER\Software\Mozilla\Firefox\Default Browser Agent
C:\Program Files\Mozilla Firefox|ServicesSettingsServer
https://firefox.settings.services.mozilla.com/v1
3812
firefox.exe
write
HKEY_CURRENT_USER\Software\Mozilla\Firefox\Default Browser Agent
C:\Program Files\Mozilla Firefox|DisableTelemetry
1
3812
firefox.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3812
firefox.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000003B010000090000000000000000000000000000000400000000000000C0E333BBEAB1D3010000000000000000000000000100000002000000C0A80164000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
3812
firefox.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\16C\52C64B7E
LanguageList
en-US
3812
firefox.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\Program Files\WinRAR\WinRAR.exe
WinRAR archiver
3812
firefox.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
0
3812
firefox.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
ProxyBypass
1
3812
firefox.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
1
3812
firefox.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
IntranetName
1
3812
firefox.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{362E934C-743B-4588-8259-D2482DB771A8}
WpadDecisionTime
1DEA402D8909D801
3812
firefox.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-36-3e-ff
WpadDecision
0
3812
firefox.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-36-3e-ff
WpadDecisionTime
1DEA402D8909D801
3812
firefox.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-36-3e-ff
WpadDecisionReason
1
3812
firefox.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{362E934C-743B-4588-8259-D2482DB771A8}
WpadDecisionReason
1
3812
firefox.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{362E934C-743B-4588-8259-D2482DB771A8}
WpadNetworkName
Network 4
3812
firefox.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{362E934C-743B-4588-8259-D2482DB771A8}
WpadDecision
0
2292
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
ShellExtIcon
2292
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
ShellExtBMP
2292
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
2
C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip
2292
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
1
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
2292
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
name
120
2292
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
0
C:\Users\admin\AppData\Local\Temp\Ransomware.Jigsaw.zip
2292
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
mtime
100
2292
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
type
120
2292
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
size
80
2292
WinRAR.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\16C\52C64B7E
LanguageList
en-US
2292
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Interface
ShowPassword
0
2292
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Interface\MainWin
Placement
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF4100000096000000010400008B020000
2292
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnWidths
name
120
2292
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnWidths
type
120
2292
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\General\Toolbar\Layout
Band56_1
38000000730100000500000000000000D4D0C8000000000000000000000000008601010000000000160000002A0000000000000002000000
2292
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnWidths
size
80
2292
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\General\Toolbar\Layout
Band56_2
38000000730100000400000000000000D4D0C800000000000000000000000000700101000000000016000000640000000000000003000000
2292
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnWidths
psize
80
2292
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\General
LastFolder
C:\Users\admin\AppData\Local\Temp
2292
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnWidths
crc
70
2292
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\General\Toolbar\Layout
Band56_0
38000000730100000402000000000000D4D0C800000000000000000000000000840101000000000039000000B40200000000000001000000
2292
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnWidths
mtime
100
3404
Jigsaw Ransomware.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
firefox.exe
C:\Users\admin\AppData\Roaming\Frfx\firefox.exe
3404
Jigsaw Ransomware.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
IntranetName
1
3404
Jigsaw Ransomware.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
1
3404
Jigsaw Ransomware.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
0
3404
Jigsaw Ransomware.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
ProxyBypass
1
756
drpbx.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\drpbx_RASAPI32
FileTracingMask
756
drpbx.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\drpbx_RASMANCS
ConsoleTracingMask
756
drpbx.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\drpbx_RASMANCS
FileDirectory
%windir%\tracing
756
drpbx.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\drpbx_RASAPI32
EnableFileTracing
0
756
drpbx.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\drpbx_RASMANCS
EnableFileTracing
0
756
drpbx.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\drpbx_RASAPI32
EnableConsoleTracing
0
756
drpbx.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\drpbx_RASAPI32
MaxFileSize
1048576
756
drpbx.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\drpbx_RASMANCS
MaxFileSize
1048576
756
drpbx.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\drpbx_RASAPI32
ConsoleTracingMask
756
drpbx.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\drpbx_RASMANCS
EnableConsoleTracing
0
756
drpbx.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\drpbx_RASMANCS
FileTracingMask
756
drpbx.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\drpbx_RASAPI32
FileDirectory
%windir%\tracing

Files activity

Executable files
3
Suspicious files
1020
Text files
93
Unknown types
26

Dropped files

PID
Process
Filename
Type
3404
Jigsaw Ransomware.exe
C:\Users\admin\AppData\Local\Drpbx\drpbx.exe
executable
MD5: 2773e3dc59472296cb0024ba7715a64e
SHA256: 3ae96f73d805e1d3995253db4d910300d8442ea603737a1428b613061e7f61e7
3404
Jigsaw Ransomware.exe
C:\Users\admin\AppData\Roaming\Frfx\firefox.exe
executable
MD5: 2773e3dc59472296cb0024ba7715a64e
SHA256: 3ae96f73d805e1d3995253db4d910300d8442ea603737a1428b613061e7f61e7
2292
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb2292.44436\jigsaw
executable
MD5: 2773e3dc59472296cb0024ba7715a64e
SHA256: 3ae96f73d805e1d3995253db4d910300d8442ea603737a1428b613061e7f61e7
756
drpbx.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8620.824.0.0_0\mirroring_hangouts.js.fun
binary
MD5: 938289675c954fa921fcc0241473c137
SHA256: 35695ec48ffe19fe241e62ab40cc54a44c03b4b6e8f8617dc38f2d18dc9d90b4
756
drpbx.exe
C:\Users\admin\AppData\Roaming\System32Work\EncryptedFileList.txt
text
MD5: 2d64e0fcb2e9134e4c88ca0f7f257b2b
SHA256: 8065d85d64ac9bf84e0ea1e0ee8994e37f4a1f0245731775cee9de36454cb140
756
drpbx.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8620.824.0.0_0\cast_sender.js.fun
binary
MD5: e8c99cd8905e1da0ae40c9b0b2a302d1
SHA256: fc0881b1bdd68dc5adbd13c0e0649d072a087394a5eccc0efe6310bc5a68e068
756
drpbx.exe
C:\Users\admin\AppData\Roaming\System32Work\dr
text
MD5: 3c59dc048e8850243be8079a5c74d079
SHA256: 6f4b6612125fb3a0daecd2799dfd6c9c299424fd920f9b308110a2c1fbd8f443
756
drpbx.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8620.824.0.0_0\common.js.fun
binary
MD5: 7583ea333959527c2d677ba4edefff70
SHA256: 5067b0b8952b8602c51e640c7b084fa110d1c40345c9219b0cea9cfdce35d499
756
drpbx.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.3_0\128.png.fun
binary
MD5: d25a4c664a34d84d3530e0d19041968a
SHA256: e37d212fe9650e5700266f0c961dee21054be5f369e7af894daaa1db832a6297
756
drpbx.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\4.10.1440.18\LICENSE.txt.fun
binary
MD5: b757fc50bc72d80e69067ec88c4a93bc
SHA256: 43c58b23be251f91bc65f1d48d530b9565692fe06342c54e314716de053b13e5
756
drpbx.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\wcp-consent[1].js.fun
binary
MD5: 33ba63b6e9112bd514a35ad3ac45450f
SHA256: 58389c1fc57a3e7ce24bd8191db349a995a0290087ec3e5753232c02ecf1cd90
756
drpbx.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\oneplayer[1].js.fun
binary
MD5: 651adb7bc676f70f1746ed46d9f6279b
SHA256: d442915cee11ebce9907a64f9f8698ca18f935ef02498954e213898fbebc814b
756
drpbx.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\js[1].js.fun
binary
MD5: bb27cbb110bd750814d898968a4d02dd
SHA256: b6f9602849974103f2755ccddc65fcc8d9f5b34268320443e32266bddc32d7f3
756
drpbx.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.5_0\128.png.fun
binary
MD5: fe71e68e269689226ea2b026025c813b
SHA256: 5b684ef803efefbe106da6b25dc3902e7e134f74dcce067d8efa8445549994fa
756
drpbx.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\jquery[1].js.fun
binary
MD5: 0b7ec6b4541a0ee83f0cbe62ac1e658e
SHA256: 55e43fe342ddb597722caf64ba2e7defb1b92425bb5495881054ca15817141b3
756
drpbx.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8620.824.0.0_0\mirroring_cast_streaming.js.fun
binary
MD5: c9bbd8d277cf52bf1f7bb2d31207b81e
SHA256: f798938d90c53153e9f782fde520455c3b9ed659e7f6b751e33cce1c4f4f16b2
756
drpbx.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\50-f1e180[1].js.fun
binary
MD5: 72d0c9179cec92a45b80be6d51057330
SHA256: 591023b5f2a18ea320f535c202980645365e60675f9a48b8c5fa56c4a4ffa4b7
756
drpbx.exe
C:\Users\admin\AppData\Roaming\System32Work\Address.txt
text
MD5: 9399f4b9ca72a7e3bfab4d7725b7cc7a
SHA256: ed2cbe61cf87ebd9eb0fd46e28add95939240711a01fad8e3007352171657b46
756
drpbx.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8620.824.0.0_0\mirroring_common.js.fun
binary
MD5: 20bcafc177d72757e4218ef7696379fe
SHA256: c971687bf5113d8b8c0e87d20970acdf94b6f9c7d325d561c25cb5b94d3f4706
756
drpbx.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8620.824.0.0_0\mirroring_webrtc.js.fun
binary
MD5: bb02cb26895db2dec1de3e285af64dd6
SHA256: c941606902cac849093f58c95e28b7e5cee3e39512fae7cd8ffa90def4657ef3
756
drpbx.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8620.824.0.0_0\angular.js.fun
binary
MD5: aa43c13732c8a475d1f05246f7617d41
SHA256: 9c77da2fd4bfc9df865eff43d90942ca403bf4500563d56bbe5a4844d2fc3332
756
drpbx.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8620.824.0.0_0\feedback_script.js.fun
binary
MD5: 7b4a69f049d8b94b55eed9851441ecc4
SHA256: 1caa9e4e3f7df00899a31f5b5b4abb1dc4cef437e6a7d277c63461da8939fc50
756
drpbx.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8620.824.0.0_0\background_script.js.fun
binary
MD5: e2811aedd6a79007cff2c6a8e4d6db12
SHA256: 61ae82e99b1581f874b5a4238138c6f164403fc2e9b55f9b2af191865c0fd13e
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\[email protected]
binary
MD5: 84dae41dc260ca043733765f1be1e019
SHA256: 593617c6d6868970d8618e5d9502e1be1c4cb0c298eea3a1186997ac1ecd9ea3
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\skype-logo-136x60.png.fun
binary
MD5: f33bff240df84c4baf7d5b3770c3e8b9
SHA256: 7501d8803f4f274e63d4602ef101aa71ee09267d5c1f3fca5fde6ee262449cce
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\msa-logos-135x25.png.fun
binary
MD5: 67754d1fce827d65272d7b8c7fbc96b8
SHA256: 9a265058cf8eccb465fe8541eec45e051c72392b3c20534a6f9285019dda3147
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\logo-cloud-35x25.png.fun
binary
MD5: e67835581c1f8fcc2c32231938089404
SHA256: d9cbf3b156b229220ac8b410621db1b7723a1fcf54b78c1dfffb3a7b4a8a82d6
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\[email protected]
binary
MD5: 921b13a2831a8a57b52b48236974285b
SHA256: 3fb4768790124673d17f0eacfc60646206c875facaa6b232bf397eddc9dadaca
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\logo-skype-25x25.png.fun
binary
MD5: c6af0596b59e5b3a5d19b0f01fd08528
SHA256: 473efb6ea2ecca7a88304bc685a2e507799875a8f6b05fbcbba7fd8d88280b7d
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\[email protected]
binary
MD5: 87c9ff6deb2f0c7c838ba1a98f8f87b5
SHA256: ccd698eab9d7f2bdbfa9fd784661e98cc43b7994c82d7c525c96d0449de92a90
756
drpbx.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Subresource Filter\Unindexed Rules\9.16.0\LICENSE.txt.fun
binary
MD5: d94956608e16fe5e780f11be8d701d10
SHA256: 2e4ef296a4416c17c765cbd4af039974f9a2df138357c9e4b47a5aea8946fdbd
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\logo-xbox-25x25.png.fun
binary
MD5: bf570bb9e47c3ad45ec5091039b41042
SHA256: b26d98f21b76e0187458e95edb589afa31b5e19cf17955339697e1ff21e4c782
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\[email protected]
binary
MD5: d3b10f055c481ac6e4618a26658efc48
SHA256: 8e82b784f96453bb6a8e0ffa70eeaa74d36e1a4f2cc9cbef913d27caa45ab57c
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\[email protected]
binary
MD5: f6211c4d860fc8904680cfbc244f123c
SHA256: 15647b5b1d9f4741a804dba3a71bea209bb85550e7390eff79a1fe83cef4b25f
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\[email protected]
binary
MD5: ddaa668b3e33c7ccfe92ce389b0db6c4
SHA256: ff6a9c8f70c759d78740f9cb07f083f5f474c9d7f7598d08420f5e4a401ad7be
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\logo-office-25x25.png.fun
binary
MD5: 2bb4154a7ccac97b0cb8d10e00dfe48d
SHA256: 7e8f3172f7b3ea678e4c95e95801ea8f6de33e0105d93afacccaa721faac33e1
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\[email protected]
binary
MD5: 7fe087f6dc90d08c4b1707e977901f6d
SHA256: ba8456b0cb932488baa3245a15891940737dbec9be1a2078b180db103b7dcf77
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\logo-win-25x25.png.fun
binary
MD5: f010a806fd03470b60bbe7b82038c2d2
SHA256: 8106845d43f8d40d970b584d879f63027f8c837b02c6aa037deb204c41cfd27b
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\ticked_not_10x10.png.fun
binary
MD5: 2d76a342602c27960e3ff7b66997b2dd
SHA256: a9db5610b619556e463f8008dad93b061cca93774ea23b82ebc1e04653f2d7ee
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\[email protected]
binary
MD5: ae00e56e3196fbb77b8809adebb451ca
SHA256: 55ca221c4b481b06004441da450cf6ec35339ff4b858b28a2858ceb190611fbb
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\ticked_10x10.png.fun
binary
MD5: d1c4afd7e714f23f8eb985e2bf3533b0
SHA256: 6525eb245cb7ab5e9ca31f5706600bd09de0dc33ce638a326ab35b9044b65841
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\[email protected]
binary
MD5: 4a1faf958dd03f7b6fc0a2f61c2a72f0
SHA256: 03ec1abeda44bf5628c2fd5be7e646db88922278d3547c2bef653b3eaf58f465
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\[email protected]
binary
MD5: 33bbac800d60b159d9949facd1177458
SHA256: b9ec847c0c9afcb3fd235b7478f4f90e65587271ccb7d7e79276671f4c0a7262
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\dropdown_hover_32x32.png.fun
binary
MD5: 6f2fce10d0a2ac82353d11c2f5623b94
SHA256: cfc8f06847a4ea7330b7595e3405a084ca5e5825024fabe3f92df6382fa42bcb
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\[email protected]
binary
MD5: 2acc22f4fcb697c403323d94709a3b8d
SHA256: 27d6ed5296b8c6dbabe7b440b0943bcc4db3c14fc3836bbd1f321ba2f3b24206
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\[email protected]
binary
MD5: 2acc22f4fcb697c403323d94709a3b8d
SHA256: 27d6ed5296b8c6dbabe7b440b0943bcc4db3c14fc3836bbd1f321ba2f3b24206
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\exclamation_20x20.png.fun
binary
MD5: 626c8dbb40448675d8a330cec506f0ea
SHA256: 6a840e1eec299c6236aa550abe65994d9bfc2bb4cd215513ce5871bc4be354ba
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\[email protected]
binary
MD5: 03b4d5e49a8e5686ae3708467557c81c
SHA256: aa66b7dfba41b23d6c0275b25c9d8bb9ee31e2867e6d16c7574e9f17c121844c
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\back_20x20-inverted.png.fun
binary
MD5: af998342abf9933238d18c364dd9277d
SHA256: 560e92e5c0e9b30e01d1136de9b229408b473f904cd74f320f74d79a31085819
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\button-middle-35x35.png.fun
binary
MD5: ed7bc83106691dff1c8cae075aa9bf86
SHA256: dedc133230f4128f5de26affeb2887af11aad1336b5e277fdcc015cbd3fbbc9b
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\arrow_up_20x20.png.fun
binary
MD5: 3efa673f78426b5023c8fb9f893cd95c
SHA256: d8db6eb5e5c71e9248296d23ac8b8b0844878760e1eddfa5ddeadee8ceddd64b
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\[email protected]
binary
MD5: e9808d6ee8408f4309ce38d4d8fb7730
SHA256: edde3a8c16c97382b11d87235d08b47004523243993b9da23347204635cb1288
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\[email protected]
binary
MD5: df7fe957df07cd942e910c23ef08b666
SHA256: 8620016f4b89aa00537622fa5bc28bd1136b79bd20be187afe66b9c25905e343
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\retina\[email protected]
binary
MD5: f345fe5449abba8d7168cf3ee3d052b0
SHA256: 4c4d2d21505bf4eec8b58b1df67115ce425c5fe585d4e6d6eafcd7f128288f60
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\[email protected]
binary
MD5: c1d56c87d92b4e95334dee256cea043c
SHA256: ad75e5414d5a470d4a9445b262d85c8b21e953e0c8352f9b65d94da9ef1481e5
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\capslock_20x20.png.fun
binary
MD5: 31081c84456e9ef3d84b18b208851c68
SHA256: d87cf94f99f3bff3efdb6b184485023c32a3858055580950b43698811693366c
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\dropdown_32x32.png.fun
binary
MD5: 6f2fce10d0a2ac82353d11c2f5623b94
SHA256: cfc8f06847a4ea7330b7595e3405a084ca5e5825024fabe3f92df6382fa42bcb
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\[email protected]
binary
MD5: c5f44acf31a84cf152a03cc501d247c6
SHA256: 053ecd2e78e2441d101133d6a94642dfa2fb8c35e739ae868f095b0506d9929c
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\button-left-35x35.png.fun
binary
MD5: 9cdf07827cd15345e9c8a327da07ebd7
SHA256: 2403f074a76a3603d8f5a843246506e4f175fc3cc4249c9f4618b6b2611413a9
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\button-right-35x35.png.fun
binary
MD5: c559ae9e8b887d0e6b93d1c5c3fe167a
SHA256: 5d9b505a02978ef65e52ae27b94ad2d288a0e3c6d1879024680d6e3361266776
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\[email protected]
binary
MD5: f65ada8e5896e03471ea50801f20dc84
SHA256: 0d2828fb0970e5936bd273a9209f2568169eec9bb91c19f1770e9a493f798b6e
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\[email protected]
binary
MD5: 80906bb74569a8a084c8fa0294b7e9f5
SHA256: 1ba9a50c80aec162436324b264d2be6ac8de8fbdfef317c954dc950fa7394241
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\white-on-black\back_20x20.png.fun
binary
MD5: 3c531d6c6bf6b4369368c17af8538ee9
SHA256: e5ecaefdeb621db2fc6a2dc335687ad99328873fd5f1c1939fa6802530eeab31
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\retina\[email protected]
binary
MD5: 839e30337a98c2b03d03cc6679ded10f
SHA256: 36c0335dcbd85404b07d2e661d0509bc5e04456e1c2d1b7deec33cf6498a7a9d
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\retina\[email protected]
binary
MD5: c15dfc66784475275c02c0d65b48f940
SHA256: 73181ba0ba0b1950a1f56c8ff8c546282d79c979ce4eacb356bf6dba23e682e6
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\retina\[email protected]
binary
MD5: 66546d61643c3392a60d723e3d0a873c
SHA256: 51757178955a32899b177883682413924106a99424dd8095ed592749aa694ec9
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\retina\[email protected]
binary
MD5: ece640af622c18f72a57f63e40107776
SHA256: baa0648d82b5f813762f7381ba8b5e6a575bc040ae89df2050f34c0d91ed4bf9
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\retina\[email protected]
binary
MD5: 66546d61643c3392a60d723e3d0a873c
SHA256: 51757178955a32899b177883682413924106a99424dd8095ed592749aa694ec9
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\retina\[email protected]
binary
MD5: b0d84a14e27dd542cc57a29d56c92fd8
SHA256: 7c302823e1bab104347d1f49d6273eaf92544bd58c7ce43488b09b97c82d5a44
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\retina\[email protected]
binary
MD5: 3d50cc21328ffc876232acc718f55bec
SHA256: 4ad131d6742746e7010141e14c25c4ce3a9567810ac43569ddf2e52a88efac09
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\retina\[email protected]
binary
MD5: fd018056d9ff2fb124f8cbab4f65bdff
SHA256: aade2eb45e0144e2313ce2a26bb2a2fec125c6c34fa4e2f36308e9942d6b9002
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\retina\[email protected]
binary
MD5: ad9b2c17d51eb9af06c869c3c27ccd5b
SHA256: 58dcce6d91dfa36dcf0597caa3ff9d11582ac0cd783c97b38ba34f4f341cc35e
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\retina\[email protected]
binary
MD5: a53b89186c28b0169932e72c3e2e2b16
SHA256: a3df1241458c60c339b89ff93cef25ae6b640f4e5ae8be5129541c7bb38ba76a
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\retina\[email protected]
binary
MD5: 2f2f068597fab33126b236c6dea91b7b
SHA256: 87e38edf76a00e24dd4ffb0e703810b34121ae457535abcf569efd7e6da1cc43
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\retina\[email protected]
binary
MD5: 103db5ccfa8160785e01c1648f5b9f4b
SHA256: 4a8cc9afbfe2ae8b8c202d270b84a150977e4ac7d3f62e64a81ea5163b08dafe
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\[email protected]
binary
MD5: 84dae41dc260ca043733765f1be1e019
SHA256: 593617c6d6868970d8618e5d9502e1be1c4cb0c298eea3a1186997ac1ecd9ea3
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\[email protected]
binary
MD5: 4dabba68325d3b1d43967fb0a103c815
SHA256: 68dd4cd54b62cf9b19348685f5cb6396f9a3a3a1d8a74a773bf22e044fc47917
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\retina\[email protected]
binary
MD5: 21e8100837f2eccb1366d8e8c8610493
SHA256: c972c5cfc139aac228bf58762fc96075ffc1c11bf5398b96aabc0964f754e81b
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\retina\[email protected]
binary
MD5: 5f9e11cc629390d68e10af1d3e144a86
SHA256: 9b371579ebe8963a87ef9e0babbde58ebf62b1828e0707bea46db2f389313f48
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\retina\[email protected]
binary
MD5: 75635cadf89528745b2c417744b1d2b0
SHA256: 30c41ddabaee589c6cca688cf2d5eed4189ef43044e13bdcff69148ec60af89f
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\retina\[email protected]
binary
MD5: 30c5452894ff46b86f440c67794418cf
SHA256: 247e7749c570504a7dac7b0490110548de1ea2961f3c1448bbdd40764f437892
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\ticked_not_10x10.png.fun
binary
MD5: 2d76a342602c27960e3ff7b66997b2dd
SHA256: a9db5610b619556e463f8008dad93b061cca93774ea23b82ebc1e04653f2d7ee
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\retina\[email protected]
binary
MD5: 5e6ef367208d13457e8ffed5b184ca0d
SHA256: 02f4f909845180d66013a97f37b89d897453601bb7ae9b1144a22b8790e79a19
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\retina\[email protected]
binary
MD5: 85fd6fd609ecfb8a6ce05645f0604c0f
SHA256: a0c2d52662e56a7e14bf8797bc093430b1a53428870935049348c00ac3ea4377
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\retina\[email protected]
binary
MD5: 344b6077d3bb1e217b467bffae33235f
SHA256: ab97b3d4b9b5fd200bd3885eabe58cd5e2e036441941042390f5202a4c851a1f
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\retina\[email protected]
binary
MD5: 5e53d1d9f28157342689399df9c3a606
SHA256: 422ac75123cd38da32ceaf6b38531f73931b5b0fe37b6affdf9d7d1c51f06213
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\retina\[email protected]
binary
MD5: 2ece17ad355b178d22ba8652b87b40d7
SHA256: a3b7e38d37eca0157b4c4a736495cd0e2f4a6a2d69d3d651181ef2c236b60b3c
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\ticked_10x10.png.fun
binary
MD5: 1f11256ca8502b755223270dad84d17f
SHA256: c16691c0ea971ad57ac67be8dc8104c11177f0e20c0150a7ca68962331cb24a9
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\skype-logo-136x60.png.fun
binary
MD5: aa77018059357c02ce0b72984bc2b77f
SHA256: 1d7c08d5286bbc61e65876c171a0c702abd66a07e2863d6235d899ae2028b1d0
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\[email protected]
binary
MD5: 67ce02247af2372e8c09e538b0b77555
SHA256: 3aa3a493abca41cb6b944015acb64eeb5b757925c6663e12943bd6dd399046ad
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\[email protected]
binary
MD5: 4bd0fde759d6b48ab5f9bb84d1cf3b36
SHA256: 72950b5c12d7cc1664b99c1d350ea538d9cfa15b451e58ce8a974c3d71c368af
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\msa-logos-135x25.png.fun
binary
MD5: b17327eb8f9b2f61f0b3204105ae7b63
SHA256: 915910fdd8e5547f0fc1cf0576a7517272dcf38dd5b5df8d4af03e05eeead1d8
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\[email protected]
binary
MD5: 2c9aaf535a31f5151ea266374224d9b3
SHA256: 20cbe78e8d89b11e924781f7189c668852ec7f9130bdc46c14d1eb7d602fba97
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\logo-win-25x25.png.fun
binary
MD5: 2a038193acfb2ab7e4fa4c2ada431e36
SHA256: ca9b5d56f673777da61806da8517ec5c224fad2b2410ea6e4f4ceecf045e08d7
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\logo-xbox-25x25.png.fun
binary
MD5: 5fe2c3ca2ecc5fe51b0ca6d407dfb02e
SHA256: be76187ba51ca3fe37a5b9080c54ade42d7602dbab2d0c32db28d3c767e58743
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\[email protected]
binary
MD5: 17d4532344fd3502fd58bb6c8bc919c3
SHA256: fe8485da02f58a426fca86e7088e0a3a9ecfa1a87862dd0eb186ecfb295fe36c
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\logo-skype-25x25.png.fun
binary
MD5: a5e8223a41b4f00f62b14cd46e6d9b2b
SHA256: f59dc532726c3211982a3a6b463f0c89b10a39326e3ffe415d2c692c3efea42b
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\logo-office-25x25.png.fun
binary
MD5: 12668234ddc05547d0be9fa60432e319
SHA256: a46643e655ea419309f15bccb3d3a5e8bec69f807581088c36978fce2a72983a
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\[email protected]
binary
MD5: b4d260b2f1e7d48b13364a3dfefcf0bb
SHA256: 67b67a20a0e907b80acff35e16d53032c7fea8b0fb99aa8054216d07bd6afaac
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\logo-cloud-35x25.png.fun
binary
MD5: c1e48e1ecc53cb71aa8517c34a0d0350
SHA256: d5a3f586cfd8ab0afb1430cd23107f35491063502a536c915ba1bb31f653cf51
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\[email protected]
binary
MD5: 8695a53b546b7f0875dc3a0137b94a71
SHA256: 4409aeae43c4d23c46f977dd09b91ebf05caa1607dd802d25f1cd0eeb6cb0dd1
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\loader_15fps.gif.fun
binary
MD5: 7711d3773dcd4cc2a425adbf45d0a4d7
SHA256: 6d91103ad7bf06cf29b8f5476d353c027b689daa95e7e760165da9acfefae15e
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\[email protected]
binary
MD5: 264d6d139e59e1dfb8aafa8fd35a2a6f
SHA256: d5ee6fa40d30e7f204d96c288b0762906d43a4317a8af3c2509022db7b19436c
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\loader_30fps.gif.fun
binary
MD5: 936ef4527215d9de0d9f61b0e55cdc96
SHA256: 867c99b0a029e09b0b2f5ed20d524439e916cb02c585cc7cdd1d3a105ababfb7
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\dropdown_hover_32x32.png.fun
binary
MD5: f741cb05f6b99bb833f9073d892fb81b
SHA256: 5d0c8fc5bbe12105e1b1d6b07667688ed71f1b4f3e1419ae2425bab2ea648345
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\[email protected]
binary
MD5: 3130d8d7edcdb12b22422ec3f111ecfb
SHA256: 463fc5895e6cccae91dc04c76d3d3e19a95bf6ab633fb6a1fd899f64f11b5130
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\[email protected]
binary
MD5: e41cf01b5c17136de98906d877f97377
SHA256: ff52a43c1b6b4271ecbe8e72bbc2102d2df877e038d8e077641674bf826a3baf
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\caret_right.png.fun
binary
MD5: 2462269a912c43a178154af0f19094c9
SHA256: 5ebd2f5254d0133cc2da659b7b81dc659196ad28c00d5989c1fb3ef4e7813ad0
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\[email protected]
binary
MD5: cabc33cb6e58c640f7040fecbe2ebc1d
SHA256: 74565cec7efa72df964b8dd13aa3c02eaca0e0362232bb223be4e6729b6bedc6
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\caret_left.png.fun
binary
MD5: 15bd405da78271e61df28b31e68619cd
SHA256: 4452da6db2485ec97ad84ebce383a861468c0b08b798f7027379d3f4b6e4a893
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\button-middle-35x35.png.fun
binary
MD5: c60203b78332eb526f2ec74dd61311a5
SHA256: 8250e2fb233a95a1862805f8e52a728e31ed65e05891a19faec80427abf7835d
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\dropdown_32x32.png.fun
binary
MD5: 7ad2d7ad7d19945097225ffcdb047a93
SHA256: 79bce0a79db7520c5dfe0b2f52614588cbc66c1215f749326dd024cfa0436564
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\[email protected]
binary
MD5: 2abf5dc79d946a3276eba613d2d04d84
SHA256: 5ba9729ef7b133b421bbcfdc6101b3cddbbf1cd8a99f29df3782e9a90c8e3cec
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\[email protected]
binary
MD5: 6aae0486dd16e464a98b7e48f901af87
SHA256: f0b138824ba04747f898faf1381b2d0946f8b2c07a77c8f325c55576a867814a
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\button-right-35x35.png.fun
binary
MD5: b254e4e3c11e674a5c75fdf98e7aacc6
SHA256: 613fbe76ceb979bd1fe856f291637fbe8b830c40c6b96595fe61eacce03a4835
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\[email protected]
binary
MD5: fa92c25da5863ca18163b46ff1b4a6cb
SHA256: 54a07af5016cead217eecd92983757e7c6dfae92b795abee3773ac74ac5694d7
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\[email protected]
binary
MD5: 20140303e65cc6095e4020e24d4dbc01
SHA256: eb12d9843ee647f32b5c8b7801801f6778b3695595930d724bd3728a703c6bce
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\button-left-35x35.png.fun
binary
MD5: 10010c10ef5c757b76e6ae2aa51a6348
SHA256: 4e8fd10b0f8ffb02dd8de8d9494e2bf202f80e9159703bff915740f641ad5e6b
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\[email protected]
binary
MD5: e892b4b9541a92cec1104f875afb9895
SHA256: 989b8b45fe1a4983ba2b21a271a4b6fa328b0bdc7dc586f9fb17f1e005b4e678
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\exclamation_20x20.png.fun
binary
MD5: cc390956465587bf05da69b992025924
SHA256: 11073d13727099e72fc6df21c6868bb6d0c7297a5bd9511204b7eae08a3761e1
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\button-darker-right-35x35.png.fun
binary
MD5: ca1c65b3d12b674cd7358f456aecf3ab
SHA256: f5f3a5135e94f043c72bb770db8859662b00f473d06b7fee885808236465e839
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\capslock_20x20.png.fun
binary
MD5: 0479225eab2863d4891be608d1661b5d
SHA256: 7672381edf565adcf818c7021cdd7ffa5422dd203a8f4d60281b6764be8b9c2c
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\[email protected]
binary
MD5: 8a1913db16d2ea76419defaa18816205
SHA256: f02600b51c0b35da08c67ec0667f7299eece83e93f2ddc4cbd4250dba0f73393
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\button-darker-middle-35x35.png.fun
binary
MD5: d593f9053736d8fc6cfd0abc147868df
SHA256: 34416c52a09c1687f7172cb8da43b41eb6dd99e2dd8e52bbe8c4e3652142918e
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\[email protected]
binary
MD5: 1aff18a96f0f4630bf481c204b18e622
SHA256: 2a85beeb2975ae3ec413231761b4c961e8e4e3fbb92c5913d79431104578173f
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\button-darker-left-35x35.png.fun
binary
MD5: 7b25a1dd960c5397026cf3e3868b501e
SHA256: 0f81922965eb359aec760b7526137ffe7d7f34613c0a7490bdf14fb15ea57f82
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\arrow_up_20x20_8bit.png.fun
binary
MD5: 2a4eeb519615fb1ae4f82368420b26f5
SHA256: 938431b371a34b23f1a095f9ddfddeef873269e48a12c538ee56a7c4df54d09d
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\[email protected]
binary
MD5: 2d3d43bbea2e865564924c1d5dfa45fa
SHA256: 13f496692858fff36ced5855f4f88c6ff13c66a3589120413649b7ed52e07e73
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\back_20x20.png.fun
binary
MD5: a45c83cf9bc20862ac3d903ed52252f3
SHA256: 3e624505a54123c5dd45a8cb68991c6fcbe4e6f5ef1ddc9a06536711bc2f4907
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\ticked_not_10x10.png.fun
binary
MD5: 6521662d1ed8789ea1f0a9bbf7b5701f
SHA256: e10000c85aa5121d01ab290faa59e4ca3c71eb5432f02e3ef8545dc090c807a3
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\[email protected]
binary
MD5: cf2c0ae15b1b73e4c4b901fade674b29
SHA256: 32b493822b1a0928eb795561ed9336e9bd1275b00f799ce9d06cd1b96890954b
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\[email protected]
binary
MD5: ca57a70226d2567c0b83d673223ac6f7
SHA256: 7967a44b4449fc6383499fa9c28071aa68755a9bb3f3fdebf792265477a05d60
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\[email protected]
binary
MD5: c0da11d173341d4968bb0c1f0aa40bc7
SHA256: 55bafb0c9921f600d661d5f75fb8b1d45160088c2beb40c5a84d993aaaaeb2cd
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\back_20x20-inverted.png.fun
binary
MD5: 8959603b2c7355a67002751649f259e5
SHA256: 1c23fd06ac93be01d692539a46865701ad1a13e9734ce967a44ab29b39b360c8
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\arrow_up_20x20.png.fun
binary
MD5: 60efa55d818b665cbbfc8f493bcb1c8c
SHA256: feefd7e180a052af0d45ab811d758cdaf732c762a802f99c1236933824afe290
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\[email protected]
binary
MD5: 7518b14bf4633f06a5211397cfb25542
SHA256: 1f6b35bcc80bdf35e8c320e6cf01129766e56f7e74b1c2e2930620a52ca8b78e
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\[email protected]
binary
MD5: 1f3afb2ddb6731e52ec6a8285279acc5
SHA256: 1065e8f323aa403c04f785e34968195757f9d0358758884176d38eb45dee222e
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\logo-win-25x25.png.fun
binary
MD5: c88c1ebc323b74650b4c5116dd416c7b
SHA256: 288ec5626e5fe867b333e4a93f756b2dd7c8dc4931f84352564a30fb7dac48d6
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\ticked_10x10.png.fun
binary
MD5: 94c61a27341cd6ec67a66671d81d7822
SHA256: 20d5018e3a70539522b4da7ef02a2ad64016755df9f1d198328dbdd6ee2473fd
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\skype-logo-136x60.png.fun
binary
MD5: 6f1a104cb1085d58b81c7211e69a0e3b
SHA256: ba088be466976ddfdc4a9bd076b20784ad8ab00af3be16d456d1a890d5d4ff47
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\[email protected]
binary
MD5: d2e4ce64d729930bac3f68763bb8ae60
SHA256: 411cb37476544c3dd9537494418a447b2a1549d8cadcfcb9e1fae8e3fd4841dd
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\msa-logos-135x25.png.fun
binary
MD5: 841d4816eebdfc25ecf5569a6946cf5d
SHA256: c814d3c095a969b429df6942de3ff5c22e56279a0b434131150231b387a8f5aa
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\[email protected]
binary
MD5: 5b93afa3deb364db15d44ecdd354be50
SHA256: 62a7ad2b704aea1c22769a7055da28b2e3356c32e683392502ad9a8778754edc
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\logo-xbox-25x25.png.fun
binary
MD5: 5479724d85732a411e1ddf2824ff7f28
SHA256: 488d9517e07b4085df097c2bdaebd8ba733ce9099285b2be38f9bd58e927d598
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\normal\[email protected]
binary
MD5: 127863ddf0ca8eacee9e98973f813a80
SHA256: bd44d7f2217e6ea52aff9b58c3fbd23ca3e759faf382ff88f625ea123953f561
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\[email protected]
binary
MD5: 9e7628d78aa2dd722c60af6b3f4f58d2
SHA256: 04be889ccba04702285a89d37376b994737a95c2b43c47c8d2094eb79c434478
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\logo-skype-25x25.png.fun
binary
MD5: f9b5e2257c19a223e1791470bb2d0990
SHA256: 3778199d9b884be8efb878f2ab98a34d1d89f0e9c818cdf892ed0e240557f156
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\logo-office-25x25.png.fun
binary
MD5: e1b4ad6ebadce352eb99eec69b619c50
SHA256: d99fcd1d33033e69e6b09b6dc8513c778de1aff4e4a829aa3dfeb660922e4de2
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\[email protected]
binary
MD5: 51afdf539d9b95ef562b938721384f74
SHA256: 43fa42e087d723f61b4ee0efbc6b5a0ca927593516252a91ac833715ec3c58db
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\[email protected]
binary
MD5: c4635d3521779360bcaef30d0ca3b97e
SHA256: 5fa3d95b7174bef36d54929a38750263a37256fa9f01c635628a50abea914af8
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\logo-cloud-35x25.png.fun
binary
MD5: 39e81f80ec9b42467419c79a0183baec
SHA256: c2f13c3600d6c23845efb96ac4389520016ce360f029356b3a136355dc2ba435
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\[email protected]
binary
MD5: c22464840ae6b14b7a0c49eebd063c4f
SHA256: 2b81ad324bac3f9fb54c99f412f23f6b96786bfcbf6a06442aff7ecdfc0068bb
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\exclamation_20x20.png.fun
binary
MD5: b56ec6587ec63f57b4b0d2436cab7c50
SHA256: 7f0748d0725d64bd6c752cf76cae332f2a971e33645e8998f795f2c38487f2a9
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\[email protected]
binary
MD5: b32a7ee0818f47169f93cc99bed088a0
SHA256: 530b10b388f1e59cc15426bc608b486f092c4c65e7c870707ca24577b40fefc0
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\[email protected]
binary
MD5: b32a7ee0818f47169f93cc99bed088a0
SHA256: 530b10b388f1e59cc15426bc608b486f092c4c65e7c870707ca24577b40fefc0
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\dropdown_hover_32x32.png.fun
binary
MD5: 5a70bf154c5b40082fbaa7c69170a293
SHA256: daf9dcd052c57179645f6b3b3c6bed92e3fa54d63487864ad2467782a2b50ea5
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\[email protected]
binary
MD5: 03b4d5e49a8e5686ae3708467557c81c
SHA256: aa66b7dfba41b23d6c0275b25c9d8bb9ee31e2867e6d16c7574e9f17c121844c
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\[email protected]
binary
MD5: d144e92cf15e1f03d5fe520597aae6bd
SHA256: 1bed55be2a6d319b35ca8744845995d7770c86b279f0446c8d26f673f69e266a
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\caret_right.png.fun
binary
MD5: 23148f0836a0e645e9a9914dc1295dff
SHA256: cc0eab34dd19631244f8cbc1649549e1646befec8617db4f447c833032dc4b14
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\dropdown_32x32.png.fun
binary
MD5: 5a70bf154c5b40082fbaa7c69170a293
SHA256: daf9dcd052c57179645f6b3b3c6bed92e3fa54d63487864ad2467782a2b50ea5
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\capslock_20x20.png.fun
binary
MD5: 31081c84456e9ef3d84b18b208851c68
SHA256: d87cf94f99f3bff3efdb6b184485023c32a3858055580950b43698811693366c
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\caret_left.png.fun
binary
MD5: 78b7a00fc12fd75b24349d54184bab80
SHA256: 3b876095656169d63a6166aca147434f684f94c25f386fb19a25b5ea0db0d092
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\button-middle-35x35.png.fun
binary
MD5: f6f9930f855be99438e418b1f9207393
SHA256: 79397d0a28f82648ad7d4da8a4b3fee6705860df0a48fe430f9815cb406ec28c
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\button-right-35x35.png.fun
binary
MD5: 9164a15636df0ffff45e046da9e938eb
SHA256: 513c7f0b88bd65b7afac77f8d5862464a40cf977f2bf82bc005a5873fd919482
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\[email protected]
binary
MD5: a3e1a2384cf1f0144b9482c1b0709476
SHA256: a5f96b9c482a763f940686f2f5f6c832035de0f6ba52c741f6d13cbd1eed1012
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\[email protected]
binary
MD5: 0dabf6c5caa22d108344a9ded84f109a
SHA256: d960539b900fb4418b10f1b9f2a1b4f2aebbea17435800b32ce83401cb6fcdf5
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\[email protected]
binary
MD5: 536592d8ea51b0b1f20c3d5efbddcdff
SHA256: f6f42fd1fb6269f8007b2997952acf18e8229101bdda52b3efd3616b26b32d19
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\button-left-35x35.png.fun
binary
MD5: 9943090124521f0a4eca51c99eb584fc
SHA256: 7b9a6350c492c5032b6bfc2ffbdb29bb8acb6b9245beb627f89d60d4fea5bb73
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\back_20x20.png.fun
binary
MD5: cd0e55ae975cc30b9ed1ec014e80115e
SHA256: dde0a448fcc354d1e6833b8e927ea2bdbbe0a7577bb759c6093bfcc355a7ed51
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\[email protected]
binary
MD5: 5ea91b84952c18117a860fb289981c43
SHA256: 9ab680d1b54a36dc0cd5ac31c8f26980050f1bdd7a2a0c7cf21d12d856bfcb45
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\[email protected]
binary
MD5: df7fe957df07cd942e910c23ef08b666
SHA256: 8620016f4b89aa00537622fa5bc28bd1136b79bd20be187afe66b9c25905e343
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\back_20x20-inverted.png.fun
binary
MD5: 99b171ed5a217e8657216178c01afe93
SHA256: 8a6339b018bb3517fd2c9c9e6407de650aae2b1902c1f78bc295e64756ecdd5b
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\black-on-white\arrow_up_20x20.png.fun
binary
MD5: 3efa673f78426b5023c8fb9f893cd95c
SHA256: d8db6eb5e5c71e9248296d23ac8b8b0844878760e1eddfa5ddeadee8ceddd64b
756
drpbx.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\WER\ReportQueue\NonCritical_x86_ef247139b520d6ed27dbacf6415f8b9aafaf9f19_cab_0ab03289\DMI326A.tmp.log.xml.fun
binary
MD5: 2c9c9c82cd0f37456c4833c3e37ee22a
SHA256: e6e7b5260c31fa95727a9c82985f34c436f129f5d083b0ed80464c4243e27703
756
drpbx.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\WER\ReportQueue\NonCritical_x86_25d8c99bb2efe48245fe485139a16214cb0456_cab_0ab05db0\DMI5D92.tmp.log.xml.fun
binary
MD5: 437c2abde40f0260051055d21e6da777
SHA256: e02894406616466a2dfffae9333482a6cfd876b735cb56d06f5e3e9ef45896d3
756
drpbx.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\container.dat.fun
text
MD5: 8ebcc5ca5ac09a09376801ecdd6f3792
SHA256: 619e246fc0ac11320ff9e322a979948d949494b0c18217f4d794e1b398818880
756
drpbx.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\66EDA0C9-9C7D-4F60-AF56-7A8C8B56E453.dat.fun
binary
MD5: 2231d0ec1ca1d4e963b41eee0faa46ad
SHA256: 880bdac435d7c2f12c9475e366772064bf078f073a8b1cd4aa92f91f6fa8c1b2
756
drpbx.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\favicon[2].png.fun
text
MD5: 8ebcc5ca5ac09a09376801ecdd6f3792
SHA256: 619e246fc0ac11320ff9e322a979948d949494b0c18217f4d794e1b398818880
756
drpbx.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\a5ea21[1].png.fun
text
MD5: 8ebcc5ca5ac09a09376801ecdd6f3792
SHA256: 619e246fc0ac11320ff9e322a979948d949494b0c18217f4d794e1b398818880
756
drpbx.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\4A72F430-B40C-4D36-A068-CE33ADA5ADF9.dat.fun
binary
MD5: 3a9fb9d5f0d856092cae4842b55e8aa5
SHA256: 8a5cba70b74dfde4a86c0fe485fd27af67b4650950edc199ea893a111d8e09dc
756
drpbx.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\favicon[1].png.fun
text
MD5: 8ebcc5ca5ac09a09376801ecdd6f3792
SHA256: 619e246fc0ac11320ff9e322a979948d949494b0c18217f4d794e1b398818880
756
drpbx.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\favicon[2].png.fun
text
MD5: 8ebcc5ca5ac09a09376801ecdd6f3792
SHA256: 619e246fc0ac11320ff9e322a979948d949494b0c18217f4d794e1b398818880
756
drpbx.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\favicon[1].png.fun
text
MD5: 8ebcc5ca5ac09a09376801ecdd6f3792
SHA256: 619e246fc0ac11320ff9e322a979948d949494b0c18217f4d794e1b398818880
756
drpbx.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\78RFYB7Z\favicon[8].png.fun
text
MD5: 8ebcc5ca5ac09a09376801ecdd6f3792
SHA256: 619e246fc0ac11320ff9e322a979948d949494b0c18217f4d794e1b398818880
756
drpbx.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\78RFYB7Z\favicon[9].png.fun
text
MD5: 8ebcc5ca5ac09a09376801ecdd6f3792
SHA256: 619e246fc0ac11320ff9e322a979948d949494b0c18217f4d794e1b398818880
756
drpbx.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\78RFYB7Z\favicon[3].png.fun
text
MD5: 8ebcc5ca5ac09a09376801ecdd6f3792
SHA256: 619e246fc0ac11320ff9e322a979948d949494b0c18217f4d794e1b398818880
756
drpbx.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\78RFYB7Z\favicon[7].png.fun
text
MD5: 8ebcc5ca5ac09a09376801ecdd6f3792
SHA256: 619e246fc0ac11320ff9e322a979948d949494b0c18217f4d794e1b398818880
756
drpbx.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\78RFYB7Z\favicon[5].png.fun
text
MD5: 8ebcc5ca5ac09a09376801ecdd6f3792
SHA256: 619e246fc0ac11320ff9e322a979948d949494b0c18217f4d794e1b398818880
756
drpbx.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\78RFYB7Z\favicon[2].png.fun
text
MD5: 8ebcc5ca5ac09a09376801ecdd6f3792
SHA256: 619e246fc0ac11320ff9e322a979948d949494b0c18217f4d794e1b398818880
756
drpbx.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\78RFYB7Z\favicon[4].png.fun
text
MD5: 8ebcc5ca5ac09a09376801ecdd6f3792
SHA256: 619e246fc0ac11320ff9e322a979948d949494b0c18217f4d794e1b398818880
756
drpbx.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\78RFYB7Z\favicon[6].png.fun
text
MD5: 8ebcc5ca5ac09a09376801ecdd6f3792
SHA256: 619e246fc0ac11320ff9e322a979948d949494b0c18217f4d794e1b398818880
756
drpbx.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\78RFYB7Z\favicon[1].png.fun
text
MD5: 8ebcc5ca5ac09a09376801ecdd6f3792
SHA256: 619e246fc0ac11320ff9e322a979948d949494b0c18217f4d794e1b398818880
756
drpbx.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\favicon[1].png.fun
text
MD5: 8ebcc5ca5ac09a09376801ecdd6f3792
SHA256: 619e246fc0ac11320ff9e322a979948d949494b0c18217f4d794e1b398818880
756
drpbx.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\a5ea21[1].png.fun
text
MD5: 8ebcc5ca5ac09a09376801ecdd6f3792
SHA256: 619e246fc0ac11320ff9e322a979948d949494b0c18217f4d794e1b398818880
756
drpbx.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\known_providers_download_v1[1].xml.fun
binary
MD5: 5ed8916e197b779e00a682e30ebdc97e
SHA256: d77f228d1d0042ba7ceb41d235c794e630187aee3ddb4ff53cc40f3f8183165c
756
drpbx.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\container.dat.fun
text
MD5: 8ebcc5ca5ac09a09376801ecdd6f3792
SHA256: 619e246fc0ac11320ff9e322a979948d949494b0c18217f4d794e1b398818880
756
drpbx.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\databases\Databases.db.fun
binary
MD5: 4b23dd0e3d3e4043749101ccfb350477
SHA256: 72542645a69f5813a0a55356898e4d3c559110a33a1b9628ed75c372e4af7c42
756
drpbx.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\Telemetry.FailedProfileLocks.txt.fun
text
MD5: 11c20eaa9fd33b5a5337122da33f7a1b
SHA256: 86920eeceda09525cb1543ecddf4d162f2dcf34e716b963d6250a364275ba069
756
drpbx.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\pkcs11.txt.fun
binary
MD5: 48e414cbfeeba19909b5c5cb6e974c84
SHA256: cff4c183f100aee74321e346d9823adc5951505647dec35d721bb16097bba5a5
756
drpbx.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert_override.txt.fun
binary
MD5: e31544248789bc17cb67693a97a781f7
SHA256: 9065c72251c6cd683dec9ebee1888771e13da288f032ed6d7978f5e000cba7db
756
drpbx.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\SiteSecurityServiceState.txt.fun
binary
MD5: f6d9268a9da47877f3b947659f57e99f
SHA256: 62607eee78a91457f2c12b5d698b3cbd09185a7de7c96c2d3ded14139c8fd1f5
756
drpbx.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\key4.db.fun
binary
MD5: eaf803e1d5801e56c738ebda96f407e3
SHA256: 27f22103ff0b932ad2b5ec57b2c8e37f7cd85c463bdacc52102525896383354c
756
drpbx.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\SecurityPreloadState.txt.fun
text
MD5: 8ebcc5ca5ac09a09376801ecdd6f3792
SHA256: 619e246fc0ac11320ff9e322a979948d949494b0c18217f4d794e1b398818880
756
drpbx.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\blocklist.xml.fun
binary
MD5: 5c3d70c87abddae95312c7a3bd4cfd19
SHA256: c0742379ae5164734ff76a43629edd5cf1cc1c9be298ac5456a5ca0917251101
756
drpbx.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\pluginreg.dat.fun
binary
MD5: 92f233725d4513eca2ddda7b998edaa9
SHA256: 7290a1a91501f73826416b1796a5bb56098cd3c2fae8880011d35380b109ba70
756
drpbx.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012021070120210702\container.dat.fun
text
MD5: 8ebcc5ca5ac09a09376801ecdd6f3792
SHA256: 619e246fc0ac11320ff9e322a979948d949494b0c18217f4d794e1b398818880
756
drpbx.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.db.fun
binary
MD5: 40d887756998a4a5418adf8772f52453
SHA256: 612a930ff399f9d14ef8ea1a82a23d75f6a9a3d6f762fccca59cf6a1c172ef6f
756
drpbx.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\AlternateServices.txt.fun
text
MD5: 8ebcc5ca5ac09a09376801ecdd6f3792
SHA256: 619e246fc0ac11320ff9e322a979948d949494b0c18217f4d794e1b398818880
756
drpbx.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\ClientAuthRememberList.txt.fun
text
MD5: 8ebcc5ca5ac09a09376801ecdd6f3792
SHA256: 619e246fc0ac11320ff9e322a979948d949494b0c18217f4d794e1b398818880
756
drpbx.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js.fun
binary
MD5: 3f2819d2477d1fbbb4f3c6d4bb2582fe
SHA256: 94255b95bce65cf0d9c9f3a140ec0b85a10daa389b5a9556c7f2e965bacc7597
756
drpbx.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\PrivacIE\Low\container.dat.fun
text
MD5: 8ebcc5ca5ac09a09376801ecdd6f3792
SHA256: 619e246fc0ac11320ff9e322a979948d949494b0c18217f4d794e1b398818880
756
drpbx.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\IECompatUACache\Low\container.dat.fun
text
MD5: 8ebcc5ca5ac09a09376801ecdd6f3792
SHA256: 619e246fc0ac11320ff9e322a979948d949494b0c18217f4d794e1b398818880
756
drpbx.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\DNTException\Low\container.dat.fun
text
MD5: 8ebcc5ca5ac09a09376801ecdd6f3792
SHA256: 619e246fc0ac11320ff9e322a979948d949494b0c18217f4d794e1b398818880
756
drpbx.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\IECompatCache\Low\container.dat.fun
text
MD5: 8ebcc5ca5ac09a09376801ecdd6f3792
SHA256: 619e246fc0ac11320ff9e322a979948d949494b0c18217f4d794e1b398818880
756
drpbx.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\IX71WQVH.txt.fun
binary
MD5: 4abe13643bdc935b8c814f90a8355ef5
SHA256: 1c1ce14862609262f6e9fb7127074285402c0d269cf89b508d6add5c98bed37b
756
drpbx.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\D0ALDWTO.txt.fun
binary
MD5: a7ba942a7b943bce8ae8255399c66395
SHA256: deb9080d963f717cc0b9025e7f8323d4733a69364ce530d74c2a4f3681f6884a
756
drpbx.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\K8RRGP0L.txt.fun
binary
MD5: ac9f6ae4ba29644e1d59db54661908c8
SHA256: 176f7f46d78ce95fd1c89c5b9bdb1dd8f72f759e2d47bba905882898598eb25b
756
drpbx.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\container.dat.fun
text
MD5: 8ebcc5ca5ac09a09376801ecdd6f3792
SHA256: 619e246fc0ac11320ff9e322a979948d949494b0c18217f4d794e1b398818880
756
drpbx.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\live#3agabriel.radrigos\main.db.fun
binary
MD5: 9874d2dc3ad5f451816c43f860da844b
SHA256: 9d82ff19eab38a9035b933a09f95263ea93137d7251319805e218a03be95c467
756
drpbx.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\live#3agabriel.radrigos\config.xml.fun
binary
MD5: 1b31db73317911cbd8d7ae38c6bc1ef9
SHA256: f8410cacbb743436249e084cdffc512d2fdc500492dc0fd1abc074d8d0690684
756
drpbx.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\CYUQ4FPV\www.microsoft[1].xml.fun
binary
MD5: 9ee9a2458366268e6fcf3f6b3ecf28f8
SHA256: 8a14a9efe68b96afbaf852cc516a0e8342acdc85513b7e4818415a77897f3be5
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\sr-latn.js.fun
binary
MD5: d4f5ef69d52a97e2768e98ad83c701f5
SHA256: aab6ff419be5cf67fdbca29964ddbe5588cfc3b918007063c80b6bf74baccff6
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\pt.js.fun
binary
MD5: 9387d2d554542d7c7097b09db1aba16d
SHA256: 2d8c77638208e5a91a7eb150a60ed36c836890f9c758c544fa9686ee23184f25
756
drpbx.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Windows\AppCache\P5S0AQFP\container.dat.fun
text
MD5: 8ebcc5ca5ac09a09376801ecdd6f3792
SHA256: 619e246fc0ac11320ff9e322a979948d949494b0c18217f4d794e1b398818880
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\zh-hant.js.fun
binary
MD5: df8280a9d9f7fd19ba9589a5a0fb073f
SHA256: 0c67a5c539d03a40ad426c60fb09cafeb023301c1cc4be28fae9393ab56f744f
756
drpbx.exe
C:\Users\admin\AppData\Roaming\Microsoft\Document Building Blocks\1033\14\Built-In Building Blocks.dotx.fun
binary
MD5: 816b702a0ffe9ebbc95b0ba441497889
SHA256: 617c07cae26ebe7dbe1db53221eacd24ebf265cf555abd96d21f802283886c6a
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\zh-hans.js.fun
binary
MD5: a7a1d7119989c6d3a2abe7d900a60dac
SHA256: b571d0d8ccac3620cfa331b3610595d749b96463ae580442bbf8750c1410587c
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\pl.js.fun
binary
MD5: c779a8e63251cee50bcd454f804f48af
SHA256: 15fcf63ea0af3265d9b9c6d77af8e9faa02264f611149fe2042963592d5e9d18
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\vi.js.fun
flc
MD5: 56e167b8aeb79425f4d165be76874dba
SHA256: e0c592386f6beb10f0cacaf06d3880fbe4c27226a6a3c2a33d58a095b4fa1b21
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\ru.js.fun
binary
MD5: 659c7f80361fd07bf488a45c51811bd2
SHA256: de999f7ab78c7cb92bb36ef4e3668613ae71cade6e9cb8a0d110106b805bd87e
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\uk.js.fun
binary
MD5: b27d9e4893fd98dcc0b9da8999f958ed
SHA256: ea9aea70cb2d4a7a7da3a0967db0a78764e411d130959e2424a70a0fcc4936cd
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\pt-br.js.fun
binary
MD5: 805b5ebac4f35cc60949ff4756bb7915
SHA256: b45efd99bef0220909113cdfac2314d6fe273324af3da79f468898da361d26b6
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\sk.js.fun
binary
MD5: 6fde10d1f02602fc3b391900911afeb2
SHA256: 85e1cc6ca58c1075c96470dfbd3c61205ad76035fd3ede6ed0fc6d6a40f14e19
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\sv.js.fun
binary
MD5: b8f28abd5d9ded4a5b0fe91b9d697f74
SHA256: 285520974073a1a87983d3d3283b02ae49bb2ce83b704d85a9ebefe924405ff2
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\ro.js.fun
binary
MD5: cee413646cd9823469ecf14bb066e3f8
SHA256: cfb75662b011f10dc37cfef1b76375e03270119ea18fa24e59297bcd49120c35
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\th.js.fun
binary
MD5: 20be6fee3c43b1b674ff24d592141378
SHA256: c6d847024d49d63ee51949e7fd543ca4a445231ec330df5d3e3babf9f7c94194
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\tr.js.fun
binary
MD5: 32089a5f6898b294c2869bdfbe2a4991
SHA256: 51b411a7730112da910f33ec20d3b927534342e075658bab3c7865f9cb2d5043
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\sl.js.fun
binary
MD5: 67292fd5c4cd0260d587f5cd69267c23
SHA256: e6da728723e9ce634ee086f28e1f3b4bbb052c16692451e7c1f08ebc95bf5a9c
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\nl.js.fun
pgc
MD5: ebb8d1c9222dd2bb747e38d8bd42d669
SHA256: d79be47f8af525491ef2077bd42580e2be2d624b386f53b2d41ad739db4c354f
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\lv.js.fun
binary
MD5: 63c5401bd27f74c79e78e38a79c88e6f
SHA256: 73e9ae44f8dc1a65c561de0242150002e6769e9de71035016069674d982cd217
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\lt.js.fun
binary
MD5: 082aa0ff9b6239859c7a13b6e95f48fb
SHA256: 15f25c31afa5aa6ebfac0feac7fa69cfb014dafaf8dd134c0038cc8d99a56f0f
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\no.js.fun
binary
MD5: 26b8c9c9685af1e548bc37c489e317f0
SHA256: c05987226698e5f5b6501bd85a6797ee4daa2bc6fe91bfa82d08b9f4b88e9f6b
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\ko.js.fun
binary
MD5: 2c55922861b259f07bb380b0d7549b23
SHA256: c245265ab399bb50fef70cbfc7e90c114768cea303229cb6d627508cfd32ec05
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\it.js.fun
binary
MD5: bdce217f0f3d840737afbd890529237e
SHA256: 78a9a1ffb15a51a10890aa43a2ce9331d748e79e003ed3582d7b0f87004dc23d
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\id.js.fun
binary
MD5: 4dad44903bedecfe76e3a611ced57756
SHA256: b85bf2e07df88ae93ebd567a2922d513df642f25effadbdd2b9c07d45440778a
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\ja.js.fun
binary
MD5: e9229c8ba3f541d2cd48014481a1edfc
SHA256: e0c0740d28177b5d944157180726c16b71e42eef4780d785a795fddd822c5733
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\hu.js.fun
binary
MD5: 4aca972f5b1710a28ab39ba037967276
SHA256: 6dd0aaf18436ab145d2095e8f2eda025ba8edd3fc41c3e6458b33e4e02a55c2a
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\hr.js.fun
binary
MD5: e97d30cbc38ae636d43b6728157036ee
SHA256: af4e8315ad50632d5e73d1d53d3bac10020823aff2a07ea1e69d8824b66ce056
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\en.js.fun
binary
MD5: d431f6e91c93fed252df40131bc2f4c6
SHA256: b85a2e551701ef04d776c76fe8ad73acc23e90eb653a3fec4e26d1e43cf3b08d
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\et.js.fun
binary
MD5: cf3e54630c7ca47913619da265eb36d6
SHA256: 1e804e4aa3dcf5fb552adb8ab763203670a121d4b939e20d306b80c579b3ba8b
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\fr.js.fun
binary
MD5: ff5c64e7ef5dfda67fffc867a5cfb933
SHA256: 9bc154f2f987379c9d6c5aa9b5905f48be240d0fdc7894c8bfc4dd2ee702adff
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\es.js.fun
binary
MD5: 921d01492e390401b4cc5a26e6637d1a
SHA256: d6871421135b95ad994deaccb22b6459f48da020b0ba933c98b5f12da2688f12
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\fi.js.fun
binary
MD5: 9af651fe37af6b778e4dbc1395498483
SHA256: b5c5175cd75bab7f248aa71448fd317146f46f57b4a2dba16db9fe4a7bfbdefe
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\he.js.fun
binary
MD5: dfd4ef3a4ec25084c017f7b7f29d5237
SHA256: c7f587b4eb4a27cea438a077100e83822065ec846bfc50bddc0c35c2074e342a
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\de.js.fun
binary
MD5: 7858e869061abde51b3152eaeba990f7
SHA256: 7508f328c5cff9e024126504cef4d60f1e3fd6721cdc852a1f68e8e376ca7935
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\da.js.fun
binary
MD5: 72107af14da21529dcc10f7893354dd0
SHA256: 7e9d77b902e7bc8355980b8d77c1f597e3445e4b88b631efca76bb396165bd28
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\cs.js.fun
ini
MD5: ed06a302e2cbaa7a354dda7c751f192a
SHA256: cc4beefdc2d8bf88fbbaad9cb2cae598af54efc314d121157d1c026eb6fd13b6
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\el.js.fun
binary
MD5: 6d69ef3fc70a5efb01946d519f864cc9
SHA256: 908cb079ddc3ec33d36c09a7c4bdbbeb805563c6b12f2a5437f835e3e44c92c4
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\ca.js.fun
binary
MD5: 9f80a8ef1bf59db548b58a06f866d3b2
SHA256: 6b9b8a4e7be93e499e305c2974e453e025aaecd9a6231ae70bdc5a0fb9abf0df
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\js\login.js.fun
binary
MD5: 9d5149e34f321a1215f1b2ce48a8b864
SHA256: d7d271a068fe305cad3ac4ada596830657c1bba1baf70d8e75f1b7f44b78a498
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\bg.js.fun
binary
MD5: beb2555419a930329a6d2cbc2e1e7d8b
SHA256: 6bf7112f30cad3b9aaedefc6dc4c55d82f03604d05512e05b3ae1c3c593fce1f
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\skypelogo.png.fun
binary
MD5: 10a055cb5dad28c21874d959a15470c4
SHA256: 4eed535fd55d2a88bc405b236bea75dff078091d4d557c7b604d2db09684cfcd
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\plus.png.fun
binary
MD5: 4647f991ba81887565ce73f1e4fc478c
SHA256: 19e4ef63033dbec1cc1aa75ee299fc942bea338b0ce82aaa16b3c29636b964c2
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\skype.png.fun
binary
MD5: a9d95a78da4325aab09a80488c50e904
SHA256: 36105af2a71d198f3aaae81d2ac92fb1e49a26f55818071c046f9bed3f313d06
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\languages\ar.js.fun
ini
MD5: 08aa458852bacd161c780bfda59d4272
SHA256: 9bf8bc1c26a87273259c6b2fb70a0347ae7a683297d8c5ad8462a6188ee0cb0b
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\msDefaultPicture.png.fun
binary
MD5: dfe93d625cf808bb2d91a485a7ebd22e
SHA256: 6c1c1badf671f88f0eb2b107e5325edcd4d099aee207efe309d84f3e7911c828
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\picture.jpg.fun
binary
MD5: dd164d4e1f67d221f723aa130be66838
SHA256: c479b4354e4d5cede3759b58fb388fb698ac7d4f4281d59146170983e474587c
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\messageTop.png.fun
binary
MD5: b1c9dbbf1119b5ac978d580ee06f8ac5
SHA256: 81e576622a8d6c41077b05770aedf1267bfcd2fcf0d796597e1b01d42ddc7774
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\messageTopShort.png.fun
binary
MD5: 7c0c5870fb01c9cd6c4c731b302b8cc1
SHA256: 933e05a4b65fe6ed99794b1b6d28e3ef59c5123be05c29ba83d43227b55901f4
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\msAccountColour.png.fun
binary
MD5: 1ca54bfa6c98e6d58d4e4b5b863f918e
SHA256: 26014aca86057faced850b16e39c90a6f076bc0f3c41b1b4fc3007b1484780f0
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\skypeicon.png.fun
binary
MD5: a9579e5439f456489fb2176cce90c5fb
SHA256: aec3833071a8fdbb80114b03809d44e37571feba8adb6fcf6f121b6a1b10b88e
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\msAccountOverlay.png.fun
binary
MD5: 41897ec52465e5e15f3ddec39c451440
SHA256: e45b84636bb75a00dc94dcb8be05d04b272c0071611cfdc5e27896feeab183ee
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\msAccount.png.fun
binary
MD5: 41897ec52465e5e15f3ddec39c451440
SHA256: e45b84636bb75a00dc94dcb8be05d04b272c0071611cfdc5e27896feeab183ee
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\messageBottomShort.png.fun
binary
MD5: 502c9091fafa5f1443f17a54554cde2d
SHA256: 06b0a7989705ab3149748dbf0f7e8e76b1e5c2bea6bbe99e3f6182ba6525bbe7
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\loader.png.fun
binary
MD5: 301309b2d1611b3f7dcfe81f156908b8
SHA256: de51c361199404274806f9d35741376408243466b2211f1da90b1c220392995d
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\inputfields.png.fun
binary
MD5: 614fdbc51c28370c5224021d70e7838c
SHA256: cdf9ce7a3dfe5fbc715755cf20b8b08489357d7a9550b282dd537085316fd6d8
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\messageBottom.png.fun
binary
MD5: 0bcab273906b0f1a1909b42bc872d813
SHA256: e170c2bc92468e0e3c929bffd602730927af607c209a150c8de71e98ffd5b6ce
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\logoanim.gif.fun
binary
MD5: 9ba05a8128b00ea93aed2ac2f3aec486
SHA256: cc60d172cba6bfde15b4e60295dc31c6374a1f3639707c3228a13a5cddb0e140
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\loader.gif.fun
binary
MD5: d3d485b35b7acc70a09ab1892cda9e21
SHA256: 9d296f164e268dba230f252a46b1e25ca7176aecb916841ae795a79dc54f4f11
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\icons.png.fun
binary
MD5: 62dda5b332c962552e955d1c272dac61
SHA256: 713b8d19a8868efe757e60b5e28e88f7e7508b9386f6c54478dee31b8495136e
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\facebook.png.fun
binary
MD5: 59e89355614147db598d267521fd51d7
SHA256: e13938e43794f64fb7739e73b157740ef347970370935eceaa6d41d88dec2587
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\dropdown.png.fun
binary
MD5: d3e1213775b294347ac3920b25ff5071
SHA256: 7da6af972b1349bd3aff19dd7efe4ab7dc1f945ccb8c196db3032331410ad020
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\connection.png.fun
binary
MD5: 0e4ff1c24948d1b54ef67ee0ce7842c8
SHA256: 76a5da8e554fe63d6bef595e5ac159927090a78e8c202dc1606fa9c12d06d8f3
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\capsLockShort.png.fun
binary
MD5: a617902dc7abf9faf874559444b65370
SHA256: 54a655bb78b8a6e9d78b45693b553a9465d9f9996ae23cc2483d7feb50beb51e
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\checkbox.png.fun
binary
MD5: 210477fa3a9a3f95b96cfeed7102821c
SHA256: d03e8998a30181ca5e6ef4e77c81dc4485760bc01b237b53bcd278545f854c59
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\capsLock.png.fun
binary
MD5: ec02c108ca4625fba9cbd316a36b4675
SHA256: d9bd0c2f039445bf11383250d6898fd5b63ef9fff56090c984e2d1692eff0583
756
drpbx.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\container.dat.fun
text
MD5: 8ebcc5ca5ac09a09376801ecdd6f3792
SHA256: 619e246fc0ac11320ff9e322a979948d949494b0c18217f4d794e1b398818880
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\buttons.png.fun
binary
MD5: 18d70044961ddca1f86486f725e0ad73
SHA256: 02ffb5fc2372eab07158b5a5076febcd09aea304c64a542933ed44e6709748f5
756
drpbx.exe
C:\Users\admin\AppData\Local\Opera\Opera\application_cache\mcache\vlink4.dat.fun
binary
MD5: f64d675aa4b8f1e399792eba2298ae81
SHA256: 6b8986f62a959820c1fc5e04ea233b1cb042eff9bf570383d4297bf9847f5d90
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\background.png.fun
binary
MD5: 5087fd5730cfe075c2128fb66dc590de
SHA256: acec7d3898a35d976000c8a09c0edde9537c0ed089dc1a20535df35ed933c894
756
drpbx.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.dat.fun
text
MD5: 8ebcc5ca5ac09a09376801ecdd6f3792
SHA256: 619e246fc0ac11320ff9e322a979948d949494b0c18217f4d794e1b398818880
756
drpbx.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\SipNotify\eoscontent\script.js.fun
binary
MD5: 30e45fbffcedc084f87bcb4d729e8d20
SHA256: 2e99e8cb610bab75a87c4cb87bd49864c8a6ae8777aecbe8b8c201291e7ed40a
756
drpbx.exe
C:\Users\admin\AppData\Local\Opera\Opera\cache\revocation\vlink4.dat.fun
binary
MD5: f64d675aa4b8f1e399792eba2298ae81
SHA256: 6b8986f62a959820c1fc5e04ea233b1cb042eff9bf570383d4297bf9847f5d90
756
drpbx.exe
C:\Users\admin\AppData\Local\Opera\Opera\vps\0000\md.dat.fun
binary
MD5: 54fcc33aad68e50d4939f5effc688fd9
SHA256: b1c56b47829f68c8e1efa66ba554a9a498ec6bfa1a48fbc9d12e09cbf8829a1b
756
drpbx.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\SipNotify\eoscontent\main.jpg.fun
binary
MD5: 21f9bb0a311789a52884df3e4c152ab2
SHA256: 62c649604d2e19b87aa4128a16cf087bdae5d83cc679aa2a11c352c58c5152fa
756
drpbx.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\SipNotify\eoscontent\microsoft-logo.png.fun
binary
MD5: 98f8f84f672dfa1dfceb2a40b8aadc8d
SHA256: 634cc7b99a312c849d51544e131d488c9b5aebbae0d7408a72f04ce06824503b
756
drpbx.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\AppCache\9KC1BT5R\container.dat.fun
text
MD5: 8ebcc5ca5ac09a09376801ecdd6f3792
SHA256: 619e246fc0ac11320ff9e322a979948d949494b0c18217f4d794e1b398818880
756
drpbx.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Tiles\pin9728060290\msapplication.xml.fun
binary
MD5: 423491b9cbd07c74b84e01025578b18b
SHA256: 294c01f8c188ca229ce01a3bafebd18604d52aa51a840a5f32780b52d87343c6
756
drpbx.exe
C:\Users\admin\AppData\Local\Skype\Apps\login\images\backgroundNoCloud.png.fun
binary
MD5: 133542b35f98fe6b53934aff5e3641e9
SHA256: 5821e5dfde21c1619fd26b5b330a9bd56e921ad95faf08a4347e9e4c772facfe
756
drpbx.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{42C873D0-1D90-11EB-BA2C-12A9866C77DE}.dat.fun
binary
MD5: 99bb76aea72cffed99f04b50df4c59e4
SHA256: c349b06260f7fef410b6f816677e392f0a9ab9d55a6995fb59ce77adc40a1133
756
drpbx.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-2845162440\msapplication.xml.fun
binary
MD5: 8a6415a33277dc470fcf3bc05a986d15
SHA256: d0d95260e0225ca6467ae8c87413d86be859387cd36f90505f056285f252b900
756
drpbx.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\84KY5600\servedby.flashtalking[1].xml.fun
binary
MD5: 9235b7b2f0b19b0904aa69b71272c496
SHA256: b18c53628b63eeb18d8f1122792a982706bee4371ebd21d7b8977e53fa01cf90
756
drpbx.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\J3DTVN8I\get2.adobe[1].xml.fun
binary
MD5: 1822712d9fe9f26dde80c2dee08a0454
SHA256: d5b4b608fe25c54e324aecce4c04974d5cc9d4b71258fe47b2fd10364d94d324
756
drpbx.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\X0K24RD3\get3.adobe[1].xml.fun
binary
MD5: dc168186f6987ba3b3ee9444422cf37e
SHA256: ae866811ca30222e2d62900f6157baf251242b72e204789dba5165d099b1c30d
756
drpbx.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\previews_opt_out.db.fun
binary
MD5: 851769b6809d2f1b9dbd34b95d3c3b39
SHA256: ab16ed8663098ba4c98129f8eb884407b5c16982a69d57fe5353bef04dec0853
756
drpbx.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\heavy_ad_intervention_opt_out.db.fun
binary
MD5: 7d6b224f47b59852d266320214a2e59c
SHA256: 665c214e091bc884878db1deba69eb6c0ae5305561cb3f2cf3fe26be95f29c8b
756
drpbx.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\IECompatCache\container.dat.fun
text
MD5: 8ebcc5ca5ac09a09376801ecdd6f3792
SHA256: 619e246fc0ac11320ff9e322a979948d949494b0c18217f4d794e1b398818880
756
drpbx.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\DNTException\container.dat.fun
text
MD5: 8ebcc5ca5ac09a09376801ecdd6f3792
SHA256: 619e246fc0ac11320ff9e322a979948d949494b0c18217f4d794e1b398818880
756
drpbx.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg.fun
binary
MD5: 37b56cb31574e7c704642ca14ccf76e0
SHA256: ea72b0556bc6e58032b7b77cbe29921a59792ae94848723cfa94519f1d49e4e3
756
drpbx.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat.fun
text
MD5: a996ca3ddf60eacb76c1824a9c400f4e
SHA256: b0ef3a8f1cb7d411dcb11213e8a06fe5dfa577ac68c74aa358ecdff60b8d7866
756
drpbx.exe
C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat.fun
binary
MD5: 7cbff6d8618eda1d0045dd7ae134bb80
SHA256: 8941466128586af4a4d3805a3daea62d1817af7bf1fa31ad2d1c2845d39d20a2
756
drpbx.exe
C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\throttle_store.dat.fun
binary
MD5: c9b57bd70408182f20cf7e2cfca3252d
SHA256: b6dd49c74fa855df9f39f2b29d8447f1838c057d320d915410dad289c82757d4
756
drpbx.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\7HAN52ZH.txt.fun
binary
MD5: 570ec95451f5bcf15f218f9d00193f3d
SHA256: 253b2bcb2992b3a868ff2f36265fbebbd60a1a8b4894b9ca48e2738a4e886ec6
756
drpbx.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\webserver\users.xml.fun
binary
MD5: 5865617546a508762b0aeddf5e143e8a
SHA256: 3178509ee81895c234aa0a10d8c2b4b5daa6f3a59954fd8b6bcbcb11d614c7d9
756
drpbx.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\IECompatUACache\container.dat.fun
text
MD5: 8ebcc5ca5ac09a09376801ecdd6f3792
SHA256: 619e246fc0ac11320ff9e322a979948d949494b0c18217f4d794e1b398818880
756
drpbx.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\container.dat.fun
text
MD5: 8ebcc5ca5ac09a09376801ecdd6f3792
SHA256: 619e246fc0ac11320ff9e322a979948d949494b0c18217f4d794e1b398818880
756
drpbx.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\PrivacIE\container.dat.fun
text
MD5: 8ebcc5ca5ac09a09376801ecdd6f3792
SHA256: 619e246fc0ac11320ff9e322a979948d949494b0c18217f4d794e1b398818880
756
drpbx.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\databases\Databases.db.fun
binary
MD5: 500ef83b07c903e60b0dccb3b84f88ff
SHA256: f06e34adcb084428979d2cbdd919128f1eaadf648ab00e6c8dda14fb01a0b606
756
drpbx.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\IEDownloadHistory\container.dat.fun
text
MD5: 8ebcc5ca5ac09a09376801ecdd6f3792
SHA256: 619e246fc0ac11320ff9e322a979948d949494b0c18217f4d794e1b398818880
756
drpbx.exe
C:\Users\admin\AppData\Roaming\Microsoft\Office\Recent\index.dat.fun
binary
MD5: 55011bd20fc222cba646b1a4bcc0c9b9
SHA256: 291032895cc3b7bbfabb1f6f0a824be5b185aa25b21df62977c80582499eabef
756
drpbx.exe
C:\Users\admin\AppData\Roaming\Adobe\Sonar\Sonar1.0\sonar_policy.xml.fun
binary
MD5: e6348d4b8d129510615162b8a7593f3c
SHA256: 59b8675bf5aed9cd82e4c3620fb5c1ef4a667578dd84bae86f50e1f318960912
756
drpbx.exe
C:\Users\admin\AppData\Roaming\Microsoft\OneNote\14.0\Preferences.dat.fun
binary
MD5: 9826b140386289194df0f40d94a528ca
SHA256: 577f4543680ad9be4c3db870e02b7c51ab7b695cf3538aed19361b1aaa0f8366
756
drpbx.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\shared.xml.fun
binary
MD5: 90521abf1ccce2555eb76154a52af7a9
SHA256: 633a8c459bda44e990ab2e79e05321161367727c2bd679ecb3905aa0f06e7d4b
756
drpbx.exe
C:\Users\admin\AppData\Local\Steam\widevine\win-ia32\LICENSE.txt.fun
binary
MD5: b757fc50bc72d80e69067ec88c4a93bc
SHA256: 43c58b23be251f91bc65f1d48d530b9565692fe06342c54e314716de053b13e5
756
drpbx.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\EmieUserList\container.dat.fun
text
MD5: 8ebcc5ca5ac09a09376801ecdd6f3792
SHA256: 619e246fc0ac11320ff9e322a979948d949494b0c18217f4d794e1b398818880
756
drpbx.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\logo_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}_en-US_100_gray.png.fun
binary
MD5: 2af2223143cc1c7eff60d563b66b707b
SHA256: 524a4f150c97234fb2a25857ef0161c54af7c8e5074372a9a38bbab0f1e94de6
756
drpbx.exe
C:\Users\admin\AppData\Local\Opera\Opera\thumbnails\88d94439-10e6-1a4b-87ed-7e884296ac9d.png.fun
binary
MD5: ee4bd0502bc3dcffe7c940b205321030
SHA256: 9af4fdf131c7a49bb8d9f4cf280e156389e378a48b897e9a237f0674bb74864d
756
drpbx.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Windows\AppCache\container.dat.fun
text
MD5: 8ebcc5ca5ac09a09376801ecdd6f3792
SHA256: 619e246fc0ac11320ff9e322a979948d949494b0c18217f4d794e1b398818880
756
drpbx.exe
C:\Users\admin\AppData\Local\Opera\Opera\thumbnails\db8a2a05-cf67-924d-aebe-4f3590c88d40.png.fun
binary
MD5: e93119cad3a823c019ba3ecf7602caf6
SHA256: f9a1c45c16c6f927af2a5559b04b9631d6259167c856a562a3d89f231918319f
756
drpbx.exe
C:\Users\admin\AppData\Local\Opera\Opera\thumbnails\a39d20f8-580e-9042-8d4c-c6be0dbbdc85.png.fun
binary
MD5: f0e0d330abc437984fe0b66dbeb8201f
SHA256: 17f095c6d1730b2bc78fe8a0ae4bcbc09701dd6d89e313b88821ee514b28065d
756
drpbx.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\EmieSiteList\container.dat.fun
text
MD5: 8ebcc5ca5ac09a09376801ecdd6f3792
SHA256: 619e246fc0ac11320ff9e322a979948d949494b0c18217f4d794e1b398818880
756
drpbx.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\container.dat.fun
text
MD5: 8ebcc5ca5ac09a09376801ecdd6f3792
SHA256: 619e246fc0ac11320ff9e322a979948d949494b0c18217f4d794e1b398818880
756
drpbx.exe
C:\Users\admin\AppData\Local\Opera\Opera\thumbnails\2a5473f7-518b-6946-8c75-2ef10224edbd.png.fun
binary
MD5: c1ba6cfe889d180df7086ef7efe28c9d
SHA256: 90813700895c8e64e3d0360b0a4a341fa6a4fd9c11352cbdfd6d7b0a9aa610c8
756
drpbx.exe
C:\Users\admin\AppData\Local\Opera\Opera\thumbnails\78922692-3601-de42-ac06-e30a85bf5633.png.fun
binary
MD5: 4916dc154a1a945fa21c9cd287efbf8f
SHA256: e7374e77ddf3795db2f5f59834ed25da99c5315132948b470e0bea5e9fcc89cd
756
drpbx.exe
C:\Users\admin\AppData\Local\Opera\Opera\thumbnails\66114aa9-90a0-a846-a71a-1b301e6d3436.png.fun
binary
MD5: 21eaab5f60ba8a00e74ba4664bd5c7d8
SHA256: 6d80e5aeec64cd79d181c33688ac458e4c16823d141bb3b55e4e5586230e5dcb
756
drpbx.exe
C:\Users\admin\AppData\Local\Opera\Opera\pstorage\psindex.dat.fun
binary
MD5: f4a03e75405d84eb6eeba045a7f54198
SHA256: f64ad90ee4b279b6a48eb4472a98671266e6a7ba1cb6a70a7557e94adb7a9e51
756
drpbx.exe
C:\Users\admin\AppData\Local\Opera\Opera\mail\omailbase.dat.fun
binary
MD5: 186e95e13611f5da3b0f2c6fd1e019d0
SHA256: ebfc98078687e47b73f9a9a194e5e25b68217c905503881fdd82a7f05dd7cbbc
756
drpbx.exe
C:\Users\admin\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fredir.opera.com%2Ffavicons%2Fxing%2Ffavicon.png.fun
binary
MD5: 349573af0506f5f7f4d5064b7eb71f39
SHA256: a62e3056998311e386767df06662c84d46019921385ce8da223e0134eb4290b6
756
drpbx.exe
C:\Users\admin\AppData\Local\Opera\Opera\icons\persistent.txt.fun
binary
MD5: 0221a7552f9eb626f81788df54c752b8
SHA256: 46cf7773b30535e0732e1e856e3f3e962cecf11ca91f5ee575871b3413ab92fc
756
drpbx.exe
C:\Users\admin\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fredir.opera.com%2Ffavicons%2Fwikipedia%2Ffavicon.png.fun
binary
MD5: 3c42bec2477bf6ff1b02a262e4d7b6e8
SHA256: a183b79b0be627178d3413e85ea9ee2db3459e971e7c79cffe574887314c1994
756
drpbx.exe
C:\Users\admin\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fredir.opera.com%2Ffavicons%2Fsportscheck%2Ffavicon.png.fun
binary
MD5: ee8e1e23cb44429ced4a302d3d2b3c1a
SHA256: f27ec67d2e2059638fbc12f8c255c09a4952f5093358d92902594c69ee7a86c2
756
drpbx.exe
C:\Users\admin\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fredir.opera.com%2Ffavicons%2Fsuperdry%2Ffavicon.png.fun
binary
MD5: 84e0ea6f9929ad0e03f102af5e7b8f15
SHA256: 2548785e948b4bd5848301d935e967aa1326b6c5037735e2be455effdbfe8dbd
756
drpbx.exe
C:\Users\admin\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fredir.opera.com%2Ffavicons%2Ftravel%2Fde%2Ffavicon.png.fun
binary
MD5: 5b43d650ed801b353a33956eb7bcaf81
SHA256: 32ac07a47387f7b9790c9be6c4dd98bf77276f10433f52f9c873c1d21a9b0369
756
drpbx.exe
C:\Users\admin\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fredir.opera.com%2Ffavicons%2Fshopping5%2Fde%2Ffavicon.png.fun
binary
MD5: 493e7173501931ed8cff2c8aa109cf9a
SHA256: b5c78dc7e26fe50be0fd024a39c346deadf73d27d9b06c4f8bb9e60aaa42c07c
756
drpbx.exe
C:\Users\admin\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fredir.opera.com%2Ffavicons%2Fshopping4%2Fde%2Ffavicon.png.fun
binary
MD5: 5c0853f764eb54e825d6565d9ac9749c
SHA256: 3da5d76047202ee5d2b318a2d5a6c5f4756fc1d1821a2af7cbff553cbe0ccbb4
756
drpbx.exe
C:\Users\admin\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fredir.opera.com%2Ffavicons%2Fshopping3%2Fde%2Ffavicon.png.fun
binary
MD5: ca4b57239663cecc994d11f8906d9ee7
SHA256: 4bcdcd243f6f656265cabffdbbf8e5fda03339a6db215edb1bcc333cd98694ef
756
drpbx.exe
C:\Users\admin\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fredir.opera.com%2Ffavicons%2Fjavari%2Ffavicon.png.fun
binary
MD5: 04feb436be851aeded1bc3c1ba39867c
SHA256: 3ab7592b881713f9f8bbcbb1f522ee5e9cebb5e9894f63600b292b7990dcc089
756
drpbx.exe
C:\Users\admin\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fredir.opera.com%2Ffavicons%2Fhotels.com%2Ffavicon.png.fun
binary
MD5: 12a43ea283b48ecd74997cb2e4f20a35
SHA256: b52ec2a52f77491f3341f56744b126c0d165e6007ec867439242afc3b866ac85
756
drpbx.exe
C:\Users\admin\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fredir.opera.com%2Ffavicons%2Fopera.sports.com%2Ffavicon.png.fun
binary
MD5: 9b49adc598491b42e094d47bf9dbfb2a
SHA256: 7ad8fd825164371698c07a89204a6f5916daee4f2ca46865a9d76bc6013c0466
756
drpbx.exe
C:\Users\admin\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fredir.opera.com%2Ffavicons%2Fproperty%2Fde%2Ffavicon.png.fun
binary
MD5: e3e699497c6b8611030a172ecde9b561
SHA256: 370169211b0dfad3fb8881e4e9f9e9dc67b24898d2fe43eb526bfa0556c6cfa7
756
drpbx.exe
C:\Users\admin\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fredir.opera.com%2Ffavicons%2Fmeingutscheincode%2Ffavicon.png.fun
binary
MD5: a133904d343abff3669e4c813bba8ce0
SHA256: 376558fcd0e600bc436f44d4b91d5a507d9c299c2b34cda88038dbdef51305b5
756
drpbx.exe
C:\Users\admin\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fredir.opera.com%2Ffavicons%2Fpreisvergleichde%2Ffavicon.png.fun
binary
MD5: 91a4404a727c02f13227eab49140d898
SHA256: 71a3fa7ab28fd43d8f381185dfd92fafa3c6bfafd5b4c51e82a63bd2c342e97e
756
drpbx.exe
C:\Users\admin\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fredir.opera.com%2Ffavicons%2Fidealo%2Ffavicon.png.fun
binary
MD5: b9e32c2d2f09fef2aee9482eb960bf25
SHA256: 70eb225fceb02fe98097b84c71fb4f3fd6537718c89e7060694b2f7714627520
756
drpbx.exe
C:\Users\admin\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fredir.opera.com%2Ffavicons%2Fgame%2Fde%2Ffavicon.png.fun
binary
MD5: f1a5b4469f8764b37c7e35929a2b893e
SHA256: f08169a85985aa2ad931feb7da1332ec2a9c8dba1736f50499f42e1faddd739b
756
drpbx.exe
C:\Users\admin\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fredir.opera.com%2Ffavicons%2Ffastmail%2Ffavicon.png.fun
binary
MD5: 2c6f5ec5eab54bdfc8436baf4b9739e1
SHA256: fdaa7be0c197511bbb44462a9dcbf95f2c70a6da0312f78ed53ea6a9ef017488
756
drpbx.exe
C:\Users\admin\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fredir.opera.com%2Ffavicons%2Fhawesko%2Ffavicon.png.fun
binary
MD5: 5f1ffad091ce052750c2bfd6d0abd336
SHA256: f2deca019d0c8c0b1af904598ec8e2496dce81b060668311e8d7b4e9383dac71
756
drpbx.exe
C:\Users\admin\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fredir.opera.com%2Ffavicons%2Fdownloadcom%2Ffavicon.png.fun
binary
MD5: d0d77b124a30595768cb33084f2975a9
SHA256: 8bd52cd0218dbb89cde42b51d3ee74077902071abe266aee90b45648faf4f3e0
756
drpbx.exe
C:\Users\admin\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fredir.opera.com%2Ffavicons%2Fexpedia%2Ffavicon.png.fun
binary
MD5: f91a7c45ef9d6a1cbb156eabd67e88ff
SHA256: 1e6b86c0ee9f882e7411842ee4481a3110d05307731f6ee75295939464d4ea62
756
drpbx.exe
C:\Users\admin\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fredir.opera.com%2Ffavicons%2Febay%2Ffavicon.png.fun
binary
MD5: ebf58519b95c7db47545774117c2b8dd
SHA256: 337a3c6e9fd9354fef63d1e181c52ae302e4c8c48bc5fc6146ce6614a342bbc8
756
drpbx.exe
C:\Users\admin\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fredir.opera.com%2Ffavicons%2Fbigpoint%2Ffavicon.png.fun
binary
MD5: ef2095334ea3f3cf0b87e6a6fa5641b4
SHA256: ae0dbc9896e90a49da20c63a83d39de9266bc3784c84a9aea70153f2d49fbe7c
756
drpbx.exe
C:\Users\admin\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fredir.opera.com%2Ffavicons%2Famazon%2Ffavicon.png.fun
binary
MD5: 4c0ce903ec7516b3719525a6512ef6e1
SHA256: 8fa4a24f74aa2d27da734b68b20899d82343059577d69f4d236f739a0b5ce91e
756
drpbx.exe
C:\Users\admin\AppData\Local\Microsoft\Windows Mail\Stationery\White_Chocolate.jpg.fun
binary
MD5: 24bb7c82f7118cba6ee9406db4a34079
SHA256: 588f463def8ab6c81648569fbf08ad1703a242733cdd811f7c36e7aaf3057257
756
drpbx.exe
C:\Users\admin\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fredir.opera.com%2Ffavicons%2F%2Ftravel1%2Fde%2Ffavicon.png.fun
binary
MD5: 4857a5c2e26072eac55e5995c6a0f60c
SHA256: 8fbc6dba143a309290333cfb2b25e197fa99304035db772fc56f13c4082211d7
756
drpbx.exe
C:\Users\admin\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fimg.yandex.net%2Fi%2Ffavicon.png.fun
binary
MD5: 507453ae51b2c40b33d04e4098c6e583
SHA256: e5ddb5fb50e0086644a50e417b0ecd8f89c936802110cfdde12f5aa1c6749e6c
756
drpbx.exe
C:\Users\admin\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fimg.imgsmail.ru%2Fr%2Ffavicon.png.fun
binary
MD5: 4faa2284cb3c463bb10e62e2bc7b3a6d
SHA256: b4bf365355ee8055f92319df8babc51c81438db2b39a815c875b9893b3f4c50e
756
drpbx.exe
C:\Users\admin\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fredir.opera.com%2Ffavicons%2Falternate%2Ffavicon.png.fun
binary
MD5: 874f33bc22412acc2bad8f9d483d02d0
SHA256: d0bfa72fa2671ee2ed40bef06580d64159af88a3b7e744b6ff37c21b7045b5e5
756
drpbx.exe
C:\Users\admin\AppData\Local\Opera\Opera\application_cache\cache_groups.xml.fun
binary
MD5: e6430a60cd893b572e63f5cc2f052c7b
SHA256: d6a52b05f67af9fb5868c4dfd5a759b7362ce7c3035ae55792d20323ca39467d
756
drpbx.exe
C:\Users\admin\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fredir.opera.com%2Ffavicons%2Fbuecher%2Ffavicon.png.fun
binary
MD5: af2f8950ac2c6bacd0aa0532b40c9ca5
SHA256: e631074e479d5ef8931dd26f2152c540469ceda31b458be4777869bb90c47d17
756
drpbx.exe
C:\Users\admin\AppData\Local\Microsoft\Windows Mail\Stationery\Wrinkled_Paper.gif.fun
binary
MD5: 7dd09dd1e8080cfffed8a3ba23dd9902
SHA256: 884789de20eb9d0e238d8200a594853c6bfacb282d33eca6724a20bcdabae494
756
drpbx.exe
C:\Users\admin\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fredir.opera.com%2Ffavicons%2Fbing%2Ffavicon.png.fun
binary
MD5: d039bb43022e5f9d834179a7aee3d0c9
SHA256: 7e9fc0411da77d7140709f4686171ed1604d6be81526fc999242ea3e8f533520
756
drpbx.exe
C:\Users\admin\AppData\Local\Microsoft\Windows Mail\Stationery\Tanspecks.jpg.fun
binary
MD5: e9cfa72bc46ad77942b60ed5cf1ec904
SHA256: 40041f2b8946775754d80cbf4e2a5ff5cbe469c6bc196b97177624bdd5e4b96d
756
drpbx.exe
C:\Users\admin\AppData\Local\Microsoft\Windows Mail\Stationery\Stucco.gif.fun
binary
MD5: af656f88a511eda73b5beccd01b1e157
SHA256: 19a08c0b355c05bddf5aab3fbd05f7976ecf7bcffbcd837d0bd01e3ded1b8f62
756
drpbx.exe
C:\Users\admin\AppData\Local\Microsoft\Windows Mail\Stationery\Tiki.gif.fun
binary
MD5: f40dda43f81baf97aebaade89c9f678c
SHA256: a4c325b0aac929e544052d82e50041468bf5707867b5913635df880fcd1d6d0f
756
drpbx.exe
C:\Users\admin\AppData\Local\Microsoft\Windows Mail\Stationery\Stars.jpg.fun
binary
MD5: cda84a3652da7d0ab76781ad8245e7a8
SHA256: cd1c05078418dfe4339fd4aa246de44fde58ce1a74d3157996d20b7f0fbd233e
756
drpbx.exe
C:\Users\admin\AppData\Local\Microsoft\Windows Mail\Stationery\Small_News.jpg.fun
binary
MD5: 23dc842013d25fae1aa08630d32f4bb4
SHA256: f49755bdc451e9742a648e55a58ba24e49c4a24d54d668a8c86189ac4b3cc895
756
drpbx.exe
C:\Users\admin\AppData\Local\Microsoft\Windows Mail\Stationery\SoftBlue.jpg.fun
binary
MD5: 51aecf0e56687b633597c86b8c91f331
SHA256: fb40527f8a92549bcc8d3dee4de5b35ce9039d39e78e7c4fbcf13af1d1579f90
756
drpbx.exe
C:\Users\admin\AppData\Local\Microsoft\Windows Mail\Stationery\Roses.jpg.fun
binary