jigsaw | hxxp://roblox[.]com

Analysis

max time kernel
740s
max time network
743s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
12-04-2023 21:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://roblox.com

Score

10^/10

jigsaw persistence ransomware spyware stealer

Malware Config

Signatures

Jigsaw Ransomware
Ransomware family first created in 2016. Named based on wallpaper set after infection in the early versions.
ransomware jigsaw

Suspicious use of NtCreateProcessExOtherParentProcess 2 IoCs

description	pid	Process	procid_target
PID 3196 created 2540	3196	taskmgr.exe	200
PID 3196 created 2540	3196	taskmgr.exe	200

Downloads MZ/PE file

Modifies extensions of user files 2 IoCs

Ransomware generally changes the extension on encrypted files.

ransomware

description	ioc	Process
File created	C:\Users\Admin\Pictures\LockOut.raw.zemblax	drpbx.exe
File created	C:\Users\Admin\Pictures\ResumeRegister.raw.zemblax	drpbx.exe

Executes dropped EXE 2 IoCs

pid	Process
4152	Jigsaw.exe
2540	drpbx.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\firefox.exe = "C:\\Users\\Admin\\AppData\\Roaming\\Frfx\\firefox.exe"	rBlbqI2.exe

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File created	C:\Windows\assembly\Desktop.ini	rBlbqI2.exe
File opened for modification	C:\Windows\assembly\Desktop.ini	rBlbqI2.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\Lang\ar.txt.zemblax	drpbx.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\osfFPA\addins.xml	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-20_contrast-black.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-36_contrast-black.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\AppCS\Assets\FirstTimeUse.png	drpbx.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\Classic.dotx.zemblax	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-48_altform-unplated_contrast-black_devicefamily-colorfulunplated.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteAppList.targetsize-256_altform-unplated.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\Weather_LogoSmall.targetsize-16.png	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\ja-jp\ui-strings.js.zemblax	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\chrome-ext-2x.png.zemblax	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\find-text.png.zemblax	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_neutral_split.scale-200_8wekyb3d8bbwe\Win10\MicrosoftSolitaireLargeTile.scale-200.jpg	drpbx.exe
File created	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.updatechecker_1.1.200.v20131119-0908.jar.zemblax	drpbx.exe
File created	C:\Program Files\Java\jdk1.8.0_66\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif.zemblax	drpbx.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\win7Handle.png	drpbx.exe
File created	C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host_zh_CN.jar.zemblax	drpbx.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\it-it\ui-strings.js	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-36.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteNotebookLargeTile.scale-125.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarAppList.targetsize-48.png	drpbx.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.jsp.jasper_1.0.400.v20130327-1442.jar	drpbx.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0016-0409-1000-0000000FF1CE.xml.zemblax	drpbx.exe
File created	C:\Program Files\Java\jdk1.8.0_66\THIRDPARTYLICENSEREADME-JAVAFX.txt.zemblax	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteAppList.scale-125.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Yahoo-Light.scale-200.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\LargeTile.scale-100.png	drpbx.exe
File created	C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-netbeans-modules-uihandler.xml.zemblax	drpbx.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_newfolder-default.svg	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxMailAppList.targetsize-64.png	drpbx.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\ca-es\ui-strings.js	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\zh-tw\ui-strings.js.zemblax	drpbx.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-threaddump.jar	drpbx.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\illustrations_retina.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\AppxBlockMap.xml	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\Spotlight_NFL.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxApp_48.49.31001.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\GamesXboxHubSplashScreen.scale-200_contrast-high.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteNewNoteSmallTile.scale-100.png	drpbx.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\large_trefoil_2x.png	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations_retina.png.zemblax	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-96_altform-unplated_contrast-white.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxMailSplashLogo.scale-400.png	drpbx.exe
File created	C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-netbeans-modules-javahelp.xml.zemblax	drpbx.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\nb-no\ui-strings.js	drpbx.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\themes\dark\s_radio_unselected_18.svg	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxA-Google.scale-250.png	drpbx.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\OsfInstallerConfig.xml.zemblax	drpbx.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\root\ui-strings.js	drpbx.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\linesstylish.dotx	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\MapsAppList.targetsize-30_altform-lightunplated.png	drpbx.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\themes\dark\Confirmation.png	drpbx.exe
File created	C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\modules\org-netbeans-lib-profiler.jar.zemblax	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\text_2x.png.zemblax	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\fr-ma\ui-strings.js.zemblax	drpbx.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\pt-br\ui-strings.js	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.People_2019.305.632.0_neutral_~_8wekyb3d8bbwe\AppxBlockMap.xml	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\FirstRunCalendarBlurred.layoutdir-RTL.jpg	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\MapsAppList.targetsize-40_altform-unplated_contrast-white.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\electron-upgrade-screen-illustration.png	drpbx.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\lib\jfxswt.jar	drpbx.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\org-netbeans-core-windows_visualvm.jar	drpbx.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Download_on_the_App_Store_Badge_zh_tw_135x40.svg	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\BadgeLogo.scale-125.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\StopwatchWideTile.contrast-white_scale-200.png	drpbx.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\assembly	rBlbqI2.exe
File created	C:\Windows\assembly\Desktop.ini	rBlbqI2.exe
File opened for modification	C:\Windows\assembly\Desktop.ini	rBlbqI2.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4732	5156	WerFault.exe	182

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 13 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{BAA71E4F-D988-11ED-ABF7-FE76446D24E5} = "0"	iexplore.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133258152975536549"	chrome.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1529757233-3489015626-3409890339-1000\{4E0447D7-0FAC-49AF-B884-3FF58DEA4D79}	chrome.exe

Suspicious behavior: EnumeratesProcesses 45 IoCs

pid	Process
2108	chrome.exe
2108	chrome.exe
5848	chrome.exe
5848	chrome.exe
3196	taskmgr.exe
3196	taskmgr.exe
3196	taskmgr.exe
3196	taskmgr.exe
3196	taskmgr.exe
3196	taskmgr.exe
3196	taskmgr.exe
3196	taskmgr.exe
3196	taskmgr.exe
3196	taskmgr.exe
3196	taskmgr.exe
3196	taskmgr.exe
3196	taskmgr.exe
3196	taskmgr.exe
3196	taskmgr.exe
3196	taskmgr.exe
3196	taskmgr.exe
3196	taskmgr.exe
3196	taskmgr.exe
3196	taskmgr.exe
3196	taskmgr.exe
3196	taskmgr.exe
3196	taskmgr.exe
3196	taskmgr.exe
3196	taskmgr.exe
3196	taskmgr.exe
3196	taskmgr.exe
3196	taskmgr.exe
3196	taskmgr.exe
3196	taskmgr.exe
3196	taskmgr.exe
3196	taskmgr.exe
3196	taskmgr.exe
3196	taskmgr.exe
3196	taskmgr.exe
3196	taskmgr.exe
3196	taskmgr.exe
3196	taskmgr.exe
3196	taskmgr.exe
3196	taskmgr.exe
3196	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 60 IoCs

pid	Process
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2108	chrome.exe
Token: SeCreatePagefilePrivilege	2108	chrome.exe
Token: SeShutdownPrivilege	2108	chrome.exe
Token: SeCreatePagefilePrivilege	2108	chrome.exe
Token: SeShutdownPrivilege	2108	chrome.exe
Token: SeCreatePagefilePrivilege	2108	chrome.exe
Token: SeShutdownPrivilege	2108	chrome.exe
Token: SeCreatePagefilePrivilege	2108	chrome.exe
Token: SeShutdownPrivilege	2108	chrome.exe
Token: SeCreatePagefilePrivilege	2108	chrome.exe
Token: SeShutdownPrivilege	2108	chrome.exe
Token: SeCreatePagefilePrivilege	2108	chrome.exe
Token: SeShutdownPrivilege	2108	chrome.exe
Token: SeCreatePagefilePrivilege	2108	chrome.exe
Token: SeShutdownPrivilege	2108	chrome.exe
Token: SeCreatePagefilePrivilege	2108	chrome.exe
Token: SeShutdownPrivilege	2108	chrome.exe
Token: SeCreatePagefilePrivilege	2108	chrome.exe
Token: SeShutdownPrivilege	2108	chrome.exe
Token: SeCreatePagefilePrivilege	2108	chrome.exe
Token: SeShutdownPrivilege	2108	chrome.exe
Token: SeCreatePagefilePrivilege	2108	chrome.exe
Token: SeShutdownPrivilege	2108	chrome.exe
Token: SeCreatePagefilePrivilege	2108	chrome.exe
Token: SeShutdownPrivilege	2108	chrome.exe
Token: SeCreatePagefilePrivilege	2108	chrome.exe
Token: SeShutdownPrivilege	2108	chrome.exe
Token: SeCreatePagefilePrivilege	2108	chrome.exe
Token: SeShutdownPrivilege	2108	chrome.exe
Token: SeCreatePagefilePrivilege	2108	chrome.exe
Token: SeShutdownPrivilege	2108	chrome.exe
Token: SeCreatePagefilePrivilege	2108	chrome.exe
Token: SeShutdownPrivilege	2108	chrome.exe
Token: SeCreatePagefilePrivilege	2108	chrome.exe
Token: SeShutdownPrivilege	2108	chrome.exe
Token: SeCreatePagefilePrivilege	2108	chrome.exe
Token: SeShutdownPrivilege	2108	chrome.exe
Token: SeCreatePagefilePrivilege	2108	chrome.exe
Token: SeShutdownPrivilege	2108	chrome.exe
Token: SeCreatePagefilePrivilege	2108	chrome.exe
Token: SeShutdownPrivilege	2108	chrome.exe
Token: SeCreatePagefilePrivilege	2108	chrome.exe
Token: SeShutdownPrivilege	2108	chrome.exe
Token: SeCreatePagefilePrivilege	2108	chrome.exe
Token: SeShutdownPrivilege	2108	chrome.exe
Token: SeCreatePagefilePrivilege	2108	chrome.exe
Token: SeShutdownPrivilege	2108	chrome.exe
Token: SeCreatePagefilePrivilege	2108	chrome.exe
Token: SeShutdownPrivilege	2108	chrome.exe
Token: SeCreatePagefilePrivilege	2108	chrome.exe
Token: SeShutdownPrivilege	2108	chrome.exe
Token: SeCreatePagefilePrivilege	2108	chrome.exe
Token: SeShutdownPrivilege	2108	chrome.exe
Token: SeCreatePagefilePrivilege	2108	chrome.exe
Token: SeShutdownPrivilege	2108	chrome.exe
Token: SeCreatePagefilePrivilege	2108	chrome.exe
Token: SeShutdownPrivilege	2108	chrome.exe
Token: SeCreatePagefilePrivilege	2108	chrome.exe
Token: SeShutdownPrivilege	2108	chrome.exe
Token: SeCreatePagefilePrivilege	2108	chrome.exe
Token: SeShutdownPrivilege	2108	chrome.exe
Token: SeCreatePagefilePrivilege	2108	chrome.exe
Token: SeShutdownPrivilege	2108	chrome.exe
Token: SeCreatePagefilePrivilege	2108	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4100	iexplore.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
2108	chrome.exe
3196	taskmgr.exe
3196	taskmgr.exe
3196	taskmgr.exe
3196	taskmgr.exe
3196	taskmgr.exe
3196	taskmgr.exe
3196	taskmgr.exe
3196	taskmgr.exe
3196	taskmgr.exe
3196	taskmgr.exe
3196	taskmgr.exe
3196	taskmgr.exe
3196	taskmgr.exe
3196	taskmgr.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
4100	iexplore.exe
4100	iexplore.exe
2928	IEXPLORE.EXE
2928	IEXPLORE.EXE
1980	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4100 wrote to memory of 2928	4100	iexplore.exe	87
PID 4100 wrote to memory of 2928	4100	iexplore.exe	87
PID 4100 wrote to memory of 2928	4100	iexplore.exe	87
PID 2108 wrote to memory of 3952	2108	chrome.exe	97
PID 2108 wrote to memory of 3952	2108	chrome.exe	97
PID 2108 wrote to memory of 2884	2108	chrome.exe	99
PID 2108 wrote to memory of 2884	2108	chrome.exe	99
PID 2108 wrote to memory of 2884	2108	chrome.exe	99
PID 2108 wrote to memory of 2884	2108	chrome.exe	99
PID 2108 wrote to memory of 2884	2108	chrome.exe	99
PID 2108 wrote to memory of 2884	2108	chrome.exe	99
PID 2108 wrote to memory of 2884	2108	chrome.exe	99
PID 2108 wrote to memory of 2884	2108	chrome.exe	99
PID 2108 wrote to memory of 2884	2108	chrome.exe	99
PID 2108 wrote to memory of 2884	2108	chrome.exe	99
PID 2108 wrote to memory of 2884	2108	chrome.exe	99
PID 2108 wrote to memory of 2884	2108	chrome.exe	99
PID 2108 wrote to memory of 2884	2108	chrome.exe	99
PID 2108 wrote to memory of 2884	2108	chrome.exe	99
PID 2108 wrote to memory of 2884	2108	chrome.exe	99
PID 2108 wrote to memory of 2884	2108	chrome.exe	99
PID 2108 wrote to memory of 2884	2108	chrome.exe	99
PID 2108 wrote to memory of 2884	2108	chrome.exe	99
PID 2108 wrote to memory of 2884	2108	chrome.exe	99
PID 2108 wrote to memory of 2884	2108	chrome.exe	99
PID 2108 wrote to memory of 2884	2108	chrome.exe	99
PID 2108 wrote to memory of 2884	2108	chrome.exe	99
PID 2108 wrote to memory of 2884	2108	chrome.exe	99
PID 2108 wrote to memory of 2884	2108	chrome.exe	99
PID 2108 wrote to memory of 2884	2108	chrome.exe	99
PID 2108 wrote to memory of 2884	2108	chrome.exe	99
PID 2108 wrote to memory of 2884	2108	chrome.exe	99
PID 2108 wrote to memory of 2884	2108	chrome.exe	99
PID 2108 wrote to memory of 2884	2108	chrome.exe	99
PID 2108 wrote to memory of 2884	2108	chrome.exe	99
PID 2108 wrote to memory of 2884	2108	chrome.exe	99
PID 2108 wrote to memory of 2884	2108	chrome.exe	99
PID 2108 wrote to memory of 2884	2108	chrome.exe	99
PID 2108 wrote to memory of 2884	2108	chrome.exe	99
PID 2108 wrote to memory of 2884	2108	chrome.exe	99
PID 2108 wrote to memory of 2884	2108	chrome.exe	99
PID 2108 wrote to memory of 2884	2108	chrome.exe	99
PID 2108 wrote to memory of 2884	2108	chrome.exe	99
PID 2108 wrote to memory of 4216	2108	chrome.exe	100
PID 2108 wrote to memory of 4216	2108	chrome.exe	100
PID 2108 wrote to memory of 3928	2108	chrome.exe	101
PID 2108 wrote to memory of 3928	2108	chrome.exe	101
PID 2108 wrote to memory of 3928	2108	chrome.exe	101
PID 2108 wrote to memory of 3928	2108	chrome.exe	101
PID 2108 wrote to memory of 3928	2108	chrome.exe	101
PID 2108 wrote to memory of 3928	2108	chrome.exe	101
PID 2108 wrote to memory of 3928	2108	chrome.exe	101
PID 2108 wrote to memory of 3928	2108	chrome.exe	101
PID 2108 wrote to memory of 3928	2108	chrome.exe	101
PID 2108 wrote to memory of 3928	2108	chrome.exe	101
PID 2108 wrote to memory of 3928	2108	chrome.exe	101
PID 2108 wrote to memory of 3928	2108	chrome.exe	101
PID 2108 wrote to memory of 3928	2108	chrome.exe	101
PID 2108 wrote to memory of 3928	2108	chrome.exe	101
PID 2108 wrote to memory of 3928	2108	chrome.exe	101
PID 2108 wrote to memory of 3928	2108	chrome.exe	101
PID 2108 wrote to memory of 3928	2108	chrome.exe	101
PID 2108 wrote to memory of 3928	2108	chrome.exe	101
PID 2108 wrote to memory of 3928	2108	chrome.exe	101

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://roblox.com
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4100
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4100 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2928

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9b6fe9758,0x7ff9b6fe9768,0x7ff9b6fe9778
  2⤵
  PID:3952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1784 --field-trial-handle=1812,i,4946487361847618795,1238305073122459793,131072 /prefetch:2
  2⤵
  PID:2884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1812,i,4946487361847618795,1238305073122459793,131072 /prefetch:8
  2⤵
  PID:4216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2236 --field-trial-handle=1812,i,4946487361847618795,1238305073122459793,131072 /prefetch:8
  2⤵
  PID:3928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3192 --field-trial-handle=1812,i,4946487361847618795,1238305073122459793,131072 /prefetch:1
  2⤵
  PID:2284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3204 --field-trial-handle=1812,i,4946487361847618795,1238305073122459793,131072 /prefetch:1
  2⤵
  PID:4188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4544 --field-trial-handle=1812,i,4946487361847618795,1238305073122459793,131072 /prefetch:1
  2⤵
  PID:1444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4528 --field-trial-handle=1812,i,4946487361847618795,1238305073122459793,131072 /prefetch:8
  2⤵
  PID:684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4700 --field-trial-handle=1812,i,4946487361847618795,1238305073122459793,131072 /prefetch:8
  2⤵
  PID:404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5268 --field-trial-handle=1812,i,4946487361847618795,1238305073122459793,131072 /prefetch:8
  2⤵
  PID:2324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5324 --field-trial-handle=1812,i,4946487361847618795,1238305073122459793,131072 /prefetch:8
  2⤵
  PID:4856
- C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:1760
- - C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x238,0x23c,0x240,0x214,0x244,0x7ff7a62f7688,0x7ff7a62f7698,0x7ff7a62f76a8
    3⤵
    PID:1904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5288 --field-trial-handle=1812,i,4946487361847618795,1238305073122459793,131072 /prefetch:8
  2⤵
  PID:3228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5176 --field-trial-handle=1812,i,4946487361847618795,1238305073122459793,131072 /prefetch:1
  2⤵
  PID:4368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4504 --field-trial-handle=1812,i,4946487361847618795,1238305073122459793,131072 /prefetch:1
  2⤵
  PID:4968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3440 --field-trial-handle=1812,i,4946487361847618795,1238305073122459793,131072 /prefetch:1
  2⤵
  PID:3212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5676 --field-trial-handle=1812,i,4946487361847618795,1238305073122459793,131072 /prefetch:1
  2⤵
  PID:4316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5784 --field-trial-handle=1812,i,4946487361847618795,1238305073122459793,131072 /prefetch:1
  2⤵
  PID:4168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5972 --field-trial-handle=1812,i,4946487361847618795,1238305073122459793,131072 /prefetch:1
  2⤵
  PID:3756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=6116 --field-trial-handle=1812,i,4946487361847618795,1238305073122459793,131072 /prefetch:1
  2⤵
  PID:5164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=6320 --field-trial-handle=1812,i,4946487361847618795,1238305073122459793,131072 /prefetch:1
  2⤵
  PID:5304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=6484 --field-trial-handle=1812,i,4946487361847618795,1238305073122459793,131072 /prefetch:1
  2⤵
  PID:5396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6752 --field-trial-handle=1812,i,4946487361847618795,1238305073122459793,131072 /prefetch:1
  2⤵
  PID:5404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6728 --field-trial-handle=1812,i,4946487361847618795,1238305073122459793,131072 /prefetch:1
  2⤵
  PID:5532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6960 --field-trial-handle=1812,i,4946487361847618795,1238305073122459793,131072 /prefetch:1
  2⤵
  PID:5540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=7228 --field-trial-handle=1812,i,4946487361847618795,1238305073122459793,131072 /prefetch:1
  2⤵
  PID:5692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=7220 --field-trial-handle=1812,i,4946487361847618795,1238305073122459793,131072 /prefetch:1
  2⤵
  PID:5684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=7212 --field-trial-handle=1812,i,4946487361847618795,1238305073122459793,131072 /prefetch:1
  2⤵
  PID:5676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=7192 --field-trial-handle=1812,i,4946487361847618795,1238305073122459793,131072 /prefetch:1
  2⤵
  PID:5668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=6780 --field-trial-handle=1812,i,4946487361847618795,1238305073122459793,131072 /prefetch:1
  2⤵
  PID:5268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7932 --field-trial-handle=1812,i,4946487361847618795,1238305073122459793,131072 /prefetch:8
  2⤵
  PID:6064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=7748 --field-trial-handle=1812,i,4946487361847618795,1238305073122459793,131072 /prefetch:1
  2⤵
  PID:5948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=852 --field-trial-handle=1812,i,4946487361847618795,1238305073122459793,131072 /prefetch:8
  2⤵
  PID:1320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=7704 --field-trial-handle=1812,i,4946487361847618795,1238305073122459793,131072 /prefetch:1
  2⤵
  PID:6124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=5796 --field-trial-handle=1812,i,4946487361847618795,1238305073122459793,131072 /prefetch:1
  2⤵
  PID:6132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=7524 --field-trial-handle=1812,i,4946487361847618795,1238305073122459793,131072 /prefetch:1
  2⤵
  PID:5068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=7100 --field-trial-handle=1812,i,4946487361847618795,1238305073122459793,131072 /prefetch:1
  2⤵
  PID:2588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=3740 --field-trial-handle=1812,i,4946487361847618795,1238305073122459793,131072 /prefetch:1
  2⤵
  PID:2752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=1788 --field-trial-handle=1812,i,4946487361847618795,1238305073122459793,131072 /prefetch:1
  2⤵
  PID:6096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=5836 --field-trial-handle=1812,i,4946487361847618795,1238305073122459793,131072 /prefetch:1
  2⤵
  PID:6120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=2756 --field-trial-handle=1812,i,4946487361847618795,1238305073122459793,131072 /prefetch:1
  2⤵
  PID:5996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=6872 --field-trial-handle=1812,i,4946487361847618795,1238305073122459793,131072 /prefetch:1
  2⤵
  PID:3712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=7616 --field-trial-handle=1812,i,4946487361847618795,1238305073122459793,131072 /prefetch:1
  2⤵
  PID:5500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7896 --field-trial-handle=1812,i,4946487361847618795,1238305073122459793,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=5820 --field-trial-handle=1812,i,4946487361847618795,1238305073122459793,131072 /prefetch:1
  2⤵
  PID:5176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=4760 --field-trial-handle=1812,i,4946487361847618795,1238305073122459793,131072 /prefetch:1
  2⤵
  PID:1432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=7708 --field-trial-handle=1812,i,4946487361847618795,1238305073122459793,131072 /prefetch:1
  2⤵
  PID:3880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=7736 --field-trial-handle=1812,i,4946487361847618795,1238305073122459793,131072 /prefetch:1
  2⤵
  PID:5860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=1676 --field-trial-handle=1812,i,4946487361847618795,1238305073122459793,131072 /prefetch:1
  2⤵
  PID:4488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=5556 --field-trial-handle=1812,i,4946487361847618795,1238305073122459793,131072 /prefetch:1
  2⤵
  PID:864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=8116 --field-trial-handle=1812,i,4946487361847618795,1238305073122459793,131072 /prefetch:1
  2⤵
  PID:1184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=1152 --field-trial-handle=1812,i,4946487361847618795,1238305073122459793,131072 /prefetch:1
  2⤵
  PID:5048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=4496 --field-trial-handle=1812,i,4946487361847618795,1238305073122459793,131072 /prefetch:1
  2⤵
  PID:5956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8080 --field-trial-handle=1812,i,4946487361847618795,1238305073122459793,131072 /prefetch:8
  2⤵
  PID:6128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5620 --field-trial-handle=1812,i,4946487361847618795,1238305073122459793,131072 /prefetch:8
  2⤵
  PID:4680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1788 --field-trial-handle=1812,i,4946487361847618795,1238305073122459793,131072 /prefetch:8
  2⤵
  PID:6004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8832 --field-trial-handle=1812,i,4946487361847618795,1238305073122459793,131072 /prefetch:8
  2⤵
  PID:460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7724 --field-trial-handle=1812,i,4946487361847618795,1238305073122459793,131072 /prefetch:8
  2⤵
  PID:6012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8756 --field-trial-handle=1812,i,4946487361847618795,1238305073122459793,131072 /prefetch:8
  2⤵
  PID:6124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=8552 --field-trial-handle=1812,i,4946487361847618795,1238305073122459793,131072 /prefetch:1
  2⤵
  PID:2540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=8856 --field-trial-handle=1812,i,4946487361847618795,1238305073122459793,131072 /prefetch:1
  2⤵
  PID:3576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=8812 --field-trial-handle=1812,i,4946487361847618795,1238305073122459793,131072 /prefetch:1
  2⤵
  PID:5272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=9036 --field-trial-handle=1812,i,4946487361847618795,1238305073122459793,131072 /prefetch:1
  2⤵
  PID:4844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=9072 --field-trial-handle=1812,i,4946487361847618795,1238305073122459793,131072 /prefetch:1
  2⤵
  PID:3048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=9356 --field-trial-handle=1812,i,4946487361847618795,1238305073122459793,131072 /prefetch:1
  2⤵
  PID:2036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=65 --mojo-platform-channel-handle=9376 --field-trial-handle=1812,i,4946487361847618795,1238305073122459793,131072 /prefetch:1
  2⤵
  PID:4308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9276 --field-trial-handle=1812,i,4946487361847618795,1238305073122459793,131072 /prefetch:8
  2⤵
  PID:1296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8800 --field-trial-handle=1812,i,4946487361847618795,1238305073122459793,131072 /prefetch:8
  2⤵
  PID:6124
- C:\Users\Admin\Downloads\Jigsaw.exe
  "C:\Users\Admin\Downloads\Jigsaw.exe"
  2⤵
  - Executes dropped EXE
  PID:4152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6060 --field-trial-handle=1812,i,4946487361847618795,1238305073122459793,131072 /prefetch:8
  2⤵
  PID:5260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9704 --field-trial-handle=1812,i,4946487361847618795,1238305073122459793,131072 /prefetch:8
  2⤵
  PID:212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=70 --mojo-platform-channel-handle=2844 --field-trial-handle=1812,i,4946487361847618795,1238305073122459793,131072 /prefetch:1
  2⤵
  PID:4356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9440 --field-trial-handle=1812,i,4946487361847618795,1238305073122459793,131072 /prefetch:8
  2⤵
  PID:6000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=72 --mojo-platform-channel-handle=7588 --field-trial-handle=1812,i,4946487361847618795,1238305073122459793,131072 /prefetch:1
  2⤵
  PID:3772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=73 --mojo-platform-channel-handle=9852 --field-trial-handle=1812,i,4946487361847618795,1238305073122459793,131072 /prefetch:1
  2⤵
  PID:1528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=9892 --field-trial-handle=1812,i,4946487361847618795,1238305073122459793,131072 /prefetch:8
  2⤵
  PID:1156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=75 --mojo-platform-channel-handle=9704 --field-trial-handle=1812,i,4946487361847618795,1238305073122459793,131072 /prefetch:1
  2⤵
  PID:1960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=76 --mojo-platform-channel-handle=8872 --field-trial-handle=1812,i,4946487361847618795,1238305073122459793,131072 /prefetch:1
  2⤵
  PID:4324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=77 --mojo-platform-channel-handle=8780 --field-trial-handle=1812,i,4946487361847618795,1238305073122459793,131072 /prefetch:1
  2⤵
  PID:4728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=78 --mojo-platform-channel-handle=9468 --field-trial-handle=1812,i,4946487361847618795,1238305073122459793,131072 /prefetch:1
  2⤵
  PID:2300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10364 --field-trial-handle=1812,i,4946487361847618795,1238305073122459793,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:3284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=80 --mojo-platform-channel-handle=2472 --field-trial-handle=1812,i,4946487361847618795,1238305073122459793,131072 /prefetch:1
  2⤵
  PID:5112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10460 --field-trial-handle=1812,i,4946487361847618795,1238305073122459793,131072 /prefetch:8
  2⤵
  PID:4544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=82 --mojo-platform-channel-handle=2984 --field-trial-handle=1812,i,4946487361847618795,1238305073122459793,131072 /prefetch:1
  2⤵
  PID:4196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=83 --mojo-platform-channel-handle=8764 --field-trial-handle=1812,i,4946487361847618795,1238305073122459793,131072 /prefetch:1
  2⤵
  PID:3872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=10344 --field-trial-handle=1812,i,4946487361847618795,1238305073122459793,131072 /prefetch:8
  2⤵
  PID:2436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=10620 --field-trial-handle=1812,i,4946487361847618795,1238305073122459793,131072 /prefetch:8
  2⤵
  PID:2700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=86 --mojo-platform-channel-handle=10148 --field-trial-handle=1812,i,4946487361847618795,1238305073122459793,131072 /prefetch:1
  2⤵
  PID:3788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=87 --mojo-platform-channel-handle=10408 --field-trial-handle=1812,i,4946487361847618795,1238305073122459793,131072 /prefetch:1
  2⤵
  PID:5300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=88 --mojo-platform-channel-handle=10152 --field-trial-handle=1812,i,4946487361847618795,1238305073122459793,131072 /prefetch:1
  2⤵
  PID:976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=10680 --field-trial-handle=1812,i,4946487361847618795,1238305073122459793,131072 /prefetch:8
  2⤵
  PID:680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=10412 --field-trial-handle=1812,i,4946487361847618795,1238305073122459793,131072 /prefetch:8
  2⤵
  PID:3404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=9224 --field-trial-handle=1812,i,4946487361847618795,1238305073122459793,131072 /prefetch:8
  2⤵
  PID:4680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=10828 --field-trial-handle=1812,i,4946487361847618795,1238305073122459793,131072 /prefetch:8
  2⤵
  PID:1748

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4100

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4436

C:\Users\Admin\Downloads\Jigsaw-Ransomware-master\Jigsaw-Ransomware-master\Jigsaw\Jigsaw\bin\Debug\Jigsaw.exe
"C:\Users\Admin\Downloads\Jigsaw-Ransomware-master\Jigsaw-Ransomware-master\Jigsaw\Jigsaw\bin\Debug\Jigsaw.exe"
1⤵
PID:6072

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1980

C:\Users\Admin\Downloads\Jigsaw-Ransomware-master\Jigsaw-Ransomware-master\Jigsaw\Jigsaw\bin\Debug\Jigsaw.vshost.exe
"C:\Users\Admin\Downloads\Jigsaw-Ransomware-master\Jigsaw-Ransomware-master\Jigsaw\Jigsaw\bin\Debug\Jigsaw.vshost.exe"
1⤵
PID:5156
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 5156 -s 804
  2⤵
  - Program crash
  PID:4732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 5156 -ip 5156
1⤵
PID:3636

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x150 0x498
1⤵
PID:2264

C:\Users\Admin\Downloads\df049efbfa7ac0b76c8daff5d792c550c7a7a24f6e9e887d01a01013c9caa763\rBlbqI2.exe
"C:\Users\Admin\Downloads\df049efbfa7ac0b76c8daff5d792c550c7a7a24f6e9e887d01a01013c9caa763\rBlbqI2.exe"
1⤵
- Adds Run key to start application
- Drops desktop.ini file(s)
- Drops file in Windows directory
PID:4108
- C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe
  "C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe" C:\Users\Admin\Downloads\df049efbfa7ac0b76c8daff5d792c550c7a7a24f6e9e887d01a01013c9caa763\rBlbqI2.exe
  2⤵
  - Modifies extensions of user files
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:2540

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
1⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SendNotifyMessage
PID:3196

C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\b00f7d0fe9824f85b8c6ef708d4955ed /t 3272 /p 2540
1⤵
PID:5100

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Web Service

T1102

Credential Access

Credentials in Files

T1081

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_remove_18.svg.zemblax

Filesize
720B

MD5
61947d0907c945a6df0f1d86b894e4c7

SHA1
fd488589b551ef61957bc329d1a10a4dd20481db

SHA256
cfa663ff1da533b46726d1761848a327ff515ee7dd4bb395a9430f6cbc568bdd

SHA512
296a37e91d1fbce5e951413e09b240db31eef5ff88ce783a506cb40151dfc394465e0ba617f8d2ce4310a1432b969d88873e74905012b65492cdccd11a874981

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons.png.zemblax

Filesize
7KB

MD5
a842db7ac1990b29e2c453d22188eafc

SHA1
562adae12978c15a03c541c86a930d306d1a3618

SHA256
577aceff95acfa55f729b8c56d5a5848d55d76ac0664b7ad4e32f1ffbc6729f3

SHA512
21639cb95779a49f24fa1fc74e2c26eba8040800b2f3fcba8815b41a915cb7710d2d528d00fb9d3acce8a74ce155a83e0f1b24fd7f4614934405d10211a19554

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons_ie8.gif.zemblax

Filesize
7KB

MD5
f13b68445c6a611c58b69d0663adcd41

SHA1
f4405939a8ce9d73be0b9e95bc694c0e3187d4f5

SHA256
dfa70d2305ea3cc4ceedf503877087e358697aba61f28e6afe310af68dddfcee

SHA512
c2e8e3fda0588bf6bf8385c654a245a597ba146e5877943db63d0f2177833de3a1e0f6118d318071f07a2c0a107001bfeac901119e036b15ebf5dfa6b7795f28

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons_retina.png.zemblax

Filesize
15KB

MD5
c8fc25207f8ceecd9227242be2efbac3

SHA1
46f774b5a0f7cbd381d4434ce8e50de84c3c0c12

SHA256
bab54850e29f9ebc93b283187ef71904745c380cf99f7b2fa75de22a59ed3d97

SHA512
8ebfe4584beb21ad2a82da8ad799aebb00e52b5c819775f4df6dbf6dd2435f45514cbb15747baaea6018d476f43ea2c7ba66f6103b551ccf55ae3642167bc653

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\new_icons.png.zemblax

Filesize
8KB

MD5
b5d8672c3a1c0c03ea94ed8e7545b730

SHA1
95dc280bb5e13b9979952cc20f30f6830f184901

SHA256
fca20ec5c665941480e92223fc4719aac0b3235a7f115d2574d7129e7e6ee348

SHA512
de8da4e24416eda326404a717e77a8d810aa6f995c5fd545c9da1ef8cb47fa9786628d3ac3273f165167e4ea4f63532303f07518c85f8198adbfd89f0342f7c3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\new_icons_retina.png.zemblax

Filesize
17KB

MD5
ce629e483860631759ed4b212ade9bfb

SHA1
f5b4a74fcd8a4c203febcbcf808d2581959ab442

SHA256
5091a8ca0d8b0b72af4059110ad2197a423e2ddf8c8cc15e6a7f468c3fb2a78e

SHA512
d530e96e76b674605c4cf5ec30288ad4ea93399021ba88d68961cee3b158aed0e56729925a025ab355a888dda8d668780723aa3decfdebbeabfb6d5109504b42

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon.png.zemblax

Filesize
448B

MD5
cab6c8585046fdcc0b2600cef0cb22aa

SHA1
2b0ce8b6523310938dceeec9fb9c9d864acc2f6b

SHA256
628b2ec6f6336318df443543de6a8a1d16e3b3400753e75a54e7a68cac604720

SHA512
8a88ceb9ec69d8f3cb6ac5965d7498fecb83e9c64f18d96c385ffffd9eae8fcebdc382c8a2c4b4b45581995fd1bc77e0afb0d3c568a6ce2907543092b3e6f992

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_2x.png.zemblax

Filesize
624B

MD5
363b1b98d976980f0af736f587e99651

SHA1
4c9dbdd0523152e757c445a0495cb0572306b5f9

SHA256
bb70106809438ed5d550b69ae3d5119ecb46c75f7d8e0dddddd18e2967df73d0

SHA512
ca1c0b3690e7c9ce985a7f6ff2af321685d365d5ce61d700d2d17afd231cce067c01372faf43e2634414e3e6aa0c1ebdcadbdcab7c46eab759d6e4e584030e7a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover.png.zemblax

Filesize
400B

MD5
296b9b5580cc931820d1a1e62c29c41a

SHA1
484d786dc7196520072ec4a4952ec96d88ed6e26

SHA256
a36df9606a73c204e04696b1930d23c3581d33876d2b1510c9d324996186247c

SHA512
58e4b6c8014c9413540733003a2075c74ce9170bfdcfc27db79b795616988d91f58b7f3234183850a24a6b38ef2b4befdc61bae828a0d50bb79e729e51e458ca

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover_2x.png.zemblax

Filesize
560B

MD5
355f9c4064151c7089fbe1126af0cb77

SHA1
b138c3b0563efc29dc3ed24180dcd46cec5819b4

SHA256
0d8584a9d9fbf7c7b0b54f69b308da3204281c93aa1bf2f83c02e129c73a987e

SHA512
cc39d40c5058cee42fd451210b64def65499a5e2abe1475426aa88b65305e3b0a7572b7a0de15756ab68660d899bfd0c28fb62c2b6920c98d0a7e1896e292905

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon.png.zemblax

Filesize
400B

MD5
b9928ad5ffa158894354df8b8ff6b23f

SHA1
e228563a9873a502801dda31c3d33be880080251

SHA256
e1a2e7cd9fe8586b95860da7c13d7b9407797ab253573c24fe423c8bc4485cf7

SHA512
d18f4fe5500a0cd70092f22f414895782cb8f3f3040c627a21ddafb1295faa146bf158e8b71ed4741f53c096b13d24d1046f7c6d6753fe0fe9a72b496f1093a6

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png.zemblax

Filesize
560B

MD5
2e7765187796a13a10d805e0ee978a6a

SHA1
c7a8e4989068703a552b2cfe13e2411a621114f2

SHA256
cf050c014f972d74e2e9ef5aab5dab5ca46fb1344d07539aa4071305f51d2b9e

SHA512
73fd7b93efc84fb8a7c63eca4b51c85a33c85db58c2e98161bb2045ad06fc60479a0cf672346a0fd9ee30ed4cd28e565310921315180400cab56561ce0f9ed40

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png.zemblax

Filesize
400B

MD5
d86ab3c169ebf736f5109312a9ce1c27

SHA1
513eacceed79aeba7c7ef521759d65e73edb368b

SHA256
aca7c25306834d60e990bbff5a59d35171811a4cd764cd6f19ed7f3d60678a6c

SHA512
ae27bd93e06be3c9e392ad9ed852e5b06828ab298a7e91ea58411b04cc7997858f6d3e891212a044dde51307f9cf759fb18e90c6d3afa7e78ed8f404116ec0c4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png.zemblax

Filesize
560B

MD5
ba92eb229413a4997d609cb7c32a262b

SHA1
7e3d458cb15bdd2b4dfb48cd636b915f1e216d69

SHA256
307ed4b76842f00b9b5ccbdfee3dbe845027badaf9fefa0f270ffdb37d053195

SHA512
4d532be35dbee30672cc2734717c827cc1ba3e9961fe5068bc21b0826edfceaabbf9e8511ed60b03522fa8f02f3c028c5c815727628a29217a8a843200ae3925

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\example_icons.png.zemblax

Filesize
688B

MD5
79928359f473ca412b6619daa126ea4a

SHA1
55d1f1d741b2327b2853a26b9c55712460ab6433

SHA256
26bc3338fa8e8f825c0e8fef85c572df98afa06dfd09dcbf6be0be93a0e7644e

SHA512
6e976147cec5201ed7d9543db2b335d007dc159f571e7df373d4efd28625255c53e47d76e21ff514de08887b15995111ba68ae0b047678d5c64387465729e52e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\example_icons2x.png.zemblax

Filesize
1KB

MD5
27c2ae5ec13d9be007de8f3bd3577b19

SHA1
0b4fb7f92ed8c9a72bb48a2b6ff4dd0eeac45f5c

SHA256
9bc2e43816cd6586b50b94902b7beac1291a4123b9ca38fa2f3cb6bf647cb9a8

SHA512
832d67e486247748c3eafff6c9c0b3a039203c349c31677d26361e0f66c1e0e1e671f637be9c6dc22687b7ec77cd3ac4bc1a2d7eeac3e67204b79dfc2f664e4d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\bg_pattern_RHP.png.zemblax

Filesize
192B

MD5
840221d27a09a3080a93c1f4bb265f5e

SHA1
6ed12d47df1500f7ad56ce0e3e43fa803dc040c0

SHA256
9999fa3e8b7b136d9688bc0bb42a144fab43263998c28850facdcf0def8d6360

SHA512
cc4afa07c610dba58ac80779196edaf2a745c733bcbb3b1a581ddf36c0a3f4e79a70e93ee448074d3f06f25362919140288ba59e71fc21a89ba46688434db7d7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\bg_patterns_header.png.zemblax

Filesize
704B

MD5
a967c33396482152971c0a3dd54053a2

SHA1
2d8cf663746ad928d0ebfcf87af685988f540aca

SHA256
107c2a1239238755e33ce29ef7b000935ede80dc9fdf544182d01e5c330a5a6e

SHA512
63e990a4d044c2414571481e6fd40bf30d1bc59c009b6b497eef062c9b2b3443005caf0dd014055d2da08e2f7e8a12d7c324f6c63430b1bfd95d14088c9b7162

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\illustrations.png.zemblax

Filesize
8KB

MD5
a48c79d6485aa84f70909e0deac5afc6

SHA1
5885dd3d8553862554312632d40b04ecc583e09e

SHA256
02f138096bc96757a83a6b42e855007d6f4fd1c8390c220fb5f428219253d573

SHA512
3615eba5102df9ad4bc8aafa4c43ad3a43afb617f49607789c8a6c0fb80d0fc4f5a625ba27600b5e7f6ef302dfdedee3022d61ae202dfa6c319762befc31ca46

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\illustrations_retina.png.zemblax

Filesize
19KB

MD5
a5b25141ae69df8e8627814bc7da55e7

SHA1
862ab0471f3d3415ded16e77f2542f84023fe8ad

SHA256
bc2276d83723961e25e621e4400a2aadefb95f1e38642ba2fd8c4e7f83dda6a1

SHA512
b9b0b0c3e5bf9026e684ef38ee576aab142ccb9a19759834d30771df121a0f87167d298bfda2d341055c1949e203102e88d5195a53ab96eb18ec2c6e70d614cc

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-gb\ui-strings.js.zemblax

Filesize
832B

MD5
f9d942430d103eb14bb89a8b06dd354c

SHA1
28c8f183fc1c03eb2f69dfc662c0d47f25dceb9c

SHA256
30f745264662bb65ea8e073548faa9cbb594394fe6bb8f238fd463cd4b19a16b

SHA512
51994cfee07ebe1f030eb609f5d70c42b15f7f4d7a7e7e82c44682048b405ccc52cc33aed16ac21ac189d378eb93db093e32c50ece0d1c6bb5687fa1451ffea5

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ui-strings.js.zemblax

Filesize
1KB

MD5
254e6e1f919c82e7e6386148f4fd8b85

SHA1
4b16f83c625875047f0e397bd22c318e3dc401f5

SHA256
6fd7ad452179754ac6fe6ee17a1e9ca7277173e23096153ab776cb5c572f19f5

SHA512
b9d8f88e89da06a98685ef2dab1f85115defd342d09527fcdf81712b000800fa1350db0ba085e2fc9df29ba0da394346a9d2c68395a3f9509d525e155d986ca4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ui-strings.js.zemblax

Filesize
1KB

MD5
c8df49bb4bbdc9da2bcab074f61beb09

SHA1
7bec3ca11d7533d9853d2a9a6ba2dfeb7d8201a8

SHA256
ef67108356c94c9c8826ab0a667fb88add02381715a352f9be62ee92ad781647

SHA512
53b472bdc116931819173f7385d23a8becfce39f63fcd451962bc3c6d0e117fc5f2e7ae6dac3297bf778bb35b06d5d514c10dc882ed3a5d958f8f5cdd979a213

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\bun.png.zemblax

Filesize
2KB

MD5
5a7c257c74c8c7d5352b57cde2f0b55c

SHA1
ef9cac32cb1329bef6857173abee2fff4cac3ac6

SHA256
b2a557b40c73eb81ca22b167c4a6ac1f43622c59b2d85e5f43119769c6d6b6f5

SHA512
031764f3fb1194d778a84a294df4e0509ba00e50ddefe3a6cf7a655f48219cc38e53f5c47a56646d6ea63275ed56d19328c7b82f14e717a688d6181093764928

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview.png.zemblax

Filesize
2KB

MD5
2ac07813a74d6adaa3e44db55e899e09

SHA1
a0447b0b95d442c2d770987b1e007826cdae98a2

SHA256
b770a96d153a9e662d5a586e571ba9687a0995b9dccf3f50afdb5dba8da465d9

SHA512
940e4a99d233d99b1b342c4a8d032ce70f66ef0134d57b3c13f1cdde780453e32f54f442fe9255cfe73cc9e478f72f707a383a156aa924a95ffbd3cfc840a94c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview2x.png.zemblax

Filesize
4KB

MD5
2613b34bca30302406bbfa57c93b6c0f

SHA1
04a4e32759eb78be5d4397916bc9e51090fa4333

SHA256
53bbcb949a287d7ac25e7a31d671cd9eb11ac609f7344a38aaa5c2f165dc4093

SHA512
4c170f25c9d3238cc6572ff5522495effab28c7e0047a44eaba8939d2da46950ff9f8f1329b923d82b0b8a3e28de735dd41ebaf83711eb20b2fa52ba82f23855

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small.png.zemblax

Filesize
304B

MD5
e4e7837a4f0c71864f2ed00e23aae8e0

SHA1
c35796c887fb94fc2112caf3921ba504570dde1e

SHA256
e69aa05159c50cb7dc9083dcd34a21f811aa80ca24e67eda8fca86c244d9a483

SHA512
296817bbf0f9faafa16577edb105f560be7a27ded19370efbbe9e14657fca5c202d3f19d0f001de5d9119fdef304e099bafda922135f679b487afe05e36d4fbb

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small2x.png.zemblax

Filesize
400B

MD5
30c5fafcb889cfdfef7a7373c623221b

SHA1
e4a12b7ef07ca5780ebe205201be538a34fc6154

SHA256
b2bf549220418c47e80507084b43eeccd85c0a43f4da74de6858fc96dd3020af

SHA512
4a621fa79335711dab7dbde3bf0fd30979b15c2f48eff9b867a0cde99ddc67a97d612ea0472db9903c5cb5555800907b8a183cf499f55d186a42fe0ad6fb023b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\nub.png.zemblax

Filesize
1008B

MD5
3c501b84ed7912d164470fb2024d29ba

SHA1
f54ec8a32fe7a67acfcbd48e789c0b5d2c0b6816

SHA256
d1ba5eb730cc20b906290b76d64d2697896cc25ab4d782588f98c62c9b7ea1bc

SHA512
cf9adc56a6685c7f5131d703238752700cfe9b32133ee38f6e828b658dbd64af9732509a47abee3958c5cc22f3685f10cc27a1d5d76f7459b99498310fb6cdb9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons.png.zemblax

Filesize
1KB

MD5
242c795c3e07e4f7e1db97121e007727

SHA1
c0704070f2026d817b82f71878e334be06bab551

SHA256
2ab2f7f6b540d3bcab915e7626db8db6ed71736ba7da94ce2ca4366d440cd822

SHA512
8b990d5a35b324ebbd5ee6d6d88d74e783e211f3c778162dfdf1577e2d3c6cc32693117fbfd1175ad34d7bb46e05504e8ccdcdc116a6895eee31f50d583289cb

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons2x.png.zemblax

Filesize
2KB

MD5
a06ee81cc9009bcac3c9a5af0dab2b1d

SHA1
b95ada870dd0ebfd4058b6710076d750186ca151

SHA256
c82b8a9a8fa45f93bc000a754e07e9922fc1788f9d54bcdd0b4c6869145c613e

SHA512
b4271b58a89b37e2c48584778eeb08668e2d32026f98990fb017215e854a7006184f09149e478bd95a5b15027e308b61982f5a2275b998174bdf281736edece8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\nl-nl\ui-strings.js.zemblax

Filesize
848B

MD5
fe2afee9fcdf2d43940944ebd1145480

SHA1
986b8b7ce80ec8b8e223f95b508532e69cd49c05

SHA256
116b7fbce50c3c08cc73efca3439106f4f2e00012794fbad81ebff4598066a42

SHA512
b66aec41ffabc4d1566b2316de80efe3528d2ad5dd8b0030d1a127d58c0f9257c8b76ca7c301199e92213eb35f1d557a85062dc8c432e5c554590f0a91d2ceaf

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.zemblax

Filesize
32KB

MD5
aec7bd7c96948d97d13c7df53988e89c

SHA1
7b906b88009e7509324ae92dc8a32ae4fb38626c

SHA256
15fcb7c77cf60f287e9c81ec8053a9cdd1aa8bc0413734e8a1499a9de635c6d0

SHA512
27d12f825c16d1d5349f53a23d57f71eb8d4534a1ae4af2c4eead9cda09a4440dadc518a8887a3ea818494cb6319fc82ab8147cdb85958e9b344400b7d6b2803

Download Submit
C:\Program Files\Java\jdk1.8.0_66\jre\lib\images\cursors\invalid32x32.gif.zemblax

Filesize
160B

MD5
000e8c41d4a15fb34d0be0dbb56e3778

SHA1
00c4eae64ee6239d7c65d819c6ce1ac329224f8c

SHA256
8bdfa6a5b7de345cf0d4fe0e9c17d8b0e9db26d58b05b1b2ebbb3a05a068ff28

SHA512
775d832eb8ab73e4a93789917dca69edb6c91fbb426e02acf7c6e213ffb4575776187209d1c471fbf57c4621ea3c23d9850f6dfc2770d62c17de9d66710800af

Download Submit
C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\epl-v10.html.zemblax

Filesize
12KB

MD5
bd42ba47ff97fd7e395c90f79e0f9508

SHA1
c2d8069ff6d72f3c63eeeac23933e5620f649d9d

SHA256
3ad6f0a5c15cd3e24aa59e9687649e0d8d8b85789f3feef68e22b61a34a183e5

SHA512
4eb6b58c46225f6e96bf41177892131384507cd8437e314426b797797c10960db52b84abd1fbf3cd845d1ed4bb8c67d2be3099a9ff5379a04d059b0557ef7fca

Download Submit
C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\license.html.zemblax

Filesize
8KB

MD5
29c6678d44aa7966ae163d70dd9f3661

SHA1
04e2608b9497905befec2c9c74931cdd14c754e8

SHA256
f7634f4769d57b1fd7ff257cafd60a0b309194e610202dfd26fc5113d0abf834

SHA512
e80a6a0270d20e255f84ee6ef285b610b79731058f88272b8246e4f0c97222cebf2113d7ae70a1a145c0bec2a94fea5cb5abff0203a8be64c634a9b9b6a3b1b6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E

Filesize
1KB

MD5
f568c03259a003758875155901cf0e6a

SHA1
bac1805db675256b0b6a0be08da6dcfb68fdeaa2

SHA256
d629106136587bdb11db5b28773bc51ade283785c45200bd84243a457df8a88a

SHA512
dd388d73e17f20fe1db08d806e110c1e30f6faa04dd12cdeb134d0021e1ccb4a64975f2afea4abb8b6a402e75b1954946f7588ab90d85764ab0a0b0f67a05fa3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E

Filesize
482B

MD5
06694e273bb30802b2d9ebf9818bac0f

SHA1
fd3e7332ad2b6c966544bef44b822b67da551ce3

SHA256
8d42f2f3c66bbfc92782f94962157766f627f239cc65dfad27dca0b4a949f602

SHA512
dc92e0ada55406e1c4854e0e8d7b6c92e5d23c0942b45683966318a17131e6cdfcb5633abd4b06535c4622a2b90d603568d07cfa813b717d12ed4900e9209657

Download Submit
C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe

Filesize
291KB

MD5
2fec9bf50de5395f799b23a1099b10d6

SHA1
6000969e75d7d7a3fa1b908bdb9d5daeb5f2534e

SHA256
df049efbfa7ac0b76c8daff5d792c550c7a7a24f6e9e887d01a01013c9caa763

SHA512
5f6885fb1940ee4f84507e2b7929f637d8f264a5c77329aeae31803b772608ea93370177017f90f6f8d8bc9e0b30eb8607ed120d4ead68104fd70feec71a9ab8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
37KB

MD5
47ae9b25af86702d77c7895ac6f6b57c

SHA1
f56f78729b99247a975620a1103cac3ee9f313a5

SHA256
9bde79a1b0866f68d6baa43f920e971b5feb35a8e0af7ffadc114366f8538224

SHA512
72b5296e3dd1c5b4c42d8c3e4a56693819779167b9f02bc2d5f5a626b519a9cf10bee59846d614c929c42094b65d13039f6024f6cb1c023e740969aaefd060c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
20KB

MD5
923a543cc619ea568f91b723d9fb1ef0

SHA1
6f4ade25559645c741d7327c6e16521e43d7e1f9

SHA256
bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd

SHA512
a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000074

Filesize
48KB

MD5
d4a02a4690dc0a2c58584efd3972a5a0

SHA1
420f64c8b7e2b78dd1df6da6fb76e0de988b1c49

SHA256
94fbb30a0ca48c246676f55e55de5e15a4ff0dbd72a5026fb69d16b2545f5f92

SHA512
aa8f1a75fe2b1e14825c83c365f4701d878d4147383fe5129d97306c3bb87f11bb5fa0ff6805d1033d4dc85743823822c7a58a922484f7f4b573585171d8396b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000078

Filesize
38KB

MD5
3ff8b67207c290095449e23452788326

SHA1
f520e419d8319861dc3b5a865b65d52333b816bb

SHA256
4eef13649c13175953d790e8098468c25807b9871a23dfa2c96fbd227b0a56a7

SHA512
760b6810dbff09c65e420bca6d3d4a4bcf7dc8d694895217bd420f7fa234fab363cb5a72c5435b02098fece7ffa42ea0d4d601ab2005bafe778b5c0caec8f8f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00009c

Filesize
162KB

MD5
fdfdaf63d56b4a9cd6641d79f7159fdc

SHA1
18b413d8b6b9f3bec32026b7e9d9f4e5e366922f

SHA256
f4dba3e15f08cf0686e6d89370ed42e8a5dafc38973501f0aa6baa9b93c720f3

SHA512
06fd67f1a2d5f168c75b5b833d3222d6c0eccfadd4021173a7ec7f949971554d1c7df322b1dc512ef14941e76a9ff6445ba3bd16d940be5bc177be989ec39c2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000a8

Filesize
22KB

MD5
9a96ae298a3e69c8f7f94012825de3b3

SHA1
721375e050a9d255cf1b8ec2d13f36074e536410

SHA256
f83a0a1bae7d475b895005acc5434537d13d849775cfaef1d7ec65ae9de16e60

SHA512
addf86eaf597355d875ff31aafc56fbce86eb543f9d6496874627514951108a5855e2c9f6fec5e11b99c3aae6620d97e67440fdd62a9bf33adef784d02ef1ecf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000ac

Filesize
54KB

MD5
2e6ad3d07db60a529112169805907e97

SHA1
7acac7e61eecd793021d41f96e67f28528727395

SHA256
715c4a6b226acb4645016fdd5cad6d09f0d78ba39c9bbe3fce161b5cd0042b2c

SHA512
714c85592d557994dbbc8dfe00f2027b10899b44f58e03f259a3dc77334175836e70065c8d0c66fc01ba3b4ade087c7d079931bcf11e261f4d6b3c596f457d09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000af

Filesize
41KB

MD5
d35cdae9aed7523843c475b2d42013ba

SHA1
2dd710a4567093e4bbfeb17d8453dcae7a96dbb5

SHA256
0a02598139d0dcdd6a4041db8ad85e5bdddd3516a8ec88e620bf11e798e65073

SHA512
296dec2daa298afd45b563b2e31f7b284a34e63a30471d6ac5ca3dc8ca888a7405a689770ba28baabb9213902df00a77b38e38f4b5051301490dfef669a42473

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000b2

Filesize
55KB

MD5
e14b38b8a1fb20fb25a9d2705d874350

SHA1
b722f2c096cd634548083e96ce197121f528f8df

SHA256
c0b83bcc809e40d83721cf9ff6eefc7e3d5847c54c6088a116c1d1065e16dd24

SHA512
49a97e798362b3d738ef893734ea0dbdb43214848a732c4fbcc35eff308f51eb09bff08d14f913a3fbe802149e0fe69e5dd43fc3fd46f058bd90cd02e4aa4845

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000b5

Filesize
18KB

MD5
d98f6933949ebc124cc652c76b4523eb

SHA1
b5cb19f3a4924d02e67b3a41c6474a741a6a6f73

SHA256
9e3f1271c142e7da1cde822650f2c087db51c39a38db21cbfbad503e882116d5

SHA512
b6eb511bbd0a32ecaed2c24fd4b9638b5b81f322dbaed7b48647ab3e8c2b1c06e23c12ad10acb24da0cf18843104395e14bafc1cdc4f8af1d104fcce3cbdb638

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
437c9612713618c50b387d992ae5e069

SHA1
7de0fb32033fdea183b0a99b03a708499b007471

SHA256
956cdf9ba57f34fdf82303c0793e7340f413ec32347cb997f4fe9b3926f1b3e3

SHA512
f557cafb8fd32fb4009ee22af00e94eaa34c3aedd86849d44979041ee2e5a78fc1eb7bf4d0bc488afa0c66fe9e1208a7089462cbc9c26a11ffd46675c188695a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
fda5f44ac8ca5ae43616f6b30ac81953

SHA1
a093410b353fcd83c490a21d2696528adb25b699

SHA256
6952649df002875f423d3a61a30c2549f3b6148510999acacfd81eb9bd4a2df2

SHA512
ca8679e09a615956cfafd79b86930cd65da12ebdb0e9aab247d9bb9d919082bdb8d62e0aa395f7578c60b8d8d19ee4e0e32abf5d6e7a997ae658521ecd391344

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
3f90437bc7f28f6372bf6dae02ef5f26

SHA1
2d508e693ff519e57479842d5ea6cbc84e1e6dd7

SHA256
b4ddf9bc554408ca932223c77a96b850a85171f210ecc80ea252c639dc10e6e0

SHA512
63c17cbbd45c7d7a6d1f88baf34098009938d5d6ace734bc1aaa6536554a192469e264d07b2ead0fb914b02bc7ad850d92c5a547e440fcdd3a305a360d78dd6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
71303b1edcbb37da5dba06b4b422658f

SHA1
093b49741e8d3eb9d1ee2296d6e0e17e2cb36403

SHA256
d452fd0fa52c882c12f8203abc70e5379cda1ced3bee318b161d5868888ae54e

SHA512
081e586503f1f3f853638053df5e89413c6019968531e3141f1232c27b485297397b3989106c81b9c4f0414e1a16698c6c347c6a6c5c12d4fc2c90288aa26e74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
d5f2ac17ba753272dc7c1f9e6dbb7a05

SHA1
31d7ae00b8df6829c5f605a017ccf19c68b093dc

SHA256
705d5db818c748cb12432d14ce69c6bba70a5002e4961702fe7869151ced25b0

SHA512
7009a6113b49e102eec82c9a95cc9a160372f47298bb5d2a3bad3d09cd1206959c7183f8594c2f10d043336a3207507cb132186f16601ddfea3f41323160ad25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_waicaiwhosha.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
14KB

MD5
a42f116358a18e3860712c5ee5b781a5

SHA1
5ee76a62950819be715f3ffed3a5be00552c076d

SHA256
a12fe86a383cc79f90644cada890ac3fefb66107fe604acf892c246a7d6968cd

SHA512
b1fa1dcd4a432444716ac014e7dc4d64791001cdf93c95b39e934b235259de6238d44588259dd3ed615d0b01221d9a8a6405d24710be0da553cad6c2f67c5aea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
19KB

MD5
3dabe9e2c9cc91a429ec2604ba1f1566

SHA1
592d0804b85b16cded52beece0ff9df652301c41

SHA256
c15634ad529bf3a6a6565067403a8a1a30987939626617af2cfcc95fb2303b81

SHA512
e15e7fb144c622892bb00283178d3cf4bbffcfc0a17ae59a8155344b4dc09b222259b659e3cf4c38b234b0778596bfb7b2c24e199c6421ebf28f4ac05028c96d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
14KB

MD5
ef9cc313a565110b6922b5843c6bc51f

SHA1
88f30565020ad14ed834f2aecaa517b3523a3493

SHA256
561bd1d7f86ba1b3d9fdc028e345a3eefe8b13feaa2ef62589e34ebe34302e1c

SHA512
02d9bf92426b2b72856769b664990d1419c3b63192ee9ee913bc68a62d5745bbaadb4156d8aedf36f2d850ada0502320ec08f828ac98483a28117cb4199a510d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
f9e53ecbecfcd2d738c8987f9b0e564b

SHA1
281ba586230ad87da77ff0eb7851d4671698a9d5

SHA256
7aa54136f1a8cb0db5e0181b78258a25550ab8e3510e01396016159cdf7d3dab

SHA512
cce33191b5f0690f9783217dddd95578505a525ede76a35a7d1e17735b29cc97d6910ddaf2cffcf7d30571c671a6d08f693e6cc1b120aa597918653dc263bb53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
12KB

MD5
24a33a75b011a70f19ff903cd39572a5

SHA1
748c0d93227ac90c1b3733aeced6b17d4a4a196c

SHA256
6a8167411e1521090a8bd2399e9638e4e3bfba1ec355e218eef2fa1c74317385

SHA512
caaf6ca85ac7134bfbacde4d8ea9b12fad0a10af7b132dcd2835e04d39d7bdf5485bcaa3cccfc3b8964f2d1edd392b284f11ad07ed20836492d353bacbc00efd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
8KB

MD5
f13db7cef9a1cf80352784c05ee75a8d

SHA1
92d51cca11d9444167ae1e0720d381689f8d7986

SHA256
52a4fd3f2da9eda6e97d33ac49e789176aaa5aac03d06ee3677a351e3023f5f4

SHA512
bf815346e69e83748e9d16bdd0f8934ed2b4685bba42941a0174cb28d0c57806195a29db25531a5506d755d8667a552fe7eff9beacc2f147d981c77a75e25cb8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
8KB

MD5
da9817267681845d1ef2dc92c9411ef5

SHA1
1a9b890e7e6a9701036b92961f610351348ef9a9

SHA256
a22380c5369e7a9e704ad82b1721c0ae3dc8dc200b748a3707216881b750c5d6

SHA512
28bd406868aa396ed563c7aa9f7842ac7b053b679e3bfdfb61521bce508bf6d1ca6355804dea11f65580279f6b371aca7fa3b49cfa89b54f1ed3395b66bc10ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
59f2367c3115e0d26c3a80f25c32ca26

SHA1
663109ed5e6ec724f2b225d93ca5891610942b31

SHA256
2cb101d1bce23a7f7e1c277ae4e4669dd569750f65578d59f4a032d61b1e9896

SHA512
b91a047a7802b5936eba4bc3eaca5566a73a17b32f89efaa3dd2ea9b8b44732499929bf21807525c9d78140859015575263223fcc9ed6025f7647cbbd90ac584

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
38410ca47cf598359aa5c8b050748ba7

SHA1
1172121f5135de8c7e44916f37f6c26ae979c246

SHA256
8b13b3dd3e748557144989ea4935eff298b7129c5175daca58740c244b948bb3

SHA512
5e79affcd3150fb3a73ec167e850f30b6a84e35ace25051e0311649bc9efa7e3ca6625c85ee0fc367c6d89c57ebebcad9ea33b01390d010343a9bfe96e869b08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
d49d10d97dcca5202421dd45c3eaed68

SHA1
dc54166d163c6e2db55ab2605b8aaa668dfc6ee3

SHA256
00fb37fc2c2880ca7dacd22da3089575b617266d1ab3909a1c6194e09eb2c285

SHA512
4670db2b87ace36ca3b7214afa5752d673acad75b7433a03db2eaa37ac1303a8fe54cf75bcb3391b7d9987819c269d8dad7ba0e339fb7cb480fa6daefc363cc4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
a141997aa7cc12666e8673d0fc5f9c2b

SHA1
858692438135c5f5db183282bb60a4908db99e9b

SHA256
01cdce45abd1902d90de33175879340a1da3d23fe44d29a3c76b6935be38492a

SHA512
bf8e37e1c34d5d89f90b1527b2c7a35a097eb95e2e453e8b25f2d703f3ae9a11f9951b93a388401e8315dc1ad5f5caf418486ae8e27cb3dbe2016af5e02f511f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
072d5fa70ac650128553b331e0482b06

SHA1
12d1b777e7dc38ee032f96a1b2e5ef5ad81abc0d

SHA256
c93bbebd576a42cb6344c100d9e190d42b771841885504893e286df421cd8ce8

SHA512
890062308d4039f07e18ac251eb26ce21af6f34a1a16412dd73bce0ec510666eec1fa54aa170146320a661b6b8bf962c69f8f955e83da0213ac5577c8b4b98f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
d52ba5ad8037c0e1a275378f11c42498

SHA1
3a9435e419388fa4dbb915fd73b6bb9ccf064a2f

SHA256
4a718bffe9607b63c74a95d20025f8654f847fb2a69e6564a692751313d82500

SHA512
1f10f98dc52aa7dd4cbf9a96b33677c2df707630a41a8369a781a282a909d8de3d2825ba78c09458b5ca8baea0d78e196bf45f867e9627e4d40b9a7003b786e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
8KB

MD5
b2573237c120a65a774c6d2c2afea732

SHA1
b38f38a280223a221eba331c58592120e1d0d67b

SHA256
c00fb2d82a486c811d4e61ec893c26c8bb38c61e6f4e0e3e0d46a1004d1f19aa

SHA512
a11539ce8cd0e74b8895968e4f3498e10e16d762432f03595b4d1f6e12530d21cda00585abee2b312202d64301b0fe647b521c07c8269d782566449b429e2b5d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
8KB

MD5
342dc27b7dbbaba2476125c3e47048f1

SHA1
05f02ee67046e7d548057659ce8c2e71e325e1fc

SHA256
01415b7c27a76e7bab028423e403502d7eea506cc8f99811d07569e51b9223b7

SHA512
8ebb1cdfd053ce369480692995711dfeba3274010062318b8cb205ad3370684681fdd2ca5dfbd18604d77a362c03cd2d4b58f03b16738c9ec138a8ea38dbbca3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
8KB

MD5
59af27a21e68bc395f3061f8c453d1bd

SHA1
7852edcf61cd39a0e80f8be2703445ffd9a29aad

SHA256
741197e08b1fa0be3e785fba30fa1034c6c592cb996156b2eb84756bd6522280

SHA512
73ab4b037e30340cc46f4efeb5f8f0d3c0715d3789ee4a03e49af3b54d8e5c0bf4a8d4a692a6dce1ddeef5681952bd705585f7c41aaab46e42fbb323d9ce56bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
247386ddc1c1dba74d47f90caddf9b3f

SHA1
cd51570fcc6c7fe80af3d375f932bb609d0f8591

SHA256
ac2f89fe671e9d0939f67b60065e96d17f439e5130c7967c0b78dd751742ae6f

SHA512
6e52fbb83cb3cb372a55ad29c75a6d413d6b5acd4ac2e9494759a599156be43365eed8af2f6741ca5c371c16980cf9e91f0c7bf574de683622ddf805ef29101d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
818ba01398f7488bec7520821b36d1a8

SHA1
4475d1c2345403f0fe289fdb5d9948b12b7a1cc7

SHA256
2157bf2535dc9598bf1285a7d283d98ab06b07c7d7bbaa1919fad47767835e45

SHA512
292b00c287f0b11483e1b37da6eb08b62b521a3857793833ef42eeaa07f82dff500c8759d52b9cdfec54ee6412747e25f8fa69bd701c5b1424c320068d5dca64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
4e389e96265f98e9fe420f848c167639

SHA1
dca071548e191471c4e15f45a2f33e53e37159cb

SHA256
c5cfff59c4847b845616b0122fcae23bc2082da6402b9f4ea711792cfb2acb51

SHA512
e87a5a613ba348326b92490b510239fd91665225bb15043fc64fa1c403a80240c74755773477962bd73414a81aefdb48e512a6085ec53d1d64e0d794d1b73d04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
f179df6490446450728b7ce25cffe358

SHA1
3800cc7d7b8b86a1b0b4a16b95861c246169c898

SHA256
36f8bdfa3bfa3afa165255fb6ab00a4ce7186590fb40ff5f6a7e7dcb1964e742

SHA512
4c031ac42f83c9a120254cfca7f322cf9550fc7e50e0e431f5ebd03b20be3adec04fbb086bc273ec0ab039f42a805526e2d318d8ebe0de072321ed3ab1e2894d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
6ecfc40e8864f0dab3f7e8ed8daaca04

SHA1
cea9ee44297a9f6063960e6562babd1b3d5d31fd

SHA256
f8f5c7e22872cbfa9b5169e13302c5aa77702b704e9dd9c9c4a034ef37248e55

SHA512
a793f0cedd200132aa21530ecdc3af03c05244e03b481741ee5ba8be955fdbb9799d27a840e526bebe45bd67226a7bc4a3e05d3538e3eab48763af4f42511d43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
31914f5e22b86ed1fa9ef71c3f38683d

SHA1
0de6fa0ba366abf831fad5286d823ee42e78921f

SHA256
fe8f6feae000ddeef0f62572d7a20fd8f939495e3b229e80a1645d8ff43e839d

SHA512
f072017a4b6d0d04fe0179efee676d603eae2e4d71895e6c0b5ef6c9e856742fd86758fc5dc1c277d9cc09c9c9331b2485733dca991bbf791a1e5a244202ac24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
4088484269c0a109e24eba45a3a897ee

SHA1
0b97f3bb5d5610fe2475ed2d86da1860239a0a5c

SHA256
b464d3d0cb0545f74e78cf220ab473dac41161f6d1f73734d363805ea437a831

SHA512
b94b6fb43500e7113733ab6fbeb868b05c0d22091c27074e0d742630e7642663130840dba3b005e6a3ff1da8fa50cbec7043390c5b8d3704824bff868becbf54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
7d9e3e5531a93b3e66fdf252111ff1cc

SHA1
3c163847c130722b178b0a8c5a8907f4f62fffa4

SHA256
7c1e3cce8d464b5254c9bccdf0fd888316acea9a0c399c3ae4f7de47c1326076

SHA512
c994f8a72c667f4afc8330c00f09b8060bb4da846300716bfa786d27c979015835b9c1e8d8a9aa8c37612e594ffade72480b45a10d36e4af1fc85d4353ec6571

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
c1d2c0f8d075aee39cd12763ee85a7b9

SHA1
818b315ee67a43b290e1f669403a866f6aac73a2

SHA256
7a203b57ff71234f406e7185f2359811288230d3e389b27a40769d1bab65b86e

SHA512
13a3b0558c7503be0dbae1ff4ae4cea06d92471293bf66ced40ea154fde4298120e961c888dee2b892eba661f72cb2fa91d802b97e8a77da954e57ed72a7b4d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
75842ceec3e26d532e176aba63da00fa

SHA1
71ffe6cff794d962d5c9c21ccb294d80d89eb84a

SHA256
61336e8ec04985bcf80b9111b7906dd57d653e30b05823dc609301bd36b9799b

SHA512
f95ec1948fb2326ef2f58c7d25716708f3853732a54d95b106a809d0c4535f8c10c73969fb3807d471dabf775495e75aa9e08fac98f5f9f582e51517a0f3eefc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
8KB

MD5
d663d65d781a2f55835a650284451eec

SHA1
b198fb502a2efd702a47725c328952f291e1b273

SHA256
1e7b3050978cdf25c5eb1f5043294bcb6fcad06c84b22f98efb5801c39246bb3

SHA512
3f033f3e01a95ed23f430746052be3fa0496277e41a1d7aeec23219a4053a3903dce7f06540a62840acad92972cd0d16a4f58f0f0a386f85eb6a2a5a14c189db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
8KB

MD5
fcc17adbad97cf475041b4d2afdf1594

SHA1
3b2be6576cf276c7ecd62809667774d2b35dceb7

SHA256
386590f8cda9836ce7e6198d235fc80c28218b31eb918a2476225262f587df3f

SHA512
17259713eafd8bc4029dcb91f6019b3cf8d6c7a8fecd957409b6a3957be846b5a94bf3eebc448bade1ad6fbf692261bbf08b4fdc69ea1cf9f15e21b8c3e8db8f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
8KB

MD5
222af9e3f21c9a90970f0f01fe139e9d

SHA1
d31f785ad75300835e1fed2181fa760b62ff5a61

SHA256
e1f2862642722a17e1cd0920b93762e42203f5cdb40242661be5d69ffc594ae5

SHA512
c0813ecb7c78f0f7cda59ea48be60a7d3e649498948bc446013bd91d4a2bab8c404dcd03eda6acdfeef26b0c6038600a2c7f827786147c3b2bd5a3e835502545

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
8KB

MD5
2a5fffdef7cb8b767d4b92217578d089

SHA1
4ee50ec87aa46d5a077456a60913376562059312

SHA256
e17b7915f042ccb0fe583d1f74ccbf4e1cb955a0be4f589e1cfe83e859c19306

SHA512
ca96cad98cca8795ffddd3b50e15470a9278b5dbd2156be940badb1dba9de8cd0fbe5bd316ddf3e63580476e2752c59fbc914d087a5f5a3050368fdd0623daa8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
3403ebfd9b99d643a0530c47f4ed35ad

SHA1
be2300121bd2e2d3449071a3ab3d1337a4f26050

SHA256
6159301180c626b17faf0ef7b48747a6cec405d36b9d1c7317a0bc86905b6352

SHA512
aed6a22ad6231fd3aff1ab2fd4733c686d3830d29de41b01417b7f3ba8d388517d8cc2bbb8bb0441f958975371c59857898676fab486f48e987c3492db1558eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
e747c8b101713d7118cdc04ebf1e2ded

SHA1
3614a3e3938885d92dec7c3fa18d21a5bea376a5

SHA256
9053a93987472a5882184837a7222b9115f228aa1a9507f1d1d8ac05936acfdc

SHA512
be3abc96ea2ea2565afdd68271b4cb86fcb0f2f2a1f3ae73233ab020fc6096bfd7412b6193c54024e9cd7d47a15586825d6a141a41e34cf69dc875330ba092fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
89c3b7e489e89cf46abbeff879805346

SHA1
3f594549529729b975d6ab760cc304a0417a2ca7

SHA256
7d52465a0f0203ca738e6cc15b3a99499daac1d619af94c5b8b1739e1939ca4f

SHA512
841758f6bdafff65c4f531a9debb1354596b7915b88922564ad820fa190ef1f901d49fce319036a0512a2d0ed1478da1de871e875a587b4f45b0b86b783a8f56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
8KB

MD5
3f2fd06aabca3d3461687929e0a070a6

SHA1
fe6e11e5b66699b3174546e86ad24b68d6a835c7

SHA256
e61adc3dd641ad0619d606f752cdb94746b16f06babe72f0a319fcd96bef4d5a

SHA512
e1641843f9ac07a0aa085dfb0031eb753002d0b593c3dd417bdffdaac867092f05d5f5c029a1ee54cc050f88f0184e7ac308c06f8e0ca8cd748d6778c3a2180e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
40453b37d6645345599d2cab338965d9

SHA1
72bed7dc47d78c4b1d45bea1a12fa71c51d9414c

SHA256
b1a95519e78685491d7e1c977994b65f6f1721b04424874b9f3c863846528d15

SHA512
69e06c40954e724f6e192695be55d5b3fa1db29f1bd8a88d80d1a42a212e662002e4a13453c97e3a8c18a142a9ae2595b33c3cb9bff40af15dbe7395dadf07bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
fc26f069dd2890768e898d9f3ce72d2d

SHA1
17b99a881eee982609cc9db47cb8fcf78af98fb5

SHA256
97eb1ad5ac219160bb9a1953391cf85ad437b46eacc76f75a12f8d088f371145

SHA512
924f49d39f7e21fc051aafa930fd66d31dbfac955b08051fc69b69f303ed5abb430c8b7245716d1d0544aff8b93dba7a9c74c55560710ec2c12a447ace5d8e57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
56161ea3bccd10ce758ab50abd3cf46e

SHA1
bec0e8981d55c536eb54f2a041e091cedcbc7fa9

SHA256
94c4c026bb87441ecf6a7839502e3baf5a95eec9effa1c055854cbe68442830b

SHA512
457658a3116867d07e131827b6d8a0eb42cd3dd7532ab5c4e8d714715b888fe2df2eada83078266b697247485bd9a3d4e0429ae7cf5c1f3f3134f4690a8d3ff7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1cd86e883ce271e04ffc084bfe68ca03

SHA1
a6ca97c7b5784fdc8dc9906f49fb73ce4a295162

SHA256
24519c0a65be844a340b3d173cf1e29fd819abf7932ef8d774f80a4a91d5ebc4

SHA512
04a9bc31cba9099a94c0f75d1da219f8c57064d5f14488b043afca2d87c64ffb21bf4f8ba38f6a8a85b37d62553abe6e9515dd2ce3dbe2ba5e8be5df5450b078

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
67af1ba55a5d927a394e68ba552c280b

SHA1
f7cbd616c776d12efa3cfb9d4e2cd0cdc417f273

SHA256
b8f611803ea26787c834d70300b139eb660127b542476ef924441816911bec63

SHA512
74a4eefa5f02753232511f2c34a98fa369afb1846b12304130ba68c1169b736ee0ece051e6ddf21f2e5d41b5d0da03c4bb682ec88c7afe749285a92b94f1bcf1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
a828fd8f0dcd3214cb1b382e750db086

SHA1
954369536bc9d3bbc6ac31fac8f70ea2588ad268

SHA256
74c8287942e4ef68d8052178b82301ee8aac5af90e133b9125310724a61275d3

SHA512
4c1d141c27d75593f681e6278a7c22548e3f00f712d9479193c1eb952778eae2cd4c847549d6e32f2708ecbb6caac1a8ab97cf911f72339cfb61590402ee8eae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
166579454cb9b00f64b8baaaf02b99d4

SHA1
1316952d691c2366f04dd4e12e9b0ae9452188e3

SHA256
8f1531500c832141c3a093c05935afc82c514867e8a76509f277178c4b716ba1

SHA512
40d2d4cccf834185add712043ec5ec77e7f6159b50d801f7bbfc943b9d9c3fd60c9b56184ee1aa6da8b41225fb73680ef03d5e536fe394ae92515ea6d8a98444

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
0abd9157cfe513d79d1f1251ebbc33dd

SHA1
d8af712a49d2cb3accb0c467a4d6169220da7dcd

SHA256
a3ee55fb4eb672a12991efa7ac18c34578e339f7ad34bddd853c66d8b9328128

SHA512
4a6bf35f15ad5638583e8de0ae2a28a9cb39e4538ed27e78591b6f35bdd5e1fdd1e1b873a5300f5b14a2c8f2867d41933b993db603d3038c22c0a16fab965df1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
b4a8da837409e65ca957811f8813a966

SHA1
8a4b61f30821447f337b89b0a11f3f2367491ccc

SHA256
9089ff3d5a8d44fff8c63630d933963b07306c79cf3a575ffeb1cfa71f45dec3

SHA512
784b9307ab774c9849ebcff574da9f412fc85c4ea4df5bfe854725ecb99ed8fb8259b8a25c9363d4560a5926fea8cd85e11553cf63a4bde870b1377e35cdabba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
2555edfcdb9e6b7c3a2e028e18958a3c

SHA1
b761b62804fb97e481d019cb8795f9f8bc6351c7

SHA256
f9e7733b2589e7683a0fe948baef3836dd389d71e9892266e155e7a009aed879

SHA512
d9ae1b29b18c040aafc2ab6e3e2544b0d9758b9c07a0c26b3faeb394823468df32e9e8edc9e45a030676da625465294de0f8d7f08f7cf22f1aea473b26a08246

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
4507600c59f2e4bb3cd3f382437c09ce

SHA1
d6b7ddd2357b641e455f3b10801e105872631fc0

SHA256
c03c94adc39351e19b6ab561eda08522e9c9b41bab18ddb77353bc34cb5917bf

SHA512
5b7400cd6c16fd9a80e4401d54e070f926059d585a66c85195c3497dcdb8f5a628291dd88000142798120ab6c165a16b777afef3b5f0909bc47f05efff3342d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
293016d934fc5d8009fb86aa2bdd0eac

SHA1
bcb0caf341698450de3e61b6dddd24d0d82720d4

SHA256
262c3140ab5aee19d18d01d04fe374b735369a7db92ba0569134f73f6a200694

SHA512
1a61664c03dbdbfce3e30407c242191cab712f2cd347f6a2c0646616b432053d213b51fd239e8a0032d287925c52a7c9b603462c26b4ba2a7e9713a3de52ffa4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c2f4457e2a373bac127828fe4e462891

SHA1
f7951f222101a8bbaffcdb88a5da68a2e570092a

SHA256
55a305eced606a25d3c2d2d8ec6bc13a72c1a035eff0b8c9959ad0f2d2641e31

SHA512
96a7d2aae0e55cd94e5f2cf2567c18420c49328732b96489b28b80f281a2f06035cc78dcc09879a1fa1e0a11640f4b948dfc28c253f952c239869ddedb337a30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cfc220e04ba93f2d402c9660355832e0

SHA1
4b79aab83d13fef806130e2bd1e36fe78cc51c09

SHA256
6de359a24dbad2689ada464bfa75488615471308164bc9601b819583c9958fc3

SHA512
77216ae8ce359636c64b128a233b659805165dcfd8ff636fa274a211dd474d648e8760b1019317e635c419a7649b79258ca52d324718d58de0c7dda71c684685

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
a90b229f1c93f46991277db3fd407a07

SHA1
c96cfe959c38fb8894a19387df95ebd8332ad47c

SHA256
f3368d9dc45e44fd487f3dd7295d4d179b68c2744924d648afc7a36a903de3e1

SHA512
ab41120e5e175c519a157f19c1873b1200cf92ef5ac684c6cffbff26f98014d6d4002fac2eeeb7210806d4d1278951ee72985d780dedd5cc4d276f1cb5ae9401

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f14365babac46523877ce75fae30a8d1

SHA1
fb208a436c0579bf1cd27b793ce7918144b1a8e6

SHA256
78e62c8f7d638a6ce4d35be91669db343700971ba56b04dc13b16ff18cd0a79a

SHA512
842c5ac59ef6b7fa1d23b39bf0b361b82b9fccf85247d7badee4463d673fade461bcc067c68316e575a8c3ddfbadc1bd8f86610c06f7a4b7fe081c4cb0c31a42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
3e63e3f6c2b5813ef86bb984d31c6ba4

SHA1
df922918b2e31a0fc483765fdc0f4dabc1ede85a

SHA256
46f49855ff079ffb3f3f7988be9df363da3ea0c0cf7b38fd3272a952bcf5341b

SHA512
d33ae0999be2863b12c108537bd9ac94986054b80de312fc899f11ce0864a68b84503e560be1c7630090679ff2b6e70462ad19991c136694d969661c7137cd04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5700cb.TMP

Filesize
120B

MD5
582970f5b0343248fc566edae32ee131

SHA1
f320b88d3ba3ee6521593f45b856e6b0fb8cd73c

SHA256
7ca99ace55ba65aecdd29126f824f08cb9323a717a872a3dfee10d40937037aa

SHA512
990e2a0a3e03593b265c2f5bc3381b7e569df516327a07c0392fb1ead67e23343c4b7501ce66842d27c9ab4d57752b88abee1e7358ecfd970e1d6b1082bc9ea6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\76ef9e5953a1ba4578548bb32235240a9f0e0ca2\index.txt

Filesize
216B

MD5
340c6149d2e94e0239eed9770a935dbc

SHA1
430e777467327c69b680e226660831d3cbd85ac0

SHA256
2245de6f647cba369738950d49c221fd5d7f074fb724927d1500c354f75912fc

SHA512
be26c46d46da0f69e24a167127fda1fdb1b447f0cf28688f0cbff36d7a36546477e022f5766de51aa8fa0e94071be39cd15db72a5b14aa471ba35350455e3a1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\76ef9e5953a1ba4578548bb32235240a9f0e0ca2\index.txt

Filesize
130B

MD5
4ea84ef42bf6aefb51ecf0535b63c406

SHA1
51a14fe94dcf8e56eab5b19e40b88fe8fbbd661d

SHA256
841c72cb1bfb1a5e623b8b69b20692bbcad1aa073c35c56ce02f2dcc91233505

SHA512
78c8f13e92d8b50b17d27e7de93f6300738bacba10c1ef22105e58cbf6dc5d30e2660f88148134cf839568ab8b3899abcb020f7b2a2f4bfc95367cf9a6ffac9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\76ef9e5953a1ba4578548bb32235240a9f0e0ca2\index.txt~RFe57200b.TMP

Filesize
138B

MD5
1b0006f7f92fe2a96fc3c16f48d45be4

SHA1
e5a7a6f5d46edd96e4ecfc63bf0fe3a4c8831dab

SHA256
4c2290ae9ef4ce5a0660373314ea44c47bb52cc0a77161b4005ed773604a2de9

SHA512
deced331c2885a8931f67fba5af21cb10074541efc5a885d7b92c823a1090665b4acce5d339187b8e898a489bddc8bf830c22706f5cbce6160403529d67bd141

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\297ecea5cebb5dfe_0

Filesize
9KB

MD5
2a9979113f0c82893c1a04a060fa76b7

SHA1
717985e039e63217fcccd975455a8128f7ffe0c0

SHA256
04f6cf49fba6302cda1b35176be50f0382cdf3615bf4b95be89d0ac12e30c45c

SHA512
c1e991df5c0f3e5000bae94ee880806114332d758859a64572902d1a91771796c844fa957b239b23abbdfc5cee71edaae2f7bae7f0061a4a00ec40aa33bc9377

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_0

Filesize
9KB

MD5
67225a517a74e98e1ae5620fcbf4e391

SHA1
1cd0d803e3ea013f4c97fecf903cebb9e8723e0d

SHA256
6c3d3125f737728fcf5c3e0e642b923f6bca4ab6e301858ad2738f6547b3342c

SHA512
1653b884b8ad3fa0cd719a68852b586ba533985bedb012e2bc28beaed307d3c2d7c076a853b842537f13dafac752b198ced5bd5404f9b950921857be06800db5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\d0757ff92c7cde0a_0

Filesize
118KB

MD5
5b77d93146a7e30e928772923aa3e7e7

SHA1
28e63cc83b4afee937e2f7c01f5fed16ea244437

SHA256
d1a3222e15e41f47c81f221fbe096436cd76a365f0ddaf4eb51d0126c606f714

SHA512
2e18e4c5a6d48fcc10273a342475aec0c5ba1877a7b0d528184a488d05df9072f55ffd6540528091a09e69815baa444e52f021c26ce75eaeabc71f3a0a8f50ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
f67473f0bb5e8d3100d5abf2eb8582c4

SHA1
00f53aa3fec9eee0cbd5365707be1a89cd25347c

SHA256
e4fbe7c9b15fb0018c62af0c07d4d58aa9cad801ff5cd7bc5c4fe673d6103424

SHA512
4c87db0939524e20e88d514c145284a0f40f243a81253f03e6e31bc2cceb0bf35a2b19d477da944b8030eb62798c0a7c5214a9c8838a06a811f3a015494d2642

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
192B

MD5
1ab3818bc052428a91357f8604bc4940

SHA1
94a2d45e3b003be3d3dccb909c61d2bc04a9cabf

SHA256
1fd07e9c50dbed4c7fcb891d1e6be10661efd5cadd94b50a38afb2eeee622fc1

SHA512
e4c878c1612a410a8a860bb6302ef9679d10e6da20efa31ee0b63dcfe02acdb7c7d0b0f7f02e1f6ca81204a342ab0a114f2d7b2867886cb860786c7abd78d43d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe576e3b.TMP

Filesize
48B

MD5
3390d3fbf7146b83e6b979738c02262e

SHA1
ac0d0aef0c179f7bf01402b91648212beb55bb83

SHA256
7423f514aa376d9b0a667cf3c864b20fbb9196670d37b74ed5ae899877b34046

SHA512
13e5af9e2bf5a04363fbdba208471561a698d58add9ab85e97a3483b0559534e2006afd30a3a8270092e99913ba442a1bfbb790e8788f1713e84730b7ffc05c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\d4985495-ec3d-4fda-91cc-618ced5ade0d.tmp

Filesize
9KB

MD5
7054abb98ca82e233549d5be78c49c15

SHA1
fb04437d359602dc7f2750388d9c1967ec8a541a

SHA256
faa152fcaae8510bbc1365950ff8a515eaf959ebb659d742ed65dde57d455240

SHA512
140dcff6d65e38214351a5f879e2b23f2030e2024ece3932dd763eb2c9d5377f0f66d4bbf5033580d86d1e27276096e671b44d6f43299b1c019dead7b16b55ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
199KB

MD5
b21a237afbb96823021945e102a77e80

SHA1
d04fd3fd3dfe4266a90e545026e5051a343f8c0d

SHA256
8c15272795149eaf21068cb48500e2f084afd50689152401685251cd87df06e7

SHA512
29e064c5ee9c82bf66fb75cfd114b4cb9e442519ae4a568d864059a899d21fe5fe9fd047f0fbe59a05bd32be4716d4e4af75f30eb974ab5737d870bb4aea6f87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
199KB

MD5
edb4f84071b2ee67977fa0a7313fecd5

SHA1
a3ac385ca457633ee195f7345bf37578c4fa5825

SHA256
c6b061b7285d4a923efc3f605cb3ff36e6c651f7fef564d1a26da965301eee6f

SHA512
e6106bb80f796f65889fc6ac4d507a77c782e34a855406994e51a610f151fc256fc3b59c331ea4d07467b179ecaa1f74d242fdb52bc653af493a170499354e42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
199KB

MD5
3bb0a9e368726334f4c664fb1174f628

SHA1
de8f9ff52354f1e46743519e2ab200719bfa5175

SHA256
da926fea2631d41f0f9364da0c8bdd50d7bc2503e68f9bf6390d82203d786d59

SHA512
e153ffcae1124da6be0c32f310b13dc7cbc06cc57823bbbd53775d3887c8828d18231147b3644c8d0eb1190699c7a2ac7348ae717033627a627c4125cb794b45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
199KB

MD5
36c27b1102e2043fcad51544b81dcc19

SHA1
7d7cdbc60552573a6b0079d3baade5df1bf84aab

SHA256
4a04785a2b494dfe94626b661a153ca75c53ceb052527526a42a7b7183593019

SHA512
b66c140f15e62b1a7a4c42c66a21e954c4f5e41ab8845309b7c726835c3cf4f5ac367dbc39bb452d18ae5c6735837c8ea17bb53061bea1d934ba6b85f0deccc5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
199KB

MD5
6f32cc3a4abbcd5b3a029a8777732dec

SHA1
e9acd73f70250f3528bb05d9b4f891bc439bfce8

SHA256
1bddf0af0111d1c2da41d28e976a51d9727108dda7f06b991e28933b96b531a7

SHA512
c185db25ed5ee68974b39126d5c4819bffb467b106a4589c70a1d13d7e34f0721808a150e7b34c9050df09a354a299949c5faaecdfd7e916ac5a8238c9feb1ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
199KB

MD5
3211393630cf34be102ab0e32adf0b4f

SHA1
8aed1a68a01c09c9209f2403215dd9630457d202

SHA256
4cfe742c1eedf5ea412a52120b279f3d367c605b8d3b76c67c3fe411737ad3bd

SHA512
3f11056c3db99744a17a4be3f881a473d8ff1584ce46355b7bf32324cf868a3630e8866316408ab1f5026094654b0bd39cd62136e4c10548c239ed8a210af828

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
199KB

MD5
d395f86816fb0c2c0d465bac109035ea

SHA1
47b639eaaf4bc80f6c13e21e341284a0bfedabc2

SHA256
072cd2511b370e646d214987c866163681399ff5645f240741fd3c1f42ab92b4

SHA512
5af947568d7cc9324e63829e6b01c07ae3ace0d5e574e7c0c8ebb4eb998d8ec61dc41e179ada064493c3096be0b0bbedd443dfb3fc63661ce471ab72c040bf31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
199KB

MD5
f655d708b9623c21092eead7440c8d74

SHA1
dfdc3ab78d56c62d423096e363c4d74604b05659

SHA256
9bc082ab3df3ef54f92268ca8f1b46bd8c38258a64d2a2f07689d4806efbace1

SHA512
01b49eb3c77db426b8f84fb8aa957abe755cab433afe036338c9be61f0be9d46399a3c85874453ef27b6406ed61744b7654e2f2b51738b7e5401507590797586

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
199KB

MD5
4b26799241eaf2f0f7223127afb5e8ce

SHA1
1cbd618cffec8e20a705719bbfa919ba4cef0959

SHA256
790c2f62e97fbcfad03ee31932dff68b0433d4bb90cfd62e028e6ebcd02a5699

SHA512
686d7a1afc088c06777ad8ca18c5a487e41e4cb07c87ebc117a856619a55a7b655159bca99ecf191c3517a00d3f97d08773e4fb4449f1ee07d2044b98c7831b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
199KB

MD5
bfeaa54be3c41c3415b8cf80eedf5450

SHA1
1a16a34b3d679b6696f0910810a0e459756256a9

SHA256
eefa1ba8af8c04128b2ad2a7323509ac7b16132ddea214c2249cb1bba1670289

SHA512
06141e156634b639a95b8808363b3896f61ecd064ff3939ebcef95ee3b1f5e94673067c3639aa76aecc92fbb7404e89e108db5df0f0bc473cd2ced8d38618030

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
199KB

MD5
873e3877dc062c6be389735aecff048a

SHA1
b894500c8ad0632f958309b595dec66611dedb57

SHA256
a8943f354b812cd5007fefeaee58c92e616c6153686e5798e38175c387268a97

SHA512
1056e15063d7719b1c5d5ab31594b022c4338cd422562412f3540d95c4578a9d8c78786c389d1a9006563300cff4931cad0fbc71acf2b812e51c395668a250e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
120KB

MD5
377ab30bbc7bc3c9aece7f44730b4ca6

SHA1
4112fdeb454292e7a0ef942eb47c465f2c956c9f

SHA256
566b0634fa115ddeda27113a2631c5105afbd3a5f95591509cd388713a45b9da

SHA512
32958562139743b383111915f958b88a93fe78aeb8d5e3bce2444123fb83e20d5d31b9d7c4440836b342e6375bafb9662777e958de199db17e0f96f1ad1afa54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
97KB

MD5
339bfa8d25f01356841925aa62787db2

SHA1
b15185487647aeac1db6780244dc083b072aa9d8

SHA256
68bc2ac857f91c59c5ebd2c089fc2cd1db5e59fc84d4ee858faf62a14946e202

SHA512
a016d225bea0d4270a8b98fc3edf7fb6b91caf831c5916172b6907aa8cf5d86ba1984167d98af5311da4a94b168c0c0271ebf665d64af8391f832e55fa1064c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
109KB

MD5
4d61183fc7efbdd079c475c4de35ea94

SHA1
4c9d610116938d90c6cf289a0cbc1508844f6651

SHA256
1bc7cb3286f75c4286e6b784a5d99a55b9ad25606e4c55d3534fd058c814552b

SHA512
4c6da79d1c3f79ead6d6d0627dc9ab07c07355d0b0b7979ec02cf0ff5c80d4d49c433f06163266e87a2fafb9b1723adb41e95874eab75d1a388824884f664422

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
122KB

MD5
1fe9d52768dc858b908adabeb8345a45

SHA1
105a6b22a90eb5c6bf72acaf52a3a09f7826cdeb

SHA256
e616e76f96482bc858be777c4ed7198c0eee31ed857d82b36cc83be47c676015

SHA512
40b38f517670d33bd933a9de658faf92405eedd74096d191b180cc51eb03426476b5285c88ca108e1ec456da3ac75766d16cb2514695664e15f6d36469c78ea1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
103KB

MD5
1587c66b110bf7f16cf2a18a961a8cfb

SHA1
dcb1e148a292c1d6a5c9422993c3852a818453ca

SHA256
4a220154f1f0356597f94b44327cebc020f20714f31622cefe889e46bf8a2856

SHA512
a7cff0d0a8e394746bf997b3009da414e8a0d36827f848fbb7349fcad22b6ff887f68a016b42744af48c85488745e7f37a1d90b1066e3cd0cb186b324a134189

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
114KB

MD5
919b4875b09a62379b1ea783388151ae

SHA1
02f54ecd223f6b991537ded12519e426a4e4d712

SHA256
afcb23704a9fce6e71281e255a1d55b21ac3089f5deb274a7186ad572adc9def

SHA512
ea142c683be9af59914105ff591ac8b8e2d23975d9773dd9f21b546e7cc3121a6222f04a96514e9ba9f6329362d6821c2c28d3f6e1be026c3c11d0061a179bcf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
121KB

MD5
9d8fa5a136225473648febd2eb1a842b

SHA1
994ae435aaead1e1c0efdc60f7f34aa0db61bba5

SHA256
8ee595472a0e4e6f53db2ab9af9c052ccabc790a9b0e52496b0254456b0bd085

SHA512
2793c92a458a2ace45fa3cb5eea94c51bb64568c8a49def911831c677f924e8985b212023291ed9da90745bdce89dafc7a64ac8b5db6261eaf6abf1c5196cc09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\EmieSiteList\container.dat.zemblax

Filesize
16B

MD5
cfdae8214d34112dbee6587664059558

SHA1
f649f45d08c46572a9a50476478ddaef7e964353

SHA256
33088cb514406f31e3d96a92c03294121ee9f24e176f7062625c2b36bee7a325

SHA512
c260f2c223ecbf233051ac1d6a1548ad188a2777085e9d43b02da41b291ff258e4c506f99636150847aa24918c7bbb703652fef2fe55b3f50f85b5bd8dd5f6e3

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.zemblax

Filesize
8KB

MD5
420960c4b17842a24bbf117222c60e47

SHA1
4e2f5bc3a3fe7da4ea60dfaae851b1b88e48751d

SHA256
e94c37d7dc8dd954bfee8e340abc882bc361baf0d3771ed442ed625a3bcb0174

SHA512
b42f16f6fca9b66d49a2ad7c80e56c51e04d023a4ae50e984dbd267e204682ecbb929fefb5c7ee67775597773b08b6bd39416f13b87f1782cf8c5d553ecd7ce5

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{506550ab-e951-47fb-95b2-997bfb0b6514}\0.1.filtertrie.intermediate.txt.zemblax

Filesize
16B

MD5
9817c637ea440822e5d3ff2144d17467

SHA1
84080fede70d3544aad82976cec9b51c83c472ec

SHA256
df1b3b60351e48245d6ac589c68ddf77dba1aa9ba12427405b90daa9143d8252

SHA512
399bd0074e50829c3f5b5000c5e6da863de969adab921b5244da53ae35661ffbc24687176ecc1411f0da78d6a186c999846d454c365500f9833607095a0f2373

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{506550ab-e951-47fb-95b2-997bfb0b6514}\0.2.filtertrie.intermediate.txt.zemblax

Filesize
16B

MD5
2a89b7646b4d795f4bfc5bb4269138e7

SHA1
ff1ffe4b11ab6094419b961bcdc9b923369293bf

SHA256
9dd722337fac6f6363c0697082384f6866d27ad7f5f3d541cb494c91afe14c16

SHA512
4a2cfc5c842227c576b3f93962fa38001db85ae56f5989880e6938c31cc77718b69d94c900cbe150d2126d1952242450981bf2f3f148909b5e056d69579bf3d9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
7KB

MD5
9190d476be1136aa67a28e6efaeaf010

SHA1
dae9beec39114932c76dc07fdc1d905ad1dba859

SHA256
163e948d3e7a1ac637e537e88d72890e6809dad74cfda58ce5c4db31e0dcc3ac

SHA512
178c239dc4f052771e19c1f6b48159c9cb42ceb57dc3a70b7af04a5a49d550c992d4453bee53583ba14d0d482807e10575425595a50fdec1f7b0c1889b722df4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
9KB

MD5
58c206ba9bd053ee17bc8eaf7fffcf17

SHA1
33706a232a979b4f056d653137eacffa0d835c97

SHA256
b1c148b2017f58ec195693827cb8b065acdc29c105e48e7e7dc0fc168caf06a7

SHA512
4d6a87a0689b5a9cd2eed86b912cca3f8806893a0c1c0afb1cbbf1a2ab74ffde35d76994cb5a81d5bac38fe83ed135a82c245d0190dd1de6bc3061ed867f2fe6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
8KB

MD5
132e2d08f6a27efec961219a565d2088

SHA1
7179a5f18147d5b533ebe68642a77b3d586d9ccc

SHA256
5cad9c8ec3fb387c4c1af7d79d24b6f3b162fd6c83a3750c9052e20f40d40b30

SHA512
1f9baf44ca6c03f380667a324ef39773c171efeddbb5094ff73b31cb9701def04263075dc9574828cf28128a96a157609e361206766655caff3d28b53bd9d2bb

Download Submit
C:\Users\Admin\Downloads\Jigsaw-Ransomware-master.zip.crdownload

Filesize
268KB

MD5
5596fd854875bee824de61ed8c6508a9

SHA1
11ccd44a1ddf182dbf16137ec270e760be37c433

SHA256
ef0e14a9813a9bda9808bebd309d82348d03ef94913932694bc52581c8de94a8

SHA512
dfeaa43bb0b0409e15d91dcf8b9e943c45ba233a84ae1e4d805c9f025e74fbc18daa53f1484420cbff92280165bec49a8efc61a33d049356f38954f9bed1a18e

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 544787.crdownload

Filesize
119KB

MD5
2ecd61d62dac0f8da928922c1f04bef2

SHA1
1909a137713700e266a15f60ad5205ea9c110e31

SHA256
49e6b1b9c6503df4105d548891e596bb91f4df63882a9cbbeb4ba541b897f049

SHA512
474e4df86c23e3e6e98bc8a6423825502b32b4c2e012b90adf51659a77c7e5216cf80550d70d5025e5ed997358dfdf9f14dd10871d27791fb2c8bd1a75a6dea1

Download Submit
C:\Users\Admin\Downloads\df049efbfa7ac0b76c8daff5d792c550c7a7a24f6e9e887d01a01013c9caa763.zip.crdownload

Filesize
229KB

MD5
e0532c3452c5de166144de85144ab86e

SHA1
a1ac8137db77d51f426500a89c5009adaf0313bf

SHA256
91312ac2c8fa00d56b7ce9839f8a2934620f69ef6043a0c177c810870d6edd92

SHA512
a5c6236e637d9717438cda12e85302302435ad5df6a2ef7a068f6c62c01b4e89a546023226364970d9e01e79455977cd12662eff4b30b4f001bb3520c2850176

Download Submit
memory/2540-2046-0x0000000000490000-0x00000000004A0000-memory.dmp

Filesize
64KB

Download
memory/2540-7171-0x0000000000490000-0x00000000004A0000-memory.dmp

Filesize
64KB

Download
memory/2540-2058-0x0000000000490000-0x00000000004A0000-memory.dmp

Filesize
64KB

Download
memory/2540-7181-0x0000000000490000-0x00000000004A0000-memory.dmp

Filesize
64KB

Download
memory/2540-2042-0x0000000004F30000-0x0000000004F31000-memory.dmp

Filesize
4KB

Download
memory/2540-2047-0x0000000000490000-0x00000000004A0000-memory.dmp

Filesize
64KB

Download
memory/2540-1886-0x0000000000490000-0x00000000004A0000-memory.dmp

Filesize
64KB

Download
memory/2540-1883-0x0000000000490000-0x00000000004A0000-memory.dmp

Filesize
64KB

Download
memory/2540-1881-0x0000000000490000-0x00000000004A0000-memory.dmp

Filesize
64KB

Download
memory/2540-1880-0x0000000000490000-0x00000000004A0000-memory.dmp

Filesize
64KB

Download
memory/2540-2048-0x0000000000490000-0x00000000004A0000-memory.dmp

Filesize
64KB

Download
memory/2540-2205-0x0000000000490000-0x00000000004A0000-memory.dmp

Filesize
64KB

Download
memory/4108-1734-0x0000000004B10000-0x0000000004B44000-memory.dmp

Filesize
208KB

Download
memory/4108-1722-0x0000000004B10000-0x0000000004B44000-memory.dmp

Filesize
208KB

Download
memory/4108-1706-0x00000000021D0000-0x00000000021E0000-memory.dmp

Filesize
64KB

Download
memory/4108-1709-0x0000000004B10000-0x0000000004B44000-memory.dmp

Filesize
208KB

Download
memory/4108-1710-0x0000000004B10000-0x0000000004B44000-memory.dmp

Filesize
208KB

Download
memory/4108-1712-0x0000000004B10000-0x0000000004B44000-memory.dmp

Filesize
208KB

Download
memory/4108-1714-0x0000000004B10000-0x0000000004B44000-memory.dmp

Filesize
208KB

Download
memory/4108-1794-0x00000000021D0000-0x00000000021E0000-memory.dmp

Filesize
64KB

Download
memory/4108-1792-0x00000000021D0000-0x00000000021E0000-memory.dmp

Filesize
64KB

Download
memory/4108-1772-0x0000000004B10000-0x0000000004B44000-memory.dmp

Filesize
208KB

Download
memory/4108-1716-0x0000000004B10000-0x0000000004B44000-memory.dmp

Filesize
208KB

Download
memory/4108-1770-0x0000000004B10000-0x0000000004B44000-memory.dmp

Filesize
208KB

Download
memory/4108-1768-0x0000000004B10000-0x0000000004B44000-memory.dmp

Filesize
208KB

Download
memory/4108-1718-0x0000000004B10000-0x0000000004B44000-memory.dmp

Filesize
208KB

Download
memory/4108-1766-0x0000000004B10000-0x0000000004B44000-memory.dmp

Filesize
208KB

Download
memory/4108-1764-0x0000000004B10000-0x0000000004B44000-memory.dmp

Filesize
208KB

Download
memory/4108-1762-0x0000000004B10000-0x0000000004B44000-memory.dmp

Filesize
208KB

Download
memory/4108-1720-0x0000000004B10000-0x0000000004B44000-memory.dmp

Filesize
208KB

Download
memory/4108-1760-0x0000000004B10000-0x0000000004B44000-memory.dmp

Filesize
208KB

Download
memory/4108-1758-0x0000000004B10000-0x0000000004B44000-memory.dmp

Filesize
208KB

Download
memory/4108-1756-0x0000000004B10000-0x0000000004B44000-memory.dmp

Filesize
208KB

Download
memory/4108-1754-0x0000000004B10000-0x0000000004B44000-memory.dmp

Filesize
208KB

Download
memory/4108-1752-0x0000000004B10000-0x0000000004B44000-memory.dmp

Filesize
208KB

Download
memory/4108-1750-0x0000000004B10000-0x0000000004B44000-memory.dmp

Filesize
208KB

Download
memory/4108-1748-0x0000000004B10000-0x0000000004B44000-memory.dmp

Filesize
208KB

Download
memory/4108-1746-0x0000000004B10000-0x0000000004B44000-memory.dmp

Filesize
208KB

Download
memory/4108-1744-0x0000000004B10000-0x0000000004B44000-memory.dmp

Filesize
208KB

Download
memory/4108-1742-0x0000000004B10000-0x0000000004B44000-memory.dmp

Filesize
208KB

Download
memory/4108-1740-0x0000000004B10000-0x0000000004B44000-memory.dmp

Filesize
208KB

Download
memory/4108-1738-0x0000000004B10000-0x0000000004B44000-memory.dmp

Filesize
208KB

Download
memory/4108-1736-0x0000000004B10000-0x0000000004B44000-memory.dmp

Filesize
208KB

Download
memory/4108-1724-0x0000000004B10000-0x0000000004B44000-memory.dmp

Filesize
208KB

Download
memory/4108-1732-0x0000000004B10000-0x0000000004B44000-memory.dmp

Filesize
208KB

Download
memory/4108-1730-0x0000000004B10000-0x0000000004B44000-memory.dmp

Filesize
208KB

Download
memory/4108-1728-0x0000000004B10000-0x0000000004B44000-memory.dmp

Filesize
208KB

Download
memory/4108-1726-0x0000000004B10000-0x0000000004B44000-memory.dmp

Filesize
208KB

Download
memory/4152-1136-0x0000000000E20000-0x0000000000E46000-memory.dmp

Filesize
152KB

Download
memory/4152-1140-0x0000000005B50000-0x0000000005B60000-memory.dmp

Filesize
64KB

Download
memory/4152-1152-0x0000000005B50000-0x0000000005B60000-memory.dmp

Filesize
64KB

Download
memory/4152-1142-0x00000000059D0000-0x0000000005A26000-memory.dmp

Filesize
344KB

Download
memory/4152-1141-0x0000000005890000-0x000000000589A000-memory.dmp

Filesize
40KB

Download
memory/4152-1137-0x00000000057E0000-0x000000000587C000-memory.dmp

Filesize
624KB

Download
memory/4152-1138-0x0000000005EE0000-0x0000000006484000-memory.dmp

Filesize
5.6MB

Download
memory/4152-1139-0x0000000005930000-0x00000000059C2000-memory.dmp

Filesize
584KB

Download
memory/5156-1288-0x00000000001A0000-0x00000000001A8000-memory.dmp

Filesize
32KB

Download
memory/6072-1275-0x0000000005900000-0x0000000005910000-memory.dmp

Filesize
64KB

Download
memory/6072-1276-0x0000000005900000-0x0000000005910000-memory.dmp

Filesize
64KB

Download
memory/6072-1277-0x0000000005900000-0x0000000005910000-memory.dmp

Filesize
64KB

Download
memory/6072-1278-0x0000000005900000-0x0000000005910000-memory.dmp

Filesize
64KB

Download