jigsaw | hxxp://google[.]com/search?q=malware+database

Analysis

max time kernel
823s
max time network
826s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
20-06-2023 10:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://google.com/search?q=malware+database

Score

10^/10

jigsaw nitro evasion persistence ransomware spyware stealer

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\NitroGen\NitroRansomware.exe

Ransom Note

MZ��@�� !�L�!This program cannot be run in DOS mode. $��PE��L��؀��"�0��r�� @�� `��O�� p��8�� H��.text��x�� `.rsrc�� @��@.reloc��r��@��B��Q��H��K��G��&��0��@\��0��(�� +@�~��o�� -+~��r��p(�� o��~��o�� ~��(��X�i2�(�� + �(��X �i2��~��o�� o"��*��yy��0��(�� +H�(��,8~��r��p(�� o��o�� ~��o�� Yo�� ~��(��X�i2�(�� + �(��X �i2��~��o�� o"��*��~��o�� ,/o�� ~��o�� Y~��o�� o�� ~��(�� ,**�0�[�� H�� s�� + o�� X 2�o�� ~��(�� s�� ( �� o!�� s"�� o#�� o$�� o%�� P��s&�� o'�� [o(�� o)�� o*�� [o(�� o+�� o,�� io-�� o.�� s/�� s�� H��+ o-�� io0�� % 0�o1�� J~��o�� o"��5~��r5��p(�� o ��~��X��o1�� o1�� (2�� *��+��@%5��0�S��( �� o!�� H��s�� io0�� &s"�� o#�� o$�� P��s&�� o'�� [o(�� o)�� o*�� [o(�� o+�� o%�� o,�� o3�� s/�� s�� H��+o-�� io0�� %0��4 ~��rI��p o�� (�� o"�� ~�� o�� o"��o1�� ~��r��p(�� o ��-~��r��po�� (�� o"��o1�� o1�� *�4��$��$��%��=D��(4�� *��r��ps��r��p��~1��s5�� *��0��(6�� %o7�� `o8�� *�}��~0��s:��}��(9�� (��*0��s:�� }��{��#��@�@o;�� {��s<�� o=�� {��o>�� {��r�po?�� ~��o@�� +)�(A�� {��%oB�� r�pr�p(C�� o?�� (D�� -��oE�� *��\�6��0��(��9��{��~��o?�� {��r%�po?�� {��(F�� oG�� {��r�po?�� {��r�po?�� {��#'*(H�� oI�� {��rO�po?�� {��oJ�� *��0��{��oB�� ~��(�� ,\{��r��po;��~��{��r��po?�� (K�� (L�� ()��(M�� (L�� r��pr9�p@(N�� &(+��*r[�pr9�p(N�� &*"(O�� *"(O�� *Frs�pr��p(P�� &**Frs�pr��p(P�� &**"(O�� *0��~0��s:�� {��oB�� ~Q�� (R�� r��po�� 9��r��po�� ,r��poS�� XoT�� (R�� +r��poS�� XoT�� (#��,'r��po;��o;��r5�pr9�p@(N�� &*r[�po;��r��pr9�p(N�� &+r[�po;��r��pr9�p(N�� &*R��sU�� (V�� &*z,{��,{��oE�� (W�� *��0�� sX�� }��(Y�� sZ�� s[�� } ��s\�� }��s]�� }��s\�� }��s\�� }��s^�� }��s^�� }��s\�� }��s_�� }��s\�� }��s]�� }��s\�� }��s_�� }��s]�� }��s]�� }��s\�� }��s\�� }��s]�� }��s^�� }��s\�� } ��{��s`�� }!��{��sa�� }"��sb�� }#��sc�� }$��sb�� }%��{��od�� {��od�� {"��od�� (d�� {��oe�� {��r^�p"��Asf�� og�� {��(h�� oG�� {��!si�� oj�� {��sk�� ol�� {��r��pom�� {�� .sn�� oo�� {��op�� {��r��po?�� {��#'*(H�� oI�� {��oq�� {��r��p"��Asf�� og�� {��(r�� oG�� {�� si�� oj�� {��ss�� ol�� {��ot�� {��r��pom�� {��ou�� {��ov�� {�� sn�� oo�� {��op�� {��ow�� {��r �pox�� o?�� {��oy�� {��sz�� o{�� {��oe�� {��r��p"��dAsf�� og�� {��(|�� oG�� {�� vsi�� oj�� {��sk�� ol�� {��r&�pom�� {��8 sn�� oo�� {��op�� {��r4�po?�� {��sz�� o}�� {��oe�� {��r��p"��dAsf�� og�� {��(|�� oG�� {�� vsi�� oj�� {��sk�� ol�� {��r>�pom�� {�� sn�� oo�� {��op�� {��rL�po?�� {��#'*(H�� oI�� {��(~�� oG�� {��si�� oj�� {��ss�� ol�� {��rj�pom�� {�� 4��'sn�� oo�� {��op�� {��#'*(H�� oI�� {��o�� {��o�� {��(~�� oG�� {��tsi�� oj�� {��ss�� ol�� {��rx�pom�� {�� 1��Rsn�� oo�� {��op�� {��oe�� {��r��p"��Asf�� og�� {��(|�� oG�� {�� E��si�� oj�� {��sk�� ol�� {��r��pom�� {�� sn�� oo�� {�� op�� {��r��po?�� {��(�� oI�� {��o�� {�� m��si�� oj�� {��ss�� ol�� {��r��pom�� {��dsn�� oo�� {�� op�� {��r��po?�� {��o�� {��sz�� o}�� {��oe�� {��r��p"��Asf�� og�� {��(|�� oG�� {�� si�� oj�� {��sk�� ol�� {��r��pom�� {�� sn�� oo�� {��op�� {��r��po?�� {��#'*(H�� oI�� {��oq�� {��(�� oG�� {��^ ��si�� oj�� {��ss�� ol�� {��r,�pom�� {��ou�� {�� sn�� oo�� {��op�� {��ow�� {��r>�po?�� {��oe�� {��r��p"�� Asf�� og�� {��(|�� oG�� {�� T��si�� oj�� {��sk�� ol�� {��rz�pom�� {��gsn�� oo�� {�� op�� {��r��po?�� {��(�� oI�� {��o�� {�� u�� si�� oj�� {��ss�� ol�� {��r��pom�� {��dsn�� oo�� {��op�� {��r��po?�� {��o�� {��sz�� o}�� {��#'*(H�� oI�� {��oq�� {��(�� oG�� {��^ m��si�� oj�� {��ss�� ol�� {��r��pom�� {�� sn�� oo�� {��op�� {��ow�� {��r��po?�� {��#'*(H�� oI�� {��oq�� {��(�� oG�� {�� U�� si�� oj�� {��ss�� ol�� {��r��pom�� {�� sn�� oo�� {��op�� {��ow�� {��r �po?�� {��oe�� {��r��p"��Asf�� og�� {��(|�� oG�� {�� Q�� si�� oj�� {��sk�� ol�� {��r �pom�� {�� sn�� oo�� {��op�� {��r �po?�� {��oe�� {��r��p"�� Asf�� og�� {��(|�� oG�� {�� si�� oj�� {��sk�� ol�� {��rn �pom�� {��&sn�� oo�� {��op�� {��r| �po?�� {��#'*(H�� oI�� {��oq�� {��r��p"ff�@sf�� og�� {��(r�� oG�� {��/ ��si�� oj�� {��ss�� ol�� {��ot�� {��r� �pom�� {��ou�� {��o�� {�� sn�� oo�� {��op�� {��ow�� {��(�� oI�� {��o�� { ��o�� {��/ ��si�� oj�� {��ss�� ol�� {��r� �pom�� {�� sn�� oo�� {��op�� { ��oe�� { ��r^�p"��HBsf�� og�� { ��(�� oG�� { ��:si�� oj�� { ��sk�� ol�� { ��r� �pom�� { �� p��_sn�� oo�� { ��op�� { ��r� �po?�� { ��sz�� o}�� {!��{"��o�� {!��r� �po�� ts��o�� {!��r9�po�� {!��o�� {!��s�� o�� {"��sn�� o�� {"��o�� w��%{#��%{$��%{%��o�� {"��r� �pom�� {"�� :sn�� oo�� {#��r� �po�� {#�� sn�� o�� {#��r �po�� {#�� sz�� o�� {$��r, �po�� {$�� sn�� o�� {%��rT �po�� {%�� sn�� o�� {%��rT �po�� {%��sz�� o�� "��A"��As�� (�� (�� ,/3(H�� oI�� +�� sn�� (�� (�� (�� {��o�� (�� {��o�� (�� {��o�� (�� {��o�� (�� {��o�� (�� {��o�� (�� {��o�� (�� {��o�� (�� {��o�� (�� {��o�� (�� {��o�� (�� {��o�� (�� {��o�� (�� {��o�� (�� {��o�� (�� {��o�� (�� {��o�� (�� oG�� (�� r^ �po�� ts��(�� ss�� (�� (�� rt �p(m�� (�� (�� r� �po?�� (�� sz�� (�� {��o�� {��o�� {��o�� {��o�� {"��o�� (�� (�� *��0��{ ��/@;} ��{ ��- ;} ��{��,.{��Y}��+{ ��Y} ��+{ ��Y} ��{ ��-{ ��-{��&{ ��r� �p|��(�� 0o�� | ��(�� 0o�� | ��(�� 0o�� (�� o?�� *��0�� (�� (�� ~&��r� �p(�� o�� ~&��r� �p(�� o�� ~&��r� �p(�� o�� ~&��r��p(�� o�� ~&��r<�p(�� o�� ~&��r~�p(�� o�� ~&��r��p(�� o�� *0�<��(��s5�� ~&��o@�� 8��(A�� (�� 9��r,�p(�� s�� rZ�po�� 8��o�� o�� rf�p(�� o�� + o�� t/�� o�� o�� o�� -�� u0��,oE�� r��p(�� o�� +o�� t/�� o�� o�� o�� -��u0��,oE�� X�i?:��(D�� :��oE�� *AL��(��(��,��(4�� *.s5�� &��*�(4�� (�� }'��r��p}(��})��}*��*��0�9��{*��3\{'��{(��(�� (�� r��p(�� r��p(�� (�� (�� o�� r �po�� ,oE�� {*��-5r��p(�� r��p(�� (�� (�� (�� r �p(�� *{'��{(��(�� (�� r��p(�� r��p(�� (�� (�� o�� r �po�� ,oE�� r��p(�� r��p(�� (�� (�� (�� r �p(�� *�� ;[� ��<��~{)��r��p(�� ,r��p(��*�{)��r��p(�� , r �p(��*{)��r �p(�� ,r �p(��*~{)��r �p(�� ,r �p(��*6r �p(��*��0�P�� s�� r, �pr� �p(�� ~+��o��o�� o�� o�� . � � ,oE�� *��>D� ��(4�� *Fr��ps��+��*��0�@��(-��,s ��(�� *(,��(*��('��((��(.�� p��(�� s ��(�� *0�(��(�� o�� (�� (�� r� �p(�� &~2��r�po��(��r�po@�� +(A�� r �p(�� (D�� -��oE�� (R�� (2�� (1��(3��~0��s:�� G��%r&�p�% o�� %r��p�% o�� %r��p�%�%r��p�%�%r��p�(�� o;��r��p~1��r��p(�� o;��r��pr��p(�� o;��*��D�$h��0��~3��r�po;��~=��%-&~<��C��s�� %�=��s�� ~>��%-&~<��D��s�� %�>��s�� ~?��%-&~<��E��s�� %�?��s�� ~@��%-&~<��F��s�� %�@��s�� o�� o�� o�� o�� o�� o�� o�� o�� ~3��rN�p~��o�� }��(�� o;��(7��*0��~A��%-&~<��G��s�� %�A��s�� ~B��%-&~<��H��s�� %�B��s�� ~C��%-&~<��I��s�� %�C��s�� ~D��%-&~<��J��s�� %�D��s�� o�� o�� o�� o�� o�� o�� o�� o�� *��0��(�� o�� (�� (�� (�� o�� r��p(�� r��p(�� (R�� ~�� r��po�� rW�pr]�pr]�p(�� o�� , oE�� ~2��o�� o"��*��O�l� ��xx��0�v��(�� o�� (�� (�� ra�p(�� &ry�prW�p��(�� ,=~�� r��po�� r�p(�� &r\�pr9�p(P�� &(�� ,oE�� *��I�"k� ��0�R��(�� o�� r��p(�� (�� (�� (�� (�� (�� (�� (R�� ~2��o�� o��*��>>��Zr��prW�p(�� ,**�0�5��(�� r�p(�� (R�� s�� ~1��o�� ,oE�� *�� *� ��(4�� *0�b��(�� ,��(�� -��'(�� .��(�� /��r#�p�0��r�p�1��r��ps��2��~0��s:��3��*��0�T��~Q�� rT�psK��rd�poM��% �o�� ,oE�� ~4�� o�� o"��*��"3� ��9?��0�,��s5�� r��p(�� r��p(�� o�� o�� *0�U��~Q�� s�� r��po�� o�� o�� o�� o�� ,oE�� ~4��o�� o"��*��&2� ��8>��(4�� *Fr��ps��4��*��0�D��(�� r��p(�� 8��(@��~8��o�� ~5��~8��~6��~7��`(6��&*(4�� *R�5��6��7��*:(4�� }9��*0�j��s�� %r �po�� %r�pr,�po�� %rH�pr^�po�� s�� {9��s�� o�� o�� (�� &� ,oE�� &��*��8�"Z� ��2�4f��(4�� *0�-��~:��- r��p��(Y�� o�� s�� :��~:��*~;��*�;��*0��(=��r�p~;��o�� tC��*.sB��<��*(4�� *.~-��(��*.~.��(��*.~,��(��*.~/��(��*.~-��(��*.~.��(��*.~,��(��*.~/��(��*0��(4�� s�� }E��s�� }G��~Q�� }H��s�� o�� o�� o�� o�� o�� {E��N��s�� o�� {E��o�� {E��o�� &{E��o�� }F��{E��o�� *�{E��o�� {E��o�� {F��o�� {F��o�� *�~Q�� }H��{F��o�� {F��r�po�� {G��o�� &{H��*��0�D��o�� ,o�� r.�p(�� , {G��o�� &*{H��o�� (�� (�� }H��*BSJB��v4.0.30319��l��#~��d��#Strings��T+��8��#US��@��#GUID��@��#Blob��W� ��3�� H��N��4��\ ��c �oc �Pc ��c ��c ��c ��c ��e��3c � ��w�� w��.��)�� &��t� �� e� �y� �}��;wG�� 6��&�M��J�J�� w��'w�(��J�� ^�� 9�� x��s��V;� F �md ��0��I w�+ w��b�� ~��k��/��w��r��& ��^d �A� �r� �o� �� -��|w�\ w��w��w�w��d ��d ��d ��d � �� d �� 4d �3��wW� �� d �� z� �� W��_d �� T� �� 'w�Gw�$��i��u ��!��8� � ��c �� :��w��w��d ��i��]��?� �)� ��9��^�A��e��A�&�� A�'��X�A�+�#��F�A�,�&��A�4�1��A�5�6��A�9�:��B�A�:�<�!��A�<�A��A�E�K�� Y��p��2��F�� W �� f��s��B�� Y�� {�S�e��6�.� ��Z��-��'��x��K��I$�V)�9.��P �� !��!��V��t#��J3�%�� %�� H%��y�� o%�� %��: �T&�� :��&��$: ��'��S:��'��<:��'��G:��'��>:��'��:��'�� :��'��dB��'��@��(��J��(��(��S� �;��E�� ;�� <��R �$>�� ,>�� 8>��Z �h>��D�"��?�� $��?��S�%�+@��5 �&�K@��d�'�\@�� (��@��)��@��)��@��`)�0A��*�tB��*�|C��*�PD��e�*�E��"�*��E��*�F��xf*�$F��*�xF��*��F��*��F��f�*�lG��aR*��G��*�$H��*�,H��*�� j*�@H��.��H��.��H��.��H��.��H��/�PI��0�XI��9r0��I��x0��I��

Signatures

Jigsaw Ransomware
Ransomware family first created in 2016. Named based on wallpaper set after infection in the early versions.
ransomware jigsaw
Nitro
A ransomware that demands Discord nitro gift codes to decrypt files.
ransomware nitro
Disables Task Manager via registry modification
evasion

Modifies extensions of user files 6 IoCs

Ransomware generally changes the extension on encrypted files.

ransomware

description	ioc	Process
File opened for modification	C:\Users\Admin\Pictures\WriteOptimize.tif.fun	NitroRansomware.exe
File created	C:\Users\Admin\Pictures\StartExport.png.fun	drpbx.exe
File created	C:\Users\Admin\Pictures\WriteOptimize.tif.fun	drpbx.exe
File created	C:\Users\Admin\Pictures\StartExport.png.fun.givemenitro	NitroRansomware.exe
File opened for modification	C:\Users\Admin\Pictures\StartExport.png.fun	NitroRansomware.exe
File created	C:\Users\Admin\Pictures\WriteOptimize.tif.fun.givemenitro	NitroRansomware.exe

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Control Panel\International\Geo\Nation	Half-Life 3 Crack.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Control Panel\International\Geo\Nation	NitroGen.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Control Panel\International\Geo\Nation	NitroRansomware.exe

Drops startup file 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini.givemenitro	NitroRansomware.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini	NitroRansomware.exe

Executes dropped EXE 4 IoCs

pid	Process
4912	Half-Life 3 Crack.exe
5104	drpbx.exe
1128	NitroGen.exe
4160	NitroRansomware.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Adds Run key to start application 2 TTPs 4 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\firefox.exe = "C:\\Users\\Admin\\AppData\\Roaming\\Frfx\\firefox.exe"	Half-Life 3 Crack.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Windows\CurrentVersion\Run	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Windows\CurrentVersion\Run	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NR = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\NitroGen\\NitroRansomware.exe\""	NitroRansomware.exe

Drops desktop.ini file(s) 11 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Documents\desktop.ini	NitroRansomware.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\desktop.ini	NitroRansomware.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini	NitroRansomware.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini	NitroRansomware.exe
File opened for modification	C:\Users\Admin\Pictures\desktop.ini	NitroRansomware.exe
File opened for modification	C:\Users\Admin\Desktop\desktop.ini	NitroRansomware.exe
File opened for modification	C:\Users\Admin\Pictures\Saved Pictures\desktop.ini	NitroRansomware.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Desktop.ini	NitroRansomware.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\desktop.ini	NitroRansomware.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini	NitroRansomware.exe
File opened for modification	C:\Users\Admin\Pictures\Camera Roll\desktop.ini	NitroRansomware.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
161	api.ipify.org
162	api.ipify.org

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Roaming\\wallpaper.png"	NitroRansomware.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\tr_get.svg.fun	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteSectionGroupMedTile.scale-100.png	drpbx.exe
File created	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.core.databinding.property.nl_zh_4.4.0.v20140623020002.jar.fun	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\AppList.scale-100_contrast-black.png	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\zh-tw\ui-strings.js.fun	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteAppList.scale-100.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteSectionWideTile.scale-125.png	drpbx.exe
File created	C:\Program Files\Java\jdk1.8.0_66\jre\lib\ext\zipfs.jar.fun	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageSmallTile.scale-400_contrast-white.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\ExchangeMediumTile.scale-400.png	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\ko-kr\ui-strings.js.fun	drpbx.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\lv_get.svg	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.contrast-white_targetsize-96.png	drpbx.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\icons.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\Retail\Windows_Insider_Ninjacat_Unicorn-128x128.png	drpbx.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\it-it\PlayStore_icon.svg	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteAppList.targetsize-30_altform-unplated.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteNewNoteMedTile.scale-200.png	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Adobe\symbol.txt.fun	drpbx.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_ellipses_selected.svg	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\sv-se\ui-strings.js.fun	drpbx.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_logo_large.png	drpbx.exe
File created	C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-fallback_zh_CN.jar.fun	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.targetsize-16_altform-lightunplated.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\AppPackageStoreLogo.scale-125_contrast-black.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\LinkedInboxMediumTile.scale-100.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxGameOverlay_1.46.11001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubWideTile.scale-200.png	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\pt-br\ui-strings.js.fun	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\CortanaApp.ViewElements\Assets\[email protected]	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageAppList.targetsize-48_contrast-white.png	drpbx.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\turnOffNotificationInTray.gif	drpbx.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files-select\js\plugin.js	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosLogoExtensions.targetsize-336.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxGameOverlay_1.46.11001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.scale-200.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.targetsize-48_altform-unplated_contrast-white.png	drpbx.exe
File created	C:\Program Files\7-Zip\Lang\nn.txt.fun	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-72_altform-lightunplated.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\210x173\9.jpg	drpbx.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\themes\dark\dd_arrow_small2x.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxCalendarLargeTile.scale-125.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Advanced-Dark.scale-300.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarSmallTile.scale-400.png	drpbx.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.launcher_1.3.0.v20140415-2008.jar	drpbx.exe
File opened for modification	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001B-0000-1000-0000000FF1CE.xml	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\notetagsUI\main.js	drpbx.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_ghost_profile_large.png.fun	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\hr-hr\ui-strings.js.fun	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneVideo_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\AppxManifest.xml	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.contrast-black_scale-100.png	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_filterselected-disabled_32.svg.fun	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\hr-hr\ui-strings.js.fun	drpbx.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-black_scale-140.png	drpbx.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\VisualElements\SmallLogoDev.png.fun	drpbx.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\ja-jp\ui-strings.js	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\en-gb\ui-strings.js.fun	drpbx.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-black_scale-140.png.fun	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\EmptyCalendarSearch.scale-100.png	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_de_135x40.svg.fun	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\OutlookMailBadge.scale-200.png	drpbx.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\ms_get.svg	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\lets-get-started-2x.png.fun	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SplashScreen.scale-125.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.scale-200_contrast-black.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\EmptySearch.scale-400.png	drpbx.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 15 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\Recovery\PendingDelete	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{331FD41A-0F52-11EE-BDA1-EEF7611730E8} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingDelete\C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{331FD41C-0F52-11EE-BDA1-EEF7611730E8}.dat = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133317289900450096"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings	chrome.exe

Runs .reg file with regedit 2 IoCs

pid	Process
2748	regedit.exe
4364	regedit.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3084	chrome.exe
3084	chrome.exe
1652	chrome.exe
1652	chrome.exe
1032	mspaint.exe
1032	mspaint.exe
4436	chrome.exe
4436	chrome.exe
4160	NitroRansomware.exe
4160	NitroRansomware.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
4436	chrome.exe
4436	chrome.exe
4436	chrome.exe
4436	chrome.exe
4436	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3084	chrome.exe
Token: SeCreatePagefilePrivilege	3084	chrome.exe
Token: SeShutdownPrivilege	3084	chrome.exe
Token: SeCreatePagefilePrivilege	3084	chrome.exe
Token: SeShutdownPrivilege	3084	chrome.exe
Token: SeCreatePagefilePrivilege	3084	chrome.exe
Token: SeShutdownPrivilege	3084	chrome.exe
Token: SeCreatePagefilePrivilege	3084	chrome.exe
Token: SeShutdownPrivilege	3084	chrome.exe
Token: SeCreatePagefilePrivilege	3084	chrome.exe
Token: SeShutdownPrivilege	3084	chrome.exe
Token: SeCreatePagefilePrivilege	3084	chrome.exe
Token: SeShutdownPrivilege	3084	chrome.exe
Token: SeCreatePagefilePrivilege	3084	chrome.exe
Token: SeShutdownPrivilege	3084	chrome.exe
Token: SeCreatePagefilePrivilege	3084	chrome.exe
Token: SeShutdownPrivilege	3084	chrome.exe
Token: SeCreatePagefilePrivilege	3084	chrome.exe
Token: SeShutdownPrivilege	3084	chrome.exe
Token: SeCreatePagefilePrivilege	3084	chrome.exe
Token: SeShutdownPrivilege	3084	chrome.exe
Token: SeCreatePagefilePrivilege	3084	chrome.exe
Token: SeShutdownPrivilege	3084	chrome.exe
Token: SeCreatePagefilePrivilege	3084	chrome.exe
Token: SeShutdownPrivilege	3084	chrome.exe
Token: SeCreatePagefilePrivilege	3084	chrome.exe
Token: SeShutdownPrivilege	3084	chrome.exe
Token: SeCreatePagefilePrivilege	3084	chrome.exe
Token: SeShutdownPrivilege	3084	chrome.exe
Token: SeCreatePagefilePrivilege	3084	chrome.exe
Token: SeShutdownPrivilege	3084	chrome.exe
Token: SeCreatePagefilePrivilege	3084	chrome.exe
Token: SeShutdownPrivilege	3084	chrome.exe
Token: SeCreatePagefilePrivilege	3084	chrome.exe
Token: SeShutdownPrivilege	3084	chrome.exe
Token: SeCreatePagefilePrivilege	3084	chrome.exe
Token: SeShutdownPrivilege	3084	chrome.exe
Token: SeCreatePagefilePrivilege	3084	chrome.exe
Token: SeShutdownPrivilege	3084	chrome.exe
Token: SeCreatePagefilePrivilege	3084	chrome.exe
Token: SeShutdownPrivilege	3084	chrome.exe
Token: SeCreatePagefilePrivilege	3084	chrome.exe
Token: SeShutdownPrivilege	3084	chrome.exe
Token: SeCreatePagefilePrivilege	3084	chrome.exe
Token: SeShutdownPrivilege	3084	chrome.exe
Token: SeCreatePagefilePrivilege	3084	chrome.exe
Token: SeShutdownPrivilege	3084	chrome.exe
Token: SeCreatePagefilePrivilege	3084	chrome.exe
Token: SeShutdownPrivilege	3084	chrome.exe
Token: SeCreatePagefilePrivilege	3084	chrome.exe
Token: SeShutdownPrivilege	3084	chrome.exe
Token: SeCreatePagefilePrivilege	3084	chrome.exe
Token: SeShutdownPrivilege	3084	chrome.exe
Token: SeCreatePagefilePrivilege	3084	chrome.exe
Token: SeShutdownPrivilege	3084	chrome.exe
Token: SeCreatePagefilePrivilege	3084	chrome.exe
Token: SeShutdownPrivilege	3084	chrome.exe
Token: SeCreatePagefilePrivilege	3084	chrome.exe
Token: SeShutdownPrivilege	3084	chrome.exe
Token: SeCreatePagefilePrivilege	3084	chrome.exe
Token: SeShutdownPrivilege	3084	chrome.exe
Token: SeCreatePagefilePrivilege	3084	chrome.exe
Token: SeShutdownPrivilege	3084	chrome.exe
Token: SeCreatePagefilePrivilege	3084	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3824	7zG.exe
3084	chrome.exe
764	iexplore.exe
4436	chrome.exe
4436	chrome.exe
4436	chrome.exe
4436	chrome.exe
4436	chrome.exe
4436	chrome.exe
4436	chrome.exe
4436	chrome.exe
4436	chrome.exe
4436	chrome.exe
4436	chrome.exe
4436	chrome.exe
4436	chrome.exe
4436	chrome.exe
4436	chrome.exe
4436	chrome.exe
4436	chrome.exe
4436	chrome.exe
4436	chrome.exe
4436	chrome.exe
4436	chrome.exe
4436	chrome.exe
4436	chrome.exe
4436	chrome.exe
4436	chrome.exe
4436	chrome.exe

Suspicious use of SendNotifyMessage 51 IoCs

pid	Process
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
3084	chrome.exe
4436	chrome.exe
4436	chrome.exe
4436	chrome.exe
4436	chrome.exe
4436	chrome.exe
4436	chrome.exe
4436	chrome.exe
4436	chrome.exe
4436	chrome.exe
4436	chrome.exe
4436	chrome.exe
4436	chrome.exe
4436	chrome.exe
4436	chrome.exe
4436	chrome.exe
4436	chrome.exe
4436	chrome.exe
4436	chrome.exe
4436	chrome.exe
4436	chrome.exe
4436	chrome.exe
4436	chrome.exe
4436	chrome.exe
4436	chrome.exe
4160	NitroRansomware.exe

Suspicious use of SetWindowsHookEx 9 IoCs

pid	Process
764	iexplore.exe
764	iexplore.exe
392	IEXPLORE.EXE
392	IEXPLORE.EXE
1032	mspaint.exe
1032	mspaint.exe
1032	mspaint.exe
1032	mspaint.exe
4728	SystemSettingsAdminFlows.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3084 wrote to memory of 2520	3084	chrome.exe	83
PID 3084 wrote to memory of 2520	3084	chrome.exe	83
PID 3084 wrote to memory of 1544	3084	chrome.exe	85
PID 3084 wrote to memory of 1544	3084	chrome.exe	85
PID 3084 wrote to memory of 1544	3084	chrome.exe	85
PID 3084 wrote to memory of 1544	3084	chrome.exe	85
PID 3084 wrote to memory of 1544	3084	chrome.exe	85
PID 3084 wrote to memory of 1544	3084	chrome.exe	85
PID 3084 wrote to memory of 1544	3084	chrome.exe	85
PID 3084 wrote to memory of 1544	3084	chrome.exe	85
PID 3084 wrote to memory of 1544	3084	chrome.exe	85
PID 3084 wrote to memory of 1544	3084	chrome.exe	85
PID 3084 wrote to memory of 1544	3084	chrome.exe	85
PID 3084 wrote to memory of 1544	3084	chrome.exe	85
PID 3084 wrote to memory of 1544	3084	chrome.exe	85
PID 3084 wrote to memory of 1544	3084	chrome.exe	85
PID 3084 wrote to memory of 1544	3084	chrome.exe	85
PID 3084 wrote to memory of 1544	3084	chrome.exe	85
PID 3084 wrote to memory of 1544	3084	chrome.exe	85
PID 3084 wrote to memory of 1544	3084	chrome.exe	85
PID 3084 wrote to memory of 1544	3084	chrome.exe	85
PID 3084 wrote to memory of 1544	3084	chrome.exe	85
PID 3084 wrote to memory of 1544	3084	chrome.exe	85
PID 3084 wrote to memory of 1544	3084	chrome.exe	85
PID 3084 wrote to memory of 1544	3084	chrome.exe	85
PID 3084 wrote to memory of 1544	3084	chrome.exe	85
PID 3084 wrote to memory of 1544	3084	chrome.exe	85
PID 3084 wrote to memory of 1544	3084	chrome.exe	85
PID 3084 wrote to memory of 1544	3084	chrome.exe	85
PID 3084 wrote to memory of 1544	3084	chrome.exe	85
PID 3084 wrote to memory of 1544	3084	chrome.exe	85
PID 3084 wrote to memory of 1544	3084	chrome.exe	85
PID 3084 wrote to memory of 1544	3084	chrome.exe	85
PID 3084 wrote to memory of 1544	3084	chrome.exe	85
PID 3084 wrote to memory of 1544	3084	chrome.exe	85
PID 3084 wrote to memory of 1544	3084	chrome.exe	85
PID 3084 wrote to memory of 1544	3084	chrome.exe	85
PID 3084 wrote to memory of 1544	3084	chrome.exe	85
PID 3084 wrote to memory of 1544	3084	chrome.exe	85
PID 3084 wrote to memory of 1544	3084	chrome.exe	85
PID 3084 wrote to memory of 1356	3084	chrome.exe	86
PID 3084 wrote to memory of 1356	3084	chrome.exe	86
PID 3084 wrote to memory of 2804	3084	chrome.exe	87
PID 3084 wrote to memory of 2804	3084	chrome.exe	87
PID 3084 wrote to memory of 2804	3084	chrome.exe	87
PID 3084 wrote to memory of 2804	3084	chrome.exe	87
PID 3084 wrote to memory of 2804	3084	chrome.exe	87
PID 3084 wrote to memory of 2804	3084	chrome.exe	87
PID 3084 wrote to memory of 2804	3084	chrome.exe	87
PID 3084 wrote to memory of 2804	3084	chrome.exe	87
PID 3084 wrote to memory of 2804	3084	chrome.exe	87
PID 3084 wrote to memory of 2804	3084	chrome.exe	87
PID 3084 wrote to memory of 2804	3084	chrome.exe	87
PID 3084 wrote to memory of 2804	3084	chrome.exe	87
PID 3084 wrote to memory of 2804	3084	chrome.exe	87
PID 3084 wrote to memory of 2804	3084	chrome.exe	87
PID 3084 wrote to memory of 2804	3084	chrome.exe	87
PID 3084 wrote to memory of 2804	3084	chrome.exe	87
PID 3084 wrote to memory of 2804	3084	chrome.exe	87
PID 3084 wrote to memory of 2804	3084	chrome.exe	87
PID 3084 wrote to memory of 2804	3084	chrome.exe	87
PID 3084 wrote to memory of 2804	3084	chrome.exe	87
PID 3084 wrote to memory of 2804	3084	chrome.exe	87
PID 3084 wrote to memory of 2804	3084	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://google.com/search?q=malware+database
1⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffec8b79758,0x7ffec8b79768,0x7ffec8b79778
  2⤵
  PID:2520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1700 --field-trial-handle=1760,i,739845798983243603,5625550800865835889,131072 /prefetch:2
  2⤵
  PID:1544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1760,i,739845798983243603,5625550800865835889,131072 /prefetch:8
  2⤵
  PID:1356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2216 --field-trial-handle=1760,i,739845798983243603,5625550800865835889,131072 /prefetch:8
  2⤵
  PID:2804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3000 --field-trial-handle=1760,i,739845798983243603,5625550800865835889,131072 /prefetch:1
  2⤵
  PID:2020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3008 --field-trial-handle=1760,i,739845798983243603,5625550800865835889,131072 /prefetch:1
  2⤵
  PID:1936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4440 --field-trial-handle=1760,i,739845798983243603,5625550800865835889,131072 /prefetch:1
  2⤵
  PID:4364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4888 --field-trial-handle=1760,i,739845798983243603,5625550800865835889,131072 /prefetch:8
  2⤵
  PID:2756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5040 --field-trial-handle=1760,i,739845798983243603,5625550800865835889,131072 /prefetch:8
  2⤵
  PID:4812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2732 --field-trial-handle=1760,i,739845798983243603,5625550800865835889,131072 /prefetch:8
  2⤵
  PID:872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=1608 --field-trial-handle=1760,i,739845798983243603,5625550800865835889,131072 /prefetch:1
  2⤵
  PID:3944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=952 --field-trial-handle=1760,i,739845798983243603,5625550800865835889,131072 /prefetch:8
  2⤵
  PID:3476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5216 --field-trial-handle=1760,i,739845798983243603,5625550800865835889,131072 /prefetch:8
  2⤵
  PID:2332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5256 --field-trial-handle=1760,i,739845798983243603,5625550800865835889,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1652

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2612

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1772

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Jigsaw\" -spe -an -ai#7zMap7531:74:7zEvent23671
1⤵
- Suspicious use of FindShellTrayWindow
PID:3824

C:\Users\Admin\Downloads\half-life 3 crack\Half-Life 3 Crack.exe
"C:\Users\Admin\Downloads\half-life 3 crack\Half-Life 3 Crack.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
PID:4912
- C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe
  "C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe" C:\Users\Admin\Downloads\half-life?3?crack\Half-Life?3?Crack.exe
  2⤵
  - Modifies extensions of user files
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:5104

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -nohome
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:764
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:764 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:392

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Desktop\ImportDebug.rle"
1⤵
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1032

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
1⤵
PID:4668

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffec8b79758,0x7ffec8b79768,0x7ffec8b79778
  2⤵
  PID:1624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1788 --field-trial-handle=1940,i,6787024741424662200,12274981348258852608,131072 /prefetch:2
  2⤵
  PID:8
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=1940,i,6787024741424662200,12274981348258852608,131072 /prefetch:8
  2⤵
  PID:1560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3136 --field-trial-handle=1940,i,6787024741424662200,12274981348258852608,131072 /prefetch:1
  2⤵
  PID:4304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3168 --field-trial-handle=1940,i,6787024741424662200,12274981348258852608,131072 /prefetch:1
  2⤵
  PID:1028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2156 --field-trial-handle=1940,i,6787024741424662200,12274981348258852608,131072 /prefetch:8
  2⤵
  PID:3780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4596 --field-trial-handle=1940,i,6787024741424662200,12274981348258852608,131072 /prefetch:1
  2⤵
  PID:4340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4640 --field-trial-handle=1940,i,6787024741424662200,12274981348258852608,131072 /prefetch:8
  2⤵
  PID:2036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4912 --field-trial-handle=1940,i,6787024741424662200,12274981348258852608,131072 /prefetch:8
  2⤵
  PID:5084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4608 --field-trial-handle=1940,i,6787024741424662200,12274981348258852608,131072 /prefetch:8
  2⤵
  PID:432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5212 --field-trial-handle=1940,i,6787024741424662200,12274981348258852608,131072 /prefetch:8
  2⤵
  PID:3208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5112 --field-trial-handle=1940,i,6787024741424662200,12274981348258852608,131072 /prefetch:8
  2⤵
  PID:4916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4652 --field-trial-handle=1940,i,6787024741424662200,12274981348258852608,131072 /prefetch:8
  2⤵
  PID:3460
- C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:4132
- - C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x254,0x258,0x25c,0x230,0x260,0x7ff60f3f7688,0x7ff60f3f7698,0x7ff60f3f76a8
    3⤵
    PID:4896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5332 --field-trial-handle=1940,i,6787024741424662200,12274981348258852608,131072 /prefetch:1
  2⤵
  PID:4368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3408 --field-trial-handle=1940,i,6787024741424662200,12274981348258852608,131072 /prefetch:1
  2⤵
  PID:1364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5132 --field-trial-handle=1940,i,6787024741424662200,12274981348258852608,131072 /prefetch:8
  2⤵
  PID:2016

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4676

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\NitroGen\" -spe -an -ai#7zMap29718:78:7zEvent3933
1⤵
PID:4060

C:\Users\Admin\Downloads\NitroGen\NitroGen.exe
"C:\Users\Admin\Downloads\NitroGen\NitroGen.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
PID:1128
- C:\Users\Admin\AppData\Local\Temp\NitroGen\NitroRansomware.exe
  "C:\Users\Admin\AppData\Local\Temp\NitroGen\NitroRansomware.exe"
  2⤵
  - Modifies extensions of user files
  - Checks computer location settings
  - Drops startup file
  - Executes dropped EXE
  - Adds Run key to start application
  - Drops desktop.ini file(s)
  - Sets desktop wallpaper using registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SendNotifyMessage
  PID:4160
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NitroGen\patch.bat" "
    3⤵
    PID:4356
  - - C:\Windows\SysWOW64\regedit.exe
      regedit /s Patch.reg
      4⤵
      Runs .reg file with regedit
      PID:4364
- - C:\Windows\SysWOW64\cmd.exe
    "cmd.exe"
    3⤵
    PID:4480
  - - C:\Windows\SysWOW64\Wbem\WMIC.exe
      wmic csproduct get uuid
      4⤵
      PID:2356

C:\Windows\regedit.exe
"regedit.exe" "C:\Users\Admin\Desktop\BackupShow.reg"
1⤵
- Runs .reg file with regedit
PID:2748

C:\Windows\system32\SystemSettingsAdminFlows.exe
"C:\Windows\system32\SystemSettingsAdminFlows.exe" SetInternetTime 0
1⤵
PID:2724

C:\Windows\system32\SystemSettingsAdminFlows.exe
"C:\Windows\system32\SystemSettingsAdminFlows.exe" SetDateTime
1⤵
- Suspicious use of SetWindowsHookEx
PID:4728

C:\Windows\System32\Upfc.exe
C:\Windows\System32\Upfc.exe /launchtype periodic /cv sQdPhEodZU2elrMact2dFw.0
1⤵
PID:1940

C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe C:\Windows\system32\PcaSvc.dll,PcaPatchSdbTask
1⤵
PID:3336

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Web Service

T1102

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_remove_18.svg.fun

Filesize
720B

MD5
75a585c1b60bd6c75d496d3b042738d5

SHA1
02c310d7bf79b32a43acd367d031b6a88c7e95ed

SHA256
5ebbfc6df60e21044486a5df3cb47ccdcd7a4d5f197804555715ffd9bf6c5834

SHA512
663a302e651b9167f4c4e6ae30028307b4d8da0dda3a0e5fd414104951d50419862fc9396c5b39fe5c4b696efd3efbf0b575688983b1d341f3ef38becf500505

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons.png.fun

Filesize
7KB

MD5
72269cd78515bde3812a44fa4c1c028c

SHA1
87cada599a01acf0a43692f07a58f62f5d90d22c

SHA256
7c78b3da50c1135a9e1ecace9aea4ea7ac8622d2a87b952fc917c81010c953f7

SHA512
3834b7a8866e8656bbdbf711fc400956e9b7a14e192758f26ccf31d8f6ab8e34f7b1983c1845dc84e45ff70555e423d54a475f6a668511d3bcbdd1d460eeb4b0

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons_ie8.gif.fun

Filesize
7KB

MD5
eda4add7a17cc3d53920dd85d5987a5f

SHA1
863dcc28a16e16f66f607790807299b4578e6319

SHA256
97f6348eaa48800e603d11fa22c62e10682ad919e7af2b2e59d6bd53937618f2

SHA512
d59fa9648dc7cb76a5163014f91b6d65d33aaa86fc9d9c73bf147943a3254b4c4f77f06b2e95bb8f94246a982ea466eb33dac9573dd62f40953fd23de1c1b498

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons_retina.png.fun

Filesize
15KB

MD5
7dbb12df8a1a7faae12a7df93b48a7aa

SHA1
07800ce598bee0825598ad6f5513e2ba60d56645

SHA256
aecde4eb94a19095495d76ef3189a9abd45bcfd41acbed7705d22b4c7d00aa77

SHA512
96e454ebb4c96573e8edc6822290c22d425f4c7f7adbab35e6dc4b3ce04a5916ae9254c2c312c98299835ecbf3c5aa95da2939b8408ac25fbae44ba87a3795dc

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\new_icons.png.fun

Filesize
8KB

MD5
82a2e835674d50f1a9388aaf1b935002

SHA1
e09d0577da42a15ec1b71a887ff3e48cfbfeff1a

SHA256
904372666ca3c40f92b20317d92ca531678958affbc34591401e338146fe0ecb

SHA512
b10a8e384d0bd088443a5085f5c22a296f6f4d295a053d4526690ba65846e887daec47d01cf18fdf1160db98061a8b7c4040de56e6e604451a821fadccf32698

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\new_icons_retina.png.fun

Filesize
17KB

MD5
150c9a9ed69b12d54ada958fcdbb1d8a

SHA1
804c540a51a8d14c6019d3886ece68f32f1631d5

SHA256
2dee41184747742fbdc527b2023d67fecec1ccdfdf258439a06cd75d4fd33f43

SHA512
70193ee6f0919eb14311f43b5a5da041deacb568db55fc43290ee76e17af902ac468435b37a150630ea3b7871c724073915ae5dcba3c301ac42f2d68dd598e2f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon.png.fun

Filesize
448B

MD5
880833ad1399589728c877f0ebf9dce0

SHA1
0a98c8a78b48c4b1b4165a2c6b612084d9d26dce

SHA256
7a27d891097df183fbf0031e3894bdac0ce77aef15d666ddd9f6a04e9836fb27

SHA512
0ddf247892a72a390437390d535debf6e41d12e51b31eb4f0353b710ec380c5fbc531a48e76935088063a41aca843287d3def9c1cd46be05b8dcb69f5017a464

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_2x.png.fun

Filesize
624B

MD5
409a8070b50ad164eda5691adf5a2345

SHA1
e84e10471f3775d5d706a3b7e361100c9fbfaf74

SHA256
a91790b778026db625c9dedfe1c6d94b884818b33d7977e86b2f9c2f3c500796

SHA512
767a75edd37d29b3433040ce21cda849cd11ba549f27581f7edc6416c433ba7047c56908d40956422393ab0f35ede61617d4bd2aad0bde3d1ebd276584c858c7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover.png.fun

Filesize
400B

MD5
2884524604c89632ebbf595e1d905df9

SHA1
b6053c85110b0364766e18daab579ac048b36545

SHA256
ae2facd997527426fc4def82e0db68be29b44499bfff86a28c36f7c31b177d4f

SHA512
0b506397627823a1768796129c6b37d146821471b89338b5f2d0fd3aea707fd46a8e197ee0e298ddfb3b50eef0a0b064946006346b060f733ef19cbd5d24fc90

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover_2x.png.fun

Filesize
560B

MD5
e092d14d26938d98728ce4698ee49bc3

SHA1
9f8ee037664b4871ec02ed6bba11a5317b9e784a

SHA256
5e8ec278a273be22199884d519a79f748801baa3a45b76e57569fdfffe96e7fb

SHA512
b2fcb5d46339cdf6b5a954f2a083cf913779e57cb6e8699bc5da1fba1c370c41117b7ddefb50075622067eb7b02a20268bc047171bd883bcda4a497c2ec64ea4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon.png.fun

Filesize
400B

MD5
0c680b0b1e428ebc7bff87da2553d512

SHA1
f801dedfc3796d7ec52ee8ba85f26f24bbd2627c

SHA256
9433084e61062d2b709c1390e298ddaf3fb0226656662c04c0b7026a44dee750

SHA512
2d1399a6bf225b048d2b12656e941ad912636acae2dec387f92f33ac80629a1e504bca63580ba73a8ed073788f697274d5eb76ea1b089f0555fd397a8f5cbbff

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png.fun

Filesize
560B

MD5
be26a499465cfbb09a281f34012eada0

SHA1
b8544b9f569724a863e85209f81cd952acdea561

SHA256
9095e9b4759e823e96984981af41b7a9915a5ecaa6be769f89c13484cef9e0f5

SHA512
28196e5de9670e9f63adcf648368bd3ea5926a03e28a13adc2fb69c567fba2f84e4f162637c487acb64eda2e30993f849806f2313820ba693c7e70303542d04f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png.fun

Filesize
400B

MD5
2de4e157bf747db92c978efce8754951

SHA1
c8d31effbb9621aefac55cf3d4ecf8db5e77f53d

SHA256
341976b4fe312824d02512d74770a6df9e1c37123781655532bd9cd97ea65fa9

SHA512
3042a742c38434ae3ee4fe10f7137462cdebad5cae0f9a85fb61063d15a30e1b54ac878b1af65f699c6ca1a9d2c3e58d245e54bdebfadc460cbd060836734e11

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png.fun

Filesize
560B

MD5
ad091690b979144c795c59933373ea3f

SHA1
5d9e481bc96e6f53b6ff148b0da8417f63962ada

SHA256
7805ac9d0e05d560023e5aabed960d842e4f3ec2aa3db45a9cfb541688e2edb1

SHA512
23b4c799a7b25f70962e8dd0ec7286ba7150053cab7c88f5fb1efc1095c2987bd6f3572e7fb3ee4b2238958e52a763de2c84a74615df7a6d3a19a034584fd687

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\example_icons.png.fun

Filesize
688B

MD5
65368c6dd915332ad36d061e55d02d6f

SHA1
fb4bc0862b192ad322fcb8215a33bd06c4077c6b

SHA256
6f9c7ebec5a707de439e3fd2e278fdfa07a39465d56157b70b24f091509bf76f

SHA512
8bb9a7690aeb3c0b9e14e1a6ebc5741536d354cf2324fd74ee0c3e4ef511718f7795039a94c8d2df94b6e6d0fb1762191cb649089d1def12abdf34003f0cdd0f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\example_icons2x.png.fun

Filesize
1KB

MD5
0d35b2591dc256d3575b38c748338021

SHA1
313f42a267f483e16e9dd223202c6679f243f02d

SHA256
1ca0cfc2df0354c8d886285ae5e743d9c7cc030e1afd68ac113c0f2ce43ad5fa

SHA512
f6c58c27bbde7508a866bd0e7fabadb13a4f020378cd8b8cfc0c9fa23f645d811d6cdea04b81afdf30c064c6248152e74b3e6a78ec7a3d1d19037a0db8897d7e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\bg_pattern_RHP.png.fun

Filesize
192B

MD5
b8454390c3402747f7c5e46c69bea782

SHA1
e922c30891ff05939441d839bfe8e71ad9805ec0

SHA256
76f8ed1dd50e50c7d62b804a0d6901a93e5534787d7b38467933d4c12ce98a0d

SHA512
22b26c62473e80d17c1f78df14757ccfb6c7175faa541705edc153c02baa7ab0982b5daabe8dd2c8c9efb92af81f55ccaeeecffe8ed9a0b3c26e89135ca50923

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\bg_patterns_header.png.fun

Filesize
704B

MD5
6e333be79ea4454e2ae4a0649edc420d

SHA1
95a545127e10daea20fd38b29dcc66029bd3b8bc

SHA256
112f72ef2bc57de697b82b731775fba3f518d1ae072120cd11b732bf4a782e36

SHA512
bed5906c7373814acc8a54c1631428a17f0aa69282920447a1575d8db826afd5dab262301dc6da610ff8bb81d24ec6babd3d9fb99fd6945f1aca9cb9c76ec2c9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\illustrations.png.fun

Filesize
8KB

MD5
3ae8789eb89621255cfd5708f5658dea

SHA1
6c3b530412474f62b91fd4393b636012c29217df

SHA256
7c5b1d8469e232a58359ccbcb89e619c81c20e6d2c7579e4292eb9a19849bc5a

SHA512
f6998dbae1a2fa56f962045261a11a50b8e03573d9d4cf39083da3be341cc104e0ecf5908076f03961bcdb1356d05a7450d69940ec3aaab73623a6fe180e7051

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\illustrations_retina.png.fun

Filesize
19KB

MD5
b7c62677ce78fbd3fb9c047665223fea

SHA1
3218c7b6fd8be5e0a8b67d3953d37d5dbd0c71d8

SHA256
aa638be6e1107ed1f14e8430abedd6f6d0a837a31b1b63e6a7741d6d417eddc2

SHA512
9e0cc29835845f2a0260a6989c1b362bac22a8e0c2825bc18f1dde812ce7868503881d2deaf951429a80b5017b6ce31e785ff524883e08d730aa38b36a2fb074

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-gb\ui-strings.js.fun

Filesize
832B

MD5
117d6f863b5406cd4f2ac4ceaa4ba2c6

SHA1
5cac25f217399ea050182d28b08301fd819f2b2e

SHA256
73acdc730d8a9ec8f340c724b4db96fc222bb1eaf836cec69dfe3fab8d6ac362

SHA512
e10883029c1e0fbc64bec9aac0a6957a8499af255e1790843717212077926474e02b2870c5dd04b057c956b97ad4bb1747fe73e731ea61b891f4b38dd80494d7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ui-strings.js.fun

Filesize
1KB

MD5
433755fcc2552446eb1345dd28c924eb

SHA1
23863f5257bdc268015f31ab22434728e5982019

SHA256
d6c290e942ee665d71e288229423a1f1866842988eac01f886910b0ec383aa9b

SHA512
de83b580ce27012a7677e1da867c91e2a42dbc6b5872dcf756ace51c2862801814665ecca997171f2e550e8b9a3de19994d2516a4e5d4d57e16c7b4b823236c0

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ui-strings.js.fun

Filesize
1KB

MD5
781ed8cdd7186821383d43d770d2e357

SHA1
99638b49b4cfec881688b025467df9f6f15371e8

SHA256
a955039cd9e53674395f4b758218e4d59c89e99a0c4d2a909e49f6008b8f5dd4

SHA512
87cb9c4288586df232200f7bbacee3dee04f31c9444902dd369ad5c392d71e9837ebf8b3bb0fcb4a5db8a879cf757e97ce248939e3316c6bf3a3fe7cbe579534

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\bun.png.fun

Filesize
2KB

MD5
51da980061401d9a49494b58225b2753

SHA1
3445ffbf33f012ff638c1435f0834db9858f16d3

SHA256
3fb25ddd378ab756ec9faa56f16b76691cf6d9c7405bb9a09ce542a6f5b94e44

SHA512
ecc5eb2a045ce2508d461b999f16caba6cce55aa0c00b34bd73a33e0458795f93a77caff5026212912684164057be016f51dc57ec83821c2a1f2e27417c47b2c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview.png.fun

Filesize
2KB

MD5
2863e8df6fbbe35b81b590817dd42a04

SHA1
562824deb05e2bfe1b57cd0abd3fc7fbec141b7c

SHA256
7f1238332901b740cde70db622abcfb533fc02f71e93101340073552f4820dad

SHA512
7b2d95465ea66951ea05c341549535a0a939d26dbde365b212e3983e4047fa6912c37d737cb8054c41bb1a7d92586d968a0154c666572a70ebc59a4776897f38

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview2x.png.fun

Filesize
4KB

MD5
79f6f006c95a4eb4141d6cedc7b2ebeb

SHA1
012ca3de08fb304f022f4ea9565ae465f53ab9e8

SHA256
e9847d0839d3cf1039bebdc49820ee7813d70941347ce420990592e5e3bd998e

SHA512
c143a4cf1ccfa98039b73214978722408188535ee4aa3dac08a34760b94bdf6d36ad0ff0de893da5b17fd69c96a6dfb25098ab7fec219fad1a77532113d0353e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small.png.fun

Filesize
304B

MD5
b88e3983f77632fa21f1d11ac7e27a64

SHA1
03a2b008cc3fe914910b0250ed4d49bd6b021393

SHA256
8469b8a64e80d662eec71c50513f6d295ef4a3a9992763dbcac9d81253cef9d5

SHA512
5bf93d4f4250ca96169f3d27d4e648cc5d6e00b7558a3ef32e07edcbae36dadb8008d7ba5f83ac3ed812b72c9d52730e866191b4de7a339df57b5697e00df50d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small2x.png.fun

Filesize
400B

MD5
f77086a1d20bca6ba75b8f2fef2f0247

SHA1
db7c58faaecd10e4b3473b74c1277603a75d6624

SHA256
cf10d2a22b638cf0978cf30ecaf39ecb5bb0e3ad78cd920afa433ad60cc1290d

SHA512
a77a897c0b41f4052cb9546d4cfd6e0856b288b6b8583a86d6c7e79059a05b19cc2593599251581e79107235e9d5cd589c392bf490452be04ff57e944cd19df3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\nub.png.fun

Filesize
1008B

MD5
e03c9cd255f1d8d6c03b52fee7273894

SHA1
d0e9a9e6efd1746bc9ccb4eb8e7701c1cd707e2e

SHA256
22a34c8321384fc7682102e40d082e7812232a9109e4d4e8fa2152fda3f260f6

SHA512
d4bd002197b725316e1f1f2dd0a70ee44a82a53ac0dafa8c6b1166343adc406e147d0c4cca30d65a32aa545f1b327c6b69c0ec1d15330af48a6faa234dc4b5ac

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons.png.fun

Filesize
1KB

MD5
62b1443d82968878c773a1414de23c82

SHA1
192bbf788c31bc7e6fe840c0ea113992a8d8621c

SHA256
4e96529c023168df8dde241a9acdbf4788ea65bc35605e18febff2b2071f1e24

SHA512
75c8604ea65e0cdd9ea74b4802930444dd16a945da1e7f0af4a9a3762259ee9eb41ea96973555d06f4814ee2f6b73ab662c6b314b97876e9628fa5d4536e771c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons2x.png.fun

Filesize
2KB

MD5
bca915870ae4ad0d86fcaba08a10f1fa

SHA1
7531259f5edae780e684a25635292bf4b2bb1aac

SHA256
d153ed6c5ea8c2c2f1839f8dadcc730f61bd8cd86ad732bab002a258dea1d037

SHA512
03f23de6b0ae10e63c41e73308b3844d49379c55d2df75fa1dc00771b26253d832c21081d8289f04260369df996e31273b7c0788cf3b5c78a27ec909f14a283a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\nl-nl\ui-strings.js.fun

Filesize
848B

MD5
14145467d1e7bd96f1ffe21e0ae79199

SHA1
5db5fbd88779a088fd1c4319ff26beb284ad0ff3

SHA256
7a75b8ec8809c460301f30e1960b13c518680792e5c743ce7e9a7f691cfafc38

SHA512
762d499c54c5a25aba4357a50bb4e6b47451babeda84fa62cfbd649f8350bca55204ad002883b9147e78dda3dbabaae8da1dc94b716204226bb53326030772b7

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.fun

Filesize
32KB

MD5
829165ca0fd145de3c2c8051b321734f

SHA1
f5cc3af85ab27c3ea2c2f7cbb8295b28a76a459e

SHA256
a193ee2673e0ba5ebc5ea6e65665b8a28bd7611f06d2b0174ec2076e22d94356

SHA512
7d380cda12b342a770def9d4e9c078c97874f3a30cd9f531355e3744a8fef2308f79878ffeb12ce26953325cb6a17bc7e54237dfdc2ee72b140ec295676adbcb

Download Submit
C:\Program Files\Java\jdk1.8.0_66\jre\lib\images\cursors\invalid32x32.gif.fun

Filesize
160B

MD5
580ee0344b7da2786da6a433a1e84893

SHA1
60f8c4dd5457e9834f5402cb326b1a2d3ca0ba7e

SHA256
98b6c2ddfefc628d03ceaef9d69688674a6bc32eb707f9ed86bc8c75675c4513

SHA512
356d2cdea3321e894b5b46ad1ea24c0e3c8be8e3c454b5bd300b7340cbb454e71fc89ca09ea0785b373b483e67c2f6f6bb408e489b0de4ff82d5ed69a75613ba

Download Submit
C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe

Filesize
283KB

MD5
2773e3dc59472296cb0024ba7715a64e

SHA1
27d99fbca067f478bb91cdbcb92f13a828b00859

SHA256
3ae96f73d805e1d3995253db4d910300d8442ea603737a1428b613061e7f61e7

SHA512
6ef530b209f8ec459cca66dbf2c31ec96c5f7d609f17fa3b877d276968032fbc6132ea4a45ed1450fb6c5d730a7c9349bf4481e28befaea6b119ec0ded842262

Download Submit
C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe

Filesize
283KB

MD5
2773e3dc59472296cb0024ba7715a64e

SHA1
27d99fbca067f478bb91cdbcb92f13a828b00859

SHA256
3ae96f73d805e1d3995253db4d910300d8442ea603737a1428b613061e7f61e7

SHA512
6ef530b209f8ec459cca66dbf2c31ec96c5f7d609f17fa3b877d276968032fbc6132ea4a45ed1450fb6c5d730a7c9349bf4481e28befaea6b119ec0ded842262

Download Submit
C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe

Filesize
283KB

MD5
2773e3dc59472296cb0024ba7715a64e

SHA1
27d99fbca067f478bb91cdbcb92f13a828b00859

SHA256
3ae96f73d805e1d3995253db4d910300d8442ea603737a1428b613061e7f61e7

SHA512
6ef530b209f8ec459cca66dbf2c31ec96c5f7d609f17fa3b877d276968032fbc6132ea4a45ed1450fb6c5d730a7c9349bf4481e28befaea6b119ec0ded842262

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\186da046-8c1b-4589-ae36-11d77f88d9fd.tmp

Filesize
109KB

MD5
9fc095ada79ddf76cb3925e307500f15

SHA1
da8496d0b311a127c390fb4cf2eaf58339484709

SHA256
73feaf7fb72bc93a2a3e04748810d45423ee5796d8d31c406b46ac86d515e64f

SHA512
64e1ffc1fcb5b4ec30522dc404f39735ca84f6b18c6ed42e96acee30b41e863cb87e714c3a902d943ec7a718c60deff15cbbb355273e1729163f4d7b07f27b85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\948b5114-105e-4d3d-96d5-5781e3c483dd.tmp

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
bab948aab646d615b0fbbb90b55433ab

SHA1
0ee46cc7db939e55dcc3a5cd17e2fb893ece7a34

SHA256
e02daa351bf7a75dc1b7e9b11c5d716b89f108058e70326f0a8b7b8ba489ce0e

SHA512
a1f82c1aba6d15216d2313673a200d1fd24f99577b06245f4e326df99ab0bd4c3c509b2ddab14753225b47f4c973ce5ac0e08c90c75430bc65c61c48a5969fed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
bab948aab646d615b0fbbb90b55433ab

SHA1
0ee46cc7db939e55dcc3a5cd17e2fb893ece7a34

SHA256
e02daa351bf7a75dc1b7e9b11c5d716b89f108058e70326f0a8b7b8ba489ce0e

SHA512
a1f82c1aba6d15216d2313673a200d1fd24f99577b06245f4e326df99ab0bd4c3c509b2ddab14753225b47f4c973ce5ac0e08c90c75430bc65c61c48a5969fed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
7c0d551afb3dd5bab5390cc2ffd68ace

SHA1
2f99b3766d7c0488b2e6ece6b08444d69bcbfd95

SHA256
1cb4bcf685b187ba570d99e8dc0715022c668a6ec1850c80e4a098ff90fd91fc

SHA512
c05d545d3668f002ffe122bda6119e15a456a6082f4973c7ef788014fa91b49e48f6d9c9147854e9252a8007fb00b578e5773a5ab8ec1e7302d7f27273698ae7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
71864eed80373fbe9f40f07bbd0db773

SHA1
7daec7e81455edf83be1498f6ff0beeb08b29ac6

SHA256
f374bd0bd65bf6a136e9134f32a0dd7fea59547a630d2367f7cc3f19d324294a

SHA512
3a10ab4b0150934336509a8563eea3d655510ac5e6e88c250563d83bbeac3213357c6ea28d902574405c10d146544f5d1c881ce2c66c32db0d1ab0379827d0da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
d3a451c82af742ff7052a41c4e2f51d6

SHA1
c9e76240073dfbb86dde7e8248cb448d95beb9a1

SHA256
405154d9638db2ca86850139eccd09df246ad51516d28aa93447296e09a1e039

SHA512
6cb41cecbd4f522dc171c55b109ab9f956590331d9d9f3c74f074a012c070119af2b173bf23c65f4be7024ca2d437218c4de4f98fa43011230a130ec54faf271

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
3af0f15585b31de040e67e5890124f17

SHA1
cab0510407af4855acbc3f8cfbc9c0f2484240a2

SHA256
6db148383416c93a9bd4fc2ce333152cfcfbb4e38ad16393f75fad1d0e131dc8

SHA512
bb6fc17fdeb4cdc7aa4c9762dd5052b6314b5fdfe30d66d1cf1ee97c5eb131972475daccb456598caf30d17c5fd5fd8201dd61e6a660eb31eda0c5f340bc3b96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004

Filesize
20KB

MD5
923a543cc619ea568f91b723d9fb1ef0

SHA1
6f4ade25559645c741d7327c6e16521e43d7e1f9

SHA256
bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd

SHA512
a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
92KB

MD5
379e0a365e795dac532918319144eba0

SHA1
56757ed0dd0d5ae261ea46e5cccec4ff01a258b3

SHA256
7a23594f5f66aff2f2b06f521ebc89ed155a550ba2fde148e18f8d9a3d29db15

SHA512
848329d32c8ef584151c610184f51f90bc5a3456e5145797a740bf1d5b02f73c899c3d070c30d25c9d039638edbe4bb9a96599a181e617fa837571248599cf03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
313KB

MD5
d9b957b22eea44847aeeadeeb51e4752

SHA1
130586175a25b57e6baa457ce2a24a5c9195f418

SHA256
a233da2e513c34ccd5a0986d5b9a81242afdbb9bb7994bffd5da7f6fcc5c2475

SHA512
b8a304e522657e7c3cc058d3619fb3ee9ffccca499fe998cf1656b556bf85515240f9a5175017ae103a622fc10dc11106c4a21ef48701f62e07940b402e1ef43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
79KB

MD5
3a4c690962fdd393aaf20190fbeddcfc

SHA1
cc39d8f6775b5dde970a81205f67dbd34508d7b5

SHA256
c01fb75f1e80b06dbf4cf0fa50f9635cf67c0021a3d243b6778d430aab0ad75c

SHA512
c1015d7b107baf9aa09fddeceb896dcf632e9dc62debd900f5cfa83145b5fedbca97a301c5992df6af2be96756fce8f3d31bbd552793975fc28c29af53d7fc6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
69KB

MD5
996ac44350796326120f9f1a3c82ea9b

SHA1
f61575b8ac8ca3db9b07a1ecc907dc193b2d65e0

SHA256
fa702a36275b3aa324ac97c840b0eb234059e3e27cdcf2ddf7cb0d1a0820e90e

SHA512
4642f3affc690b1cd854265ee35aa0e8423568a1b43b0e7829c30263b96aaf08332679d8d0b66dc63af5a90fc3c159367ce6f02f3605e0941efc6c2511e19ccb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
37KB

MD5
5b0c0d429185ff30e04c93f67116d98f

SHA1
8eb3286fe16a5bee5a0164b131bc534fd131f250

SHA256
f1a0b957050b529afc0e94c436976326124ed8968183859c413986487623294d

SHA512
6295bcd662325172b15c476d26f23c8794c4f1454e0e8cfd43bca79b45aa03e1ae721ebdada1c52fe7699027fa97699156280ff259ce3cc476e322ccc0337902

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
162KB

MD5
bb7606378eb17a36d1b3219fed3843eb

SHA1
06a2082582cde9adb93e891cd099892389423397

SHA256
d640464ae27455b51b8e8c15902570e41fb6c10ea245a82aa166d334ba6d19de

SHA512
2731bb3227713e90147a60803ea373f110b1a232f407cec44af78877cff35650454801559782b57a8256f4c6965ab1f5183428c4082b399824fcea0f2e59df06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
222KB

MD5
b914a529a7b78e829c0e5ba897279b62

SHA1
ecc1fd966b82d3bd13fb6b97921479760a953151

SHA256
783634e7eb0b2b084690018be4a5579343faa7c93af9305fcb152be8c6a9f6ec

SHA512
4957cdc1549ae2b43bb9d43df8f9aa53ce91556fa9d4ed880912e297da8d17bdd9d78abf5967775421a688310d2df2a38688e960705e2c60e556c74005d99589

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
19KB

MD5
d132d10ae1b5793efcaca5fe15f94031

SHA1
e724d2775985e32b61e11ae46b7a0d5a548a4c46

SHA256
def8c0b228784e576ba3c272f378cd11a291afda695a82e46666fcfe31f7857d

SHA512
fddd3e09995e64c670eed54fd64dcb3c470e657c620c8d8beb65d51ee936b7ac6de7e36ade31561e95d52c2b5ad6dd41fa4c630b5034380c337138b71620f2ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
16KB

MD5
96480b3d39a313bc33376bbd3822b12b

SHA1
323c35f4d8ef6b34c51e316c60d24de4b1725933

SHA256
2d76179f7b8f005c83e69c72a70d33aae8909319138b2d8541e4ecae93fff313

SHA512
1c0a9b1d00f5406f5f32e4eb23f588ae7058d25e6d0c5839d90f7c02b8605d1087bf0688f928c0fad06bf67fad54ca15e760f49cbe8851e886c126c699b60782

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
86KB

MD5
f817cbd386e41795fba382bd2f06707b

SHA1
f6f0bed8b8004d64e950a10bae58fd564e86087c

SHA256
0436079d3e709f1ba1e1c8d599b5a409791ef70f8b1a2814881d34f5bc5bb732

SHA512
cee0fac5f89b3a89d8cde3191e2eaaa24b04ea29cbd18fbd5016c8e77af954947d006b0ed61474a3484a409e77733435527b4a418d52d37ccdc4960178b9bd4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
162KB

MD5
35150181ac3cf1ea4bf09f2f5bae9fbb

SHA1
f7e602f3155a61f8bc863b4f71fd6ba5129bbffb

SHA256
cd878411606eada7b5fcab98354b4202244cc88d667c9cfc6ee76e8f78cae867

SHA512
dbfcf19f55dff3b77cbc2c90cb9ed938319f5bb42b9bfb5ba79062c16c3895f8237b56258fa91cfe038c0d5899164622b09007cf43e4459c889d8a15963fc597

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

Filesize
222KB

MD5
b914a529a7b78e829c0e5ba897279b62

SHA1
ecc1fd966b82d3bd13fb6b97921479760a953151

SHA256
783634e7eb0b2b084690018be4a5579343faa7c93af9305fcb152be8c6a9f6ec

SHA512
4957cdc1549ae2b43bb9d43df8f9aa53ce91556fa9d4ed880912e297da8d17bdd9d78abf5967775421a688310d2df2a38688e960705e2c60e556c74005d99589

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
19KB

MD5
d132d10ae1b5793efcaca5fe15f94031

SHA1
e724d2775985e32b61e11ae46b7a0d5a548a4c46

SHA256
def8c0b228784e576ba3c272f378cd11a291afda695a82e46666fcfe31f7857d

SHA512
fddd3e09995e64c670eed54fd64dcb3c470e657c620c8d8beb65d51ee936b7ac6de7e36ade31561e95d52c2b5ad6dd41fa4c630b5034380c337138b71620f2ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
41KB

MD5
7121b94f80f264affc849f3520dd2c5b

SHA1
23db7ad79c7b7acfe62bb25ad87e511badd8494c

SHA256
ff3acd7bc06b12e460a05409d8f43877c65ad749b4a9e5a6dab880b407dfd986

SHA512
85b1d191869c9bb248904398552f8ff8e1b5fb10bbe2a744200e6f2205f8a58c9fa00169951ad4745f5b7bf01aa0572524ca5d34186eac9839eb8db6c762f7c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
31KB

MD5
5074d99fa3bc869308911d954579b6a2

SHA1
7e0cb02bce1af317ae3d18748e049feaa911de08

SHA256
e781ffe410b633eb3703c5de91b28c990c4d136385dba44beb0312dce74b9478

SHA512
7f88af76e66dabfeb090c99b307e5f17150d3cf4fc040b8625e1f79d06c0558017f7823b1deb850d2e165f92d3db7b67f0a6501562b6c885e3647f534afb0730

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

Filesize
38KB

MD5
108105ff75d146293630c177969bca4b

SHA1
cfc09f09edfc8d3c40bc8823ce1e80ab3d94269e

SHA256
9cd91db68f1db282b8b2fbfa5f3497f55f1071ed00b0f6f0fa9c87bbfb1f5a9f

SHA512
05e038ed8769a728cc03112619149c217c4de6147dfaf2460784bc658032f9c7b337d35e77236fdbdaef0e56585458682445088541db3ed43632931df304cff4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
21KB

MD5
836cdce0599d767b1e7444a3fdf85495

SHA1
545bd2d2848afb3d38bb4ffd583534e3136bfcd8

SHA256
420df4d4ed3bd00ac266a1f3ebca8b14fa855d94bb2ff9379ad3e37942c9c39c

SHA512
e4f183ce49967947d7189427faa76c6ba224c89f429075c662c526c06ae9a49520f39c15a875efbb9e2e688aa8ee74c34a264b3384a3965de9460075b0d1fe91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

Filesize
19KB

MD5
39b3153aec1389748d7aea7b1ecbffd4

SHA1
f9840264c67a5d7db64b4beb7f3adab18bf4171f

SHA256
dcfe833b312be0b1af66e043b3e165f399a70c435200d0bca4f7cd95d7999531

SHA512
72aa2325b03f7f0ceab345cb300b672382cfeb6b10d1cacaf98d8c9704ce4993d14538fef5d0691e10e95562246d6de6d82c73781a120f7d19e9a1ff201c867e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

Filesize
27KB

MD5
b3651e618098746c8784d8f2feb975da

SHA1
f84dc5e2231456a8eb6741f0a7d3d737d64abc14

SHA256
78faf57d9f3ab2ef0a7acf46fac725982c6fc12602464119adcc8a13d8374c13

SHA512
ae540878b51a58b19c50ec17f1a80cb9ad242e9fda9ce8cba67c7f5f982ffd9a3befba651c45bd2efa99a78811c3ed850ec3ef27846457099ab043a48454f682

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

Filesize
19KB

MD5
96aa8d0f3dfce6199c6e46aa9b3f78ed

SHA1
2447b08159239b891f8cce2c3d40d9099f92426d

SHA256
d6fe32b89122c51714e0f927ffc1aacb833689e73bf9e0f612b868dd088e4ef2

SHA512
a3a3d7a7727b30c3f97ffbe8c63ffaabd567f600d08484b0b81b215108210c3fd3f1c3ab4dcb39cccd7696b197b03735b5182da04e4f93a99f73e6f99f190955

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

Filesize
59KB

MD5
a1f942b896c167a7b453d519592a6e8f

SHA1
26765b47b71b263ff4667affaf2bac63b28b7d0f

SHA256
f4270697334338635851257dcc18eaca43586556266113468839b308fb46efb4

SHA512
c839fabd05cd35b2e0d99688cf08d2ff3f64ce6217df68a6b516bc0cc64731e32b2850216e761b4690d6aac476fb2763c44301e5e3f913df957725aa477341f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

Filesize
19KB

MD5
831041ed3cfd4ab43fc1cc8af30d4543

SHA1
b73c781d654f91367c465070f70dbc27c8b0784d

SHA256
4d62b1483e9defa4cbb6160f0bb5da139dd5369474c56612330493c1fa56beda

SHA512
c5f3ed7e5898ba062975b835891f114c3e5c82e347b6279a8d3fa15f1aa016ed7f1d1c80a4eb99a5b05e5ba90fd63e416bd39f709046bb88abd41bc4d75187a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

Filesize
239KB

MD5
473a366141e76131c5fc88b82efdc762

SHA1
0d76f152e614b06459091e6cc5111c0ce58e51f1

SHA256
2809043cf1a15265bc84d00909ec9117f663921eded593c3009abc8599a378d9

SHA512
56497061f130994bc504ee5c66fd0ac29e8fc3c8857b35f21d4a418512bf5aaa3abb3562bcba99d53ff90f943952e874925d400a2a64009a6f8e53d40f291e39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

Filesize
23KB

MD5
9e770de9e8af948222959ff544993196

SHA1
10f386fe1412c1a61e4484b4e9e563be64dd88ad

SHA256
6d9c2737bd88ad2be059120c1c806da06ae1250b201a41aea754b7bc88df3ad3

SHA512
f9c9847c0bce4a96ae51909e766f25c926f4272bc9a040581f2ea6bccd7255023a358df54cc89764abf6af3c8aa628589f777f5233ffb63cfb91874408f3f8a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021

Filesize
37KB

MD5
5b0c0d429185ff30e04c93f67116d98f

SHA1
8eb3286fe16a5bee5a0164b131bc534fd131f250

SHA256
f1a0b957050b529afc0e94c436976326124ed8968183859c413986487623294d

SHA512
6295bcd662325172b15c476d26f23c8794c4f1454e0e8cfd43bca79b45aa03e1ae721ebdada1c52fe7699027fa97699156280ff259ce3cc476e322ccc0337902

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
30d3d6564cead95808dde5e647dfe13d

SHA1
60439db86010244dec13f73a2a4c505d0f027853

SHA256
17ce4dc6228b7cba249c91d6c28d9581443281508f2c28cb6c9aee68067ac2b6

SHA512
1308698b75037b4dc24b962387a25704ee7af8174afac646c6cdd024107dbb2c67dbff36002c2581a52f726729352889f03662eeca00b778c99f41c8e59a73c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
a7a7673af19970a66ee38d8de93b78ab

SHA1
befbce727f4710ad613a0e9670d4fd11a80adcc6

SHA256
9a47ccc5657e4fcc8977893991217242b152b1c940b34c797652d0e035b4fe68

SHA512
c7a3b32cf3ee34425f03d4f646c7e4e1af465d4a0769299849132944321a5f151e449b520283956b8100565b0bcf74092928fa27bb93f860ea270b3cde0c3dc3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
044863144e2c152e46c2aa8370f8afd9

SHA1
cc1908f81bcd5ac65213556525fa135601a44f95

SHA256
babc6a0948d3f703aba795c36d0fb684ffc444eedf10768fefb9be8ca032f322

SHA512
bec881737fbb2820a360932759f9f4caf8b26a53afb0af4762c3e2036e3ca3ea7409a686e406d541a086102daad1b3e53649991ddc5acf5a0c12ce23c410066b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
43e97284ee71b5dc2a2abe205b8fc525

SHA1
32f59fbf0eeca22efe29d6a9c305b46db7a08c36

SHA256
86acddba8f143c31163b420991b248c27e49c81ae40104b7870f398239a6841f

SHA512
7517100bbceb334cbcd266982f64586cd2670839ae0777b39980c061809134574bb7fab7caca0be072f3953ba03ef02207f1095892f9cb135a30a2ebc6ed2fd2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
252777ee569dab4eca266ce3bee62a00

SHA1
7c32f5832938201102b3b0602b6e93ab6e9a1fc6

SHA256
327a6304cffb4314505564d22b24040d58a2880957a230e2d8582195bf955bcc

SHA512
b7039630bc8b59b4a6e0d78a92fff97dcb86829f9fd84e9d046597297e432bc3293313f04f2540393dcea2c977092d05e310341e172c177c1cbc367e64d2cff5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
3c632e048fb82e249402ccf3de4afa28

SHA1
cecec7a50a46a632f953c050c692dc96c7df093e

SHA256
0da285e8aa581bc7dd1d2dec7162d8e8445dd30afb3f8501e7ae4b0449ca47cd

SHA512
90c7dedf83a9bd3055e28a8f68f721e8c365ebaeaae3351758a8f8a55d4c6ae9f91c161d7e7084ae1385c8cdf365bb2ec4f21ea26ea6f15946d8f442697d2f84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
148KB

MD5
74f12eb6b701bc52efb66d47ce30792d

SHA1
fd366e776c034e012c73e5361d5d917f6ea2ef5b

SHA256
c2415f455d12aba8589f0c767d9da1d1efe6f556460998d07b8d8d3525662877

SHA512
d67747fc0d309c7ed10bea6e6297dcad1f151b137bd7f5b2c1af48988cc2b71e0acde2989a1bf81cd91782697cf41369ebb9eb54348531782f4af8caefd82b2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

Filesize
20KB

MD5
9aa1ba6fafb480c7ec6f50a1777cd84f

SHA1
d45e24c6753ae9b8a3ae82d54cf7c41885f802e2

SHA256
5996a006020dc0afc36c30eab179e8bb013ec0633535e6342b0df61c5480763d

SHA512
e9e4c2575e4599f8b743e1467f689acecf234a421c7f1b1bfaff92bce78611d20d9c8f2f05fb40fbeeb73e3456fbc831cd9b360c41f236958067b87c56f4458d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
c53797d1e05953951296f35a2e3bd18b

SHA1
4319e7792eca756170dd5c904849e2cc22697776

SHA256
c74d870e17cf7f9ebc3943e3018f73812f20bca5e288d99e5e8d02e4b1b9b208

SHA512
c8845579346184b98dde22bc0aa5aa0beb9f7ac48b80cb670177eb38e2aa6c2a013e18e2793a32350b836d9410249736747bf8f5029e4fe7f11f8c43ca5e4630

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
22c49ca9bea390c60f33eba60822501d

SHA1
52e21d0a9d1ff78db8c5c4f854ff5f9444f52614

SHA256
19f62f18e3f2430c7c9aeff3cf99ae0447d35bd6b16c21b9a66a44d10c18a880

SHA512
cc38869794554e7d0ed1799fbb28bf4f44da9390b412759aab441ebdaf6235131e2f65eec445b1022a163ce51bafd97202fb5e3549a1c63a9dd7c00242dbab5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
702c3f344800c25b8eb5dbfb32fcce05

SHA1
ec558ce43c3c467ab2e65704d1f2e2acb5eb7ed9

SHA256
1bbdf156f22a136b5a422474439867da8f30fd6dc96150d55bc7e488a97c6a2a

SHA512
3f3402a52e96e9e2bccb2a9a90e672c927c6a8f1a7d545d9ae10acceb3e4ccc0bc918aef6b9e67cd32e89939673a3601d986770367cbfadedb55bac5053b5aeb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
2f1f0dc2039134f2d2a72501272b9d20

SHA1
ea91b91ecdbb7e51ebe8b8fd2b5e1b58f27a5e89

SHA256
1f8c8a459e4c41bc1bf2ee2eda658294c1cd1cd53d38236cac42c610e4f9088a

SHA512
f5659ca411dd162d99289dbbed14a36dd5cec69567185d2d4e411f407c60b4256a504d38b120af2c907095abfae4dc8bcefe23981554b9fff62c80199e1a7248

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
2f1f0dc2039134f2d2a72501272b9d20

SHA1
ea91b91ecdbb7e51ebe8b8fd2b5e1b58f27a5e89

SHA256
1f8c8a459e4c41bc1bf2ee2eda658294c1cd1cd53d38236cac42c610e4f9088a

SHA512
f5659ca411dd162d99289dbbed14a36dd5cec69567185d2d4e411f407c60b4256a504d38b120af2c907095abfae4dc8bcefe23981554b9fff62c80199e1a7248

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
f7303adb50f4dd7ef803d33cd68e7fc3

SHA1
7bc021ea72eaed98eed260fa558c7c1cf56b0cc1

SHA256
192dbd2cbd559624d20cb758a5a0396d9c99deb8fab22e9d6ab19157593ce6c3

SHA512
e72d0f5edeb4a7ec690439d1467dcc12229378bad3a11475a63b3a642f3e6d5d79e640aaa6bce0787afd90fc2cd2611bbdb69e29bda073eca356d71620f3c7be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
a2cfd6d643792a1191e4e980d5138ea0

SHA1
59b0ef51a2137d6d60c358a6028ae7b5fe9f8bb5

SHA256
a01c0081f35c0ac6988ce67136a076692ad38f3c631ca457ffe855a36352a756

SHA512
8e2f88d4c7633c861a3d762205b4e2209a56f5f3e0e54b651e75521a825e36acf3a8d1f1b070d13b086c1d1b762d69057a5e45c89a5c2a0c524d54b20d61eff8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Reporting and NEL

Filesize
36KB

MD5
bd55babbb4db53fb98f495968c34fd3a

SHA1
980998e1918c6caa410b0017bc4fb65b46dd7ef5

SHA256
6b06b4ed2c1b1e43150814723b8060b59da479e5613e4e1a124aa38002b7f55b

SHA512
0aec55be9a67804185a3a2e510432f13750c9cf2b9236be91a7a377a7c7e143ad627d0bb42bcfaccd2ec9e300a443c2dde8535f6deb90314d52e6c399b012275

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
47f9c94ac351e016f894531ed0d9353e

SHA1
688551b59f302787d1532b7d59d2d9c933a7320c

SHA256
795e59566c77860895daaff241e6504e107b3a27f5d603885c7f09b14d152f89

SHA512
dc61080574ea5af10e3c60d389990ec5602f5e463744858df486fd07fa9b74e6fdcac8d6d1fcb0e7d19646e8dfd21851790cfca9b6ecb4ae23776827d8b8e702

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
f8593837a58dd4618f47c3632b41c3d0

SHA1
15a34f5e230a41dabea31a20c0941bd9aaf6ef30

SHA256
dbe0f8c505285ff7ab1a0a04d8ae0f0590ad349688d04ceff1a40697a7d0406b

SHA512
c67341de44b84178d19a5ec080c02cefa5da3f95b331f535eb7d49dcafafb759708711e856415275f41935ff5b601201af83c678d21fb2fc9d7db4fb4628cda6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8d96db7b8eec5a740a5f2fc95ed12b03

SHA1
ec248d98ec0f44d1d100cd2d6513e7625472dce3

SHA256
cd05abe77d07439e3118e51b5cbfacad305ea5fa54c56361e474120e789681b4

SHA512
1ddd288f9cc1aa75f5531d8ba7769496564979db245088914f88452a27245b18e9eea7256aba5fae46d82741adeff73889b4d99be8e03e6bc14d5082d7585475

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e145da5f3eb3d9cf163bf747a2939bd4

SHA1
fccac9b71fe4d6e838ab572fa6b85d2ca85b58bd

SHA256
e69cd76812e892ea0a48dfbbe92c9931e5dcc2dc2b95b45895bf9b4d43a0fbab

SHA512
de326c5264ad0bf46525634afda4606f885e02f0d73a1e980ff31618eaebfab37c62b9eb7906fc340aebf3f0d7f5321eb64c0c87ec400f5ecfdc17e6bb520598

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
8adbfc3514ac3a9d88f6d573bb69ee23

SHA1
ed7d867cbdfb874e26f246341e623dca8d44c03a

SHA256
1ea783e979bf93b2919ffafe38bfb19ca4268c1577d77d57f6d38ded07a91405

SHA512
658487c57b886ebb9553dcaf425d999cfc5855a86357094d4449dab24a52f5f65f09ce430890e9168a9b95608342f595536b1f8f257ae99e6f9db662d51f6f72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9242b8e160885da3335306b57b43d299

SHA1
856923ce08fa2c7af0ca2286cb66767012760f49

SHA256
cc9461d3712848c44866b43723209de9b895753a06756e04c9682fe52649c365

SHA512
dbbfe114e6edabc9ffb9d4ad39e9aea9904c916af701d203813e2cfd83e8570c95c379870954c2754c974dd47b00ad69170beeb90710b5f5c84e1d6903af42cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9242b8e160885da3335306b57b43d299

SHA1
856923ce08fa2c7af0ca2286cb66767012760f49

SHA256
cc9461d3712848c44866b43723209de9b895753a06756e04c9682fe52649c365

SHA512
dbbfe114e6edabc9ffb9d4ad39e9aea9904c916af701d203813e2cfd83e8570c95c379870954c2754c974dd47b00ad69170beeb90710b5f5c84e1d6903af42cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
02c608e87353dbb7aa3e0e9142ed919e

SHA1
e869530443a28a1260d7dd0192827fb7bfb609ba

SHA256
e6bc9b0c89223fac5f4181e6696252a3ad76256ed9c2e260e5c6aab24a40603f

SHA512
3025f0081791fdb71d5d1f43b4ca2f5d666c955ff455eb53df79afcc2511a11b54ae4147e0e7039eea5835928dbc03cf0866a6a2a54b2ee255dd552f9c6572f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
397e8ff9b19768b4dece8307f8a2b564

SHA1
de48b6a085ca9ea39cfd89c3defecba7e95cca26

SHA256
8f7f4333fd8e07998e5258f1b0660fb164ae948d4df8d27510ac26e1cb1280e0

SHA512
45128fc459676c4d2284e5694d554d132cae3682f50a8f730caa218ab5766c38bef784170ef5f69e6d96556e2fd57102ac2c00053816059480a353048f48d5af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c4777d5cd9eb704afc462301aac5b44c

SHA1
ea33568c6feade5f874793aaca0b5632172c2855

SHA256
abfe9aaf32793877a2d4ef5a8d915a914117ae3e5b7344c280f6de1588e832b5

SHA512
d72d891e6e5f8c0f82782a59f8cb882f6b51fc87b30054b66aace930c4c207086838328a36511dd183f756d5ce09fdbdcb7c3e8a350057d8debe53787ca17f3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
29a29b65be0c840d8e89dd2796bd8682

SHA1
3388a9e4711bfcae790bb4584313a9412e73ec1f

SHA256
a1eb03e93a156e52c002f9aa529ff19c4cda89d34a5a6866387458a01d1d0023

SHA512
1a9d7c8cce61fe7562b075782060a4334121ef9c053c71744ee733ad39bd6916ea0b7c0ddd81f25220105271f723c0e9a2b34f46b27f4a235ec675d9b2360974

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ab3d2054344ba4d0ef1f71b483a1ea91

SHA1
cd45b1548a7f1f8a9385a96f3916bb5cd7b040d1

SHA256
5ee5ec1ba686afbd08be63e8d2ecf2fa7da783b947352b73a04b1ea690741406

SHA512
11ab7a50f0b56a24c52a1df11890184f4fca8ad79da5e6187e62c7048afadb0ec6aee2d7880e4fe8f64f36dcce73e5a262949a2da920f15f288c977df4165aa6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
62b237e4754b0e0515315bce118d3228

SHA1
8416f69e233145632058c46a47f4386f38390b4f

SHA256
180da2bb1e1660c4581b643097d61f0475e56a7ced2bb292dc2c6c3e3849b2c6

SHA512
4a3b24dc2fcf3d1dba8d9a1debfd542e78af19087e5b6140a4c091b1cc5fa3aa9b83963afdfd3be50d4a831efe2b8eb2045bcfbc6ad2967877b73838a0e1cb79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
5fd23995c88c7e9b9c13580d4ecac0f6

SHA1
d7e1e1668645f751351dce659274334062ddd1da

SHA256
1ee4f27b9c37a98d78791e6ac22a23143ccd76a57c421102bb4efe357c638616

SHA512
403c147815f2c2e15020d5f5a45ae7f68fa8354097ac67ab5629ed91947b86dc49ea77498bd65f569630327e2376100e9df7a7a2839c7b2df97465c9bc3d6b83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
6c1ccc811abec9294ee08d60f18c5aef

SHA1
dece7b10c2cda9ac7ef0d0dea4bba789eb6c17d8

SHA256
8ff3a3e97a6c304a64c2c69bba041a74708ad07128a7058d60705f5b744c2cee

SHA512
f95945812d86d3adaa47685388366e4c8de11b2b23f94e6141d69b9526470fe8ee6983d80282245260bdc835fa51a5881d1627950aceeb76739f5992d8495394

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
252509ce0fdc936522557b7a0b0e1eb1

SHA1
759486198cb2ecc59a2bf434b320bb65a380369b

SHA256
3101cb22e3144c33d3a1d9118bbd2157773c7afef3fa02695c927f0c2f8b0624

SHA512
f04e7ca22c56d8001873138096ce3f86ac4451fd99edccbf116fb966f116940f51ca3bc336f5fa4bc32e07630e0ee4efa23bca0b6d336d2dff5801d2375fc19a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
741d2ec803608e49120a31776fee246f

SHA1
b8b757885ca675c120b09e63f55c0ab4d98fd9ac

SHA256
d90e556f5b3e518f8616692a2e119a808ff76c08ea62c6270daaff2e4e00e261

SHA512
a8ac2ca818446195ca3157535f30cb8b2d851e451fa3731456dcebcfcc34bfc031e5302db0d2c3c84f9ef7b314860e1e4733d2d2c1a32c6b3c9b71995fbc33ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
876ef152c6e3e20a7678903a70d22629

SHA1
230381fe0469933f81dbdb0ff659b01705fd7712

SHA256
107797c0b2542b57357c6bea2b57e47cf188186099b9b881454089bca90e8704

SHA512
5c070ffe2216b05fea6f015e08addca060127ae52d6f1e9913eec775ae53c8e439fdbd3b4482f21c89c00a329629e85076059bd7bd19e5e82a71b69030838a26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
6e52e942ae1e4c6d04cf2b23d7be120b

SHA1
d2246236824e6d5706879000903729749217997f

SHA256
ca1f0a0cc45598304dd0a509a10882ad8ee2936a61f49badbd98dc41ed4feeab

SHA512
656a873c1f64238e8294357e2e195224170c1c2587f7a25d80189d29d610033b08e0b121cb42dc98bd5cf5aa325291d7a127b3c60d50cfb2498dc9ec74963f8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
6e52e942ae1e4c6d04cf2b23d7be120b

SHA1
d2246236824e6d5706879000903729749217997f

SHA256
ca1f0a0cc45598304dd0a509a10882ad8ee2936a61f49badbd98dc41ed4feeab

SHA512
656a873c1f64238e8294357e2e195224170c1c2587f7a25d80189d29d610033b08e0b121cb42dc98bd5cf5aa325291d7a127b3c60d50cfb2498dc9ec74963f8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
d7d8483125adedc6e015eb5b95f7d96f

SHA1
d53712840c3e77476d63f4555c0013018edd53c4

SHA256
6b7c1468f48b62be47edc3c4df05f0eaf0dc5a0b394857b5e7be1ed9469b01d5

SHA512
3bffc2be29b78166a4c47ee97d0ddc67539cb50ce1f3d174bbac2861ae460f6f7fad0e526ac5d92584ae6503570b6e7ea3f53ac60ac533d595e5806cd867c716

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
81e4fe13b06167f9e3ac4f258c5b7288

SHA1
786726a94b7e9fdfeebad95dde47d2a3c256944b

SHA256
8635e3e34d946b7a5c69f174c9b14359aa802e5e3442acb22ac813e474dd3e25

SHA512
ce3364346e6af92e542c01938a4d11d8067fbe440ff37db83f0afdc56723db4e995df25b07aa3b18dbd7ce8fefe46d5ba7e45c2feaca909463090789291c37f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
e5c4c61dde14bf08132e23060f75cb49

SHA1
45aca320938d513683c1708ce2a6b055fa2c4d57

SHA256
c11b7792cafdd6864ed4b9c3e84fd8d62a07448b6438f1737dc7d4bfac0ad13a

SHA512
41b419f0d9335c7510317b1629bfd4c9f960223a712f3d9dd077cb115e3cfb3bf8b0021e358c80ed7cc9985e0ac63a495eaaf7ce4fe5f59f59f9754dafe03c2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
141e5a140c2a3237ededb2b40fed0d6c

SHA1
7da51fb265d39410ee5ef9da8a64edf0203198a6

SHA256
28943e9ad3cc097ac2d39068aef25581adb9fef4fda96c505730d99ddab7f088

SHA512
daef570a47bbde41f4dc665c4a33817889f8d6e7e31a4b0b11d207071ab2e72c63b724e0301fd5b560883ddb100d67515a415ea7bddaea764973fe9faf007f02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13331729201170664

Filesize
11KB

MD5
a847f2c49e807c9be0e17587322125f6

SHA1
44ced0a682e0cc43adeea5b08119fd98c35aa4bd

SHA256
f1e43360cf009ef2741e7843e761634a78dc900d9b670dc553c3c84691514c31

SHA512
3e29f21d43a9e3706da8a82edc356c07a546f4cf7d1b22cd0a6a66b6f99eaa28536d28367ae570dc8d365b575f53fb1af34400b002d17db86ffe800717d3824f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
318B

MD5
c672ec6f0b13f8affbd0963ab37da3af

SHA1
6d88af848e222c74fe5f2122db60e3bf8c10b25f

SHA256
1e9299f2026dd9e263df0b475db88e0dd0eecb92441871fa58d5b7f8e45cb44f

SHA512
dbc7ed0f3c09c7a7c8d63cb9536e9c28c9b4fd97ae14f040ba703e2b3ce7f283ee61f050ea7d293628a2e4b05dbca32a99d30735db5033515b51ce15a9fefd0f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links

Filesize
128KB

MD5
f1a992863181208de8bde1e099e211a0

SHA1
a766554a22ccd0ad41d6147191b35da3406d7e09

SHA256
9f18784f4d0ace9f5802d8074efdfea24f81a2e42d6ebcb0f54196702838ea22

SHA512
f9b706bb21f04175b1ab7a1e7c1082be7e3bb4ff7066cb708fe3890f0b493d0fcba1a2802bb7acf081784cab89cb0cecd5eb5c2b13deb75faafbd967b1ff6fb5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
9eae63c7a967fc314dd311d9f46a45b7

SHA1
caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf

SHA256
4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d

SHA512
bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
157KB

MD5
acc1751db50611388c795b71ad3a905e

SHA1
e7017cea77baf875c187d274fdba4a1b7c94c8d0

SHA256
bcec99ff3af724837ad06ae96581e396f5fec3a94e51c2ea36cb303a1355bb3b

SHA512
b0a1104b6ade7406636cb1260ee610a7ae8868e4afb1289491f594386d6b88897a3065944cfcd5d3dc83c8caac2c4d0fd2a85fde9113306b5311b594939ae5d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
157KB

MD5
e6729833a807b25bb73c5da028b19917

SHA1
0dd0ff781421eb3b90034e1551b422eb9075bd64

SHA256
81d31cdba123c445c522a3c2566a780aaae80df36022f944aae92c07c3cad3fe

SHA512
39ce1a33162841f4a50fc200378f702cee76fdb4b2d59c5925f1382a722514be199b8d4148deb12d6f7aa1ceaeda9e6e4d658a376c0afd219c4316763a6d6133

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
89KB

MD5
077dd9531dee50171721a6710bdd9a10

SHA1
21eb6b1db28e447f4960c7e3dc6b140028e8c5ab

SHA256
660d183991143b8fd2289e53d93c07d99c3de724536444e189cac71edb3eaf4b

SHA512
581ed827ce2033bd40dbc55f18068e91de4e3f7481dd0d202886f1eb894ff2c32f7111e2e2acadad47dc834da9b12e677bb2ef8fed37d152053f5142d3c4c6e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
157KB

MD5
e6729833a807b25bb73c5da028b19917

SHA1
0dd0ff781421eb3b90034e1551b422eb9075bd64

SHA256
81d31cdba123c445c522a3c2566a780aaae80df36022f944aae92c07c3cad3fe

SHA512
39ce1a33162841f4a50fc200378f702cee76fdb4b2d59c5925f1382a722514be199b8d4148deb12d6f7aa1ceaeda9e6e4d658a376c0afd219c4316763a6d6133

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
89KB

MD5
15957b08b7f10b1b4c870337669bc75c

SHA1
01582707a6ce8e21e8145e4d29d1f889dff4012d

SHA256
6a5579effb9f02b039ce5e5960a70c4b92b2fc36aed02adf5ede15003a95e205

SHA512
235a9eccad6866cccc5e9087c5c4535b3d235e4857d66c29a227e86c04ae8e00cf1567b550e459522396801ae6e7464bb0f31ec14144be6e985476daa6e79d8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
107KB

MD5
b346c8e767c1bde24410e419dd7ddd7a

SHA1
fca6bba8ac7eba2a7e28be0f358bb6cd6422f838

SHA256
83a5e0c2a6994992db07fbdf6c22c714d2fc5cdeae52102a0253d4450c613205

SHA512
d6f7cf4fb0349f8b28dacbe4313544e3f2e2bff4b16aca49510f94c3dabae11718538c2c6b7e9fd0d52621edc6d28ca3cc059c5956a744c44b69b9cd0aafa2d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
98KB

MD5
d027d0ea23b88c01fc697a59ee158500

SHA1
a50c6c1eb23394e3db570e0ce6f49d15fcc2ba3b

SHA256
a674bbab7d4d0e602fc73ef0625e1430a788bc18dff9a8d3301768f846e78a63

SHA512
f9470f41ddb3ca4a6363711a8d83cd8c42c6d71ad55589b04f01cfc7e56a82e5554c85916998afe60a4ffae505a60c972cf9e8e84690ab489b125d3739226a2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57b48b.TMP

Filesize
97KB

MD5
5830676b0b209f44e11ebad54ada0942

SHA1
b9c8e110366ce65578328db7ad54dbe4879cc30d

SHA256
44bc7dea8649fd746efe01d3572f3549b8b32126dc09d3513ae1388a8e6e12d7

SHA512
b7f502451f5e405f9ab15c5316a353b1c7bd2352180910903fb329024ae10e55849cd45a2c106a26c71bd8d84271b4d89b5901b2c827e9d09c5c380ad527f1f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
117499c82ea2350a6b4d868878e78ce7

SHA1
997df13786dbba103a75b6e73297c8ca64e34864

SHA256
76cabfcda051589ce5c9472681b28d69c12e7ec9f3013588a704b23933cef3b3

SHA512
4b719cbfee5e425535cb7ec53bbe9c004ae38381fef6b3352ba60346bd2d251b39c1ac771e318e1bd4f0bc0dbcf858ebf94f44ba50abb12c9609a208b42956ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
85B

MD5
bc6142469cd7dadf107be9ad87ea4753

SHA1
72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c

SHA256
b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557

SHA512
47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\EmieSiteList\container.dat.fun

Filesize
16B

MD5
8ebcc5ca5ac09a09376801ecdd6f3792

SHA1
81187142b138e0245d5d0bc511f7c46c30df3e14

SHA256
619e246fc0ac11320ff9e322a979948d949494b0c18217f4d794e1b398818880

SHA512
cec50bfc6ad2f57f16da99459f40f2d424c6d5691685fa1053284f46c8c8c8a975d7bcb1f3521c4f3fbdc310cf4714e29404aa23be6021e2e267c97b090dc650

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.fun

Filesize
8KB

MD5
f22599af9343cac74a6c5412104d748c

SHA1
e2ac4c57fa38f9d99f3d38c2f6582b4334331df5

SHA256
36537e56d60910ab6aa548e64ca4adafdcabde9d60739013993e12ba061dfd65

SHA512
5c8afc025e1d8342d93b7842dc7ef22eca61085857a80a08ba9b3f156ee3b814606bb32bc244bd525a7913e7915bdf3a86771d39577f4a1176ade04dc381c6d4

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{7bc5b5cf-1aaa-4e05-9e8f-9001f2fe8d37}\0.1.filtertrie.intermediate.txt.fun

Filesize
16B

MD5
1fd532d45d20d5c86da0196e1af3f59a

SHA1
34adcab9d06e04ea6771fa6c9612b445fe261fab

SHA256
dae6420ea1d7dbe55ab9d32b04270a2b7092a9b6645ed4e87ad2c2da5fdd6bae

SHA512
f778cd0256eda2c1d8724a46f82e18ab760221181f75649e49dd32e9a2558bec0e9c52c5306ad17b18ab60395d83c438742103fe9adddf808e40c3d8384ea0b0

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{7bc5b5cf-1aaa-4e05-9e8f-9001f2fe8d37}\0.2.filtertrie.intermediate.txt.fun

Filesize
16B

MD5
f405f596786198c6260d9c5c2b057999

SHA1
f8f3345eb5abc30606964a460d8eef43d3304076

SHA256
58e3090edb9316d9141065ac654a08169f2833091e6eb3a53b5a774a61b7e30a

SHA512
a0b3573dae218ade265709a6fdee5f7700c9754eb10747de5af34af340ae95909d0a8902159a735e82eb5d7091f50a7997113661a7ec3fcc2b408fb6c78a4c39

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133214002621636186.txt.fun

Filesize
77KB

MD5
f378b571ebc67db97e5fc4626a3196df

SHA1
c045c11682ca05e4d5299f1ab5f63ed894905a7d

SHA256
c265a06b6166fcb787baac65d3b4e65cfc634f452b4ae7ab80741f2038e82352

SHA512
76fced0b29f147e359f120c36d41cb0462a2276a62ed1c5caf5896dc92f9fdc7335f60a411a6ab698b64194dd5bb59d78e7aa75cd751d912e579dc2e88625ddd

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133214003123207915.txt.fun

Filesize
48KB

MD5
4333795fa3a923f2b016e39a7a77edd0

SHA1
17abf6dcb0f1d3c95b0e79ddab29a5d024f34e6e

SHA256
4c2dc591ea563b399f52ba82de9e78bcd1c9843dffa41c9701ae06d063efd539

SHA512
095a3e9478a629727e66d2cf15f59fdbbea129642a957bfadefff9e5360354fa6eecdac01060f0544f60a7671b43cab0f7d7be96bc53026d49331b2a5d7fdaa6

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133214013925906534.txt.fun

Filesize
65KB

MD5
2ce858b8719203e7340ec042798c7aad

SHA1
18fde823be7da2708ab9b5477cfbda0d716397e3

SHA256
060ae157b523a8f8684ba5dc84a1be7ea41bb231d89f8771dedf2b2754808f12

SHA512
332147d1cf61c00f8951574cbbb374f8588fd51deba502f3b463808924b2b603e061477612c9f3cac80c49ee23e863bef0df876a9f8e01da5947e907a1357aa0

Download Submit
C:\Users\Admin\AppData\Local\Temp\NitroGen\NitroRansomware.exe

Filesize
285KB

MD5
84f3e8dc3f19e03950598b7005774ada

SHA1
865be991b10c71182f56e30e24ca75a5ca111ec7

SHA256
907b0951967bba240caa38494f1607e3e3acf3ff9557efd1d292a9bc12e199b9

SHA512
723f3166380bfd9aee957998b8acf6f0f8f17ef8284184df606836e769c0f7c1aac6c1bd860b35c49b11145e905889d75917fd69def415c07425007f181713bf

Download Submit
C:\Users\Admin\Downloads\Jigsaw.zip

Filesize
239KB

MD5
473a366141e76131c5fc88b82efdc762

SHA1
0d76f152e614b06459091e6cc5111c0ce58e51f1

SHA256
2809043cf1a15265bc84d00909ec9117f663921eded593c3009abc8599a378d9

SHA512
56497061f130994bc504ee5c66fd0ac29e8fc3c8857b35f21d4a418512bf5aaa3abb3562bcba99d53ff90f943952e874925d400a2a64009a6f8e53d40f291e39

Download Submit
C:\Users\Admin\Downloads\Jigsaw.zip

Filesize
239KB

MD5
473a366141e76131c5fc88b82efdc762

SHA1
0d76f152e614b06459091e6cc5111c0ce58e51f1

SHA256
2809043cf1a15265bc84d00909ec9117f663921eded593c3009abc8599a378d9

SHA512
56497061f130994bc504ee5c66fd0ac29e8fc3c8857b35f21d4a418512bf5aaa3abb3562bcba99d53ff90f943952e874925d400a2a64009a6f8e53d40f291e39

Download Submit
C:\Users\Admin\Downloads\Jigsaw.zip.crdownload

Filesize
239KB

MD5
473a366141e76131c5fc88b82efdc762

SHA1
0d76f152e614b06459091e6cc5111c0ce58e51f1

SHA256
2809043cf1a15265bc84d00909ec9117f663921eded593c3009abc8599a378d9

SHA512
56497061f130994bc504ee5c66fd0ac29e8fc3c8857b35f21d4a418512bf5aaa3abb3562bcba99d53ff90f943952e874925d400a2a64009a6f8e53d40f291e39

Download Submit
C:\Users\Admin\Downloads\half-life 3 crack\Half-Life 3 Crack.exe

Filesize
283KB

MD5
2773e3dc59472296cb0024ba7715a64e

SHA1
27d99fbca067f478bb91cdbcb92f13a828b00859

SHA256
3ae96f73d805e1d3995253db4d910300d8442ea603737a1428b613061e7f61e7

SHA512
6ef530b209f8ec459cca66dbf2c31ec96c5f7d609f17fa3b877d276968032fbc6132ea4a45ed1450fb6c5d730a7c9349bf4481e28befaea6b119ec0ded842262

Download Submit
C:\Users\Admin\Downloads\half-life 3 crack\Half-Life 3 Crack.exe

Filesize
283KB

MD5
2773e3dc59472296cb0024ba7715a64e

SHA1
27d99fbca067f478bb91cdbcb92f13a828b00859

SHA256
3ae96f73d805e1d3995253db4d910300d8442ea603737a1428b613061e7f61e7

SHA512
6ef530b209f8ec459cca66dbf2c31ec96c5f7d609f17fa3b877d276968032fbc6132ea4a45ed1450fb6c5d730a7c9349bf4481e28befaea6b119ec0ded842262

Download Submit
memory/4160-1764-0x0000000006380000-0x0000000006390000-memory.dmp

Filesize
64KB

Download
memory/4160-5803-0x0000000006380000-0x0000000006390000-memory.dmp

Filesize
64KB

Download
memory/4160-1475-0x0000000006380000-0x0000000006390000-memory.dmp

Filesize
64KB

Download
memory/4160-1473-0x0000000005120000-0x00000000051B2000-memory.dmp

Filesize
584KB

Download
memory/4160-5799-0x0000000000F00000-0x0000000000F0A000-memory.dmp

Filesize
40KB

Download
memory/4160-5800-0x0000000006380000-0x0000000006390000-memory.dmp

Filesize
64KB

Download
memory/4160-1472-0x00000000055F0000-0x0000000005B94000-memory.dmp

Filesize
5.6MB

Download
memory/4160-1471-0x0000000000710000-0x000000000075C000-memory.dmp

Filesize
304KB

Download
memory/4160-5801-0x0000000006380000-0x0000000006390000-memory.dmp

Filesize
64KB

Download
memory/4160-5802-0x0000000006380000-0x0000000006390000-memory.dmp

Filesize
64KB

Download
memory/4912-502-0x00000000001A0000-0x00000000001F0000-memory.dmp

Filesize
320KB

Download
memory/4912-506-0x000000001B1E0000-0x000000001B27C000-memory.dmp

Filesize
624KB

Download
memory/4912-505-0x0000000000D70000-0x0000000000D80000-memory.dmp

Filesize
64KB

Download
memory/4912-504-0x000000001B7C0000-0x000000001BC8E000-memory.dmp

Filesize
4.8MB

Download
memory/4912-503-0x0000000000840000-0x0000000000878000-memory.dmp

Filesize
224KB

Download
memory/5104-626-0x0000000001190000-0x00000000011A0000-memory.dmp

Filesize
64KB

Download
memory/5104-5742-0x0000000001190000-0x00000000011A0000-memory.dmp

Filesize
64KB

Download
memory/5104-5741-0x0000000001190000-0x00000000011A0000-memory.dmp

Filesize
64KB

Download
memory/5104-5726-0x0000000001190000-0x00000000011A0000-memory.dmp

Filesize
64KB

Download
memory/5104-5725-0x0000000001190000-0x00000000011A0000-memory.dmp

Filesize
64KB

Download
memory/5104-625-0x0000000001180000-0x0000000001188000-memory.dmp

Filesize
32KB

Download
memory/5104-622-0x0000000001190000-0x00000000011A0000-memory.dmp

Filesize
64KB

Download