jigsaw | 86a391fe7a237f4f17846c53d71e45820411d1a9a6e0c16f22a11ebc491ff9ff

Resubmissions

18-12-2023 08:32

231218-kfrfvshehr 10

05-12-2023 07:30

231205-jb2klaab85 10

04-12-2023 20:22

231204-y51ygsfd77 10

Analysis

max time kernel
1800s
max time network
1812s
platform
windows10-2004_x64
resource
win10v2004-20231127-de
resource tags

arch:x64arch:x86image:win10v2004-20231127-delocale:de-deos:windows10-2004-x64systemwindows
submitted
04-12-2023 20:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Ransomware.Jigsaw.zip
Size

239KB
MD5

3ad6374a3558149d09d74e6af72344e3
SHA1

e7be9f22578027fc0b6ddb94c09b245ee8ce1620
SHA256

86a391fe7a237f4f17846c53d71e45820411d1a9a6e0c16f22a11ebc491ff9ff
SHA512

21c21b36be200a195bfa648e228c64e52262b06d19d294446b8a544ff1d81f81eb2af74ddbdebc59915168db5dba76d0f0585e83471801d9ee37e59af0620720
SSDEEP

3072:p7ykj3uuY4NsJD7kPdSRQLqas/pkPm9jvkEL60Uf7k2BgS6/aFybrNN5ZAdNstk7:p7ym3VNA7w8R5/rxv7O0yng0UtVw5NJ

Score

10^/10

jigsaw wannacry discovery persistence ransomware spyware stealer worm

Malware Config

Extracted

Path

C:\Users\Admin\Desktop\@[email protected]

Family

wannacry

Ransom Note

Q: What's wrong with my files? A: Ooops, your important files are encrypted. It means you will not be able to access them anymore until they are decrypted. If you follow our instructions, we guarantee that you can decrypt all your files quickly and safely! Let's start decrypting! Q: What do I do? A: First, you need to pay service fees for the decryption. Please send $300 worth of bitcoin to this bitcoin address: 13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94 Next, please find an application file named "@[email protected]". It is the decrypt software. Run and follow the instructions! (You may need to disable your antivirus for a while.) Q: How can I trust? A: Don't worry about decryption. We will decrypt your files surely because nobody will trust us if we cheat users. * If you need our assistance, send a message by clicking <Contact Us> on the decryptor window. �

Wallets

13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94

Signatures

Jigsaw Ransomware
Ransomware family first created in 2016. Named based on wallpaper set after infection in the early versions.
ransomware jigsaw
Wannacry
WannaCry is a ransomware cryptoworm.
ransomware worm wannacry
Deletes shadow copies 2 TTPs
Ransomware often targets backup files to inhibit system recovery.
ransomware

File Deletion
T1070.004

Inhibit System Recovery
T1490
Renames multiple (3713) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware
Deletes itself 1 IoCs

Processes:

drpbx.exe

pid process

4932 drpbx.exe

Drops startup file 2 IoCs

Processes:

ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe

description	ioc	process
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SDA83B.tmp	ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SDA850.tmp	ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe

Executes dropped EXE 64 IoCs

Processes:

drpbx.exetaskdl.exe@[email protected]@[email protected]taskhsvc.exetaskse.exe@[email protected]taskdl.exetaskse.exe@[email protected]taskdl.exetaskse.exe@[email protected]taskdl.exetaskse.exe@[email protected]taskdl.exetaskse.exe@[email protected]taskdl.exetaskse.exe@[email protected]taskdl.exetaskse.exe@[email protected]taskdl.exetaskse.exe@[email protected]taskdl.exetaskse.exe@[email protected]taskdl.exetaskse.exe@[email protected]taskdl.exetaskse.exe@[email protected]taskdl.exetaskse.exe@[email protected]taskdl.exetaskse.exe@[email protected]taskdl.exetaskse.exe@[email protected]taskdl.exetaskse.exe@[email protected]taskdl.exetaskse.exe@[email protected]taskdl.exetaskse.exe@[email protected]taskdl.exetaskse.exe@[email protected]taskdl.exetaskse.exe@[email protected]taskdl.exetaskse.exe@[email protected]

pid	process
4932	drpbx.exe
3736	taskdl.exe
4412	@[email protected]
2576	@[email protected]
2840	taskhsvc.exe
2352	taskse.exe
3028	@[email protected]
3000	taskdl.exe
2472	taskse.exe
2772	@[email protected]
1804	taskdl.exe
4940	taskse.exe
1596	@[email protected]
920	taskdl.exe
3912	taskse.exe
3968	@[email protected]
3268	taskdl.exe
1804	taskse.exe
4624	@[email protected]
2688	taskdl.exe
4084	taskse.exe
4988	@[email protected]
2772	taskdl.exe
3308	taskse.exe
2616	@[email protected]
3848	taskdl.exe
3916	taskse.exe
2196	@[email protected]
1864	taskdl.exe
1564	taskse.exe
3956	@[email protected]
1904	taskdl.exe
556	taskse.exe
2824	@[email protected]
2540	taskdl.exe
2460	taskse.exe
3008	@[email protected]
2532	taskdl.exe
2076	taskse.exe
1056	@[email protected]
4348	taskdl.exe
2516	taskse.exe
2428	@[email protected]
1724	taskdl.exe
4748	taskse.exe
2540	@[email protected]
1168	taskdl.exe
5104	taskse.exe
2532	@[email protected]
2572	taskdl.exe
3012	taskse.exe
3372	@[email protected]
1664	taskdl.exe
3164	taskse.exe
1616	@[email protected]
5084	taskdl.exe
2232	taskse.exe
4192	@[email protected]
4684	taskdl.exe
1720	taskse.exe
3916	@[email protected]
1168	taskdl.exe
5112	taskse.exe
376	@[email protected]

Loads dropped DLL 7 IoCs

Processes:

taskhsvc.exe

pid process

2840 taskhsvc.exe
2840 taskhsvc.exe
2840 taskhsvc.exe
2840 taskhsvc.exe
2840 taskhsvc.exe
2840 taskhsvc.exe
2840 taskhsvc.exe
Modifies file permissions 1 TTPs 1 IoCs
discovery

File and Directory Permissions Modification
T1222

Processes:

icacls.exe

pid process

2860 icacls.exe
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

pid	process
2840	taskhsvc.exe
2840	taskhsvc.exe
2840	taskhsvc.exe
2840	taskhsvc.exe
2840	taskhsvc.exe
2840	taskhsvc.exe
2840	taskhsvc.exe

pid	process
2860	icacls.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

jigsaw.exereg.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-2598572287-1024438387-935107970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\firefox.exe = "C:\\Users\\Admin\\AppData\\Roaming\\Frfx\\firefox.exe"	jigsaw.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\toquaebywxmtyeo159 = "\"C:\\Users\\Admin\\Desktop\\tasksche.exe\""	reg.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Sets desktop wallpaper using registry 2 TTPs 2 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

Processes:

ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe@[email protected]

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-2598572287-1024438387-935107970-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]"	ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2598572287-1024438387-935107970-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]"	@[email protected]

Drops file in Program Files directory 64 IoCs

Processes:

drpbx.exe

description	ioc	process
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-60_altform-lightunplated.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2018.826.98.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraWideTile.contrast-black_scale-125.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteAppList.targetsize-54_altform-unplated.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Sticker_Ear.png	drpbx.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\cs-cz\ui-strings.js	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\ExchangeWideTile.scale-400.png	drpbx.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_CopyDrop32x32.gif	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\zh-tw\ui-strings.js.fun	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\SmallTile.scale-100.png	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\hu-hu\ui-strings.js.fun	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteAppList.targetsize-36_altform-unplated.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\16.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Car\RTL\contrast-white\MedTile.scale-125.png	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\ca-es\ui-strings.js.fun	drpbx.exe
File opened for modification	C:\Program Files\Microsoft Office\root\fre\StartMenu_Win10.mp4	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\ExploreButtonGradientTenfoot.png	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\en-us\AppStore_icon.svg.fun	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\AppIcon.targetsize-60_altform-unplated.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Work\contrast-white\SmallTile.scale-100.png	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_duplicate_18.svg.fun	drpbx.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\example_icons2x.png	drpbx.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.scale-140.png.fun	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-white\PeopleAppList.targetsize-96.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\ExchangeSmallTile.scale-100.png	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\ko-kr\ui-strings.js.fun	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-30_contrast-black.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\LargeTile.scale-400.png	drpbx.exe
File created	C:\Program Files\Microsoft Office\root\Templates\1033\EssentialReport.dotx.fun	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\Logo.scale-200_contrast-white.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Collections\contrast-white\WideTile.scale-125_contrast-white.png	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\plugins\editpdf-tool-view.js.fun	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\en-gb\ui-strings.js.fun	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\WideTile.scale-100.png	drpbx.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-black_scale-140.png.fun	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarSmallTile.scale-200.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-64_altform-unplated_contrast-white.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-20_altform-unplated_contrast-black.png	drpbx.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoDev.png	drpbx.exe
File created	C:\Program Files\Java\jdk-1.8\include\jdwpTransport.h.fun	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-125_8wekyb3d8bbwe\AppxBlockMap.xml	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\nb-no\ui-strings.js.fun	drpbx.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\fi-fi\ui-strings.js	drpbx.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\sl-si\ui-strings.js	drpbx.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\distribute_form.gif	drpbx.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-flag.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\Square310x310\PaintLargeTile.scale-100.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\187.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.scale-100_contrast-white.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\MapsAppList.targetsize-40_altform-unplated.png	drpbx.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\nb-no\AppStore_icon.svg	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\LinkedInboxLargeTile.scale-100.png	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\nl-nl\ui-strings.js.fun	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\images\FileVisio32x32.png	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win8-scrollbar\themes\dark\arrow-up-pressed.gif.fun	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-24_altform-unplated_contrast-black.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Images\no_camera_dialog_image01.jpg	drpbx.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\chrome.VisualElementsManifest.xml	drpbx.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\acrobat_pdf.svg	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxSpeechToTextOverlay_1.17.29001.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\GamesXboxHubMedTile.scale-100.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\whatsnewsrc\script\bulletin_board_construction.js	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\id-ID\View3d\3DViewerProductDescription-universal.xml	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-80_altform-unplated_contrast-white.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\Scientific.targetsize-16_contrast-black.png	drpbx.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\pl-pl\ui-strings.js	drpbx.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133461950506741106"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

Processes:

chrome.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-2598572287-1024438387-935107970-1000_Classes\Local Settings chrome.exe
Modifies registry key 1 TTPs 1 IoCs

Modify Registry
T1112

Processes:

reg.exe

pid process

2828 reg.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2598572287-1024438387-935107970-1000_Classes\Local Settings	chrome.exe

pid	process
2828	reg.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

chrome.exechrome.exetaskhsvc.exe

pid	process
3532	chrome.exe
3532	chrome.exe
1356	chrome.exe
1356	chrome.exe
2840	taskhsvc.exe
2840	taskhsvc.exe
2840	taskhsvc.exe
2840	taskhsvc.exe
2840	taskhsvc.exe
2840	taskhsvc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

Processes:

chrome.exe

pid	process
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	3532	chrome.exe
Token: SeCreatePagefilePrivilege	3532	chrome.exe
Token: SeShutdownPrivilege	3532	chrome.exe
Token: SeCreatePagefilePrivilege	3532	chrome.exe
Token: SeShutdownPrivilege	3532	chrome.exe
Token: SeCreatePagefilePrivilege	3532	chrome.exe
Token: SeShutdownPrivilege	3532	chrome.exe
Token: SeCreatePagefilePrivilege	3532	chrome.exe
Token: SeShutdownPrivilege	3532	chrome.exe
Token: SeCreatePagefilePrivilege	3532	chrome.exe
Token: SeShutdownPrivilege	3532	chrome.exe
Token: SeCreatePagefilePrivilege	3532	chrome.exe
Token: SeShutdownPrivilege	3532	chrome.exe
Token: SeCreatePagefilePrivilege	3532	chrome.exe
Token: SeShutdownPrivilege	3532	chrome.exe
Token: SeCreatePagefilePrivilege	3532	chrome.exe
Token: SeShutdownPrivilege	3532	chrome.exe
Token: SeCreatePagefilePrivilege	3532	chrome.exe
Token: SeShutdownPrivilege	3532	chrome.exe
Token: SeCreatePagefilePrivilege	3532	chrome.exe
Token: SeShutdownPrivilege	3532	chrome.exe
Token: SeCreatePagefilePrivilege	3532	chrome.exe
Token: SeShutdownPrivilege	3532	chrome.exe
Token: SeCreatePagefilePrivilege	3532	chrome.exe
Token: SeShutdownPrivilege	3532	chrome.exe
Token: SeCreatePagefilePrivilege	3532	chrome.exe
Token: SeShutdownPrivilege	3532	chrome.exe
Token: SeCreatePagefilePrivilege	3532	chrome.exe
Token: SeShutdownPrivilege	3532	chrome.exe
Token: SeCreatePagefilePrivilege	3532	chrome.exe
Token: SeShutdownPrivilege	3532	chrome.exe
Token: SeCreatePagefilePrivilege	3532	chrome.exe
Token: SeShutdownPrivilege	3532	chrome.exe
Token: SeCreatePagefilePrivilege	3532	chrome.exe
Token: SeShutdownPrivilege	3532	chrome.exe
Token: SeCreatePagefilePrivilege	3532	chrome.exe
Token: SeShutdownPrivilege	3532	chrome.exe
Token: SeCreatePagefilePrivilege	3532	chrome.exe
Token: SeShutdownPrivilege	3532	chrome.exe
Token: SeCreatePagefilePrivilege	3532	chrome.exe
Token: SeShutdownPrivilege	3532	chrome.exe
Token: SeCreatePagefilePrivilege	3532	chrome.exe
Token: SeShutdownPrivilege	3532	chrome.exe
Token: SeCreatePagefilePrivilege	3532	chrome.exe
Token: SeShutdownPrivilege	3532	chrome.exe
Token: SeCreatePagefilePrivilege	3532	chrome.exe
Token: SeShutdownPrivilege	3532	chrome.exe
Token: SeCreatePagefilePrivilege	3532	chrome.exe
Token: SeShutdownPrivilege	3532	chrome.exe
Token: SeCreatePagefilePrivilege	3532	chrome.exe
Token: SeShutdownPrivilege	3532	chrome.exe
Token: SeCreatePagefilePrivilege	3532	chrome.exe
Token: SeShutdownPrivilege	3532	chrome.exe
Token: SeCreatePagefilePrivilege	3532	chrome.exe
Token: SeShutdownPrivilege	3532	chrome.exe
Token: SeCreatePagefilePrivilege	3532	chrome.exe
Token: SeShutdownPrivilege	3532	chrome.exe
Token: SeCreatePagefilePrivilege	3532	chrome.exe
Token: SeShutdownPrivilege	3532	chrome.exe
Token: SeCreatePagefilePrivilege	3532	chrome.exe
Token: SeShutdownPrivilege	3532	chrome.exe
Token: SeCreatePagefilePrivilege	3532	chrome.exe
Token: SeShutdownPrivilege	3532	chrome.exe
Token: SeCreatePagefilePrivilege	3532	chrome.exe

Suspicious use of FindShellTrayWindow 60 IoCs

Processes:

chrome.exedrpbx.exe@[email protected]7zG.exe

pid	process
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
4932	drpbx.exe
3028	@[email protected]
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
2592	7zG.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe

Suspicious use of SendNotifyMessage 38 IoCs

Processes:

chrome.exe

pid	process
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe

Suspicious use of SetWindowsHookEx 53 IoCs

Processes:

pid	process
4412	@[email protected]
4412	@[email protected]
2576	@[email protected]
2576	@[email protected]
3028	@[email protected]
3028	@[email protected]
2772	@[email protected]
1596	@[email protected]
3968	@[email protected]
4624	@[email protected]
4988	@[email protected]
2616	@[email protected]
2196	@[email protected]
3956	@[email protected]
2824	@[email protected]
3008	@[email protected]
1056	@[email protected]
2428	@[email protected]
2540	@[email protected]
2532	@[email protected]
3372	@[email protected]
1616	@[email protected]
4192	@[email protected]
3916	@[email protected]
376	@[email protected]
1332	@[email protected]
3556	@[email protected]
1296	@[email protected]
5040	@[email protected]
3960	@[email protected]
1084	@[email protected]
4952	@[email protected]
4412	@[email protected]
4588	@[email protected]
4360	@[email protected]
3692	@[email protected]
1624	@[email protected]
4072	@[email protected]
2316	@[email protected]
2184	@[email protected]
2892	@[email protected]
4636	@[email protected]
2620	@[email protected]
2544	@[email protected]
1060	@[email protected]
164	@[email protected]
4428	@[email protected]
180	@[email protected]
2012	@[email protected]
2484	@[email protected]
1720	@[email protected]
4732	@[email protected]
2148	@[email protected]

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 3532 wrote to memory of 2444	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 2444	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 4888	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 4888	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 4888	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 4888	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 4888	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 4888	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 4888	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 4888	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 4888	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 4888	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 4888	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 4888	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 4888	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 4888	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 4888	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 4888	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 4888	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 4888	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 4888	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 4888	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 4888	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 4888	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 4888	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 4888	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 4888	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 4888	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 4888	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 4888	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 4888	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 4888	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 4888	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 4888	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 4888	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 4888	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 4888	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 4888	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 4888	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 4888	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 3340	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 3340	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 2548	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 2548	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 2548	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 2548	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 2548	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 2548	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 2548	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 2548	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 2548	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 2548	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 2548	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 2548	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 2548	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 2548	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 2548	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 2548	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 2548	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 2548	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 2548	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 2548	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 2548	3532	chrome.exe	chrome.exe
PID 3532 wrote to memory of 2548	3532	chrome.exe	chrome.exe

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Views/modifies file attributes 1 TTPs 3 IoCs
evasion

Hidden Files and Directories
T1564.001

Processes:

attrib.exeattrib.exeattrib.exe

pid process

3028 attrib.exe
3868 attrib.exe
1480 attrib.exe

pid	process
3028	attrib.exe
3868	attrib.exe
1480	attrib.exe

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\Ransomware.Jigsaw.zip
1⤵
PID:2488

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s fdPHost
1⤵
PID:4372

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:984

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3532

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe80c99758,0x7ffe80c99768,0x7ffe80c99778
2⤵
PID:2444

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2248 --field-trial-handle=1924,i,12658400641247480292,14798770883193317691,131072 /prefetch:8
2⤵
PID:2548

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1924,i,12658400641247480292,14798770883193317691,131072 /prefetch:8
2⤵
PID:3340

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1764 --field-trial-handle=1924,i,12658400641247480292,14798770883193317691,131072 /prefetch:2
2⤵
PID:4888

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3148 --field-trial-handle=1924,i,12658400641247480292,14798770883193317691,131072 /prefetch:1
2⤵
PID:4168

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3176 --field-trial-handle=1924,i,12658400641247480292,14798770883193317691,131072 /prefetch:1
2⤵
PID:1084

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4640 --field-trial-handle=1924,i,12658400641247480292,14798770883193317691,131072 /prefetch:1
2⤵
PID:2196

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5124 --field-trial-handle=1924,i,12658400641247480292,14798770883193317691,131072 /prefetch:8
2⤵
PID:2192

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5276 --field-trial-handle=1924,i,12658400641247480292,14798770883193317691,131072 /prefetch:8
2⤵
PID:4660

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5404 --field-trial-handle=1924,i,12658400641247480292,14798770883193317691,131072 /prefetch:8
2⤵
PID:180

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5444 --field-trial-handle=1924,i,12658400641247480292,14798770883193317691,131072 /prefetch:1
2⤵
PID:2040

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5216 --field-trial-handle=1924,i,12658400641247480292,14798770883193317691,131072 /prefetch:8
2⤵
PID:4680

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5168 --field-trial-handle=1924,i,12658400641247480292,14798770883193317691,131072 /prefetch:8
2⤵
PID:1800

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5404 --field-trial-handle=1924,i,12658400641247480292,14798770883193317691,131072 /prefetch:1
2⤵
PID:3020

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5312 --field-trial-handle=1924,i,12658400641247480292,14798770883193317691,131072 /prefetch:1
2⤵
PID:2544

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1648 --field-trial-handle=1924,i,12658400641247480292,14798770883193317691,131072 /prefetch:8
2⤵
PID:4800

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3160 --field-trial-handle=1924,i,12658400641247480292,14798770883193317691,131072 /prefetch:8
2⤵
PID:3184

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5648 --field-trial-handle=1924,i,12658400641247480292,14798770883193317691,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1356

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3520 --field-trial-handle=1924,i,12658400641247480292,14798770883193317691,131072 /prefetch:1
2⤵
PID:3316

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=1616 --field-trial-handle=1924,i,12658400641247480292,14798770883193317691,131072 /prefetch:1
2⤵
PID:4816

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4736 --field-trial-handle=1924,i,12658400641247480292,14798770883193317691,131072 /prefetch:8
2⤵
PID:4572

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6080 --field-trial-handle=1924,i,12658400641247480292,14798770883193317691,131072 /prefetch:8
2⤵
PID:2872

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5940 --field-trial-handle=1924,i,12658400641247480292,14798770883193317691,131072 /prefetch:8
2⤵
PID:2688

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6264 --field-trial-handle=1924,i,12658400641247480292,14798770883193317691,131072 /prefetch:8
2⤵
PID:3008

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5880 --field-trial-handle=1924,i,12658400641247480292,14798770883193317691,131072 /prefetch:1
2⤵
PID:2532

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=1872 --field-trial-handle=1924,i,12658400641247480292,14798770883193317691,131072 /prefetch:1
2⤵
PID:2524

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=2208 --field-trial-handle=1924,i,12658400641247480292,14798770883193317691,131072 /prefetch:1
2⤵
PID:1676

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6304 --field-trial-handle=1924,i,12658400641247480292,14798770883193317691,131072 /prefetch:8
2⤵
PID:5036

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=1744 --field-trial-handle=1924,i,12658400641247480292,14798770883193317691,131072 /prefetch:1
2⤵
PID:4288

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3516 --field-trial-handle=1924,i,12658400641247480292,14798770883193317691,131072 /prefetch:8
2⤵
PID:3500

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=6312 --field-trial-handle=1924,i,12658400641247480292,14798770883193317691,131072 /prefetch:1
2⤵
PID:2824

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5680 --field-trial-handle=1924,i,12658400641247480292,14798770883193317691,131072 /prefetch:8
2⤵
PID:2836

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2176 --field-trial-handle=1924,i,12658400641247480292,14798770883193317691,131072 /prefetch:8
2⤵
PID:2040

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=4776 --field-trial-handle=1924,i,12658400641247480292,14798770883193317691,131072 /prefetch:1
2⤵
PID:4192

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6072 --field-trial-handle=1924,i,12658400641247480292,14798770883193317691,131072 /prefetch:8
2⤵
PID:1116

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5944 --field-trial-handle=1924,i,12658400641247480292,14798770883193317691,131072 /prefetch:8
2⤵
PID:5036

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=5996 --field-trial-handle=1924,i,12658400641247480292,14798770883193317691,131072 /prefetch:1
2⤵
PID:824

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=6008 --field-trial-handle=1924,i,12658400641247480292,14798770883193317691,131072 /prefetch:1
2⤵
PID:3808

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=5896 --field-trial-handle=1924,i,12658400641247480292,14798770883193317691,131072 /prefetch:1
2⤵
PID:3600

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3132 --field-trial-handle=1924,i,12658400641247480292,14798770883193317691,131072 /prefetch:8
2⤵
PID:952

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1760 --field-trial-handle=1924,i,12658400641247480292,14798770883193317691,131072 /prefetch:8
2⤵
PID:2016

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=2176 --field-trial-handle=1924,i,12658400641247480292,14798770883193317691,131072 /prefetch:1
2⤵
PID:4224

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6460 --field-trial-handle=1924,i,12658400641247480292,14798770883193317691,131072 /prefetch:8
2⤵
PID:2836

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=5228 --field-trial-handle=1924,i,12658400641247480292,14798770883193317691,131072 /prefetch:1
2⤵
PID:4452

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5244 --field-trial-handle=1924,i,12658400641247480292,14798770883193317691,131072 /prefetch:8
2⤵
PID:3476

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5224 --field-trial-handle=1924,i,12658400641247480292,14798770883193317691,131072 /prefetch:8
2⤵
PID:2364

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6624 --field-trial-handle=1924,i,12658400641247480292,14798770883193317691,131072 /prefetch:8
2⤵
PID:4572

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3968

C:\Users\Admin\Desktop\jigsaw.exe
"C:\Users\Admin\Desktop\jigsaw.exe"
1⤵
- Adds Run key to start application
PID:4732

C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe
"C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe" C:\Users\Admin\Desktop\jigsaw.exe
2⤵
- Deletes itself
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of FindShellTrayWindow
PID:4932

C:\Users\Admin\Desktop\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe
"C:\Users\Admin\Desktop\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe"
1⤵
- Drops startup file
- Sets desktop wallpaper using registry
PID:1644

C:\Windows\SysWOW64\attrib.exe
attrib +h .
2⤵
- Views/modifies file attributes
PID:3028

C:\Windows\SysWOW64\icacls.exe
icacls . /grant Everyone:F /T /C /Q
2⤵
- Modifies file permissions
PID:2860

C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
PID:3736

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c 98601701721749.bat
2⤵
PID:2028

C:\Windows\SysWOW64\cscript.exe
cscript.exe //nologo m.vbs
3⤵
PID:4416

C:\Windows\SysWOW64\attrib.exe
attrib +h +s F:\$RECYCLE
2⤵
- Views/modifies file attributes
PID:3868

C:\Windows\SysWOW64\cmd.exe
cmd.exe /c start /b @[email protected] vs
2⤵
PID:4280

C:\Users\Admin\Desktop\@[email protected]
@[email protected] vs
3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2576

C:\Windows\SysWOW64\cmd.exe
cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet
4⤵
PID:1168

C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic shadowcopy delete
5⤵
PID:3940

C:\Users\Admin\Desktop\@[email protected]
@[email protected] co
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4412

C:\Users\Admin\Desktop\TaskData\Tor\taskhsvc.exe
TaskData\Tor\taskhsvc.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:2840

C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
2⤵
- Executes dropped EXE
PID:2352

C:\Users\Admin\Desktop\@[email protected]
@[email protected]
2⤵
- Executes dropped EXE
- Sets desktop wallpaper using registry
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:3028

C:\Windows\SysWOW64\cmd.exe
cmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "toquaebywxmtyeo159" /t REG_SZ /d "\"C:\Users\Admin\Desktop\tasksche.exe\"" /f
2⤵
PID:1524

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "toquaebywxmtyeo159" /t REG_SZ /d "\"C:\Users\Admin\Desktop\tasksche.exe\"" /f
3⤵
- Adds Run key to start application
- Modifies registry key
PID:2828

C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
PID:3000

C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
2⤵
- Executes dropped EXE
PID:2472

C:\Users\Admin\Desktop\@[email protected]
@[email protected]
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2772

C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
PID:1804

C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
2⤵
- Executes dropped EXE
PID:4940

C:\Users\Admin\Desktop\@[email protected]
@[email protected]
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1596

C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
PID:920

C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
2⤵
- Executes dropped EXE
PID:3912

C:\Users\Admin\Desktop\@[email protected]
@[email protected]
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3968

C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
PID:3268

C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
2⤵
- Executes dropped EXE
PID:1804

C:\Users\Admin\Desktop\@[email protected]
@[email protected]
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4624

C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
PID:2688

C:\Users\Admin\Desktop\@[email protected]
@[email protected]
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4988

C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
2⤵
- Executes dropped EXE
PID:4084

C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
PID:2772

C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
2⤵
- Executes dropped EXE
PID:3308

C:\Users\Admin\Desktop\@[email protected]
@[email protected]
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2616

C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
PID:3848

C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
2⤵
- Executes dropped EXE
PID:3916

C:\Users\Admin\Desktop\@[email protected]
@[email protected]
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2196

C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
PID:1864

C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
2⤵
- Executes dropped EXE
PID:1564

C:\Users\Admin\Desktop\@[email protected]
@[email protected]
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3956

C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
PID:1904

C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
2⤵
- Executes dropped EXE
PID:556

C:\Users\Admin\Desktop\@[email protected]
@[email protected]
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2824

C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
PID:2540

C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
2⤵
- Executes dropped EXE
PID:2460

C:\Users\Admin\Desktop\@[email protected]
@[email protected]
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3008

C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
PID:2532

C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
2⤵
- Executes dropped EXE
PID:2076

C:\Users\Admin\Desktop\@[email protected]
@[email protected]
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1056

C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
PID:4348

C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
2⤵
- Executes dropped EXE
PID:2516

C:\Users\Admin\Desktop\@[email protected]
@[email protected]
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2428

C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
PID:1724

C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
2⤵
- Executes dropped EXE
PID:4748

C:\Users\Admin\Desktop\@[email protected]
@[email protected]
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2540

C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
PID:1168

C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
2⤵
- Executes dropped EXE
PID:5104

C:\Users\Admin\Desktop\@[email protected]
@[email protected]
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2532

C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
PID:2572

C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
2⤵
- Executes dropped EXE
PID:3012

C:\Users\Admin\Desktop\@[email protected]
@[email protected]
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3372

C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
PID:1664

C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
2⤵
- Executes dropped EXE
PID:3164

C:\Users\Admin\Desktop\@[email protected]
@[email protected]
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1616

C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
PID:5084

C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
2⤵
- Executes dropped EXE
PID:2232

C:\Users\Admin\Desktop\@[email protected]
@[email protected]
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4192

C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
PID:4684

C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
2⤵
- Executes dropped EXE
PID:1720

C:\Users\Admin\Desktop\@[email protected]
@[email protected]
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3916

C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
PID:1168

C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
2⤵
- Executes dropped EXE
PID:5112

C:\Users\Admin\Desktop\@[email protected]
@[email protected]
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:376

C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
2⤵
PID:920

C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
2⤵
PID:5116

C:\Users\Admin\Desktop\@[email protected]
@[email protected]
2⤵
- Suspicious use of SetWindowsHookEx
PID:1332

C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
2⤵
PID:4052

C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
2⤵
PID:2780

C:\Users\Admin\Desktop\@[email protected]
@[email protected]
2⤵
- Suspicious use of SetWindowsHookEx
PID:3556

C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
2⤵
PID:1172

C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
2⤵
PID:1492

C:\Users\Admin\Desktop\@[email protected]
@[email protected]
2⤵
- Suspicious use of SetWindowsHookEx
PID:1296

C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
2⤵
PID:1364

C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
2⤵
PID:2496

C:\Users\Admin\Desktop\@[email protected]
@[email protected]
2⤵
- Suspicious use of SetWindowsHookEx
PID:5040

C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
2⤵
PID:4360

C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
2⤵
PID:5020

C:\Users\Admin\Desktop\@[email protected]
@[email protected]
2⤵
- Suspicious use of SetWindowsHookEx
PID:3960

C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
2⤵
PID:2604

C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
2⤵
PID:4124

C:\Users\Admin\Desktop\@[email protected]
@[email protected]
2⤵
- Suspicious use of SetWindowsHookEx
PID:1084

C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
2⤵
PID:4812

C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
2⤵
PID:4604

C:\Users\Admin\Desktop\@[email protected]
@[email protected]
2⤵
- Suspicious use of SetWindowsHookEx
PID:4952

C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
2⤵
PID:3268

C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
2⤵
PID:2812

C:\Users\Admin\Desktop\@[email protected]
@[email protected]
2⤵
- Suspicious use of SetWindowsHookEx
PID:4412

C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
2⤵
PID:3552

C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
2⤵
PID:1936

C:\Users\Admin\Desktop\@[email protected]
@[email protected]
2⤵
- Suspicious use of SetWindowsHookEx
PID:4588

C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
2⤵
PID:2464

C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
2⤵
PID:2316

C:\Users\Admin\Desktop\@[email protected]
@[email protected]
2⤵
- Suspicious use of SetWindowsHookEx
PID:4360

C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
2⤵
PID:2836

C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
2⤵
PID:4804

C:\Users\Admin\Desktop\@[email protected]
@[email protected]
2⤵
- Suspicious use of SetWindowsHookEx
PID:3692

C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
2⤵
PID:3024

C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
2⤵
PID:1780

C:\Users\Admin\Desktop\@[email protected]
@[email protected]
2⤵
- Suspicious use of SetWindowsHookEx
PID:1624

C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
2⤵
PID:4636

C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
2⤵
PID:1412

C:\Users\Admin\Desktop\@[email protected]
@[email protected]
2⤵
- Suspicious use of SetWindowsHookEx
PID:4072

C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
2⤵
PID:3012

C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
2⤵
PID:4680

C:\Users\Admin\Desktop\@[email protected]
@[email protected]
2⤵
- Suspicious use of SetWindowsHookEx
PID:2316

C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
2⤵
PID:564

C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
2⤵
PID:1312

C:\Users\Admin\Desktop\@[email protected]
@[email protected]
2⤵
- Suspicious use of SetWindowsHookEx
PID:2184

C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
2⤵
PID:1524

C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
2⤵
PID:2980

C:\Users\Admin\Desktop\@[email protected]
@[email protected]
2⤵
- Suspicious use of SetWindowsHookEx
PID:2892

C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
2⤵
PID:4072

C:\Windows\SysWOW64\attrib.exe
attrib +h +s F:\$RECYCLE
2⤵
- Views/modifies file attributes
PID:1480

C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
2⤵
PID:4596

C:\Users\Admin\Desktop\@[email protected]
@[email protected]
2⤵
- Suspicious use of SetWindowsHookEx
PID:4636

C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
2⤵
PID:4940

C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
2⤵
PID:3460

C:\Users\Admin\Desktop\@[email protected]
@[email protected]
2⤵
- Suspicious use of SetWindowsHookEx
PID:2620

C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
2⤵
PID:1724

C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
2⤵
PID:4412

C:\Users\Admin\Desktop\@[email protected]
@[email protected]
2⤵
- Suspicious use of SetWindowsHookEx
PID:2544

C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
2⤵
PID:4168

C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
2⤵
PID:1728

C:\Users\Admin\Desktop\@[email protected]
@[email protected]
2⤵
- Suspicious use of SetWindowsHookEx
PID:1060

C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
2⤵
PID:2612

C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
2⤵
PID:2432

C:\Users\Admin\Desktop\@[email protected]
@[email protected]
2⤵
- Suspicious use of SetWindowsHookEx
PID:164

C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
2⤵
PID:984

C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
2⤵
PID:1364

C:\Users\Admin\Desktop\@[email protected]
@[email protected]
2⤵
- Suspicious use of SetWindowsHookEx
PID:4428

C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
2⤵
PID:4792

C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
2⤵
PID:4616

C:\Users\Admin\Desktop\@[email protected]
@[email protected]
2⤵
- Suspicious use of SetWindowsHookEx
PID:180

C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
2⤵
PID:4412

C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
2⤵
PID:2904

C:\Users\Admin\Desktop\@[email protected]
@[email protected]
2⤵
- Suspicious use of SetWindowsHookEx
PID:2012

C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
2⤵
PID:4312

C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
2⤵
PID:228

C:\Users\Admin\Desktop\@[email protected]
@[email protected]
2⤵
- Suspicious use of SetWindowsHookEx
PID:2484

C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
2⤵
PID:4612

C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
2⤵
PID:3496

C:\Users\Admin\Desktop\@[email protected]
@[email protected]
2⤵
- Suspicious use of SetWindowsHookEx
PID:1720

C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
2⤵
PID:3720

C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
2⤵
PID:3728

C:\Users\Admin\Desktop\@[email protected]
@[email protected]
2⤵
- Suspicious use of SetWindowsHookEx
PID:4732

C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
2⤵
PID:1100

C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
2⤵
PID:3896

C:\Users\Admin\Desktop\@[email protected]
@[email protected]
2⤵
- Suspicious use of SetWindowsHookEx
PID:2148

C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
2⤵
PID:3988

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
PID:4612

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
PID:3688

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ffe80c99758,0x7ffe80c99768,0x7ffe80c99778
2⤵
PID:2276

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" a -i#7zMap3062:72:7zEvent2250 -ad -saa -- "C:\Users\Admin\Desktop\Cs2Moon"
1⤵
- Suspicious use of FindShellTrayWindow
PID:2592

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

File and Directory Permissions Modification

T1222

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Indicator Removal

T1070

File Deletion

T1070.004

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Defacement

T1491

Inhibit System Recovery

T1490

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_remove_18.svg.fun

Filesize
720B

MD5
75a585c1b60bd6c75d496d3b042738d5

SHA1
02c310d7bf79b32a43acd367d031b6a88c7e95ed

SHA256
5ebbfc6df60e21044486a5df3cb47ccdcd7a4d5f197804555715ffd9bf6c5834

SHA512
663a302e651b9167f4c4e6ae30028307b4d8da0dda3a0e5fd414104951d50419862fc9396c5b39fe5c4b696efd3efbf0b575688983b1d341f3ef38becf500505

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons.png.fun

Filesize
7KB

MD5
72269cd78515bde3812a44fa4c1c028c

SHA1
87cada599a01acf0a43692f07a58f62f5d90d22c

SHA256
7c78b3da50c1135a9e1ecace9aea4ea7ac8622d2a87b952fc917c81010c953f7

SHA512
3834b7a8866e8656bbdbf711fc400956e9b7a14e192758f26ccf31d8f6ab8e34f7b1983c1845dc84e45ff70555e423d54a475f6a668511d3bcbdd1d460eeb4b0

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons_ie8.gif.fun

Filesize
7KB

MD5
eda4add7a17cc3d53920dd85d5987a5f

SHA1
863dcc28a16e16f66f607790807299b4578e6319

SHA256
97f6348eaa48800e603d11fa22c62e10682ad919e7af2b2e59d6bd53937618f2

SHA512
d59fa9648dc7cb76a5163014f91b6d65d33aaa86fc9d9c73bf147943a3254b4c4f77f06b2e95bb8f94246a982ea466eb33dac9573dd62f40953fd23de1c1b498

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons_retina.png.fun

Filesize
15KB

MD5
7dbb12df8a1a7faae12a7df93b48a7aa

SHA1
07800ce598bee0825598ad6f5513e2ba60d56645

SHA256
aecde4eb94a19095495d76ef3189a9abd45bcfd41acbed7705d22b4c7d00aa77

SHA512
96e454ebb4c96573e8edc6822290c22d425f4c7f7adbab35e6dc4b3ce04a5916ae9254c2c312c98299835ecbf3c5aa95da2939b8408ac25fbae44ba87a3795dc

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\new_icons.png.fun

Filesize
8KB

MD5
82a2e835674d50f1a9388aaf1b935002

SHA1
e09d0577da42a15ec1b71a887ff3e48cfbfeff1a

SHA256
904372666ca3c40f92b20317d92ca531678958affbc34591401e338146fe0ecb

SHA512
b10a8e384d0bd088443a5085f5c22a296f6f4d295a053d4526690ba65846e887daec47d01cf18fdf1160db98061a8b7c4040de56e6e604451a821fadccf32698

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\new_icons_retina.png.fun

Filesize
17KB

MD5
150c9a9ed69b12d54ada958fcdbb1d8a

SHA1
804c540a51a8d14c6019d3886ece68f32f1631d5

SHA256
2dee41184747742fbdc527b2023d67fecec1ccdfdf258439a06cd75d4fd33f43

SHA512
70193ee6f0919eb14311f43b5a5da041deacb568db55fc43290ee76e17af902ac468435b37a150630ea3b7871c724073915ae5dcba3c301ac42f2d68dd598e2f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon.png.fun

Filesize
448B

MD5
880833ad1399589728c877f0ebf9dce0

SHA1
0a98c8a78b48c4b1b4165a2c6b612084d9d26dce

SHA256
7a27d891097df183fbf0031e3894bdac0ce77aef15d666ddd9f6a04e9836fb27

SHA512
0ddf247892a72a390437390d535debf6e41d12e51b31eb4f0353b710ec380c5fbc531a48e76935088063a41aca843287d3def9c1cd46be05b8dcb69f5017a464

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_2x.png.fun

Filesize
624B

MD5
409a8070b50ad164eda5691adf5a2345

SHA1
e84e10471f3775d5d706a3b7e361100c9fbfaf74

SHA256
a91790b778026db625c9dedfe1c6d94b884818b33d7977e86b2f9c2f3c500796

SHA512
767a75edd37d29b3433040ce21cda849cd11ba549f27581f7edc6416c433ba7047c56908d40956422393ab0f35ede61617d4bd2aad0bde3d1ebd276584c858c7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover.png.fun

Filesize
400B

MD5
2884524604c89632ebbf595e1d905df9

SHA1
b6053c85110b0364766e18daab579ac048b36545

SHA256
ae2facd997527426fc4def82e0db68be29b44499bfff86a28c36f7c31b177d4f

SHA512
0b506397627823a1768796129c6b37d146821471b89338b5f2d0fd3aea707fd46a8e197ee0e298ddfb3b50eef0a0b064946006346b060f733ef19cbd5d24fc90

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover_2x.png.fun

Filesize
560B

MD5
e092d14d26938d98728ce4698ee49bc3

SHA1
9f8ee037664b4871ec02ed6bba11a5317b9e784a

SHA256
5e8ec278a273be22199884d519a79f748801baa3a45b76e57569fdfffe96e7fb

SHA512
b2fcb5d46339cdf6b5a954f2a083cf913779e57cb6e8699bc5da1fba1c370c41117b7ddefb50075622067eb7b02a20268bc047171bd883bcda4a497c2ec64ea4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon.png.fun

Filesize
400B

MD5
0c680b0b1e428ebc7bff87da2553d512

SHA1
f801dedfc3796d7ec52ee8ba85f26f24bbd2627c

SHA256
9433084e61062d2b709c1390e298ddaf3fb0226656662c04c0b7026a44dee750

SHA512
2d1399a6bf225b048d2b12656e941ad912636acae2dec387f92f33ac80629a1e504bca63580ba73a8ed073788f697274d5eb76ea1b089f0555fd397a8f5cbbff

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png.fun

Filesize
560B

MD5
be26a499465cfbb09a281f34012eada0

SHA1
b8544b9f569724a863e85209f81cd952acdea561

SHA256
9095e9b4759e823e96984981af41b7a9915a5ecaa6be769f89c13484cef9e0f5

SHA512
28196e5de9670e9f63adcf648368bd3ea5926a03e28a13adc2fb69c567fba2f84e4f162637c487acb64eda2e30993f849806f2313820ba693c7e70303542d04f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png.fun

Filesize
400B

MD5
2de4e157bf747db92c978efce8754951

SHA1
c8d31effbb9621aefac55cf3d4ecf8db5e77f53d

SHA256
341976b4fe312824d02512d74770a6df9e1c37123781655532bd9cd97ea65fa9

SHA512
3042a742c38434ae3ee4fe10f7137462cdebad5cae0f9a85fb61063d15a30e1b54ac878b1af65f699c6ca1a9d2c3e58d245e54bdebfadc460cbd060836734e11

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png.fun

Filesize
560B

MD5
ad091690b979144c795c59933373ea3f

SHA1
5d9e481bc96e6f53b6ff148b0da8417f63962ada

SHA256
7805ac9d0e05d560023e5aabed960d842e4f3ec2aa3db45a9cfb541688e2edb1

SHA512
23b4c799a7b25f70962e8dd0ec7286ba7150053cab7c88f5fb1efc1095c2987bd6f3572e7fb3ee4b2238958e52a763de2c84a74615df7a6d3a19a034584fd687

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\example_icons.png.fun

Filesize
688B

MD5
65368c6dd915332ad36d061e55d02d6f

SHA1
fb4bc0862b192ad322fcb8215a33bd06c4077c6b

SHA256
6f9c7ebec5a707de439e3fd2e278fdfa07a39465d56157b70b24f091509bf76f

SHA512
8bb9a7690aeb3c0b9e14e1a6ebc5741536d354cf2324fd74ee0c3e4ef511718f7795039a94c8d2df94b6e6d0fb1762191cb649089d1def12abdf34003f0cdd0f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\example_icons2x.png.fun

Filesize
1KB

MD5
0d35b2591dc256d3575b38c748338021

SHA1
313f42a267f483e16e9dd223202c6679f243f02d

SHA256
1ca0cfc2df0354c8d886285ae5e743d9c7cc030e1afd68ac113c0f2ce43ad5fa

SHA512
f6c58c27bbde7508a866bd0e7fabadb13a4f020378cd8b8cfc0c9fa23f645d811d6cdea04b81afdf30c064c6248152e74b3e6a78ec7a3d1d19037a0db8897d7e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\bg_pattern_RHP.png.fun

Filesize
192B

MD5
b8454390c3402747f7c5e46c69bea782

SHA1
e922c30891ff05939441d839bfe8e71ad9805ec0

SHA256
76f8ed1dd50e50c7d62b804a0d6901a93e5534787d7b38467933d4c12ce98a0d

SHA512
22b26c62473e80d17c1f78df14757ccfb6c7175faa541705edc153c02baa7ab0982b5daabe8dd2c8c9efb92af81f55ccaeeecffe8ed9a0b3c26e89135ca50923

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\bg_patterns_header.png.fun

Filesize
704B

MD5
6e333be79ea4454e2ae4a0649edc420d

SHA1
95a545127e10daea20fd38b29dcc66029bd3b8bc

SHA256
112f72ef2bc57de697b82b731775fba3f518d1ae072120cd11b732bf4a782e36

SHA512
bed5906c7373814acc8a54c1631428a17f0aa69282920447a1575d8db826afd5dab262301dc6da610ff8bb81d24ec6babd3d9fb99fd6945f1aca9cb9c76ec2c9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\illustrations.png.fun

Filesize
8KB

MD5
3ae8789eb89621255cfd5708f5658dea

SHA1
6c3b530412474f62b91fd4393b636012c29217df

SHA256
7c5b1d8469e232a58359ccbcb89e619c81c20e6d2c7579e4292eb9a19849bc5a

SHA512
f6998dbae1a2fa56f962045261a11a50b8e03573d9d4cf39083da3be341cc104e0ecf5908076f03961bcdb1356d05a7450d69940ec3aaab73623a6fe180e7051

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\illustrations_retina.png.fun

Filesize
19KB

MD5
b7c62677ce78fbd3fb9c047665223fea

SHA1
3218c7b6fd8be5e0a8b67d3953d37d5dbd0c71d8

SHA256
aa638be6e1107ed1f14e8430abedd6f6d0a837a31b1b63e6a7741d6d417eddc2

SHA512
9e0cc29835845f2a0260a6989c1b362bac22a8e0c2825bc18f1dde812ce7868503881d2deaf951429a80b5017b6ce31e785ff524883e08d730aa38b36a2fb074

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-gb\ui-strings.js.fun

Filesize
832B

MD5
117d6f863b5406cd4f2ac4ceaa4ba2c6

SHA1
5cac25f217399ea050182d28b08301fd819f2b2e

SHA256
73acdc730d8a9ec8f340c724b4db96fc222bb1eaf836cec69dfe3fab8d6ac362

SHA512
e10883029c1e0fbc64bec9aac0a6957a8499af255e1790843717212077926474e02b2870c5dd04b057c956b97ad4bb1747fe73e731ea61b891f4b38dd80494d7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ui-strings.js.fun

Filesize
1KB

MD5
433755fcc2552446eb1345dd28c924eb

SHA1
23863f5257bdc268015f31ab22434728e5982019

SHA256
d6c290e942ee665d71e288229423a1f1866842988eac01f886910b0ec383aa9b

SHA512
de83b580ce27012a7677e1da867c91e2a42dbc6b5872dcf756ace51c2862801814665ecca997171f2e550e8b9a3de19994d2516a4e5d4d57e16c7b4b823236c0

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ui-strings.js.fun

Filesize
1KB

MD5
781ed8cdd7186821383d43d770d2e357

SHA1
99638b49b4cfec881688b025467df9f6f15371e8

SHA256
a955039cd9e53674395f4b758218e4d59c89e99a0c4d2a909e49f6008b8f5dd4

SHA512
87cb9c4288586df232200f7bbacee3dee04f31c9444902dd369ad5c392d71e9837ebf8b3bb0fcb4a5db8a879cf757e97ce248939e3316c6bf3a3fe7cbe579534

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\bun.png.fun

Filesize
2KB

MD5
51da980061401d9a49494b58225b2753

SHA1
3445ffbf33f012ff638c1435f0834db9858f16d3

SHA256
3fb25ddd378ab756ec9faa56f16b76691cf6d9c7405bb9a09ce542a6f5b94e44

SHA512
ecc5eb2a045ce2508d461b999f16caba6cce55aa0c00b34bd73a33e0458795f93a77caff5026212912684164057be016f51dc57ec83821c2a1f2e27417c47b2c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview.png.fun

Filesize
2KB

MD5
2863e8df6fbbe35b81b590817dd42a04

SHA1
562824deb05e2bfe1b57cd0abd3fc7fbec141b7c

SHA256
7f1238332901b740cde70db622abcfb533fc02f71e93101340073552f4820dad

SHA512
7b2d95465ea66951ea05c341549535a0a939d26dbde365b212e3983e4047fa6912c37d737cb8054c41bb1a7d92586d968a0154c666572a70ebc59a4776897f38

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview2x.png.fun

Filesize
4KB

MD5
79f6f006c95a4eb4141d6cedc7b2ebeb

SHA1
012ca3de08fb304f022f4ea9565ae465f53ab9e8

SHA256
e9847d0839d3cf1039bebdc49820ee7813d70941347ce420990592e5e3bd998e

SHA512
c143a4cf1ccfa98039b73214978722408188535ee4aa3dac08a34760b94bdf6d36ad0ff0de893da5b17fd69c96a6dfb25098ab7fec219fad1a77532113d0353e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small.png.fun

Filesize
304B

MD5
b88e3983f77632fa21f1d11ac7e27a64

SHA1
03a2b008cc3fe914910b0250ed4d49bd6b021393

SHA256
8469b8a64e80d662eec71c50513f6d295ef4a3a9992763dbcac9d81253cef9d5

SHA512
5bf93d4f4250ca96169f3d27d4e648cc5d6e00b7558a3ef32e07edcbae36dadb8008d7ba5f83ac3ed812b72c9d52730e866191b4de7a339df57b5697e00df50d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small2x.png.fun

Filesize
400B

MD5
f77086a1d20bca6ba75b8f2fef2f0247

SHA1
db7c58faaecd10e4b3473b74c1277603a75d6624

SHA256
cf10d2a22b638cf0978cf30ecaf39ecb5bb0e3ad78cd920afa433ad60cc1290d

SHA512
a77a897c0b41f4052cb9546d4cfd6e0856b288b6b8583a86d6c7e79059a05b19cc2593599251581e79107235e9d5cd589c392bf490452be04ff57e944cd19df3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\nub.png.fun

Filesize
1008B

MD5
e03c9cd255f1d8d6c03b52fee7273894

SHA1
d0e9a9e6efd1746bc9ccb4eb8e7701c1cd707e2e

SHA256
22a34c8321384fc7682102e40d082e7812232a9109e4d4e8fa2152fda3f260f6

SHA512
d4bd002197b725316e1f1f2dd0a70ee44a82a53ac0dafa8c6b1166343adc406e147d0c4cca30d65a32aa545f1b327c6b69c0ec1d15330af48a6faa234dc4b5ac

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons.png.fun

Filesize
1KB

MD5
62b1443d82968878c773a1414de23c82

SHA1
192bbf788c31bc7e6fe840c0ea113992a8d8621c

SHA256
4e96529c023168df8dde241a9acdbf4788ea65bc35605e18febff2b2071f1e24

SHA512
75c8604ea65e0cdd9ea74b4802930444dd16a945da1e7f0af4a9a3762259ee9eb41ea96973555d06f4814ee2f6b73ab662c6b314b97876e9628fa5d4536e771c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons2x.png.fun

Filesize
2KB

MD5
bca915870ae4ad0d86fcaba08a10f1fa

SHA1
7531259f5edae780e684a25635292bf4b2bb1aac

SHA256
d153ed6c5ea8c2c2f1839f8dadcc730f61bd8cd86ad732bab002a258dea1d037

SHA512
03f23de6b0ae10e63c41e73308b3844d49379c55d2df75fa1dc00771b26253d832c21081d8289f04260369df996e31273b7c0788cf3b5c78a27ec909f14a283a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\nl-nl\ui-strings.js.fun

Filesize
848B

MD5
14145467d1e7bd96f1ffe21e0ae79199

SHA1
5db5fbd88779a088fd1c4319ff26beb284ad0ff3

SHA256
7a75b8ec8809c460301f30e1960b13c518680792e5c743ce7e9a7f691cfafc38

SHA512
762d499c54c5a25aba4357a50bb4e6b47451babeda84fa62cfbd649f8350bca55204ad002883b9147e78dda3dbabaae8da1dc94b716204226bb53326030772b7

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.fun

Filesize
32KB

MD5
829165ca0fd145de3c2c8051b321734f

SHA1
f5cc3af85ab27c3ea2c2f7cbb8295b28a76a459e

SHA256
a193ee2673e0ba5ebc5ea6e65665b8a28bd7611f06d2b0174ec2076e22d94356

SHA512
7d380cda12b342a770def9d4e9c078c97874f3a30cd9f531355e3744a8fef2308f79878ffeb12ce26953325cb6a17bc7e54237dfdc2ee72b140ec295676adbcb

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\invalid32x32.gif.fun

Filesize
160B

MD5
580ee0344b7da2786da6a433a1e84893

SHA1
60f8c4dd5457e9834f5402cb326b1a2d3ca0ba7e

SHA256
98b6c2ddfefc628d03ceaef9d69688674a6bc32eb707f9ed86bc8c75675c4513

SHA512
356d2cdea3321e894b5b46ad1ea24c0e3c8be8e3c454b5bd300b7340cbb454e71fc89ca09ea0785b373b483e67c2f6f6bb408e489b0de4ff82d5ed69a75613ba

Download Submit
C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe

Filesize
283KB

MD5
2773e3dc59472296cb0024ba7715a64e

SHA1
27d99fbca067f478bb91cdbcb92f13a828b00859

SHA256
3ae96f73d805e1d3995253db4d910300d8442ea603737a1428b613061e7f61e7

SHA512
6ef530b209f8ec459cca66dbf2c31ec96c5f7d609f17fa3b877d276968032fbc6132ea4a45ed1450fb6c5d730a7c9349bf4481e28befaea6b119ec0ded842262

Download Submit
C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe

Filesize
283KB

MD5
2773e3dc59472296cb0024ba7715a64e

SHA1
27d99fbca067f478bb91cdbcb92f13a828b00859

SHA256
3ae96f73d805e1d3995253db4d910300d8442ea603737a1428b613061e7f61e7

SHA512
6ef530b209f8ec459cca66dbf2c31ec96c5f7d609f17fa3b877d276968032fbc6132ea4a45ed1450fb6c5d730a7c9349bf4481e28befaea6b119ec0ded842262

Download Submit
C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe

Filesize
283KB

MD5
2773e3dc59472296cb0024ba7715a64e

SHA1
27d99fbca067f478bb91cdbcb92f13a828b00859

SHA256
3ae96f73d805e1d3995253db4d910300d8442ea603737a1428b613061e7f61e7

SHA512
6ef530b209f8ec459cca66dbf2c31ec96c5f7d609f17fa3b877d276968032fbc6132ea4a45ed1450fb6c5d730a7c9349bf4481e28befaea6b119ec0ded842262

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
599e04c6640153dd628133aafa5bbfbc

SHA1
d446f46a2c439f887e38514e16dcb64db98178d4

SHA256
427ae07192490d9f03cd799d679b81071d35fca24f2a77daad9f5a1077562080

SHA512
5bd235cc217ea5ad70ff557fb80dcf9ca76bb4c30067ee5af00464b2a9d518a5310e8e05951352e3f2d85d10c4b22ae1e9b730df2f02724ac1adf6d3e1224177

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
58KB

MD5
91c06179dc0d1ae56cca0911d5193d26

SHA1
fbc10ed9135158c9cdc8ad63935952f534d88a07

SHA256
34f2583b9f7b9132b267ae370c5ae059459862383fefef814a3219b0bbc7519a

SHA512
004fd211b51fba45daa1e35c442e79b932029bd30465e1a012eeff59519ce3574b6b7757af8ada8ce927fb560c17aad40647af2aa9b532cebbe251037f1097ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
186KB

MD5
9f61d7b1098e9a21920cf7abd68ca471

SHA1
c2a75ba9d5e426f34290ebda3e7b3874a4c26a50

SHA256
2c209fbd64803b50d0275cfd977c57965ee91410ecf0cafa70d9f249d6357c71

SHA512
3d4f945783809a88e717f583f8805da1786770d024897c8a21d758325bcd4743ff48e32a275fe2f04236248393e580d40ae5caf5d3258054ea94d20b65b2c029

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
20KB

MD5
923a543cc619ea568f91b723d9fb1ef0

SHA1
6f4ade25559645c741d7327c6e16521e43d7e1f9

SHA256
bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd

SHA512
a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
311KB

MD5
37b8540c75dced3d74308e0a1216f372

SHA1
ec7e97e73d5a6de9d006c9dcb2c6cc570bb61cf6

SHA256
af8907f1f465d9adf56df75d67cc43286a7e2ce060e3885369118104c3d7207f

SHA512
89c50c79d2a80620c68bd19e711b2994dc972d334d58e655d9065a62c87aeae81d45e99a58b2cd77e8f8570bb83ea7486d12fb4555812029fb4fd4582cb78e52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
121KB

MD5
fb9082949a8aab4f7c9e5ca2a1ed44f8

SHA1
142fb11498aadf4b5522a1e1bff8d4a0a736736a

SHA256
4e50e0741495adff92bb0085669576c5e735f3b57404b38bb71e6b58571d335a

SHA512
fee05857a0f4dda55e3cc425951399641a09356656457a6b1a0d7df375cfb2ce07a8c02dd6d0d52883b8da7475440cc270418c78595205686b6166052978bfab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

Filesize
74KB

MD5
69f475048d055a7e3aa6693418381062

SHA1
40b6519e49658c9c9c93d9646efa6a86869baed7

SHA256
7bab15e1545c8f96d99da5c199afffa3f9d24e004622814de29a71c82852a667

SHA512
e34b628e943c4c4583a6eb0226d8d2562f16bd462fdc2591e924be63a39c317090faa4e71cf90ab22fc376dffd384a5528c0d224bea9ab2f176b4f120f259b12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
40KB

MD5
929729aa7cff46b3dad2f748a57af24c

SHA1
81aa5db7dd63c79e23ccd23bf2520ab994295f2e

SHA256
3c63e6c7fa25849799d08bf54988bfb3b77b1d1eebb1e55a94b64995850cba2f

SHA512
a10eaa6f2708b683bd43295b9c3da5840c0eb6d8a6b9e1922a534270fecbc0dcdb4cdcc28768df292a06f6210885b510254bdca17e5b3c507b0337fe7dc3d743

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023

Filesize
65KB

MD5
6b9bd58cbc145903be52f080e479abf5

SHA1
ac7ce4a86d4f84437c0145b97d8065896e945f8e

SHA256
b9784e7cb1cbb314622eea05a9787b6d3a4a822a6ed72213cf0f30e836d53ca1

SHA512
046e15a69981bb3368fb282c2fec48436b437d599b830352b86242d8ff367aa69928bebcbb9de1b83fe286b5d5f86591186cd807a14fbb9bffc3183d6be67552

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000024

Filesize
135KB

MD5
710caa00aca3ac18fbc2be1761ce8add

SHA1
86a40cd3117ad5a2d9da978a2bdfe6c1a1557015

SHA256
4e21f3fc1dd0b16516b665804b6d67551c580e81b04835cfde0dd619c5339df5

SHA512
6af5b0df008fbe1398a0fa89d8f2c4c6d3e01b99b295e86933e72114e8b997d05bfa7bce06beec551684430a6964f020831e1419bdf9854cac8c2566a7e5d35e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000027

Filesize
102KB

MD5
d71bf44ee22bc444ecfd6c056a022c31

SHA1
6bce50dde4a1550ddbb8e52341515895513368df

SHA256
a87eb05e001b4482b50d7974d10fe4ce6208209883230279c7d58c6663d444f4

SHA512
9f7092374af11c7b3208cf65059836df2b8365603d1cc169797d020e8006f499551a6b57470dee0309eb27b67e788912c786b072ca838fe5b74a077e963fa4fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000057

Filesize
206KB

MD5
a933710471ff0c363beef824d80a23a2

SHA1
231d505b6faf5dfc13c9ae11cef3a76f6056c72b

SHA256
968b70ecd238d6fa454e0339b778229ec0468f55ce21e0e1cf58488a429558f6

SHA512
01bbd6fc1396f334ec55361e5144827cd35cc86bfa6c6652d79ef5651de9526dafff4a95a18a6c4817e6d0f34a2d9d35ecb9e71f7f8ef8d0b89a56d285d64388

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00006f

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\673fc05caa823a0f_0

Filesize
1KB

MD5
4d9e9164f2f82a28c8ade0772afa8ff3

SHA1
02a4a21f84d0a51bb7e6310d110535055fd15e20

SHA256
5fe84321d39d0ddc7c3de32a3ce6c26bf063834d27fe22faeacb1151f55cc455

SHA512
1ccc4205ea54461163c56abfd041b15e732ab95443cc61fbd53c0121e36076f662f4bbb8450313196ade0c438b5922eeded8466291120649ae211ae57847a070

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\9e96d197dd7526c4_0

Filesize
1KB

MD5
c3b4d015c12bd0e2910b5a6f4139adb6

SHA1
7017d12e898b3c0b533d5ce87baee732e0e193e7

SHA256
19721441d007768e60f1a9e0cd5e8b70fd82033fc7fc890e50f9075e32999379

SHA512
5ba090aef3e137165e1b65a4bbd0d54c7244b41554a8499d778f1c74111f4abf830d4049850bd39acfb74c0a08207c3b34529a1623e5d2918752db8363a2c249

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
2KB

MD5
8b2a799e1fd0cc0f1b02b58dbc38e413

SHA1
28ca6e813fbce226c09e3297cd03a9c6f48d51df

SHA256
85abfbb3e92dc1325fde56a350f74688e80c6a63657e073f6a8e57a00e6d0506

SHA512
64c2b31a45f5d2a437d55db58f8cd5197bf43b952b9d9a2875d3bbc7075744740de02cfd34439b036ef2837feb51f6e22e6094828e199d11a4d549f2e4d9c3fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
03120d12741e0427cd075f89be8a88f9

SHA1
104f1126548f4290d32935cb91b50aea381b696b

SHA256
eb44f29ded2c09c8f7aa0e6af2acafdd73b9ad86cf177d894350705c582555ba

SHA512
4f291c13b676911bd85bfd874421f32104fe23a742a7d7a308c3610160b60db7213b836f51ee3f890e5b0b2196182b72f2579b58d4cfc8dda300205cfdf81dd4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
f3977b0faaf121fef880b782eacb8539

SHA1
a259cb16679b949575a8d942da63164a7eae6c4d

SHA256
ad161d7c3b3101cc776699eb921433b628727241c4a530eff17514c3eeea8734

SHA512
56822f9fe81605a707fd68ec8b69560eacebc16520fec3029447298b572d5c4ff8bcd07ffc381e60372237545eb98fbeb0b5beb8c1f4353af3ddd00cfc79ba15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
0e271c60c5c085691ca9b1c5e5014cc8

SHA1
b9a7ce079e9c50b05d4a6c41908c54cb82d50895

SHA256
27cf463f2461148e11ce32758055787e3d226c6e61c397cf4b353ba3398f4f5e

SHA512
08f42b50ab9db2ef6abfae56dfe00328d9a266db96cae4df7482966d98a69bdec7a87e48725d386d0120c5ff3569fed624f3de81326e700e1a5c8e8db31f1a1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
5025d4962476756d7bd14166bf288c9e

SHA1
b5904cff6669b86601d80157d65b99cfb77e655d

SHA256
912db9e755ca25806f3e6f6349f2fe115f6a025b54c8858907f3a3b891967a8b

SHA512
2c111e6f2a975d3d0e133ae63f4657875e8ed99ec3c9426e1e9febacbac17301963f5a16c5ba59babe9538193fb3e7c90fa9868e51bcdb6d3f790f40f1ae95ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
cbbdc773f27121b430b80ce0060cf3a0

SHA1
cc01f48adcefbef41be609fa79bc48e930eba8ac

SHA256
4865189a9643557221652859918d5ead680bbc3d275e02030d4fe38cd9881584

SHA512
d4744dd7c7ebeeb181b726f6b436472429e3952a59a03adb6c143ddfa084446e2d3c00e4b2bdd54f50ca8b1a53bc39b52dd764c05786342608f19e2c5f0fb2d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.mediafire.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.mediafire.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
03f8756cfb744c8d21b876e388ac549f

SHA1
82250b8e6c25eaa9011408e6cdbc11c114dac95a

SHA256
d46d7c81a3ad57db6693dddcc8bb9c46ded324dc2f3fea640d87fa9dfb5b7cb7

SHA512
d0ef3b341fb19e458e05cab26b3aeb08ff7ffa3285a3ef33ded09880269a734646b455d0cf985e4d4f824f0c8ac528be232e5bd2e6b917d1cf885bdcf313514b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
1a6a70ef732b20b1c2a00f848c626985

SHA1
4e616afe58ca3646fa06bb9e04f90cfda0d97136

SHA256
032adff4aa11a9e3f5194e0cc7bae7d0ea5b02b96ca34e831d1f10fa6cce3693

SHA512
2f65664da36b308ac331ee82950af7b6742e7ff504f1bc3a13b7ce454433dc59475eff67eaa317e4bb78b1a14c249ee280e788a3353cf2f43f0471344d71160e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
f2bc8b7c9d2f2cf34b3aa1fa2e362721

SHA1
bb9c17b9cdd63c836aa37225c37844ec206081c8

SHA256
4152e3f007ee638ee676152ee8a4c5d1f5b0b72a9f83c27bb40046d6a3323861

SHA512
d7de42282d4df12274db7062fa7cc088747bad602498d68c0a7acba4aa7c14ab9e1e85ce530895f0e3d14b6ee91cfb40de88470c653d9345c62613ace6a0c6a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
1e5726dcc0247fef7e558e9547b196cd

SHA1
40fd8f4bc9f70032102bc4da4463e1327f4cd8c9

SHA256
5a959d3c3ce9e80d3931202fefcce2f67feab4a1731777fdd63bb0e4c2f50806

SHA512
c91a451b1e1c49d88c2ad0ba6b80c19f9685e8c939fb5eec288c581f0158dfc55fae1866864cdd37b217a561187491822af4d20e6239323792ca46212d5b01d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
ba625ccb5e50a31c84d8b8a1e4501985

SHA1
1312d9674a1a50236f9218a404b000a92a214644

SHA256
ae06171bf24b86585b820239282c2e33276213409b3fa4dcfe0d43d8e753999a

SHA512
e82d9c3cf44ac8fe5fb39a7c0d1c59f50ec5a7762aa85581f3217fae1236529c540adabc8b588eabfdacb949cd0ffabec4e2deb1bb4f024569c7bd21b1bb01b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
10KB

MD5
ac46aa2d1907a5bc1082c2e98c04b7e5

SHA1
923e63f3b728e2db9cfb167957218f090dedb3a6

SHA256
1d1b3355b1c68913400a46c89e0a00d56ecda109f6fc10bf6363e097c879e163

SHA512
dc768dc82a5068eb6496b0cc354ca0c9514c7176bbc5fcf82ec9775b1e17545c99377297e41d5f438cf180f73b544854ca59e099462f59fca75e8dccfc846193

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
11KB

MD5
b8d9bbbd10c9e539d3b20d0b2071025e

SHA1
45b974038c18d7f7d75bb170b723271e8c7e1656

SHA256
6d3dba80a62fbe5bbae12dbd153104d2b110a2c0136a9d0757be713049ecf78f

SHA512
31381ac9363e4f327889b44ed421c2cab10aeecf3f37bb19b7d24dbbe38288b39d43a2858625abb3101ffac58c91be8ce639b7e5732ae0b7bcd9ec00d22e9c62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
ebce2f9fee721560a426e27dcfc9e9d6

SHA1
492dbf7b7cd4b6816c6d75321b8fa45c05f9365c

SHA256
0136807731d0b777d97f75e83300c52499073d0e96349430ca94525cffd2e6b4

SHA512
70b375cd29ef4b76195f689d172fe6dd48e4384dba35a1439164ea23e8feec2cba576819dbbc13cd10dd2c8c79035a06aacc8fcaa20a79a6c8e98d907ba85b28

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
2ca453092afac74e917bbbc494f6c83c

SHA1
6ac37023b778a60a4dd7f1d9e7c3b8b2640b294c

SHA256
c4949d7961638c98a73fe8b691a463caacc8fe478dff508571f5008cbd9a89f9

SHA512
f677dfe29d2bf6c6aba33acc330867091313057ce0be2150563dbd03429df63055177eaa606375cbb4e3ceb0d506709967b5d6d04be7d87571e5b1bf6112b8a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
bc68a343c4193e7d2d8ce0332981d94c

SHA1
e098e684533a1c5974e20f560acfc0cba7b65fdd

SHA256
4e0fc7d5ec03fc63669b5a24462f18affaf30885d38794d33da1b44eac4b8752

SHA512
9879b01536e56c35fe2667c922cfa6dd9597766cfd2515d83293c726ddab8c2ff22c148dcd288c7a0a4465fc159c0acae1284999379efc92ef32b11dbb706d31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
60659e6f7a5fa081a9d4905a7402bfb8

SHA1
a4a9c47cd880e8ec43fca2a982c17ba18d9ca90f

SHA256
c5d08e266fe7594e14d14702724c3f2e115783ebdec69424f6f2dd114ee4f7a9

SHA512
6738b6dd57062df156b869ab05cdf307c3c7e87ef76f5fa929b3983f43bc759b852c4ec00e28d043e6bd2bd7d6342447171bd31f95f9586cd2b945a6bfd6dde6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
2fe0d9e2b60d18ea18ff4f1bbfb15295

SHA1
1eecdd087ee14ece27e63c456c63dcb01d7513e5

SHA256
5260a7ffb4cef139088d31e3bd1c6c55d9af8fde2af54d10f7f65f9492af81bb

SHA512
8a24b7662df3460ecb6a030e3dcc4abe575b6343390ca918f13221b5a91b29cd31381005d93801560821ba28bd0a6d9d4f19b7f22fe380ff8f65b8ff59ede942

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
51d06859868ba2df2c74bc00f759223e

SHA1
b469b5768e45f2ff8c741155ff8c20d46be29b88

SHA256
12c03485f044616cf9bb7924ed169188cb0cd8c233bb4a91ca692ae54239a09a

SHA512
e323d3d25210e5a98614458325e64eefccd048f9272171f15b7313242461451946dfc96cc2b9914f7af0167a881dbb3c3fac373cc4d3cb492abed0deef38e349

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
3204a55b95038bbe4d643aee43154cb4

SHA1
9d004fb90db25e253065f6723ad1bb2390fd2677

SHA256
3583e5e8694cc04a25448371aa54fae5d9fdbe6a61f81a5384826cdf0a1c77fa

SHA512
54cf1e39457971bed5598664e0fc4e1b33e07b5ab74c13a01d37c515c05a754b9945df4f312a6ab4c552392789f1aed9bc060532da91364452a4514e7c8d9685

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
4c3565fcf413b8b9ce07840d30b26e02

SHA1
49f9652cc2931beda2d1ac7400fd65f36c5e28ce

SHA256
defed3bc25eb60d6567e16176adc4bda14e6ca34dd2d05e77b9d32b2c9c2a017

SHA512
ab56bf2b15edf416f0cebbed05cc4683cfa7456076cef33d8e7168fdb6323e1b853a7ce6405a31a1c11cb578345972adee3cdc07aa65ab4bad7d4c135f43886a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8e8696d8fbcc54eb600d547e9bc4567c

SHA1
9f2c1936d06537b6b1f4c6f1b418f3638d747bef

SHA256
902b85a8d912ba43cc9bcfbaa468026e6425b4b24da6d2850c43acddf8ea6188

SHA512
99215f026342c022d372c2a35e7c55bffe1d236bf498848afe5d2cf7cc016f852dd2646f3cf61b816eeeffd8f3058ef5056074ea66c214dbd4ee2a5cc4ec9b2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
678035788812eb5804c049cd619c992a

SHA1
c51803f0fdaebcb88a02dfa2ea8b32cc73e9e210

SHA256
6c74a089446353fbb1086d5099d75adb461bf3c93c3b5c7714ccd6d8b233817f

SHA512
d0c1ecdcd394b2785dd0e2d541eea9635b91999025653acd07c6e85a719fd489957b07a6cc360f974cca004231ca5f577569cd7ea179fae6e9e22556f0b8b44d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0119555e6e77dbb9871120abfe520592

SHA1
005b2109d06f4cd6f73700b0b93f179138a68558

SHA256
53d72c440282a84e8a32a59cad2419f6536f935fec1621e526d7ec2216f05115

SHA512
37c6a2c243208242ff98bf51ca5e5d3f04749cffd75045a34f1bb4df7c0ff08a7ce8cdc3d5c8e6d1166964433d255725f3e9760da92726f20905a2314c111d7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
8d57823186697ebbe3f5a5795a96e922

SHA1
69b324ebdc5b3afa71703a4eb8fd081ef99e3a39

SHA256
0c5aa12e8578ff64b9294a5190894ab1c57f17c688b26b79662671543d9fcaf8

SHA512
48f9b6731cb520cea142445ecceb56c8f671c8459b0d47bcd2848d4809adc328267b15fe2c2d750557d730b01002bf7e8bb2f3ba8a632ed78458265b228c0374

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
20f1545b9bcb6a653adbfa02b0f09180

SHA1
6241284c334a13ca25fcb76ace287def854fee12

SHA256
0ffa5f0798720542fc8911f38612f5e0aa79b3bb33591230f0124e0e649f0fe4

SHA512
8b89c64b15288531e8d033b5391d53d61b9b0187f1e7ace377d61798e852ff996744375911a34801fed01ac81078f9d81c4f04670e168b572183b2e2321259df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
4dbb635e186fe7544944b3be2e7f7f84

SHA1
b2efe252d816cf276a1561ce358019ca014eee74

SHA256
625594357ed8c0b14ab85fd6755a738e7346f1d1677e15485bc23aad3ffe5b03

SHA512
58bdbaccf611c94c2398f2d0531559f2f2eb977102027d32ad95b09444b6061d73502984522d7b274fd8a4168fc4f3bb87c53be9ac56bd27183ede7c17d52bda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
146c41b97f7911e5381de6e44c90ddf4

SHA1
d0a29c2af63c5838999ed89cc245b904ac9e6865

SHA256
1f4c24246deefdbb1922923101347c257c36d21844f88055629984b802090c70

SHA512
9f8b88d59216839803bd29b7efdd00cede700d7b5c0707aac9ccf4f124a0c9871ebf742d5d345c7cbe509ab83ca2f890e11abfecb1f590b51234e1c324d2c8e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
a26e9703bf65cc22224d30cd91905880

SHA1
9cd9da6513252d3141ae1ac41ff196c48c397a31

SHA256
bc4240d81c57451a502f5ea83c93f346411cd7a9e4bca388438debf9d1e84b4e

SHA512
e030fb76f519795cd8e886e7b94e4129d67e2329d0f41d57c780fb6148e20246e1c4176694479a696455fbbb5368503ea4714aa7abd62424f51b9b45820eebe7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c284943db3d3c081fb81330ad88b31dc

SHA1
d6fb9ecf77b9ae43462e9ad2796af587921d261a

SHA256
96c2423742a9b983654ac5dcaa2ae3d88f3c7d75fb9a2e653d4ba7953841fd3d

SHA512
f04a46cc1c88ab86cc54b3fc72562066a68bede38d628e1eda2eb3fd6ee10fe18863bdc83380eefd9da19d4e09f71917f1f0a50f19ed638f797a452052877cbf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
58f762aa06b8cd4612624dcc09defb1b

SHA1
507941a70b2e1e0601088464636145d1047f6da9

SHA256
d631b4fd7b847f6073e937133789135a8bd1ab02472b02647b411e60511d2a16

SHA512
6dca4d26abeca2eac242b36494fc54cc928c786cb492abbf6b59953694cd00db2592d17163dddb358c6982b04e19bf8cf07929d7c697d547946eaa5c47d0468b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d47851d84402feb236ff606db5379f8d

SHA1
6af52df3ac5614cc79623ba2af4c8c8f40b17359

SHA256
4e97089fc8e88529c0c327fa0fc37ad7df0a6bde405d197e3d1609f61fe34089

SHA512
e17996e3ee35938059015ac1ac5fb88c0970e6356b820087b33e2093c94545a66a59330c052be04a0131399a10b0c7a3839bd86c0ab060e330587bffabd73705

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
75549005f654baed27d30a9f7982cf90

SHA1
8f12b77408a3dcda0d62c1ab73ef1edbf2062689

SHA256
c0b1f57befec998ab7352f85fe520ec5d156abab7553a179b72d5d9a3126cc87

SHA512
9d26e529c428521339129f89bde5b1c7e1285d64f367636472a74162456e94f96f629519873c429be7923a3bfc3fb7d95c24833be26d1f1bfca32c4f6ec29b54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
5805ca24cd284947ba205208ab44bb45

SHA1
10fb1a133e81414a8f4cec97742bf1955385d882

SHA256
6f193edce87894683c7c4f9fbcc8911a7373d4fc25c9452dae2dca412a8183ad

SHA512
e547fce8c3c0e6b093c7d9e17d583db9d05eb0977838967dd2b22a423bc36912f46ca3a0669e3799e8351bab6761fb5384c2eac7f7734f56b93b7031453377ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
4fecd8423bd49b88adad04d0358b0056

SHA1
5b38d144dafc04b0a8dac0f21e49c7618af45ecb

SHA256
1249ea16e1976701a8fe44a8cee45a9a9614eda78945e0a5faf65ba123588b12

SHA512
40e39a6d104298e3cfe30c13a9198dbd733c777c4cb3cb01bbbbdd01eeae0b00e56c9d6ff0b79c5da172bb1de2d41d0947c2776d38fde5221938e7687a5b771e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
2c44e0168d5a12abd3413afade6cac1c

SHA1
f5fea7e02f888cbb4363e951d9efafef1f2ab44c

SHA256
b299f7561a01b27b846eea28d8e1631a2756c9dea316298458271bab3da5de51

SHA512
53b7f17842eb979b9bd5ce8bc70127539368ebcee816449f21ccc9bf77f2748a48dc99da22ff746c8d655f39886142e7db774902cecc40778e266ea42c0db96a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
5974087d558ea65e9118dc39a9a25aa7

SHA1
071417dac93abd9a999e76394f3d73cecebff992

SHA256
010f859b70a6128527eb8eb90c693bb5879d68f99f5bdd739014b0560ad90586

SHA512
9a58169edb41a0e6ede4e53e5c1fdfae17611d28ee3b7819518a8264d8b9f51e2ceef8778a48442fa615948d5d0461ccd221f5c78b20305492b55d94bf91bc18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
8ee85c428a1def9f7257fff7465eeb47

SHA1
dfd514e00e88856461eefae07cb8ebfe016464cb

SHA256
5d633b44a2c1d9a47deacac4150d4b9a6a40233b42482373fbf58d297e7e809a

SHA512
600aab1b4c02121fb7641caff5146f65ee7c96173c13159386c7c7eb4bdc17b36240ac1837f109efb4e3e7772f87f8a23087a54133c64b996ef638318594bce3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
52962afd8997cfa17a508f2282261fd7

SHA1
4e378c0dfbd1e61c811578eb4974571351e937c0

SHA256
a12a6397ecf6c0e995d9f3ecb7baa4ee6c3fb47d968791aadb89836f97b841f3

SHA512
535f9d1494d889af0de7eb0cb941119bb3c9b0f11f63215caaf5c54a593edc9e207996e974ccf5040eabbe812cd6cbf80daed7652cc4f101037a765aa8651b7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
0d7ab70e2a8316a70cffd0d9752a328f

SHA1
a67f10aeb72a3f0651fccb9306c644920bf0b34f

SHA256
cbcc74cc859e3573e7b6fbcdff55c6b0382419be1b2e60ca8b46512e70723eee

SHA512
7d360eb43f653687e4d1e842d60962cb417fccbde2f5b5e3e02bf453eb588a10df69ad56e94b9a42079641255041821d807ae7be98e07e1c7eb8e3832804f63e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6e25cab741d73dc4dcb47d990196ef14

SHA1
73a1e85fd880516da6935086113e4f1ee4ebff14

SHA256
1c7f5a2bd35aa9754404039a44787de465b4a4c6610381829891cb7c4363e18e

SHA512
3bdddafcdaa6766b6e95eeb4b932751c5e25f276de9e3bde7be630b4687bb40fb7ebb8647dba8c56e4db60d8524ad27ccde311c476f701af128af61437e07263

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4ff32d8d08fdd1f486e06000b8be24a8

SHA1
1f002bc0f5d9758157c55f53fb70eb6dcd02a169

SHA256
8392a49aeba148cd454d64e12f6c8e45a3bbf7413a886f9fa2a0fc328d434747

SHA512
a2e07295d60b2a726549e01743527fb9746e31e48aba51ce45361e5bdcfcf79d572d5c7375a57b1dd131a691375b9a705bcee00886feb0f11c62ba2f6c9d64cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
5a33f5bf2aca39efde9bf4bc7dc2ee58

SHA1
339d40dd633cf143c435cd54aa1559ffcf3dbbba

SHA256
d69a7b8b0049d7e5eab3b950fdc1e5135c31b0dbad0d401c2a44f9deae3012b3

SHA512
2580d977f61a7d321082d901fcb8ed876d349ffe83563da0168cf067d9d51c3bf353323343554fc8e40e7c62c6feaafa08c05952092a67597eafb9a31ec03917

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
a74229d7c463a7b4955206ff633d7884

SHA1
727cc2a4f28d62b6e043c57fc978be87530ffdf1

SHA256
ee33b8efa683e1781c6fe7091f2811b1121faabcbe4f39b9137cdb9a5f309489

SHA512
688e926038f667ae5d9eb53365d544299084a04b27493cc60d64241d94f2ca6fecc8c16903aa53326e12a73779c1adbefc5cc314d0c4e71f9f6d5091a9b64e23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
b675768c674070d7bbd0807670f35e80

SHA1
fc61b51294bb332af0c9743387c438f0f84e6273

SHA256
3508969f5c4af47d0c82f2b8b9af2458a827d9d830c9abbd0a6cc7a319c9a2cb

SHA512
8f3278cb01bd032624092b97fcccf8aac26baaf4ef30c33f03a6e5bf4e53b377db7cb468b97bcfa747c4b1ad1c276f40b1035aae95c2d40425847f0c83b7ca8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
20b2e104f0cf02ffb7e9a5a11711aa7b

SHA1
6839665ec9f046bd5bc0ec1a64c209e0df4ed04a

SHA256
0136c0106aa13c97e567061a0595028fb9878c7ca21e5a5dcdbdb961d99fca87

SHA512
b3ec354d5d892d294d512d73d5c2af6c64c672463fe5ea9f2854074c7bccea842298c33f83ec91892691a8f017b7e5ba5a19cb65cccb26d09ccd9283045b5a1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
2c144b4927f07fa979f09eaa7fb431a2

SHA1
1e89b937c54956aaa2c0603d2d28288a4a99d192

SHA256
9c63e3612671fabcabdfe1410034af0232c4322357c8f7121b242b810e54bb62

SHA512
c2c63ab9c9eeacec54a48f17b8a75e471d757654db8dec7544bd4528b662df3af106dc3d083820f3e7eeb7358736c2e6f90c21063462e0e5fbbe928192515502

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6deb47f82f1a51f9500e4fd406273e9c

SHA1
6b4ca0b4efbc2e100e07fe24695f03797ce1e0fc

SHA256
06f427631fb9b657d4f544a2b55d3923766bd4dd9a779e5c10baa3318c0ec6e6

SHA512
530fc1547bebb5debf892500fb3404b9b9f0dbcf37739d2599e0c3c6f9d04d0de4cad9f45083893e96cb5f8629f44ab19b2e18a4512a19e1cd5f8357e637ed76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
9d0e66b4b6904467d9acea0bf75dda78

SHA1
2fbb6595824d132270480a490bd51f7b1082150d

SHA256
f20666c33cc4b98c9c040bf69b3862cdd5c21c76f11960dac4182eecda33b9e8

SHA512
196c313d8e6b3a8fa2d8a61cd5f58e42dd06448c1a6ced6e119a77250dea3683f32885e047ffb83a8c095b2c523e230739c9e52ed9940de2d313b43b19fe049d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
8be74a07466b9486f935f7872e6de271

SHA1
9b8e6735ee94744c716117b235a04cb2137b85a3

SHA256
01ae423cc45dcb32c118b73bd621e6163978f82ad99d869ac81569ae886bcf2d

SHA512
afb09a69ff25d247406c5a2a1330450edeb805c21900b46f58cf1391920c2984ef55567771ff234bce39d8acf28f0bf04f54dbf66d547d7dcfeb7a3795d810fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
afa6d5fe06824dee5de29d2787d00fff

SHA1
6d78ec2dd2022d62893410d213e4ec2be86bb54c

SHA256
c0702415a172a2815db8bb1fec9768b8b6235e7a1fbac5690775ceaea346da34

SHA512
a757583518b229012dd5dcc50db7bea1f67a85e54952475aa47689e013c87a2b9d85c9055713e8ec0d2413feb4cb658fd76bbc0eb30afee8516b400d4b2fabfe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5a0cb3.TMP

Filesize
120B

MD5
e5b320eb75ecf4937a601a1208ae69bb

SHA1
8cf0031c01cb64257d2b232adc43c3d33313a052

SHA256
a09652a9b8472fe34411ac5df59900653df4b23fcc3df1b1e4fed38fd21f5d2c

SHA512
5fc9031f6477e70978802cbbd23c0621d458ba0712d4b094190b7bac83d90fe2ec11a975084267549f622e5605e765dc21c72499316ca22a9c27ed20d8e5b168

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
224KB

MD5
b7f098c8f7bcc306b237d6ad8b27248d

SHA1
b3f9bd30d4fe4d387169ea8bb08dee50d4b3171a

SHA256
6dc9f48ba237c3746c94ec0f34590f09c1013997627272fded96116ff9245abb

SHA512
ded01c94ef789eca8fb884506814490cc97f8af8c8f52cd1c168f7dc32ae030861e5f800953f4696ef9f1d2a83b796b7c403aab01c41bc1653b9c7a339652901

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
224KB

MD5
3c9aba13956941cd45aa0b987a279a77

SHA1
0b9dde2ff5844369615ce24a647ce7ff8d8e4805

SHA256
d85fe6a11fe8b8d1d61f76b3d39ad35f7dc25eb645d586e024bede536b00042c

SHA512
0805a725bf0e39f86c15b18137ecdc63df085ecd2adfa04ea85be9ad9c542dd7ad92b7bcec9fcfe671e73144fae867c034eb2fc33f25d24861004bc83126f321

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
224KB

MD5
73c8d67de5c881fe35a06b0351abf087

SHA1
81228e081091c9ab35fda7404516d5611cfd349e

SHA256
ab65d974c9ec3af972ac6467d692c6c081baa785eba37d2f4cde4b6e80fa3c4c

SHA512
c8e843a3db5bb998c6088ea97a44ad84d9d1510f2a2099ef7f7121ac98497d6224b665b98aef2f69fee54e591eaafb7935afe0b8732f31db5f040d5c6de13d60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
224KB

MD5
0719b41c4a5949ddf160e37f2204ea32

SHA1
4ba8e42d89846e0d9de04f4562681c06a2182786

SHA256
afaee06ce3f240e017c240910fc30ae2936585fdfcef306e9bf434806012281a

SHA512
404cd472d60b4d729f07ff744b5d3946c551a0faed451720fac162bef0c334632cd64ebe0133af4f625f9a9d12bfd880e4ce5b92b2b370249ea6cd8f63645301

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
111KB

MD5
1a90f479ea78d9bc2c01cde98fe1511e

SHA1
c1a7943f4ec8c3616a60ea61ba79e4ee1e6dd31f

SHA256
a45d399b07be6a0c7b2facdd451a17c1c0b0d9553d6b163689a990fe4f715d96

SHA512
298d6a6e337f0349808a253fde2424962cc80c6cb316baef7a86dedf3ce92562c86d02b2574570653d03d8f6fe40fa63fc84bf93e4fdbff52bcab47c9e37b154

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
113KB

MD5
8d8f7de3f1aaf76a0ec2e081dcd503a3

SHA1
373fa58fc108f5838699f6c8d7b112054f4f7728

SHA256
6c03303e7e5ffde362f0a36d76dd3a633aa7175b5de005d80e9e6c85264d8a10

SHA512
58c7c4f4e3e39f0f01d47e413f22867bdb09d835caf0bea55b629038aed27f0ed18db7b5cca046efe451f846ad74b83f194d192b7046cdc0134053d7945edec9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
107KB

MD5
8e2d6aba8efbcd17b3bb1e01b6907642

SHA1
2b07b4ad0c0cce3d5c5f90129ff29eb4c998b2d2

SHA256
c23beb4e18553d8dea5ebcdcfd5492e5f44289f058a9e7debbc56a5abc847048

SHA512
2f7b707d59b256523a20ca27caaf1f62d679538b08ec24bd7e467f8b65d024f0b817c34cf8955bf729f83b95127b034d29228d2ac057ac8b0dd76bba57d926cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
114KB

MD5
99b179ec8d318e00ac6281b1e8ea84d6

SHA1
b0d0371b60553fee83c8a546dddd56e95e2b736d

SHA256
f1cfa9083cde5e020eb5064bae232a7afe86712f51ca59677bd525c53259d521

SHA512
29816de2df65cb0bcd63a268476f279851461cc7433de4060277da34cc47812cf06c5491a8e9f9c20acaaa78d1bbcf9ad94528c2a29a86b72ea941d6b31f8c28

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58bab0.TMP

Filesize
98KB

MD5
f0c133177dc872713ed573a5579df208

SHA1
cad0476fdb200b5e05faac835798bfd4af3e3735

SHA256
c37717fd0a59559ecf5adcf4022914dace3ac9a5b51c39ada58910e785bb9dc5

SHA512
680eaa8969fb40d6a233ec0477b484d358ab141978b47e7e0495878b7954bf953a2f678964b879c487803281c2086ce73a969edabec33a9035d95fab9f82322d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.fun

Filesize
8KB

MD5
f22599af9343cac74a6c5412104d748c

SHA1
e2ac4c57fa38f9d99f3d38c2f6582b4334331df5

SHA256
36537e56d60910ab6aa548e64ca4adafdcabde9d60739013993e12ba061dfd65

SHA512
5c8afc025e1d8342d93b7842dc7ef22eca61085857a80a08ba9b3f156ee3b814606bb32bc244bd525a7913e7915bdf3a86771d39577f4a1176ade04dc381c6d4

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{26546703-9483-4967-ae59-308aa3ea3fd3}\0.1.filtertrie.intermediate.txt.fun

Filesize
16B

MD5
1fd532d45d20d5c86da0196e1af3f59a

SHA1
34adcab9d06e04ea6771fa6c9612b445fe261fab

SHA256
dae6420ea1d7dbe55ab9d32b04270a2b7092a9b6645ed4e87ad2c2da5fdd6bae

SHA512
f778cd0256eda2c1d8724a46f82e18ab760221181f75649e49dd32e9a2558bec0e9c52c5306ad17b18ab60395d83c438742103fe9adddf808e40c3d8384ea0b0

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{26546703-9483-4967-ae59-308aa3ea3fd3}\0.2.filtertrie.intermediate.txt.fun

Filesize
16B

MD5
f405f596786198c6260d9c5c2b057999

SHA1
f8f3345eb5abc30606964a460d8eef43d3304076

SHA256
58e3090edb9316d9141065ac654a08169f2833091e6eb3a53b5a774a61b7e30a

SHA512
a0b3573dae218ade265709a6fdee5f7700c9754eb10747de5af34af340ae95909d0a8902159a735e82eb5d7091f50a7997113661a7ec3fcc2b408fb6c78a4c39

Download Submit
C:\Users\Admin\AppData\Local\Temp\{11BDD8FD-207B-4170-A3DC-74C91FB98920} - OProcSessId.dat.fun

Filesize
16B

MD5
8ebcc5ca5ac09a09376801ecdd6f3792

SHA1
81187142b138e0245d5d0bc511f7c46c30df3e14

SHA256
619e246fc0ac11320ff9e322a979948d949494b0c18217f4d794e1b398818880

SHA512
cec50bfc6ad2f57f16da99459f40f2d424c6d5691685fa1053284f46c8c8c8a975d7bcb1f3521c4f3fbdc310cf4714e29404aa23be6021e2e267c97b090dc650

Download Submit
C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

Filesize
6.4MB

MD5
69edb6c8e55c53da2ec94c5362498ca2

SHA1
f5ee8e3762a8a5f7bbe237f390a8da18a2ec8b82

SHA256
649ffe18f9abc71bbc425478112ca26d1722ddba359e2df4bdcd170dc36aa58d

SHA512
8d6f2cb60399129bdb557776103ec059bb0b45a0c63a8df52bacfa75ce3c097906e31b2bfd1976026d1754fc0dde7ec36b6a4900f133538281b2582ddafa0fcb

Download Submit
C:\Users\Admin\Desktop\@[email protected]

Filesize
933B

MD5
7e6b6da7c61fcb66f3f30166871def5b

SHA1
00f699cf9bbc0308f6e101283eca15a7c566d4f9

SHA256
4a25d98c121bb3bd5b54e0b6a5348f7b09966bffeec30776e5a731813f05d49e

SHA512
e5a56137f325904e0c7de1d0df38745f733652214f0cdb6ef173fa0743a334f95bed274df79469e270c9208e6bdc2e6251ef0cdd81af20fa1897929663e2c7d3

Download Submit
C:\Users\Admin\Desktop\ConnectExport.xls.fun

Filesize
342KB

MD5
a7aac55edcd43642d6b41e5dd213ab70

SHA1
fddad72158b044d5dae79982b9cb70b434a567f7

SHA256
2e76fa2984fc663333b42db9b5972bb96fd5b665a03dfe1ce3ecd8d62f8d106a

SHA512
ae59cb8d0d22885d2c80a7552e5d0f07f3cfbd378dbba2056ed3c72bcf3a60b681f0c9f8fd3f38d3408c97b23ad1639a232cb920e4f5771bc6a77fe6fc46aa3c

Download Submit
C:\Users\Admin\Desktop\ConvertBlock.svg.fun

Filesize
307KB

MD5
41bb41ee328b6fd3c2e669d0be9edd89

SHA1
d53a4ef888d29e4fc4337654b06b72a61c63f8c2

SHA256
4c5b9b72394110c171aa34ca11c50f837c601c154fd358b5710c7ab431cd4e86

SHA512
bc171975ec73b8f80f6b2ce8051e675350db767bde480ee537692215be985b7b5418a643de5d0f63b64b7dba7a43b16a01298af06593f2c40963699760b18be0

Download Submit
C:\Users\Admin\Desktop\HideCopy.png.fun

Filesize
522KB

MD5
ff566fd387e1d8b42d53575894d1230c

SHA1
3537e8adcc99f0dcb43209c47bd53f7dc75af36f

SHA256
327cb6def0d4d1b6e712a671a4ba1da7ab22a47943149b54d1260238cb763756

SHA512
0ec9d5f2d5a4f780565b79b5584b15905aef3a3fa108af52ebacf23da6a03511a9e1809ad7b5fbb8442278b443567247399d8117c5bfe0241fa45017bde65441

Download Submit
C:\Users\Admin\Desktop\JoinRepair.wps.fun

Filesize
319KB

MD5
3436d86a722849c427ca14e76852862f

SHA1
73acc45c8b78768f55843cd2c3e26448b7a0eb77

SHA256
ecf612fcb6ab1cdfc6604ee26ffbcdeedf57a396c7ea511cc17fbc46814f71c6

SHA512
9d15f827fd5709511d1b80706021dcb08bebe2aabe623150acbd2f5340ee960d9619f3982b1ed70c9e9b1104a058a7c4b56b499563db893308c4053af9e75b26

Download Submit
C:\Users\Admin\Desktop\TaskData\Tor\tor.exe

Filesize
3.0MB

MD5
fe7eb54691ad6e6af77f8a9a0b6de26d

SHA1
53912d33bec3375153b7e4e68b78d66dab62671a

SHA256
e48673680746fbe027e8982f62a83c298d6fb46ad9243de8e79b7e5a24dcd4eb

SHA512
8ac6dc5bb016afc869fcbb713f6a14d3692e866b94f4f1ee83b09a7506a8cb58768bd47e081cf6e97b2dacf9f9a6a8ca240d7d20d0b67dbd33238cc861deae8f

Download Submit
C:\Users\Admin\Desktop\b.wnry

Filesize
1.4MB

MD5
c17170262312f3be7027bc2ca825bf0c

SHA1
f19eceda82973239a1fdc5826bce7691e5dcb4fb

SHA256
d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa

SHA512
c6160fd03ad659c8dd9cf2a83f9fdcd34f2db4f8f27f33c5afd52aced49dfa9ce4909211c221a0479dbbb6e6c985385557c495fc04d3400ff21a0fbbae42ee7c

Download Submit
C:\Users\Admin\Desktop\c.wnry

Filesize
780B

MD5
93f33b83f1f263e2419006d6026e7bc1

SHA1
1a4b36c56430a56af2e0ecabd754bf00067ce488

SHA256
ef0ed0b717d1b956eb6c42ba1f4fd2283cf7c8416bed0afd1e8805ee0502f2b4

SHA512
45bdd1a9a3118ee4d3469ee65a7a8fdb0f9315ca417821db058028ffb0ed145209f975232a9e64aba1c02b9664c854232221eb041d09231c330ae510f638afac

Download Submit
C:\Users\Admin\Desktop\msg\m_bulgarian.wnry

Filesize
46KB

MD5
95673b0f968c0f55b32204361940d184

SHA1
81e427d15a1a826b93e91c3d2fa65221c8ca9cff

SHA256
40b37e7b80cf678d7dd302aaf41b88135ade6ddf44d89bdba19cf171564444bd

SHA512
7601f1883edbb4150a9dc17084012323b3bfa66f6d19d3d0355cf82b6a1c9dce475d758da18b6d17a8b321bf6fca20915224dbaedcb3f4d16abfaf7a5fc21b92

Download Submit
C:\Users\Admin\Desktop\msg\m_chinese (simplified).wnry

Filesize
53KB

MD5
0252d45ca21c8e43c9742285c48e91ad

SHA1
5c14551d2736eef3a1c1970cc492206e531703c1

SHA256
845d0e178aeebd6c7e2a2e9697b2bf6cf02028c50c288b3ba88fe2918ea2834a

SHA512
1bfcf6c0e7c977d777f12bd20ac347630999c4d99bd706b40de7ff8f2f52e02560d68093142cc93722095657807a1480ce3fb6a2e000c488550548c497998755

Download Submit
C:\Users\Admin\Desktop\msg\m_chinese (traditional).wnry

Filesize
77KB

MD5
2efc3690d67cd073a9406a25005f7cea

SHA1
52c07f98870eabace6ec370b7eb562751e8067e9

SHA256
5c7f6ad1ec4bc2c8e2c9c126633215daba7de731ac8b12be10ca157417c97f3a

SHA512
0766c58e64d9cda5328e00b86f8482316e944aa2c26523a3c37289e22c34be4b70937033bebdb217f675e40db9fecdce0a0d516f9065a170e28286c2d218487c

Download Submit
C:\Users\Admin\Desktop\msg\m_croatian.wnry

Filesize
38KB

MD5
17194003fa70ce477326ce2f6deeb270

SHA1
e325988f68d327743926ea317abb9882f347fa73

SHA256
3f33734b2d34cce83936ce99c3494cd845f1d2c02d7f6da31d42dfc1ca15a171

SHA512
dcf4ccf0b352a8b271827b3b8e181f7d6502ca0f8c9dda3dc6e53441bb4ae6e77b49c9c947cc3ede0bf323f09140a0c068a907f3c23ea2a8495d1ad96820051c

Download Submit
C:\Users\Admin\Desktop\msg\m_czech.wnry

Filesize
39KB

MD5
537efeecdfa94cc421e58fd82a58ba9e

SHA1
3609456e16bc16ba447979f3aa69221290ec17d0

SHA256
5afa4753afa048c6d6c39327ce674f27f5f6e5d3f2a060b7a8aed61725481150

SHA512
e007786ffa09ccd5a24e5c6504c8de444929a2faaafad3712367c05615b7e1b0fbf7fbfff7028ed3f832ce226957390d8bf54308870e9ed597948a838da1137b

Download Submit
C:\Users\Admin\Desktop\msg\m_danish.wnry

Filesize
36KB

MD5
2c5a3b81d5c4715b7bea01033367fcb5

SHA1
b548b45da8463e17199daafd34c23591f94e82cd

SHA256
a75bb44284b9db8d702692f84909a7e23f21141866adf3db888042e9109a1cb6

SHA512
490c5a892fac801b853c348477b1140755d4c53ca05726ac19d3649af4285c93523393a3667e209c71c80ac06ffd809f62dd69ae65012dcb00445d032f1277b3

Download Submit
C:\Users\Admin\Desktop\msg\m_dutch.wnry

Filesize
36KB

MD5
7a8d499407c6a647c03c4471a67eaad7

SHA1
d573b6ac8e7e04a05cbbd6b7f6a9842f371d343b

SHA256
2c95bef914da6c50d7bdedec601e589fbb4fda24c4863a7260f4f72bd025799c

SHA512
608ef3ff0a517fe1e70ff41aeb277821565c5a9bee5103aa5e45c68d4763fce507c2a34d810f4cd242d163181f8341d9a69e93fe32aded6fbc7f544c55743f12

Download Submit
C:\Users\Admin\Desktop\msg\m_english.wnry

Filesize
36KB

MD5
fe68c2dc0d2419b38f44d83f2fcf232e

SHA1
6c6e49949957215aa2f3dfb72207d249adf36283

SHA256
26fd072fda6e12f8c2d3292086ef0390785efa2c556e2a88bd4673102af703e5

SHA512
941fa0a1f6a5756ed54260994db6158a7ebeb9e18b5c8ca2f6530c579bc4455918df0b38c609f501ca466b3cc067b40e4b861ad6513373b483b36338ae20a810

Download Submit
C:\Users\Admin\Desktop\msg\m_filipino.wnry

Filesize
36KB

MD5
08b9e69b57e4c9b966664f8e1c27ab09

SHA1
2da1025bbbfb3cd308070765fc0893a48e5a85fa

SHA256
d8489f8c16318e524b45de8b35d7e2c3cd8ed4821c136f12f5ef3c9fc3321324

SHA512
966b5ed68be6b5ccd46e0de1fa868cfe5432d9bf82e1e2f6eb99b2aef3c92f88d96f4f4eec5e16381b9c6db80a68071e7124ca1474d664bdd77e1817ec600cb4

Download Submit
C:\Users\Admin\Desktop\msg\m_finnish.wnry

Filesize
37KB

MD5
35c2f97eea8819b1caebd23fee732d8f

SHA1
e354d1cc43d6a39d9732adea5d3b0f57284255d2

SHA256
1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e

SHA512
908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf

Download Submit
C:\Users\Admin\Desktop\msg\m_finnish.wnry

Filesize
37KB

MD5
35c2f97eea8819b1caebd23fee732d8f

SHA1
e354d1cc43d6a39d9732adea5d3b0f57284255d2

SHA256
1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e

SHA512
908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf

Download Submit
C:\Users\Admin\Desktop\msg\m_french.wnry

Filesize
37KB

MD5
4e57113a6bf6b88fdd32782a4a381274

SHA1
0fccbc91f0f94453d91670c6794f71348711061d

SHA256
9bd38110e6523547aed50617ddc77d0920d408faeed2b7a21ab163fda22177bc

SHA512
4f1918a12269c654d44e9d394bc209ef0bc32242be8833a2fba437b879125177e149f56f2fb0c302330dec328139b34982c04b3fefb045612b6cc9f83ec85aa9

Download Submit
C:\Users\Admin\Desktop\msg\m_german.wnry

Filesize
36KB

MD5
3d59bbb5553fe03a89f817819540f469

SHA1
26781d4b06ff704800b463d0f1fca3afd923a9fe

SHA256
2adc900fafa9938d85ce53cb793271f37af40cf499bcc454f44975db533f0b61

SHA512
95719ae80589f71209bb3cb953276538040e7111b994d757b0a24283aefe27aadbbe9eef3f1f823ce4cabc1090946d4a2a558607ac6cac6faca5971529b34dac

Download Submit
C:\Users\Admin\Desktop\msg\m_greek.wnry

Filesize
47KB

MD5
fb4e8718fea95bb7479727fde80cb424

SHA1
1088c7653cba385fe994e9ae34a6595898f20aeb

SHA256
e13cc9b13aa5074dc45d50379eceb17ee39a0c2531ab617d93800fe236758ca9

SHA512
24db377af1569e4e2b2ebccec42564cea95a30f1ff43bcaf25a692f99567e027bcef4aacef008ec5f64ea2eef0c04be88d2b30bcadabb3919b5f45a6633940cb

Download Submit
C:\Users\Admin\Desktop\msg\m_indonesian.wnry

Filesize
36KB

MD5
3788f91c694dfc48e12417ce93356b0f

SHA1
eb3b87f7f654b604daf3484da9e02ca6c4ea98b7

SHA256
23e5e738aad10fb8ef89aa0285269aff728070080158fd3e7792fe9ed47c51f4

SHA512
b7dd9e6dc7c2d023ff958caf132f0544c76fae3b2d8e49753257676cc541735807b4befdf483bcae94c2dcde3c878c783b4a89dca0fecbc78f5bbf7c356f35cd

Download Submit
C:\Users\Admin\Desktop\msg\m_italian.wnry

Filesize
36KB

MD5
30a200f78498990095b36f574b6e8690

SHA1
c4b1b3c087bd12b063e98bca464cd05f3f7b7882

SHA256
49f2c739e7d9745c0834dc817a71bf6676ccc24a4c28dcddf8844093aab3df07

SHA512
c0da2aae82c397f6943a0a7b838f60eeef8f57192c5f498f2ecf05db824cfeb6d6ca830bf3715da7ee400aa8362bd64dc835298f3f0085ae7a744e6e6c690511

Download Submit
C:\Users\Admin\Desktop\msg\m_japanese.wnry

Filesize
79KB

MD5
b77e1221f7ecd0b5d696cb66cda1609e

SHA1
51eb7a254a33d05edf188ded653005dc82de8a46

SHA256
7e491e7b48d6e34f916624c1cda9f024e86fcbec56acda35e27fa99d530d017e

SHA512
f435fd67954787e6b87460db026759410fbd25b2f6ea758118749c113a50192446861a114358443a129be817020b50f21d27b1ebd3d22c7be62082e8b45223fc

Download Submit
C:\Users\Admin\Desktop\msg\m_korean.wnry

Filesize
89KB

MD5
6735cb43fe44832b061eeb3f5956b099

SHA1
d636daf64d524f81367ea92fdafa3726c909bee1

SHA256
552aa0f82f37c9601114974228d4fc54f7434fe3ae7a276ef1ae98a0f608f1d0

SHA512
60272801909dbba21578b22c49f6b0ba8cd0070f116476ff35b3ac8347b987790e4cc0334724244c4b13415a246e77a577230029e4561ae6f04a598c3f536c7e

Download Submit
C:\Users\Admin\Desktop\msg\m_latvian.wnry

Filesize
40KB

MD5
c33afb4ecc04ee1bcc6975bea49abe40

SHA1
fbea4f170507cde02b839527ef50b7ec74b4821f

SHA256
a0356696877f2d94d645ae2df6ce6b370bd5c0d6db3d36def44e714525de0536

SHA512
0d435f0836f61a5ff55b78c02fa47b191e5807a79d8a6e991f3115743df2141b3db42ba8bdad9ad259e12f5800828e9e72d7c94a6a5259312a447d669b03ec44

Download Submit
C:\Users\Admin\Desktop\msg\m_norwegian.wnry

Filesize
36KB

MD5
ff70cc7c00951084175d12128ce02399

SHA1
75ad3b1ad4fb14813882d88e952208c648f1fd18

SHA256
cb5da96b3dfcf4394713623dbf3831b2a0b8be63987f563e1c32edeb74cb6c3a

SHA512
f01df3256d49325e5ec49fd265aa3f176020c8ffec60eb1d828c75a3fa18ff8634e1de824d77dfdd833768acff1f547303104620c70066a2708654a07ef22e19

Download Submit
C:\Users\Admin\Desktop\msg\m_polish.wnry

Filesize
38KB

MD5
e79d7f2833a9c2e2553c7fe04a1b63f4

SHA1
3d9f56d2381b8fe16042aa7c4feb1b33f2baebff

SHA256
519ad66009a6c127400c6c09e079903223bd82ecc18ad71b8e5cd79f5f9c053e

SHA512
e0159c753491cac7606a7250f332e87bc6b14876bc7a1cf5625fa56ab4f09c485f7b231dd52e4ff0f5f3c29862afb1124c0efd0741613eb97a83cbe2668af5de

Download Submit
C:\Users\Admin\Desktop\msg\m_portuguese.wnry

Filesize
37KB

MD5
fa948f7d8dfb21ceddd6794f2d56b44f

SHA1
ca915fbe020caa88dd776d89632d7866f660fc7a

SHA256
bd9f4b3aedf4f81f37ec0a028aabcb0e9a900e6b4de04e9271c8db81432e2a66

SHA512
0d211bfb0ae953081dca00cd07f8c908c174fd6c47a8001fadc614203f0e55d9fbb7fa9b87c735d57101341ab36af443918ee00737ed4c19ace0a2b85497f41a

Download Submit
C:\Users\Admin\Desktop\msg\m_romanian.wnry

Filesize
50KB

MD5
313e0ececd24f4fa1504118a11bc7986

SHA1
e1b9ae804c7fb1d27f39db18dc0647bb04e75e9d

SHA256
70c0f32ed379ae899e5ac975e20bbbacd295cf7cd50c36174d2602420c770ac1

SHA512
c7500363c61baf8b77fce796d750f8f5e6886ff0a10f81c3240ea3ad4e5f101b597490dea8ab6bd9193457d35d8fd579fce1b88a1c8d85ebe96c66d909630730

Download Submit
C:\Users\Admin\Desktop\msg\m_russian.wnry

Filesize
46KB

MD5
452615db2336d60af7e2057481e4cab5

SHA1
442e31f6556b3d7de6eb85fbac3d2957b7f5eac6

SHA256
02932052fafe97e6acaaf9f391738a3a826f5434b1a013abbfa7a6c1ade1e078

SHA512
7613dc329abe7a3f32164c9a6b660f209a84b774ab9c008bf6503c76255b30ea9a743a6dc49a8de8df0bcb9aea5a33f7408ba27848d9562583ff51991910911f

Download Submit
C:\Users\Admin\Desktop\msg\m_slovak.wnry

Filesize
40KB

MD5
c911aba4ab1da6c28cf86338ab2ab6cc

SHA1
fee0fd58b8efe76077620d8abc7500dbfef7c5b0

SHA256
e64178e339c8e10eac17a236a67b892d0447eb67b1dcd149763dad6fd9f72729

SHA512
3491ed285a091a123a1a6d61aafbb8d5621ccc9e045a237a2f9c2cf6049e7420eb96ef30fdcea856b50454436e2ec468770f8d585752d73fafd676c4ef5e800a

Download Submit
C:\Users\Admin\Desktop\msg\m_spanish.wnry

Filesize
36KB

MD5
8d61648d34cba8ae9d1e2a219019add1

SHA1
2091e42fc17a0cc2f235650f7aad87abf8ba22c2

SHA256
72f20024b2f69b45a1391f0a6474e9f6349625ce329f5444aec7401fe31f8de1

SHA512
68489c33ba89edfe2e3aebaacf8ef848d2ea88dcbef9609c258662605e02d12cfa4ffdc1d266fc5878488e296d2848b2cb0bbd45f1e86ef959bab6162d284079

Download Submit
C:\Users\Admin\Documents\@[email protected]

Filesize
240KB

MD5
7bf2b57f2a205768755c07f238fb32cc

SHA1
45356a9dd616ed7161a3b9192e2f318d0ab5ad10

SHA256
b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25

SHA512
91a39e919296cb5c6eccba710b780519d90035175aa460ec6dbe631324e5e5753bd8d87f395b5481bcd7e1ad623b31a34382d81faae06bef60ec28b49c3122a9

Download Submit
C:\Users\Admin\Downloads\Ransomware.Jigsaw.zip

Filesize
239KB

MD5
3ad6374a3558149d09d74e6af72344e3

SHA1
e7be9f22578027fc0b6ddb94c09b245ee8ce1620

SHA256
86a391fe7a237f4f17846c53d71e45820411d1a9a6e0c16f22a11ebc491ff9ff

SHA512
21c21b36be200a195bfa648e228c64e52262b06d19d294446b8a544ff1d81f81eb2af74ddbdebc59915168db5dba76d0f0585e83471801d9ee37e59af0620720

Download Submit
C:\Users\Admin\Downloads\Ransomware.Jigsaw.zip

Filesize
239KB

MD5
3ad6374a3558149d09d74e6af72344e3

SHA1
e7be9f22578027fc0b6ddb94c09b245ee8ce1620

SHA256
86a391fe7a237f4f17846c53d71e45820411d1a9a6e0c16f22a11ebc491ff9ff

SHA512
21c21b36be200a195bfa648e228c64e52262b06d19d294446b8a544ff1d81f81eb2af74ddbdebc59915168db5dba76d0f0585e83471801d9ee37e59af0620720

Download Submit
C:\Users\Admin\Downloads\Ransomware.WannaCry.zip.crdownload

Filesize
3.3MB

MD5
efe76bf09daba2c594d2bc173d9b5cf0

SHA1
ba5de52939cb809eae10fdbb7fac47095a9599a7

SHA256
707a9f323556179571bc832e34fa592066b1d5f2cac4a7426fe163597e3e618a

SHA512
4a1df71925cf2eb49c38f07c6a95bea17752b025f0114c6fd81bc0841c1d1f2965b5dda1469e454b9e8207c2e0dfd3df0959e57166620ccff86eeeb5cf855029

Download Submit
C:\Users\Public\Desktop\@[email protected]

Filesize
1.4MB

MD5
c17170262312f3be7027bc2ca825bf0c

SHA1
f19eceda82973239a1fdc5826bce7691e5dcb4fb

SHA256
d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa

SHA512
c6160fd03ad659c8dd9cf2a83f9fdcd34f2db4f8f27f33c5afd52aced49dfa9ce4909211c221a0479dbbb6e6c985385557c495fc04d3400ff21a0fbbae42ee7c

Download Submit
\??\pipe\crashpad_3532_JRIUBVBWFKZGFFGC

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1644-3620-0x0000000010000000-0x0000000010010000-memory.dmp

Filesize
64KB

Download
memory/2840-5468-0x0000000073860000-0x0000000073A7C000-memory.dmp

Filesize
2.1MB

Download
memory/2840-5409-0x0000000073A80000-0x0000000073B02000-memory.dmp

Filesize
520KB

Download
memory/2840-5421-0x0000000073B10000-0x0000000073B87000-memory.dmp

Filesize
476KB

Download
memory/2840-5423-0x0000000073860000-0x0000000073A7C000-memory.dmp

Filesize
2.1MB

Download
memory/2840-5426-0x0000000000980000-0x0000000000C7E000-memory.dmp

Filesize
3.0MB

Download
memory/2840-5433-0x0000000000980000-0x0000000000C7E000-memory.dmp

Filesize
3.0MB

Download
memory/2840-5434-0x0000000000980000-0x0000000000C7E000-memory.dmp

Filesize
3.0MB

Download
memory/2840-5440-0x0000000073860000-0x0000000073A7C000-memory.dmp

Filesize
2.1MB

Download
memory/2840-5442-0x0000000000980000-0x0000000000C7E000-memory.dmp

Filesize
3.0MB

Download
memory/2840-5448-0x0000000073860000-0x0000000073A7C000-memory.dmp

Filesize
2.1MB

Download
memory/2840-5420-0x0000000073B90000-0x0000000073BB2000-memory.dmp

Filesize
136KB

Download
memory/2840-5462-0x0000000000980000-0x0000000000C7E000-memory.dmp

Filesize
3.0MB

Download
memory/2840-5418-0x0000000073BE0000-0x0000000073C62000-memory.dmp

Filesize
520KB

Download
memory/2840-5470-0x0000000000980000-0x0000000000C7E000-memory.dmp

Filesize
3.0MB

Download
memory/2840-5479-0x0000000000980000-0x0000000000C7E000-memory.dmp

Filesize
3.0MB

Download
memory/2840-5485-0x0000000073860000-0x0000000073A7C000-memory.dmp

Filesize
2.1MB

Download
memory/2840-5486-0x0000000000980000-0x0000000000C7E000-memory.dmp

Filesize
3.0MB

Download
memory/2840-5419-0x0000000073BC0000-0x0000000073BDC000-memory.dmp

Filesize
112KB

Download
memory/2840-5417-0x0000000000980000-0x0000000000C7E000-memory.dmp

Filesize
3.0MB

Download
memory/2840-5404-0x0000000073BE0000-0x0000000073C62000-memory.dmp

Filesize
520KB

Download
memory/2840-5412-0x0000000000980000-0x0000000000C7E000-memory.dmp

Filesize
3.0MB

Download
memory/2840-5422-0x0000000073A80000-0x0000000073B02000-memory.dmp

Filesize
520KB

Download
memory/2840-5411-0x0000000000980000-0x0000000000C7E000-memory.dmp

Filesize
3.0MB

Download
memory/2840-5410-0x0000000073B90000-0x0000000073BB2000-memory.dmp

Filesize
136KB

Download
memory/2840-5408-0x0000000073860000-0x0000000073A7C000-memory.dmp

Filesize
2.1MB

Download
memory/2840-5405-0x0000000073860000-0x0000000073A7C000-memory.dmp

Filesize
2.1MB

Download
memory/2840-5406-0x0000000073BE0000-0x0000000073C62000-memory.dmp

Filesize
520KB

Download
memory/4732-437-0x0000000000A50000-0x0000000000A88000-memory.dmp

Filesize
224KB

Download
memory/4732-439-0x000000001BB20000-0x000000001BBBC000-memory.dmp

Filesize
624KB

Download
memory/4732-454-0x00007FFE7CB00000-0x00007FFE7D4A1000-memory.dmp

Filesize
9.6MB

Download
memory/4732-434-0x00007FFE7CB00000-0x00007FFE7D4A1000-memory.dmp

Filesize
9.6MB

Download
memory/4732-435-0x00007FFE7CB00000-0x00007FFE7D4A1000-memory.dmp

Filesize
9.6MB

Download
memory/4732-436-0x0000000000AD0000-0x0000000000AE0000-memory.dmp

Filesize
64KB

Download
memory/4732-438-0x000000001B5B0000-0x000000001BA7E000-memory.dmp

Filesize
4.8MB

Download
memory/4932-457-0x000000001C8A0000-0x000000001C8A8000-memory.dmp

Filesize
32KB

Download
memory/4932-719-0x00007FFE7CB00000-0x00007FFE7D4A1000-memory.dmp

Filesize
9.6MB

Download
memory/4932-460-0x000000001F3A0000-0x000000001F3F0000-memory.dmp

Filesize
320KB

Download
memory/4932-455-0x00000000017F0000-0x0000000001800000-memory.dmp

Filesize
64KB

Download
memory/4932-456-0x00007FFE7CB00000-0x00007FFE7D4A1000-memory.dmp

Filesize
9.6MB

Download
memory/4932-721-0x00007FFE7CB00000-0x00007FFE7D4A1000-memory.dmp

Filesize
9.6MB

Download
memory/4932-720-0x00000000017F0000-0x0000000001800000-memory.dmp

Filesize
64KB

Download
memory/4932-453-0x00007FFE7CB00000-0x00007FFE7D4A1000-memory.dmp

Filesize
9.6MB

Download
memory/4932-5415-0x00000000017F0000-0x0000000001800000-memory.dmp

Filesize
64KB

Download
memory/4932-5343-0x00000000017F0000-0x0000000001800000-memory.dmp

Filesize
64KB

Download