Analysis
-
max time kernel
870s -
max time network
871s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system -
submitted
13-04-2024 22:42
Static task
static1
Behavioral task
behavioral1
Sample
jigsaw.exe
Resource
win10-20240404-en
General
-
Target
jigsaw.exe
-
Size
283KB
-
MD5
2773e3dc59472296cb0024ba7715a64e
-
SHA1
27d99fbca067f478bb91cdbcb92f13a828b00859
-
SHA256
3ae96f73d805e1d3995253db4d910300d8442ea603737a1428b613061e7f61e7
-
SHA512
6ef530b209f8ec459cca66dbf2c31ec96c5f7d609f17fa3b877d276968032fbc6132ea4a45ed1450fb6c5d730a7c9349bf4481e28befaea6b119ec0ded842262
-
SSDEEP
6144:7fukPLPvucHiQQQ4uuy9ApZbZWxcZt+kTfMLJTOAZiYSXjjeqXus:7fu5cCT7yYlWi8kTfMLJTOAZiYSXjyqX
Malware Config
Signatures
-
Jigsaw Ransomware
Ransomware family first created in 2016. Named based on wallpaper set after infection in the early versions.
-
Renames multiple (3750) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops startup file 1 IoCs
description ioc Process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Notepad.lnk svchost.exe -
Executes dropped EXE 1 IoCs
pid Process 3788 drpbx.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Windows\CurrentVersion\Run\firefox.exe = "C:\\Users\\Admin\\AppData\\Roaming\\Frfx\\firefox.exe" jigsaw.exe -
Drops desktop.ini file(s) 2 IoCs
description ioc Process File created C:\Windows\assembly\Desktop.ini drpbx.exe File opened for modification C:\Windows\assembly\Desktop.ini drpbx.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 10 IoCs
flow ioc 276 sites.google.com 275 sites.google.com 196 camo.githubusercontent.com 197 camo.githubusercontent.com 212 raw.githubusercontent.com 213 raw.githubusercontent.com 277 sites.google.com 300 drive.google.com 301 drive.google.com 195 camo.githubusercontent.com -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1611.10393.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Car\LTR\contrast-white\SmallTile.scale-125.png drpbx.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\sendforcomments.svg.fun drpbx.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\tr-tr\ui-strings.js drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.14.1181.0_x64__8wekyb3d8bbwe\Assets\Audio\firework1.wav drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.204.0_x64__kzf8qxf38zg5c\SkypeApp\Designs\Flags\small\th_16x11.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-Exchange.scale-125.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_16.511.8780.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\PhotosMedTile.contrast-white_scale-125.png drpbx.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\zh-hk_get.svg.fun drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.3DBuilder_13.0.10349.0_x64__8wekyb3d8bbwe\Assets\TextureBitmaps\grmarble.jpg drpbx.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\s_opencarat_18.svg.fun drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.7668.58071.0_x64__8wekyb3d8bbwe\images\326_20x20x32.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\images\HxMailAppList.targetsize-48_altform-unplated.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1611.10393.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\MapsAppList.targetsize-96_altform-unplated_contrast-white.png drpbx.exe File opened for modification C:\Program Files\Microsoft Office\root\rsod\powerpointmui.msi.16.en-us.boot.tree.dat drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.204.0_x64__kzf8qxf38zg5c\SkypeApp\Assets\SkypeLogo.scale-200.png drpbx.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\zh-hk_get.svg.fun drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.10252.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppPackageStoreLogo.scale-100.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.18.56.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\69.png drpbx.exe File created C:\Program Files\Microsoft Office\root\Templates\1033\TimelessLetter.dotx.fun drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Thumbnails\Sticker_Icon_Heart.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.204.0_x64__kzf8qxf38zg5c\SkypeApp\Designs\Emoticons\small\bow.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.7668.58071.0_x64__8wekyb3d8bbwe\images\OneNoteSectionMedTile.scale-100.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\images\HxA-Yahoo-Dark.scale-200.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.16112.11621.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-20_altform-unplated.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Advanced-Dark.scale-125.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.18.56.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\1.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsStore_11701.1001.87.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\StoreAppList.scale-200.png drpbx.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\nb-no\ui-strings.js.fun drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.14.1181.0_x64__8wekyb3d8bbwe\Arkadium.Win10.StarClub\Assets\main_tile.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Sticker_Tongue.png drpbx.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\tr-tr\ui-strings.js.fun drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.511.8780.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.targetsize-32_altform-unplated.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.16112.11601.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-60.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.18.56.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\423x173\5.jpg drpbx.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\fr-fr\ui-strings.js drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1702.333.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.targetsize-16.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.3DBuilder_13.0.10349.0_x64__8wekyb3d8bbwe\Assets\manifestAssets\SplashScreen.scale-100.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.14.1181.0_x64__8wekyb3d8bbwe\Assets\HowToPlay\StarClub\Help_3_2.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1611.10393.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\Images\Ratings\Yelp7.scale-125.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.7668.58071.0_x64__8wekyb3d8bbwe\images\4583_40x40x32.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.14.1181.0_x64__8wekyb3d8bbwe\Assets\MainPage\mainPage_more_awards.jpg drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.7668.58071.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSmallTile.scale-150.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.14.1181.0_x64__8wekyb3d8bbwe\Assets\Awards\klondike\Blizzard-of_Bliss_.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.204.0_x64__kzf8qxf38zg5c\SkypeApp\Designs\Flags\small\bw_16x11.png drpbx.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\sl-si\ui-strings.js drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_1.1702.21039.0_x64__8wekyb3d8bbwe\AppxManifest.xml drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.7668.58071.0_x64__8wekyb3d8bbwe\images\326_24x24x32.png drpbx.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\themes\dark\illustrations_retina.png.fun drpbx.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\sk-sk\ui-strings.js drpbx.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarAppList.targetsize-40.png drpbx.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\hr-hr\ui-strings.js.fun drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.511.8780.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.targetsize-32_altform-fullcolor.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1702.301.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-black_targetsize-64_altform-unplated.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.14.1181.0_x64__8wekyb3d8bbwe\Assets\Audio\ui_collapsing.wav drpbx.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\pt-br\ui-strings.js.fun drpbx.exe File opened for modification C:\Program Files\Microsoft Office\root\Integration\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Messaging_3.26.24002.0_x64__8wekyb3d8bbwe\Assets\starttile.dualsim2.wink.scale-200.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.14.1181.0_x64__8wekyb3d8bbwe\Assets\MainPageState2\leaderboards_bp_920.jpg drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1702.312.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-16_altform-fullcolor.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.14.1181.0_x64__8wekyb3d8bbwe\Assets\GameEnd\endGame_yellow_up.png drpbx.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\misc\altDekstopCopyPasteHelper.js.fun drpbx.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.scale-100.png.fun drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.3DBuilder_13.0.10349.0_neutral_split.scale-180_8wekyb3d8bbwe\Assets\Office\PlaneCut.scale-180.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1611.10393.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\TrafficHub\contrast-white\WideTile.scale-125.png drpbx.exe -
Drops file in Windows directory 6 IoCs
description ioc Process File created C:\Windows\rescache\_merged\4183903823\2290032291.pri taskmgr.exe File created C:\Windows\rescache\_merged\1601268389\715946058.pri taskmgr.exe File opened for modification C:\Windows\Debug\WIA\wiatrace.log mspaint.exe File opened for modification C:\Windows\assembly drpbx.exe File created C:\Windows\assembly\Desktop.ini drpbx.exe File opened for modification C:\Windows\assembly\Desktop.ini drpbx.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 1 IoCs
pid pid_target Process procid_target 1616 2944 WerFault.exe 144 -
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000 taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A taskmgr.exe -
Checks processor information in registry 2 TTPs 8 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe -
Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\PhishingFilter iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\PhishingFilter\ClientSupported_MigrationTime = 00c6436ec486da01 iexplore.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\"" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\RepId iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\Main\DownloadWindowPlacement = 2c0000000000000000000000ffffffffffffffffffffffffffffffff100100003c000000900300001c020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\GPU IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\RepId\PublicId = "{EB2797FA-9D07-4313-B004-2E4D48D2C77C}" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\MINIE iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{51F84DE2-F9E8-11EE-B03F-524829B8D7A9} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" iexplore.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133575220157614333" chrome.exe -
Modifies registry class 5 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings chrome.exe Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings firefox.exe -
Suspicious behavior: EnumeratesProcesses 21 IoCs
pid Process 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1212 mspaint.exe 1212 mspaint.exe 4920 chrome.exe 4920 chrome.exe 2228 chrome.exe 2228 chrome.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 828 OpenWith.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs
pid Process 4920 chrome.exe 4920 chrome.exe 4920 chrome.exe 4920 chrome.exe 4920 chrome.exe 4920 chrome.exe 4920 chrome.exe 4920 chrome.exe 4920 chrome.exe 4920 chrome.exe 4920 chrome.exe 4920 chrome.exe 4920 chrome.exe 4920 chrome.exe 4920 chrome.exe 4920 chrome.exe 4920 chrome.exe 4920 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeDebugPrivilege 1476 taskmgr.exe Token: SeSystemProfilePrivilege 1476 taskmgr.exe Token: SeCreateGlobalPrivilege 1476 taskmgr.exe Token: 33 1476 taskmgr.exe Token: SeIncBasePriorityPrivilege 1476 taskmgr.exe Token: SeShutdownPrivilege 4920 chrome.exe Token: SeCreatePagefilePrivilege 4920 chrome.exe Token: SeShutdownPrivilege 4920 chrome.exe Token: SeCreatePagefilePrivilege 4920 chrome.exe Token: SeShutdownPrivilege 4920 chrome.exe Token: SeCreatePagefilePrivilege 4920 chrome.exe Token: SeShutdownPrivilege 4920 chrome.exe Token: SeCreatePagefilePrivilege 4920 chrome.exe Token: SeShutdownPrivilege 4920 chrome.exe Token: SeCreatePagefilePrivilege 4920 chrome.exe Token: SeShutdownPrivilege 4920 chrome.exe Token: SeCreatePagefilePrivilege 4920 chrome.exe Token: SeShutdownPrivilege 4920 chrome.exe Token: SeCreatePagefilePrivilege 4920 chrome.exe Token: SeShutdownPrivilege 4920 chrome.exe Token: SeCreatePagefilePrivilege 4920 chrome.exe Token: SeShutdownPrivilege 4920 chrome.exe Token: SeCreatePagefilePrivilege 4920 chrome.exe Token: SeShutdownPrivilege 4920 chrome.exe Token: SeCreatePagefilePrivilege 4920 chrome.exe Token: SeShutdownPrivilege 4920 chrome.exe Token: SeCreatePagefilePrivilege 4920 chrome.exe Token: SeShutdownPrivilege 4920 chrome.exe Token: SeCreatePagefilePrivilege 4920 chrome.exe Token: SeShutdownPrivilege 4920 chrome.exe Token: SeCreatePagefilePrivilege 4920 chrome.exe Token: SeShutdownPrivilege 4920 chrome.exe Token: SeCreatePagefilePrivilege 4920 chrome.exe Token: SeShutdownPrivilege 4920 chrome.exe Token: SeCreatePagefilePrivilege 4920 chrome.exe Token: SeShutdownPrivilege 4920 chrome.exe Token: SeCreatePagefilePrivilege 4920 chrome.exe Token: SeShutdownPrivilege 4920 chrome.exe Token: SeCreatePagefilePrivilege 4920 chrome.exe Token: SeShutdownPrivilege 4920 chrome.exe Token: SeCreatePagefilePrivilege 4920 chrome.exe Token: SeShutdownPrivilege 4920 chrome.exe Token: SeCreatePagefilePrivilege 4920 chrome.exe Token: SeShutdownPrivilege 4920 chrome.exe Token: SeCreatePagefilePrivilege 4920 chrome.exe Token: SeShutdownPrivilege 4920 chrome.exe Token: SeCreatePagefilePrivilege 4920 chrome.exe Token: SeShutdownPrivilege 4920 chrome.exe Token: SeCreatePagefilePrivilege 4920 chrome.exe Token: SeShutdownPrivilege 4920 chrome.exe Token: SeCreatePagefilePrivilege 4920 chrome.exe Token: SeShutdownPrivilege 4920 chrome.exe Token: SeCreatePagefilePrivilege 4920 chrome.exe Token: SeShutdownPrivilege 4920 chrome.exe Token: SeCreatePagefilePrivilege 4920 chrome.exe Token: SeShutdownPrivilege 4920 chrome.exe Token: SeCreatePagefilePrivilege 4920 chrome.exe Token: SeShutdownPrivilege 4920 chrome.exe Token: SeCreatePagefilePrivilege 4920 chrome.exe Token: SeShutdownPrivilege 4920 chrome.exe Token: SeCreatePagefilePrivilege 4920 chrome.exe Token: SeShutdownPrivilege 4920 chrome.exe Token: SeCreatePagefilePrivilege 4920 chrome.exe Token: SeShutdownPrivilege 4920 chrome.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 3788 drpbx.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1340 firefox.exe 1340 firefox.exe 1340 firefox.exe 1340 firefox.exe 4920 chrome.exe 4920 chrome.exe 4920 chrome.exe 4920 chrome.exe 4920 chrome.exe 4920 chrome.exe 4920 chrome.exe 4920 chrome.exe 4920 chrome.exe 4920 chrome.exe 4920 chrome.exe 4920 chrome.exe 4920 chrome.exe 4920 chrome.exe 4920 chrome.exe 4920 chrome.exe 4920 chrome.exe -
Suspicious use of SendNotifyMessage 64 IoCs
pid Process 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1476 taskmgr.exe 1340 firefox.exe 1340 firefox.exe 1340 firefox.exe 4920 chrome.exe 4920 chrome.exe 4920 chrome.exe 4920 chrome.exe 4920 chrome.exe 4920 chrome.exe 4920 chrome.exe 4920 chrome.exe 4920 chrome.exe 4920 chrome.exe 4920 chrome.exe 4920 chrome.exe 4920 chrome.exe 4920 chrome.exe 4920 chrome.exe 4920 chrome.exe 4920 chrome.exe 4920 chrome.exe 4920 chrome.exe 4920 chrome.exe -
Suspicious use of SetWindowsHookEx 55 IoCs
pid Process 1340 firefox.exe 1212 mspaint.exe 1212 mspaint.exe 1212 mspaint.exe 1212 mspaint.exe 1616 131.exe 3592 131.exe 1512 131.exe 840 131.exe 4864 131.exe 2952 131.exe 828 OpenWith.exe 828 OpenWith.exe 828 OpenWith.exe 828 OpenWith.exe 828 OpenWith.exe 828 OpenWith.exe 828 OpenWith.exe 828 OpenWith.exe 828 OpenWith.exe 828 OpenWith.exe 828 OpenWith.exe 828 OpenWith.exe 828 OpenWith.exe 828 OpenWith.exe 828 OpenWith.exe 828 OpenWith.exe 828 OpenWith.exe 828 OpenWith.exe 828 OpenWith.exe 828 OpenWith.exe 828 OpenWith.exe 828 OpenWith.exe 828 OpenWith.exe 828 OpenWith.exe 828 OpenWith.exe 3032 iexplore.exe 3032 iexplore.exe 808 IEXPLORE.EXE 808 IEXPLORE.EXE 5076 OpenWith.exe 5076 OpenWith.exe 5076 OpenWith.exe 5076 OpenWith.exe 5076 OpenWith.exe 5076 OpenWith.exe 5076 OpenWith.exe 5076 OpenWith.exe 5076 OpenWith.exe 5076 OpenWith.exe 5076 OpenWith.exe 5076 OpenWith.exe 5076 OpenWith.exe 5076 OpenWith.exe 5076 OpenWith.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1888 wrote to memory of 3788 1888 jigsaw.exe 73 PID 1888 wrote to memory of 3788 1888 jigsaw.exe 73 PID 2092 wrote to memory of 1340 2092 firefox.exe 80 PID 2092 wrote to memory of 1340 2092 firefox.exe 80 PID 2092 wrote to memory of 1340 2092 firefox.exe 80 PID 2092 wrote to memory of 1340 2092 firefox.exe 80 PID 2092 wrote to memory of 1340 2092 firefox.exe 80 PID 2092 wrote to memory of 1340 2092 firefox.exe 80 PID 2092 wrote to memory of 1340 2092 firefox.exe 80 PID 2092 wrote to memory of 1340 2092 firefox.exe 80 PID 2092 wrote to memory of 1340 2092 firefox.exe 80 PID 2092 wrote to memory of 1340 2092 firefox.exe 80 PID 2092 wrote to memory of 1340 2092 firefox.exe 80 PID 1340 wrote to memory of 4616 1340 firefox.exe 81 PID 1340 wrote to memory of 4616 1340 firefox.exe 81 PID 1340 wrote to memory of 4616 1340 firefox.exe 81 PID 1340 wrote to memory of 4616 1340 firefox.exe 81 PID 1340 wrote to memory of 4616 1340 firefox.exe 81 PID 1340 wrote to memory of 4616 1340 firefox.exe 81 PID 1340 wrote to memory of 4616 1340 firefox.exe 81 PID 1340 wrote to memory of 4616 1340 firefox.exe 81 PID 1340 wrote to memory of 4616 1340 firefox.exe 81 PID 1340 wrote to memory of 4616 1340 firefox.exe 81 PID 1340 wrote to memory of 4616 1340 firefox.exe 81 PID 1340 wrote to memory of 4616 1340 firefox.exe 81 PID 1340 wrote to memory of 4616 1340 firefox.exe 81 PID 1340 wrote to memory of 4616 1340 firefox.exe 81 PID 1340 wrote to memory of 4616 1340 firefox.exe 81 PID 1340 wrote to memory of 4616 1340 firefox.exe 81 PID 1340 wrote to memory of 4616 1340 firefox.exe 81 PID 1340 wrote to memory of 4616 1340 firefox.exe 81 PID 1340 wrote to memory of 4616 1340 firefox.exe 81 PID 1340 wrote to memory of 4616 1340 firefox.exe 81 PID 1340 wrote to memory of 4616 1340 firefox.exe 81 PID 1340 wrote to memory of 4616 1340 firefox.exe 81 PID 1340 wrote to memory of 4616 1340 firefox.exe 81 PID 1340 wrote to memory of 4616 1340 firefox.exe 81 PID 1340 wrote to memory of 4616 1340 firefox.exe 81 PID 1340 wrote to memory of 4616 1340 firefox.exe 81 PID 1340 wrote to memory of 4616 1340 firefox.exe 81 PID 1340 wrote to memory of 4616 1340 firefox.exe 81 PID 1340 wrote to memory of 4616 1340 firefox.exe 81 PID 1340 wrote to memory of 4616 1340 firefox.exe 81 PID 1340 wrote to memory of 4616 1340 firefox.exe 81 PID 1340 wrote to memory of 4616 1340 firefox.exe 81 PID 1340 wrote to memory of 4616 1340 firefox.exe 81 PID 1340 wrote to memory of 4616 1340 firefox.exe 81 PID 1340 wrote to memory of 4616 1340 firefox.exe 81 PID 1340 wrote to memory of 4616 1340 firefox.exe 81 PID 1340 wrote to memory of 4616 1340 firefox.exe 81 PID 1340 wrote to memory of 4616 1340 firefox.exe 81 PID 1340 wrote to memory of 4616 1340 firefox.exe 81 PID 1340 wrote to memory of 4616 1340 firefox.exe 81 PID 1340 wrote to memory of 4616 1340 firefox.exe 81 PID 1340 wrote to memory of 4616 1340 firefox.exe 81 PID 1340 wrote to memory of 4616 1340 firefox.exe 81 PID 1340 wrote to memory of 4616 1340 firefox.exe 81 PID 1340 wrote to memory of 4616 1340 firefox.exe 81 PID 1340 wrote to memory of 4616 1340 firefox.exe 81 PID 1340 wrote to memory of 4616 1340 firefox.exe 81 PID 1340 wrote to memory of 4616 1340 firefox.exe 81 PID 1340 wrote to memory of 4448 1340 firefox.exe 82 PID 1340 wrote to memory of 4448 1340 firefox.exe 82 PID 1340 wrote to memory of 3248 1340 firefox.exe 83 -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
-
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Users\Admin\AppData\Local\Temp\jigsaw.exe"C:\Users\Admin\AppData\Local\Temp\jigsaw.exe"1⤵
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:1888 -
C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe"C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe" C:\Users\Admin\AppData\Local\Temp\jigsaw.exe2⤵
- Executes dropped EXE
- Drops desktop.ini file(s)
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of FindShellTrayWindow
PID:3788
-
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /71⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1476
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2092 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1340 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1340.0.1525696500\1664453700" -parentBuildID 20221007134813 -prefsHandle 1720 -prefMapHandle 1628 -prefsLen 17985 -prefMapSize 230273 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d394209b-0919-4866-9a27-61467bc8a951} 1340 "\\.\pipe\gecko-crash-server-pipe.1340" 1788 29b7b105c58 socket3⤵
- Checks processor information in registry
PID:4616
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1340.1.1407521753\779357775" -parentBuildID 20221007134813 -prefsHandle 2252 -prefMapHandle 1804 -prefsLen 19019 -prefMapSize 230273 -appDir "C:\Program Files\Mozilla Firefox\browser" - {050471aa-e4a8-46f8-9097-58d683cdc034} 1340 "\\.\pipe\gecko-crash-server-pipe.1340" 2232 29b7bcfc658 gpu3⤵PID:4448
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1340.2.1449379277\320149484" -childID 1 -isForBrowser -prefsHandle 3312 -prefMapHandle 3308 -prefsLen 20083 -prefMapSize 230273 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {df2195b5-f4ae-4159-afa4-7bc7efa88f78} 1340 "\\.\pipe\gecko-crash-server-pipe.1340" 3328 29b7c9aea58 tab3⤵PID:3248
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1340.3.254255801\1393746378" -childID 2 -isForBrowser -prefsHandle 3744 -prefMapHandle 3748 -prefsLen 21275 -prefMapSize 230273 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0407d8a7-5e19-4532-9185-5f409b824c17} 1340 "\\.\pipe\gecko-crash-server-pipe.1340" 3640 29b7fba9558 tab3⤵PID:4172
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1340.4.1966597665\2012161208" -childID 3 -isForBrowser -prefsHandle 4072 -prefMapHandle 4068 -prefsLen 27043 -prefMapSize 230273 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d1e914c8-3869-4258-817f-3959be454762} 1340 "\\.\pipe\gecko-crash-server-pipe.1340" 4020 29b7db65e58 tab3⤵PID:4176
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1340.5.1070500208\691365060" -parentBuildID 20221007134813 -prefsHandle 2816 -prefMapHandle 2792 -prefsLen 27782 -prefMapSize 230273 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a0d67fbc-ad7f-458b-a8ac-b0e958c0cf5a} 1340 "\\.\pipe\gecko-crash-server-pipe.1340" 2808 29b812d5558 rdd3⤵PID:3496
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1340.6.746748052\671124376" -childID 4 -isForBrowser -prefsHandle 2012 -prefMapHandle 1972 -prefsLen 28328 -prefMapSize 230273 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {26b86d93-beb2-4b2e-874f-263ae2f233b4} 1340 "\\.\pipe\gecko-crash-server-pipe.1340" 5076 29b7bcfbd58 tab3⤵PID:800
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1340.7.720752566\1051427923" -childID 5 -isForBrowser -prefsHandle 5244 -prefMapHandle 5248 -prefsLen 28328 -prefMapSize 230273 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d69cefbf-bb37-4061-9505-6c6da27e9d48} 1340 "\\.\pipe\gecko-crash-server-pipe.1340" 5236 29b81a41558 tab3⤵PID:796
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1340.8.308174435\934554381" -childID 6 -isForBrowser -prefsHandle 5436 -prefMapHandle 5440 -prefsLen 28328 -prefMapSize 230273 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {41fb3358-f344-4ac1-8a39-d89bfa048cf8} 1340 "\\.\pipe\gecko-crash-server-pipe.1340" 5428 29b82699058 tab3⤵PID:4908
-
-
-
C:\Windows\system32\mspaint.exe"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Desktop\RestoreOpen.emf"1⤵
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1212
-
\??\c:\windows\system32\svchost.exec:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s DeviceAssociationService1⤵PID:1520
-
C:\Windows\System32\fontview.exe"C:\Windows\System32\fontview.exe" C:\Users\Admin\Desktop\PopProtect.ttc1⤵PID:2736
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4920 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff933499758,0x7ff933499768,0x7ff9334997782⤵PID:4876
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1652 --field-trial-handle=1856,i,1945808863767976711,17272257544000980526,131072 /prefetch:22⤵PID:308
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1848 --field-trial-handle=1856,i,1945808863767976711,17272257544000980526,131072 /prefetch:82⤵PID:3220
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2136 --field-trial-handle=1856,i,1945808863767976711,17272257544000980526,131072 /prefetch:82⤵PID:1060
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2988 --field-trial-handle=1856,i,1945808863767976711,17272257544000980526,131072 /prefetch:12⤵PID:1100
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2996 --field-trial-handle=1856,i,1945808863767976711,17272257544000980526,131072 /prefetch:12⤵PID:3872
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4008 --field-trial-handle=1856,i,1945808863767976711,17272257544000980526,131072 /prefetch:12⤵PID:840
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4668 --field-trial-handle=1856,i,1945808863767976711,17272257544000980526,131072 /prefetch:82⤵PID:4808
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4792 --field-trial-handle=1856,i,1945808863767976711,17272257544000980526,131072 /prefetch:82⤵PID:4320
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4940 --field-trial-handle=1856,i,1945808863767976711,17272257544000980526,131072 /prefetch:82⤵PID:4432
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4932 --field-trial-handle=1856,i,1945808863767976711,17272257544000980526,131072 /prefetch:82⤵PID:1984
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4676 --field-trial-handle=1856,i,1945808863767976711,17272257544000980526,131072 /prefetch:82⤵PID:752
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4636 --field-trial-handle=1856,i,1945808863767976711,17272257544000980526,131072 /prefetch:82⤵PID:4676
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5116 --field-trial-handle=1856,i,1945808863767976711,17272257544000980526,131072 /prefetch:82⤵PID:2340
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4864 --field-trial-handle=1856,i,1945808863767976711,17272257544000980526,131072 /prefetch:12⤵PID:4840
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5264 --field-trial-handle=1856,i,1945808863767976711,17272257544000980526,131072 /prefetch:12⤵PID:4748
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2420 --field-trial-handle=1856,i,1945808863767976711,17272257544000980526,131072 /prefetch:12⤵PID:4892
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=888 --field-trial-handle=1856,i,1945808863767976711,17272257544000980526,131072 /prefetch:82⤵PID:2520
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4120 --field-trial-handle=1856,i,1945808863767976711,17272257544000980526,131072 /prefetch:12⤵PID:5112
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4152 --field-trial-handle=1856,i,1945808863767976711,17272257544000980526,131072 /prefetch:82⤵PID:2100
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5592 --field-trial-handle=1856,i,1945808863767976711,17272257544000980526,131072 /prefetch:82⤵PID:3860
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5552 --field-trial-handle=1856,i,1945808863767976711,17272257544000980526,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2228
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3172 --field-trial-handle=1856,i,1945808863767976711,17272257544000980526,131072 /prefetch:82⤵PID:4632
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3752 --field-trial-handle=1856,i,1945808863767976711,17272257544000980526,131072 /prefetch:82⤵PID:2968
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5136 --field-trial-handle=1856,i,1945808863767976711,17272257544000980526,131072 /prefetch:82⤵PID:1868
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5136 --field-trial-handle=1856,i,1945808863767976711,17272257544000980526,131072 /prefetch:82⤵PID:3056
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=1500 --field-trial-handle=1856,i,1945808863767976711,17272257544000980526,131072 /prefetch:12⤵PID:1396
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=3096 --field-trial-handle=1856,i,1945808863767976711,17272257544000980526,131072 /prefetch:12⤵PID:3156
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=4116 --field-trial-handle=1856,i,1945808863767976711,17272257544000980526,131072 /prefetch:12⤵PID:4408
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=5252 --field-trial-handle=1856,i,1945808863767976711,17272257544000980526,131072 /prefetch:12⤵PID:4244
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=5420 --field-trial-handle=1856,i,1945808863767976711,17272257544000980526,131072 /prefetch:12⤵PID:4576
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=5136 --field-trial-handle=1856,i,1945808863767976711,17272257544000980526,131072 /prefetch:12⤵PID:3584
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5776 --field-trial-handle=1856,i,1945808863767976711,17272257544000980526,131072 /prefetch:82⤵PID:4856
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3812 --field-trial-handle=1856,i,1945808863767976711,17272257544000980526,131072 /prefetch:82⤵PID:2880
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=4676 --field-trial-handle=1856,i,1945808863767976711,17272257544000980526,131072 /prefetch:12⤵PID:2952
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=4968 --field-trial-handle=1856,i,1945808863767976711,17272257544000980526,131072 /prefetch:12⤵PID:4348
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=4080 --field-trial-handle=1856,i,1945808863767976711,17272257544000980526,131072 /prefetch:12⤵PID:812
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=3276 --field-trial-handle=1856,i,1945808863767976711,17272257544000980526,131072 /prefetch:12⤵PID:3412
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=6256 --field-trial-handle=1856,i,1945808863767976711,17272257544000980526,131072 /prefetch:12⤵PID:3408
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4068 --field-trial-handle=1856,i,1945808863767976711,17272257544000980526,131072 /prefetch:82⤵PID:4892
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3136 --field-trial-handle=1856,i,1945808863767976711,17272257544000980526,131072 /prefetch:82⤵PID:2128
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:800
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:2640
-
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.Mamba.zip\131.exe"C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.Mamba.zip\131.exe"1⤵
- Suspicious use of SetWindowsHookEx
PID:1616
-
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.Mamba.zip\131.exe"C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.Mamba.zip\131.exe"1⤵
- Suspicious use of SetWindowsHookEx
PID:3592
-
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.Mamba.zip\131.exe"C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.Mamba.zip\131.exe"1⤵
- Suspicious use of SetWindowsHookEx
PID:1512
-
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.Mamba.zip\131.exe"C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.Mamba.zip\131.exe"1⤵
- Suspicious use of SetWindowsHookEx
PID:840
-
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.Mamba.zip\131.exe"C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.Mamba.zip\131.exe"1⤵
- Suspicious use of SetWindowsHookEx
PID:4864
-
C:\Users\Admin\Downloads\Ransomware.Mamba\131.exe"C:\Users\Admin\Downloads\Ransomware.Mamba\131.exe"1⤵
- Suspicious use of SetWindowsHookEx
PID:2952
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:828 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Downloads\Ransomware.RedBoot\1001a8c7f33185217e6e1bdbb8dba9780d475da944684fb4bf1fc048095258872⤵
- Modifies Internet Explorer Phishing Filter
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3032 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3032 CREDAT:82945 /prefetch:23⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:808
-
-
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5076
-
C:\Users\Admin\Downloads\Ransomware.Petrwrap\svchost.exe"C:\Users\Admin\Downloads\Ransomware.Petrwrap\svchost.exe"1⤵
- Drops startup file
PID:4344
-
C:\Users\Admin\Downloads\Ransomware.Petrwrap\svchost.exe"C:\Users\Admin\Downloads\Ransomware.Petrwrap\svchost.exe"1⤵PID:1712
-
C:\Windows\SysWOW64\mshta.exe"C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\Downloads\Ransomware.Petrwrap\myguy.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}1⤵PID:2944
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2944 -s 13242⤵
- Program crash
PID:1616
-
-
C:\Users\Admin\Downloads\Ransomware.Petrwrap\svchost.exe"C:\Users\Admin\Downloads\Ransomware.Petrwrap\svchost.exe"1⤵PID:1380
-
C:\Users\Admin\Downloads\Ransomware.Petrwrap\svchost.exe"C:\Users\Admin\Downloads\Ransomware.Petrwrap\svchost.exe"1⤵PID:4576
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x4101⤵PID:808
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_remove_18.svg.fun
Filesize720B
MD575a585c1b60bd6c75d496d3b042738d5
SHA102c310d7bf79b32a43acd367d031b6a88c7e95ed
SHA2565ebbfc6df60e21044486a5df3cb47ccdcd7a4d5f197804555715ffd9bf6c5834
SHA512663a302e651b9167f4c4e6ae30028307b4d8da0dda3a0e5fd414104951d50419862fc9396c5b39fe5c4b696efd3efbf0b575688983b1d341f3ef38becf500505
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons.png.fun
Filesize7KB
MD572269cd78515bde3812a44fa4c1c028c
SHA187cada599a01acf0a43692f07a58f62f5d90d22c
SHA2567c78b3da50c1135a9e1ecace9aea4ea7ac8622d2a87b952fc917c81010c953f7
SHA5123834b7a8866e8656bbdbf711fc400956e9b7a14e192758f26ccf31d8f6ab8e34f7b1983c1845dc84e45ff70555e423d54a475f6a668511d3bcbdd1d460eeb4b0
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons_ie8.gif.fun
Filesize7KB
MD5eda4add7a17cc3d53920dd85d5987a5f
SHA1863dcc28a16e16f66f607790807299b4578e6319
SHA25697f6348eaa48800e603d11fa22c62e10682ad919e7af2b2e59d6bd53937618f2
SHA512d59fa9648dc7cb76a5163014f91b6d65d33aaa86fc9d9c73bf147943a3254b4c4f77f06b2e95bb8f94246a982ea466eb33dac9573dd62f40953fd23de1c1b498
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons_retina.png.fun
Filesize15KB
MD57dbb12df8a1a7faae12a7df93b48a7aa
SHA107800ce598bee0825598ad6f5513e2ba60d56645
SHA256aecde4eb94a19095495d76ef3189a9abd45bcfd41acbed7705d22b4c7d00aa77
SHA51296e454ebb4c96573e8edc6822290c22d425f4c7f7adbab35e6dc4b3ce04a5916ae9254c2c312c98299835ecbf3c5aa95da2939b8408ac25fbae44ba87a3795dc
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\new_icons.png.fun
Filesize8KB
MD582a2e835674d50f1a9388aaf1b935002
SHA1e09d0577da42a15ec1b71a887ff3e48cfbfeff1a
SHA256904372666ca3c40f92b20317d92ca531678958affbc34591401e338146fe0ecb
SHA512b10a8e384d0bd088443a5085f5c22a296f6f4d295a053d4526690ba65846e887daec47d01cf18fdf1160db98061a8b7c4040de56e6e604451a821fadccf32698
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\new_icons_retina.png.fun
Filesize17KB
MD5150c9a9ed69b12d54ada958fcdbb1d8a
SHA1804c540a51a8d14c6019d3886ece68f32f1631d5
SHA2562dee41184747742fbdc527b2023d67fecec1ccdfdf258439a06cd75d4fd33f43
SHA51270193ee6f0919eb14311f43b5a5da041deacb568db55fc43290ee76e17af902ac468435b37a150630ea3b7871c724073915ae5dcba3c301ac42f2d68dd598e2f
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon.png.fun
Filesize448B
MD5880833ad1399589728c877f0ebf9dce0
SHA10a98c8a78b48c4b1b4165a2c6b612084d9d26dce
SHA2567a27d891097df183fbf0031e3894bdac0ce77aef15d666ddd9f6a04e9836fb27
SHA5120ddf247892a72a390437390d535debf6e41d12e51b31eb4f0353b710ec380c5fbc531a48e76935088063a41aca843287d3def9c1cd46be05b8dcb69f5017a464
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_2x.png.fun
Filesize624B
MD5409a8070b50ad164eda5691adf5a2345
SHA1e84e10471f3775d5d706a3b7e361100c9fbfaf74
SHA256a91790b778026db625c9dedfe1c6d94b884818b33d7977e86b2f9c2f3c500796
SHA512767a75edd37d29b3433040ce21cda849cd11ba549f27581f7edc6416c433ba7047c56908d40956422393ab0f35ede61617d4bd2aad0bde3d1ebd276584c858c7
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover.png.fun
Filesize400B
MD52884524604c89632ebbf595e1d905df9
SHA1b6053c85110b0364766e18daab579ac048b36545
SHA256ae2facd997527426fc4def82e0db68be29b44499bfff86a28c36f7c31b177d4f
SHA5120b506397627823a1768796129c6b37d146821471b89338b5f2d0fd3aea707fd46a8e197ee0e298ddfb3b50eef0a0b064946006346b060f733ef19cbd5d24fc90
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover_2x.png.fun
Filesize560B
MD5e092d14d26938d98728ce4698ee49bc3
SHA19f8ee037664b4871ec02ed6bba11a5317b9e784a
SHA2565e8ec278a273be22199884d519a79f748801baa3a45b76e57569fdfffe96e7fb
SHA512b2fcb5d46339cdf6b5a954f2a083cf913779e57cb6e8699bc5da1fba1c370c41117b7ddefb50075622067eb7b02a20268bc047171bd883bcda4a497c2ec64ea4
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon.png.fun
Filesize400B
MD50c680b0b1e428ebc7bff87da2553d512
SHA1f801dedfc3796d7ec52ee8ba85f26f24bbd2627c
SHA2569433084e61062d2b709c1390e298ddaf3fb0226656662c04c0b7026a44dee750
SHA5122d1399a6bf225b048d2b12656e941ad912636acae2dec387f92f33ac80629a1e504bca63580ba73a8ed073788f697274d5eb76ea1b089f0555fd397a8f5cbbff
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png.fun
Filesize560B
MD5be26a499465cfbb09a281f34012eada0
SHA1b8544b9f569724a863e85209f81cd952acdea561
SHA2569095e9b4759e823e96984981af41b7a9915a5ecaa6be769f89c13484cef9e0f5
SHA51228196e5de9670e9f63adcf648368bd3ea5926a03e28a13adc2fb69c567fba2f84e4f162637c487acb64eda2e30993f849806f2313820ba693c7e70303542d04f
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png.fun
Filesize400B
MD52de4e157bf747db92c978efce8754951
SHA1c8d31effbb9621aefac55cf3d4ecf8db5e77f53d
SHA256341976b4fe312824d02512d74770a6df9e1c37123781655532bd9cd97ea65fa9
SHA5123042a742c38434ae3ee4fe10f7137462cdebad5cae0f9a85fb61063d15a30e1b54ac878b1af65f699c6ca1a9d2c3e58d245e54bdebfadc460cbd060836734e11
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png.fun
Filesize560B
MD5ad091690b979144c795c59933373ea3f
SHA15d9e481bc96e6f53b6ff148b0da8417f63962ada
SHA2567805ac9d0e05d560023e5aabed960d842e4f3ec2aa3db45a9cfb541688e2edb1
SHA51223b4c799a7b25f70962e8dd0ec7286ba7150053cab7c88f5fb1efc1095c2987bd6f3572e7fb3ee4b2238958e52a763de2c84a74615df7a6d3a19a034584fd687
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\example_icons.png.fun
Filesize688B
MD565368c6dd915332ad36d061e55d02d6f
SHA1fb4bc0862b192ad322fcb8215a33bd06c4077c6b
SHA2566f9c7ebec5a707de439e3fd2e278fdfa07a39465d56157b70b24f091509bf76f
SHA5128bb9a7690aeb3c0b9e14e1a6ebc5741536d354cf2324fd74ee0c3e4ef511718f7795039a94c8d2df94b6e6d0fb1762191cb649089d1def12abdf34003f0cdd0f
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\example_icons2x.png.fun
Filesize1KB
MD50d35b2591dc256d3575b38c748338021
SHA1313f42a267f483e16e9dd223202c6679f243f02d
SHA2561ca0cfc2df0354c8d886285ae5e743d9c7cc030e1afd68ac113c0f2ce43ad5fa
SHA512f6c58c27bbde7508a866bd0e7fabadb13a4f020378cd8b8cfc0c9fa23f645d811d6cdea04b81afdf30c064c6248152e74b3e6a78ec7a3d1d19037a0db8897d7e
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\bg_pattern_RHP.png.fun
Filesize192B
MD5b8454390c3402747f7c5e46c69bea782
SHA1e922c30891ff05939441d839bfe8e71ad9805ec0
SHA25676f8ed1dd50e50c7d62b804a0d6901a93e5534787d7b38467933d4c12ce98a0d
SHA51222b26c62473e80d17c1f78df14757ccfb6c7175faa541705edc153c02baa7ab0982b5daabe8dd2c8c9efb92af81f55ccaeeecffe8ed9a0b3c26e89135ca50923
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\bg_patterns_header.png.fun
Filesize704B
MD56e333be79ea4454e2ae4a0649edc420d
SHA195a545127e10daea20fd38b29dcc66029bd3b8bc
SHA256112f72ef2bc57de697b82b731775fba3f518d1ae072120cd11b732bf4a782e36
SHA512bed5906c7373814acc8a54c1631428a17f0aa69282920447a1575d8db826afd5dab262301dc6da610ff8bb81d24ec6babd3d9fb99fd6945f1aca9cb9c76ec2c9
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\illustrations.png.fun
Filesize8KB
MD53ae8789eb89621255cfd5708f5658dea
SHA16c3b530412474f62b91fd4393b636012c29217df
SHA2567c5b1d8469e232a58359ccbcb89e619c81c20e6d2c7579e4292eb9a19849bc5a
SHA512f6998dbae1a2fa56f962045261a11a50b8e03573d9d4cf39083da3be341cc104e0ecf5908076f03961bcdb1356d05a7450d69940ec3aaab73623a6fe180e7051
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\illustrations_retina.png.fun
Filesize19KB
MD5b7c62677ce78fbd3fb9c047665223fea
SHA13218c7b6fd8be5e0a8b67d3953d37d5dbd0c71d8
SHA256aa638be6e1107ed1f14e8430abedd6f6d0a837a31b1b63e6a7741d6d417eddc2
SHA5129e0cc29835845f2a0260a6989c1b362bac22a8e0c2825bc18f1dde812ce7868503881d2deaf951429a80b5017b6ce31e785ff524883e08d730aa38b36a2fb074
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-gb\ui-strings.js.fun
Filesize832B
MD5117d6f863b5406cd4f2ac4ceaa4ba2c6
SHA15cac25f217399ea050182d28b08301fd819f2b2e
SHA25673acdc730d8a9ec8f340c724b4db96fc222bb1eaf836cec69dfe3fab8d6ac362
SHA512e10883029c1e0fbc64bec9aac0a6957a8499af255e1790843717212077926474e02b2870c5dd04b057c956b97ad4bb1747fe73e731ea61b891f4b38dd80494d7
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ui-strings.js.fun
Filesize1KB
MD5433755fcc2552446eb1345dd28c924eb
SHA123863f5257bdc268015f31ab22434728e5982019
SHA256d6c290e942ee665d71e288229423a1f1866842988eac01f886910b0ec383aa9b
SHA512de83b580ce27012a7677e1da867c91e2a42dbc6b5872dcf756ace51c2862801814665ecca997171f2e550e8b9a3de19994d2516a4e5d4d57e16c7b4b823236c0
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ui-strings.js.fun
Filesize1KB
MD5781ed8cdd7186821383d43d770d2e357
SHA199638b49b4cfec881688b025467df9f6f15371e8
SHA256a955039cd9e53674395f4b758218e4d59c89e99a0c4d2a909e49f6008b8f5dd4
SHA51287cb9c4288586df232200f7bbacee3dee04f31c9444902dd369ad5c392d71e9837ebf8b3bb0fcb4a5db8a879cf757e97ce248939e3316c6bf3a3fe7cbe579534
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\bun.png.fun
Filesize2KB
MD551da980061401d9a49494b58225b2753
SHA13445ffbf33f012ff638c1435f0834db9858f16d3
SHA2563fb25ddd378ab756ec9faa56f16b76691cf6d9c7405bb9a09ce542a6f5b94e44
SHA512ecc5eb2a045ce2508d461b999f16caba6cce55aa0c00b34bd73a33e0458795f93a77caff5026212912684164057be016f51dc57ec83821c2a1f2e27417c47b2c
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview.png.fun
Filesize2KB
MD52863e8df6fbbe35b81b590817dd42a04
SHA1562824deb05e2bfe1b57cd0abd3fc7fbec141b7c
SHA2567f1238332901b740cde70db622abcfb533fc02f71e93101340073552f4820dad
SHA5127b2d95465ea66951ea05c341549535a0a939d26dbde365b212e3983e4047fa6912c37d737cb8054c41bb1a7d92586d968a0154c666572a70ebc59a4776897f38
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview2x.png.fun
Filesize4KB
MD579f6f006c95a4eb4141d6cedc7b2ebeb
SHA1012ca3de08fb304f022f4ea9565ae465f53ab9e8
SHA256e9847d0839d3cf1039bebdc49820ee7813d70941347ce420990592e5e3bd998e
SHA512c143a4cf1ccfa98039b73214978722408188535ee4aa3dac08a34760b94bdf6d36ad0ff0de893da5b17fd69c96a6dfb25098ab7fec219fad1a77532113d0353e
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small.png.fun
Filesize304B
MD5b88e3983f77632fa21f1d11ac7e27a64
SHA103a2b008cc3fe914910b0250ed4d49bd6b021393
SHA2568469b8a64e80d662eec71c50513f6d295ef4a3a9992763dbcac9d81253cef9d5
SHA5125bf93d4f4250ca96169f3d27d4e648cc5d6e00b7558a3ef32e07edcbae36dadb8008d7ba5f83ac3ed812b72c9d52730e866191b4de7a339df57b5697e00df50d
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small2x.png.fun
Filesize400B
MD5f77086a1d20bca6ba75b8f2fef2f0247
SHA1db7c58faaecd10e4b3473b74c1277603a75d6624
SHA256cf10d2a22b638cf0978cf30ecaf39ecb5bb0e3ad78cd920afa433ad60cc1290d
SHA512a77a897c0b41f4052cb9546d4cfd6e0856b288b6b8583a86d6c7e79059a05b19cc2593599251581e79107235e9d5cd589c392bf490452be04ff57e944cd19df3
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\nub.png.fun
Filesize1008B
MD5e03c9cd255f1d8d6c03b52fee7273894
SHA1d0e9a9e6efd1746bc9ccb4eb8e7701c1cd707e2e
SHA25622a34c8321384fc7682102e40d082e7812232a9109e4d4e8fa2152fda3f260f6
SHA512d4bd002197b725316e1f1f2dd0a70ee44a82a53ac0dafa8c6b1166343adc406e147d0c4cca30d65a32aa545f1b327c6b69c0ec1d15330af48a6faa234dc4b5ac
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons.png.fun
Filesize1KB
MD562b1443d82968878c773a1414de23c82
SHA1192bbf788c31bc7e6fe840c0ea113992a8d8621c
SHA2564e96529c023168df8dde241a9acdbf4788ea65bc35605e18febff2b2071f1e24
SHA51275c8604ea65e0cdd9ea74b4802930444dd16a945da1e7f0af4a9a3762259ee9eb41ea96973555d06f4814ee2f6b73ab662c6b314b97876e9628fa5d4536e771c
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons2x.png.fun
Filesize2KB
MD5bca915870ae4ad0d86fcaba08a10f1fa
SHA17531259f5edae780e684a25635292bf4b2bb1aac
SHA256d153ed6c5ea8c2c2f1839f8dadcc730f61bd8cd86ad732bab002a258dea1d037
SHA51203f23de6b0ae10e63c41e73308b3844d49379c55d2df75fa1dc00771b26253d832c21081d8289f04260369df996e31273b7c0788cf3b5c78a27ec909f14a283a
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\nl-nl\ui-strings.js.fun
Filesize848B
MD514145467d1e7bd96f1ffe21e0ae79199
SHA15db5fbd88779a088fd1c4319ff26beb284ad0ff3
SHA2567a75b8ec8809c460301f30e1960b13c518680792e5c743ce7e9a7f691cfafc38
SHA512762d499c54c5a25aba4357a50bb4e6b47451babeda84fa62cfbd649f8350bca55204ad002883b9147e78dda3dbabaae8da1dc94b716204226bb53326030772b7
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.fun
Filesize32KB
MD5829165ca0fd145de3c2c8051b321734f
SHA1f5cc3af85ab27c3ea2c2f7cbb8295b28a76a459e
SHA256a193ee2673e0ba5ebc5ea6e65665b8a28bd7611f06d2b0174ec2076e22d94356
SHA5127d380cda12b342a770def9d4e9c078c97874f3a30cd9f531355e3744a8fef2308f79878ffeb12ce26953325cb6a17bc7e54237dfdc2ee72b140ec295676adbcb
-
Filesize
160B
MD5580ee0344b7da2786da6a433a1e84893
SHA160f8c4dd5457e9834f5402cb326b1a2d3ca0ba7e
SHA25698b6c2ddfefc628d03ceaef9d69688674a6bc32eb707f9ed86bc8c75675c4513
SHA512356d2cdea3321e894b5b46ad1ea24c0e3c8be8e3c454b5bd300b7340cbb454e71fc89ca09ea0785b373b483e67c2f6f6bb408e489b0de4ff82d5ed69a75613ba
-
C:\ProgramData\Microsoft\Provisioning\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\MasterDatastore.xml.fun
Filesize272B
MD5cbedb0911fdd4d66adc7bef7e898b2e4
SHA1563eb113d2b1064f45f594ee6f697c25bc6862d5
SHA256d117f7dff2b8d650108c43c9d2d7ffdf0452723f8996d74283a3e9bd29587f68
SHA512203b347e01e67f359ae40f42b6f472f036489e9a456f2b4821fc6409fedc0502d2cfe890dd922cd32f80826f9e026f4e1023e781888ba2112287468342e7f529
-
C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\update-config.json
Filesize102B
MD57d1d7e1db5d8d862de24415d9ec9aca4
SHA1f4cdc5511c299005e775dc602e611b9c67a97c78
SHA256ffad3b0fb11fc38ea243bf3f73e27a6034860709b39bf251ef3eca53d4c3afda
SHA5121688c6725a3607c7b80dfcd6a8bea787f31c21e3368b31cb84635b727675f426b969899a378bd960bd3f27866023163b5460e7c681ae1fcb62f7829b03456477
-
Filesize
283KB
MD52773e3dc59472296cb0024ba7715a64e
SHA127d99fbca067f478bb91cdbcb92f13a828b00859
SHA2563ae96f73d805e1d3995253db4d910300d8442ea603737a1428b613061e7f61e7
SHA5126ef530b209f8ec459cca66dbf2c31ec96c5f7d609f17fa3b877d276968032fbc6132ea4a45ed1450fb6c5d730a7c9349bf4481e28befaea6b119ec0ded842262
-
Filesize
40B
MD5a2a5a496e6fc2119942a7db2226b850f
SHA155e0fa7c3dce3c8e501f0a9444c3b33ae9adb696
SHA2563c6eeecb944dbd9e94d218ec54476866ea8218c8934aeb60c151912796b12b94
SHA5127b2a5c5f3db34c021dc9617a7b7befe52f6b4cf275e0c50bf80c3b560cbb6111c51a3b18ef294cbee34dffb4fdb05d0446a34f06f7b7bf1554571ef937b618b5
-
Filesize
171KB
MD5a7212b17c9b1580c641ae61b1edabb6b
SHA1dd4523db2d332de087f60537570704628021ea75
SHA2568b1f32eea3a8ba59026e694517be711b797741b61041b4007eee1fca9921c956
SHA512f23508f44fd572e6fce8047b316845a6c4bb425ff6931cf8dfe5a61a9640b1b6ec4cab59cfa3f48a7e95c044a65be610668a21de95e41cbfe22b1fb21a9c8bf8
-
Filesize
26KB
MD54dc641b7875e8bec721b551a631a7179
SHA1a81d80d3c4c3f3a6380ebb82c7dd45412e0c37ac
SHA2568e04da1a65a4ce18583d41d5b8605c6f2d0e5591193b50365178e941613e1076
SHA5128cba1a7455ac7c3a7f753d203ff5773fe0ff8a1a17c0a1a21c002b3278bb08f1eb1216fa7fe60c51f8d62b8e7f6ee2448a1283a540120399384684bd65bc9480
-
Filesize
36KB
MD5c2be1bcd6160b48f42272f8bfb9b8c89
SHA19196077ea8e7207cb70f4d651e5642190953afc7
SHA256911afe357caee5bfed91a0547ec9981af95fbe934194fba5a86e53d8b315ebf3
SHA512ab6715261655e0e8227ca7cfc609db4aa981431efdbc19a11607b9dcdabb34e0a6b73cd61c7e7da851d4a864313e8e8e8fd54f7d7ce01c5f99c9f2aa996c7a9f
-
Filesize
20KB
MD552aa9aff1e2f7305cc31091ea630b296
SHA10527727d599cfe9f687a7a038211576a74cfc6cc
SHA256ae2d6a4f415e5f0dda5b3616027c920b564100e9497e821eff325bec121cb3df
SHA5129a051bddf1e209371a3e9fbf9d4c6c523fc4f4bb3c89fe70567b0544883a6369dfa050b8b120a1864c79b40309e00b87ca7010af04ae1f47ecd4e422c47d2db8
-
Filesize
424KB
MD5248fc66f35d4513349c31f43fa40bae5
SHA11f93fc42af046ce9ff84b5ec8ed411d5d48b9f15
SHA2567c6f488ff6bd16f08eb37c793f99e6bd34e29b1d417046a90b744e069b9757fd
SHA51282ad2cc3037c7e678f80f1c5c3bdada9ef51322aa440a4ff87909e0a647751cd27f245999705d201f98d83576f31a4a56ba0c0de0ef43cf9e243db98b4971363
-
Filesize
399KB
MD52134add7ef67279102df03042f46423f
SHA100f19fd39ee39b928216bd2e0ecc0f1de8609d2f
SHA256467359e02e0abe3fb394820067317266124b166917c8d917752d1da1ce7d4e1d
SHA512452ca27200b8a441d5d3909ad730ceaee74958655af0d2cee531794779682e4116b434b774432da5405974e61eb251ba45fdf38ea4cfef60380d461457a2e23d
-
Filesize
198KB
MD5319e0c36436ee0bf24476acbcc83565c
SHA1fb2658d5791fe5b37424119557ab8cee30acdc54
SHA256f6562ea52e056b979d6f52932ae57b7afb04486b10b0ebde22c5b51f502c69d1
SHA512ad902b9a010cf99bdedba405cad0387890a9ff90a9c91f6a3220cdceec1b08ecb97a326aef01b28d8d0aacb5f2a16f02f673e196bdb69fc68b3f636139059902
-
Filesize
3KB
MD5cef5ec489accfdccd61cde836912a518
SHA196b8676f877d0411b492c96c7e6e27ceb4a1bb6c
SHA256f572fcdc372489052df6bd1d65e253e153eee7cb4840dad6dcc5e2cc3e284fc2
SHA5120d93f6acc733b0147e433efa4e03edacd2c5f57b47b07e1474c6badde52f28d15aca7ae2a88acedbcfccbbe79a74c0a565a672f20d98c4c96f28504067d8bf67
-
Filesize
3KB
MD5f04760fb06b10355c2326b1677345566
SHA1d7f6c21702b73f6ecc11eaa443f46c247d69833e
SHA25600a33c6299df571b0b54e32362253b239b712e2a3a0e4bfa64254b09448806bc
SHA5128244dea6f637d4598aede241bcdd6fd70ace48ea432cd81b596981d807bc9a87d96ea8a6aa935595f646ebe5ad27a62cc7327c3ccb4391768706433efd98adba
-
Filesize
2KB
MD539ecb83edbd84986c2067750206beb0c
SHA1a4a58feb9cd8013262fb152458ad50b54cf112db
SHA25605ca86f0269815403870d790d37f2391962f18459c0b6cd8aa02b93d2c518c1d
SHA51260b4a9b878f2df47638971d94926bbee24e676918175555cf98b44200894b5f6023b84fecaad2a434317142edf866c37e607ca3dc01e98e010638a71d60c6728
-
Filesize
264KB
MD565652a9e2565a6f5ab12cce0486e305f
SHA15d5a818705b58d0aa1d6e1825171a5b590cb58e0
SHA2569ab1b9ec5724d748e1012c2326dae04e42881a3a5dcba9f14be9600c54fb6833
SHA51231f8a02f60e145e6e2862c5b8a954c3f07372227a0183887d82ec3b402f5e4a2812bef519b926d3d0bfc27b45379cc5ea14a94649d79de9e5f0ee25c065718a6
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_660f7f48bdc9333affc4955f--venerable-swan-7e5eaa.netlify.app_0.indexeddb.leveldb\CURRENT
Filesize16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_trs-cdn-akm.playtika.com_0.indexeddb.leveldb\MANIFEST-000001
Filesize23B
MD53fd11ff447c1ee23538dc4d9724427a3
SHA11335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA51210a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\0c952a8a-bdea-4afc-a109-bc78024a6ee7.tmp
Filesize3KB
MD517a9ea0c99716395d95979ec8885fddc
SHA1337fe88dbc8d353d7cf63cb2899506fd7294c10c
SHA256e04ef38d1a0fdc33a7d6ee46fe497fa477fd1b447f6b82dfd455442212e63171
SHA5123e182e72ee28845909b91f263e5265a258871669f2386e12f2b72955232b4549a6f1631e932ebb086273f8b0266ca33f6f787f0c6ed36cdd97323554e3b7e89a
-
Filesize
3KB
MD544eb23bb755a71f6661f654bbd0eec6f
SHA1035e15c5cb698de79df3a05999a5dbe79123f28d
SHA256ed8c6b962d4e533005c02e97b1c3f136d3f02049450bb02811a1f28e813a8ca3
SHA51224976e8cdc614c133d9524055f44db0274cfde7ead21f7685197d13eb487cf1b2f623d391370c18a1210e34ec9926440d32c691bed5ef55506535eaa3b362a64
-
Filesize
3KB
MD5950a58f1a9e6b4acca23a2537340ea90
SHA17bf695bd9de182fe4f65ea760bc5e7335a9b2669
SHA256cab4c419db2e29856a1e83c2e0405e22a0bec5358b420fe7dbd6a72ba99cb138
SHA512bbd2a11ed74b83fea97e56e92d2bed7a80b72f0a295401b22a0be36a3ceacd25543234bf9e6e47b43419fc98b7990b577a3e142feee1c090b842b173e476fdf4
-
Filesize
6KB
MD53d438f7fa8fe3f6bd6f665626e16369a
SHA16fa7b5363356cd861e111c8d058b8317f3adee88
SHA2568eff9157abaf6648f564268d3e04c5d79c506fce596e0adba893f3c4f2f3b90b
SHA512cc94a09fc69e00d9eb0a7797a6588677e41125ab0a08021aa984fa55816bdf6d0286b1565cff7e84ee1d6f6111fb7f69dcc9d15fb2e0acbd6dbfb243b69f9456
-
Filesize
7KB
MD565ce86cfb8074652c490d3874fa2a7fb
SHA189d8de1173da1e3a62f7c9b90b8418eb6d01018a
SHA256d131309fa8a0c1ea68fdd3979b6793e88643781374b3df79bac856e231c33c9d
SHA5120ce0ad8cbf3e57ec528c9bd01b920320a7c24ae97f62546cbba5f232ddd4c40cc6786044e5b6d2f1f13270b3f0af27bb0b560e9dfea6906ae0bcff0e3a4d41e7
-
Filesize
3KB
MD584a22a4841b94fc9655b0cb2f7ab3816
SHA19c0afbb4cba8012671c827fe5d46f8a158971e0c
SHA256f4b9f59dd5bf8c0ccd0b8162dcf84863b30b88a453c705d13f2233a080a8a225
SHA512e509f03095741590b581b792a3ad721378afb60cdd71bbc6ade7b138e126275a59930008dade2cb9b712ea913167f4735605df777e10cbf7b145314c24532f7e
-
Filesize
535B
MD5c2bb62078380b6eef6617cc3f0959558
SHA1af859ed942245af67fc415413f7786f3a0093d20
SHA25689eca63cf949461db3aa1a445c59ac44e87d464399d8af5218abd34787134324
SHA51292ce95eee3a94270c94990c06441960272cae8633b63ac32b0cdf56bdc44a5342a994af447ea318dce76322b43c586cae1b4573d2258345409b3df6372e39031
-
Filesize
866B
MD52515304bbeb0f701bd7c59b538032309
SHA190120c767fca8115cffdf81627b2c6a88cd19af0
SHA2569670258df75f3f996ce1f31e4a17354116f23ce0e10d9ad69934eb69220d837f
SHA51209c27b8f33c0f16ebaa4e59ab4608ec652e58114412357d9a5ae1528b4c1ea1364adf51560089abef7eb0c5a43053d57c09f09840e3bfae339d5f17ba60b85df
-
Filesize
1KB
MD543ac5b1cb5c88ee8316f30473e5d6087
SHA1c8b8e054b8d26ae932c8b8674909778fd6d54fa3
SHA256cdb2e565f83694efe1e9b1ec15994032720eb5611554e9536b7be692a39575e6
SHA512a0deef30fc26c665ae602c6f85a8e478182d759204e7ab512d360254fbce9bc6a2cff0925c12c6ecf64d94a21961edba54fd5af4f420002e472f3e5ad0cdcf96
-
Filesize
1KB
MD5f63d922df4159d9810fb193728902237
SHA10abee066023b12ee5e06f3cefc0d2750749a7ec6
SHA256ed1c39a531767e91f5295d9f94a4181f3cdc8bccb6804f58ee45ca17d94cb89d
SHA512e8c88397b612c78fa469a95d7874091cac3a70a64f8c3333388ff975d73b09faf5f69571760a6fe3d09733c81218dac0bc07856646103205006711f6aa96e362
-
Filesize
1KB
MD5ca0fa72310a136965a8052c2800bc031
SHA1cf0e927bc93a5c1f5b60e169d2c7d1624035fb7c
SHA256056ec1f1feef37a50cc164f9f9740ea735dee3d648da8efbe48bbf4ed99277a7
SHA512d68f1ee7d9f9e3b5ebde791147b2a062d42e643b76cf86387518dd1c096d2c98b1b769619908cabc494ada8c4ac04a3b8ef1d2bdf09665f9eb7a8c14edb61d4c
-
Filesize
1KB
MD5608fb0d95820445e10337587e1097666
SHA1934c4f2cfa9d1f93e536be7597d93aba40a9bb9d
SHA2569a98eb35e437ca01f46083b403d975f4371d1e756c7d0b52d3a5b26e0973de05
SHA512ba77b72885ed6b62a1feac69931ffaaa3b248eb145c5f81f2ec7d7e2d1ad4e2f116446178c7b727ea84e86273926d4b59bddccbe0aeb26f405c46da9895e17a2
-
Filesize
1KB
MD563356e1476b39c91a9a7922fd97450cd
SHA11ec1255f3047449d9f3d1765300650494df0781d
SHA256857a93a3d5a96a4c9fdf76760d67b0da0e6889a1d6c83e018cb7a08abdd0e8ac
SHA512a4ade50a54722426066d9aeb79caf6dc30e421d785348a3473c22c7e8e69cc0c20c8788834c0a9c9af4d567d679da185ab82421f4666b84cd64b8d8aa6c88aba
-
Filesize
2KB
MD5259b65ccd179e993c4fddd4737d526ce
SHA131784359366829f7a7230b1e296c10baaf6fa538
SHA256cbb4845cca6d7644406c3367bdd3ef62af26d4dbf4b53f3fb3663539e529c1e9
SHA5126abaaf96b077bb3cf1682091ec2912e9334b2332986471fb221b6c94022096fb5017db71404cfff3b6195338544ce0660267f0192378fbcc1487686d2e8f0a78
-
Filesize
2KB
MD5b38520d88e9e7359f49fb5537178774c
SHA171d708f5951a808b8b3c032a3ec082b8380a13c4
SHA256548ac4f9153036f4621361d12acfaecea396902b7f05ff20edbc032c1ca2554e
SHA51231149ee265de51117f8ae79b41d84747140a611c2c380fc9ac6375659aa7650b634450fa23a426f49c7741ca011334588921286a4bebcc7bb188eebbf70e51d1
-
Filesize
1KB
MD5bc516043020363a315a3ee9be8d85f62
SHA14822969a62867f2d9f95465f74a1283a63299950
SHA2560230d567d0f306c4ba238f74fd2b9334fcf0b9493e00cce5ff10f88db2c03ac7
SHA512174a58ac01ad7b8211a5d85e4408dd5ca512ec834f67223b4194b05ec4b3bfcc9418c42064acfc56de90a26ed3d6c55983dd6533ec966f57078b8a8499c0112c
-
Filesize
1KB
MD5958c1e8d0457c2979b6d8a9cc580f910
SHA1facc8f2ab82369f12e3b0e519b184980e42e37e4
SHA2564881ebdfc43114a82bb51775d71d44397389b387fb9f53dbff141881c1ce5f20
SHA5127a3c21df80afa155a8cdac120f971c096d5c4b69389c56c482f5cd8b4de0ce3a89a2d84b901313910b60880c28c1a153309ad67356b74c8b3fecf4d46a6d8f72
-
Filesize
1KB
MD568ac88c308af9a2f5923eb5779e80e9b
SHA1ab2d1ba9f1ff489b55f9514946e3805566d6f79b
SHA256d61acfe6f09283dcfb8c671baa41641cd26934589d34f561457a928fc07685fd
SHA512a41fb28b8b4e6bf0cb7e4b4e241a5f6406f33edab1d15f59849a312ab0e61a547b770f20b6c2b92afea1889a68c3ba4b2894e2b465d691f88f9d5d16527da7b6
-
Filesize
1KB
MD5a601c5a235bd7ddc87008ce541bb8709
SHA12548403f0f6d68257d31b5f16360c033aa05ea89
SHA256e1cee5258a7c19343df175bba6086f9dccfb4d31e0991dd19aa261bea7306571
SHA5127348d64026045c68e8926c5a032ca0031a53b74ac87efe10ffe29a7dfdb04f2f963d48b6e9155fbbb78ecc25f9e74bdbef21ad37d8cf939cc3c67525aaf2cccd
-
Filesize
2KB
MD583dfe4aed4fb8c05ea52cd763c4dbffd
SHA17d4775ad49bcff65231f77c8757cc3dde24b400a
SHA2561aa1b719413d189636234e0111508a7f8c12e8ebf50c13e074b2f659d85d8fe1
SHA512a6ca3fd8d86ce46e5a4490558f347568b0dfc90f4f5f048f431e233b344c58228abcf1641fdd0501aaada0b61f432672539cf1e05952e9567683aba96997eb8d
-
Filesize
1KB
MD565b6047a6deb00623da7c8990d7bddc8
SHA1c07610d33024e76ca4cab2971bfbc631b017df7d
SHA2563f886e87ec6922cb55e7431e2f1b3ebcaf5cfbf69068b33075b6d04141edd1ff
SHA51286b6cf24efaf4321d46ae193776a9bf2ebf36a8977fc2f85ad9cc3f793b6d3ec051515e77952398531c592269e79b410b5beabd05453de920e82228c95505f0d
-
Filesize
5KB
MD575a3c8293a48a3d372f9fc90cf68b8d1
SHA118fbf5e3bfb13419379ff5f7acbf75351681c136
SHA256b3fe0c62afbc159f8bb1cf4052ffbcaf3f3605aa6dc79c3ac5f14c1944c05343
SHA512d3d6e330bb26006887d0aaf3f10a4b27f3cd625b3c5c9e73d8d99265323e5653d4b3a9ea86607b4f02a3ea8e227a47b559dd327be51f572960a162d0cf54c387
-
Filesize
6KB
MD54dfc22a8531a8b7b02f5da51ddd1cedb
SHA192241040fab8a22d80f09c6d25a6d9ce0128d0c6
SHA256833b5d164501c0ba58a96b38fdec1681b0e22d61871762ff57268af72eae24b0
SHA5126847c0a9c45bbf5cfd387e9cc4af0cf87452c962670360d07915de4b3d5182bd4bd536887e46fdaa3f41010bc9bfca4f10d93968290ceaf62720b1c7a1429a34
-
Filesize
7KB
MD5b790cdb55c7f5d0fc2aeda9351e6a16c
SHA1ffb70000b8e6ec2f491a34cb1fef886204f7d8b3
SHA25663ae0ab190e451bb9e12115303c42ed9d0901535e520d1df2d520e9a3d37d71f
SHA5129c16768ae597999a6f7200a7bd591c26ac34cdadacd94b57846beff99e66662bcc17666a27e00705fe375f1c73c1b5b11ec21341776cea5e4dda6b5a56d59e08
-
Filesize
6KB
MD59892196b1b28d279e698fc699848152c
SHA10f3cbc626500574fde8490b05bcdd27262691c05
SHA256845cc593830242d0d03763ea293ca140cd65272feb72d4194c86d2a069e95d36
SHA512a880c952860b551111179e5979358280dd8d57a2b59bb6fd1b53da8968a6bd3384b11f6fe635e63a23c3206a26d84e6b818f8ba0f80ded5dba9ea4473c809712
-
Filesize
6KB
MD5e0c7f0cbfa3c4b5573a41584369949cd
SHA13f9a3421ae59be3b96d47aea9009f84a54b5c61b
SHA256b6d23207f50da7818bcb3387edcfc3ae71a8c5cc1126c298c37dec6627f5a8ec
SHA512b3a3bdeb998dbf3e33c0497abd987724e5a86a8198646e9a6f5509a8865734568f2d284518cc4f7dfcb48dc8f159ce1169bc380164e656bcdb4171f926efb855
-
Filesize
6KB
MD59af890fbf7a41397e50d40262b9f786d
SHA139f00308337f430ebbd41cccadb9bb82f3287a1a
SHA2560ee59b5a58d0da506b7f9e84bd8176859be4ddaa74f72866b4b6667f48907474
SHA512d8ad4110d92e973f496799c2c1e512e6b325499721daaa05bcedb5630ed0e96a56815f6400936bb40d427e126f810c02080cbb137112dd678ac3d457d9995657
-
Filesize
7KB
MD545fbc4619f04dd828cdf791762c0200e
SHA1ec94f30db110ed572c198d726737304328825416
SHA2562ec6aa03c14427ca6095f29688a660dc563ce43091cad63d85fd63d23f97bc7b
SHA512ddc47e20d2943e0adcfeb4cdaa291c465ebf1fe2f986c629bf2bf5016d775de35027a63b37e8251390bdd0eeb279045ebc177ea44843086292d7322f0ed6af82
-
Filesize
6KB
MD586497ad154e7943c07170ed85fbf05b3
SHA135f36f7daee0cf9e467246008c0b4f8109d3d636
SHA256a233e87f766cc425b7a92bbcebd7ba85dd305f3f6f1669ffbaa023da84dc621e
SHA51226cce1fa919593286d00085ce990d6230df65df875b98a058f47ec619a377dca3b52c80d2b4a281a62692f3060e774210a23db38ba7f6fcfa06534558ac6e6e7
-
Filesize
6KB
MD5b524aab2ef4b7d8b59647fb650210c49
SHA1484f0a61dc2c74a906a118fce6c9a781669f860c
SHA256633de2f9d3d06672a68788d3d104d03146e156339e006aed46b34301727460e7
SHA51242d9b297b1149750d1501a4249b0989095167e2c7768f2a5b712ee951f035cb8654b6b5f80f421fc78f64b0af7fb6eba99db9ad2fb200f075053d32914578f76
-
Filesize
6KB
MD51ffb5944a38363ffd84a0ae8c2db18db
SHA1b8055b8bbb69ba9e1cad3293baf656b4ed625a49
SHA2568d37aa9132205af786d50074dfbe00980199a04d3a1717b1752ad5eb1e3631db
SHA51292bb2c371b49e4e222ba4c3d402fc8f07c0628765760a0e6cc13fa1e6b0473f4cae8df884f73910084fd8d34c2a02ad9e0b44a630289600e932c6203e0e430f5
-
Filesize
6KB
MD58bb983e83b88f9c2707ea16691634624
SHA1e69905c12220fe5c0ccb375ab252d03293ed6090
SHA25665a7a72fa68997983c6bcd805e069e0146f4cd514cd0137507764bfae69df94c
SHA5122a319e7bd116344d0fa3e65f558bb4d42d8681d4a5e2d098b340db0be3ab3842bce1b6495cc2635a0272c53147adabd35ee0c39d944c8f83b4af8d6e4fe1f1ab
-
Filesize
12KB
MD566b18a3dec1fad2d4074d7aa29db8085
SHA1c78ed7667f72d98ef532aae453be9a6b6102013b
SHA2565cce1934a4c14935cc17316534f371137c63d2ca4ebfe65fa05def4854c3f73e
SHA5129dd83d5faa6f874b387095be8654e1dec10093cd6052e9d16df59ae53ed2f7141581f5c8f0ce9bf27232b17f2d9c1d838cbebfe7a75f2abb5a09fb363157d105
-
Filesize
270KB
MD57ea6142b5585d9054de1b5b56d9b05a8
SHA1b7902fe7faf9b2fa0d466b1d6e0a0353129ea050
SHA256b137a91ea1aecdb02103a8c578cb1d3a576bd3256d43f21dfdb52226db37076a
SHA5122ed29d6166c7b2772110a13d95912c831883694535200e7e63274cb8110815614c55c8d8e19a22884db672269432ba3420379bc57d564dbb1817353a8e149fe6
-
Filesize
270KB
MD5fdfd42ce7828b96ab6ea6f00332bd4f8
SHA12555dc6c6f6bafbe7ada2484e3141ef33e19f521
SHA25605a2038a9e7f56863d71b82b10868c03e0c4e8cf743e67dd7423ae1f0486ccf6
SHA51291672b03e52a7c578faa13fbd47d18eb667df7496f1379e094e6594d78162f4b8a0ed83b157f4d988b3bcebc30c38e249a178279e8d4a0aed1883773fb335791
-
Filesize
103KB
MD5269bbab95bfca8d140a9ddc0c7c47d9b
SHA1e080c660c2c9c8f4e05b4983d4cf700840bbd9f9
SHA25631fa62672617cafd3a8dec089b49dca44e17b7e0c4a4db244156b2cf1badc1e3
SHA512d8d0f88e7342cf5e54fa526beca59f251b6d480390c351857ae0d442a79c506a0736d0bed40ad0b9438df38b803633de4e83335c89f8a540fd00ffa0c2ae132f
-
Filesize
93KB
MD5d19f31ea602df88d3105067f3b097cd2
SHA16dfab990246b2c7a1ab50a037eb65da02f3132a0
SHA25634d08151f755d5dee6ecc18fe703d9650c126653d6aa42b618b1be7136a227ad
SHA5126b18238ddaf60e1ebd50c61c8057746d59c6d35062d147540dd63e03158d82897d4ba8c02c1dec246b000f330e8b88940c83aa0caf219b0d7fac1d13b59f22cd
-
Filesize
108KB
MD5fa6c55c7bb6d2b257bccc16156876617
SHA19673c7f9109c7412b706bc388c7a24943b55dc86
SHA25643a433bb34444587ea1f7a103203ab76b1be4ee90f21342be0f5a15998c8f1f2
SHA51207a62129deda87841bf39045baea2f955495af68c9a159e56ae9f383d7570b5e3fc1d09d67ce5e5c9557e52da1c4781d16146bdfc194915f16198c7dcd89635b
-
Filesize
108KB
MD55f8f4905a025f88acbade33e8a157f45
SHA1e5be961623c10f19659820dc4c68f2debf4c2927
SHA2566dfcbccde2b9fb32193620d416c1fd5e121f013d85385f6563e41ea595da0984
SHA51236213b46bc34bf3a82ef03294dc9729e79ee19c3bfa670c44056d95fc1b391b374c7a6c13a8a2afb823c348b3bb6a651a7aab3854ad08bb2c3e9f3c851f9f28f
-
Filesize
92KB
MD521f9c4c5ee2293ece65aae393d8487d9
SHA1869b0eb1288fb4a80c8526a1188fedf9aac02e15
SHA2564e45c99f768218c9714a734142045f073f7ac4954084093108d090f0981dc47f
SHA512c0b17552b0d2c2b0c9e3b7f01986fbb35117a740915ad900f5f16c421971bdb7b1f8f32ee5b020c66c570513bc4457dcdd1c86d8afe7cdd82058974e8010e5f6
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
404B
MD5d8d0680264ccc60ca92dab023af1eec4
SHA1e0d88ce791e725a3d67470ca9a12f357cb9c2b94
SHA2563227676cd677b92683ea764a323710a2f4cd3361315714031faecd71ea5acebe
SHA5122b31966bc91bf0e299fd1492700b11ea072e860f672212a2b6bc6d8dfe19783499d4347127507636fb8fb8acfdfcc8beafd926ea943178bcc0cffd8fb34c9693
-
Filesize
16B
MD58ebcc5ca5ac09a09376801ecdd6f3792
SHA181187142b138e0245d5d0bc511f7c46c30df3e14
SHA256619e246fc0ac11320ff9e322a979948d949494b0c18217f4d794e1b398818880
SHA512cec50bfc6ad2f57f16da99459f40f2d424c6d5691685fa1053284f46c8c8c8a975d7bcb1f3521c4f3fbdc310cf4714e29404aa23be6021e2e267c97b090dc650
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Caches\{03BA58C4-B905-4D30-88C9-B63C603DA134}.3.ver0x0000000000000001.db.fun
Filesize403KB
MD59f80011985a18a1a4df829c5d259feaa
SHA16f63f43c341af7741d4172ea7a96ef8cdc741867
SHA256a4d756b10f1de4be8d6f7469dadaf26846490de85b6d63aa3473b2488be7a5af
SHA5128b0a378658fe4642e4f569dd12734876c1b258b4ff7c1bc16221ce3199b9921084a7df261e4b05f157956b29c95c97fef422fe8d0d0f9558e33031ae1de84a67
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\activity-stream.discovery_stream.json.tmp
Filesize24KB
MD5858e682aad76d3a0e82ca870c4a865ad
SHA18fcde91b70b5645d3aab64536f22bee1341df882
SHA256082d3b5d89c2b82755851b39ff18ba60be9847f9ffde1ff1dedaf385e962dba7
SHA5129aaf2e90cd47ceabaf76990da10d794a5d4b270c290ad48e8a60fab136c995ec27cf30f451c2d0a5097ad4b4d63cca19da8d330273417a029066266b4f4b1bba
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\066FDF01653F3FD7A81FC6A9F57B2D11D3C85237
Filesize13KB
MD54d6c2100049135e22fe4d98c4679edc9
SHA10dbc4c0be25e16f9a8594dfc0e0680dccbc24376
SHA256dcee78dd4dbcfdc8226e980c7685b94179d82da5d3c8bee1dfc8b83f8a053f18
SHA51223004dee380c4db47c6102bd4ffd11f615a2e4e4011513bcab37951b2339f815578a3e8f05fb3295d0202b1f133ca8b7c064793e8c9be72dc5c27294d7123144
-
Filesize
8KB
MD5f22599af9343cac74a6c5412104d748c
SHA1e2ac4c57fa38f9d99f3d38c2f6582b4334331df5
SHA25636537e56d60910ab6aa548e64ca4adafdcabde9d60739013993e12ba061dfd65
SHA5125c8afc025e1d8342d93b7842dc7ef22eca61085857a80a08ba9b3f156ee3b814606bb32bc244bd525a7913e7915bdf3a86771d39577f4a1176ade04dc381c6d4
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\db\data.safe.bin
Filesize491B
MD5508ccfd83776ac936b18e13d5a577532
SHA14d3aba9f80bc28f774e6a6442371102e57c5d054
SHA256d03ca6c9d0f6443181a038405296be0b8996efe3fe38351a97114f7b1b77063e
SHA5127ca2274495ba6919405b58c5598a903a735633fcf039d53d3f9b2e12b49f42fb81898e33cdf1ad9b4db378fdccb7dd6df56ba50e1875f5fc324db9d58a7355ff
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\deletion_request\022f20ae-4d93-46ca-987b-0c0737713860
Filesize515B
MD54694e9286f033575b33cee5afcc0f746
SHA1e5579cdd715dd0776778dcb08eb1cbf6ed3594aa
SHA256cf3fe83755c2ac2c56b00b05a74c139b42027f14cf1e1c711a09393994d529ee
SHA512169f49bec1b923f6f45b0d8ea132653d8d354f994d3fb0bdbdb36a09857d50e3bc080d4e0e08628b38c75bf7327ff61b768cacb512959534974e58f91a87c3be
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\extensions.json.tmp
Filesize42KB
MD5aedbda35be5e6decffbeafd0fa7e6233
SHA1af2dbb1a406727210a82ace24d9ddbb58964bcf5
SHA2562e836858743c453660e586d92d6372eff10d46720935ff63a6c74e1134e44d6b
SHA51235074a1151b85c62009a0f90c8c408b2f9d9e4406238b0cba75c1ac1aefd46542cbb1d326e36ab0e1c8540faae333d717cb41bab0a66ce01ad93c7c934bc2bd8
-
Filesize
5KB
MD58ac1129fa5800dff471b300b6d6dac93
SHA1482f2047d876379318b0d33c670c985bb85c1d5d
SHA256e985e3c29374732e798636d720778f4f2df094a89197b3901192680ced1996f3
SHA512e844671c8945baa535baea534bb6a5780c96247d6dad4a0a2e031e55bef0d862d819ce05d45b93b0fbd7ab64512696d63a8f6d7393741a79a9963426e6e7a348
-
Filesize
6KB
MD5af357adbf24acae02c8e5a0d788519e6
SHA1d02d63e68b2e831b28d2e29ceec203e23f58f6c0
SHA256fc23cf75a13936c415598964f8fd1f1a828d47d79fed3d983b375acf177d6429
SHA512fb16139b9f145c15204f5e3fa5126858514f912b68f8411a88d902345cf77d58c13a2894d82252564c5919ba8f4fd5051a363a8f593a295d92f96366406d2d98
-
Filesize
2KB
MD5e75b0bda06a4b9158f81b20548348360
SHA19aa1869779d4f0fb73c3cdbf44e231b8e04fe3ea
SHA25666cc6f7667cd7a970b69d7433c38188832666b3d8254723f5e2c245453fb76b1
SHA51278cb2f278e433f5dcd9d52e36b0b888902fb8320d3842585f630faef4234888e2c57a4751f91d75ec94c5ebf727b4937166da08129ae69266b2064be755e0b0f
-
Filesize
6KB
MD5ffc952bd7d7ed826e967811d460b6607
SHA1d7b3a1c8f9e78784b1ee0e57ed918d975f77f34b
SHA2567e08e3fd1aad287e8962a2af4d092e5d1e39cbd24a9a31bb18309528fd9d2e46
SHA51244f9da476fb3c7d9dba96932235e57ae0d30888d0eac5b434cb2292d11d603115a69f3694f20a8e4dbae0630fc3e76cf85f6b96ab9b538d8d0996480e96c8cfe
-
Filesize
280B
MD541d220d4783f67d2b57beec20c135229
SHA16e97765e77920b6010fac2cb4abf1e3cea106541
SHA2565d1881e74d76b95bad59439bb5c7676258a4ae6b6d853074e93b5247cf1715dc
SHA512dc30ddc4c8cfe598de5e24bc88cebbe4256fbb21a0b1db6c2ec15311053e7d8be6a93a0bcfcfd8a02543f8b9cf9b15a5840154b272a2df71d59d7dfd80984ac0
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionCheckpoints.json
Filesize259B
MD5700fe59d2eb10b8cd28525fcc46bc0cc
SHA1339badf0e1eba5332bff317d7cf8a41d5860390d
SHA2564f5d849bdf4a5eeeb5da8836589e064e31c8e94129d4e55b1c69a6f98fb9f9ea
SHA5123fa1b3fd4277d5900140e013b1035cb4c72065afcc6b6a8595b43101cfe7d09e75554a877e4a01bb80b0d7a58cdcfe553c4a9ef308c5695c5e77cb0ea99bada4
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore.jsonlz4
Filesize926B
MD57cba8fffe9bdb8b860103dd7e8408ae2
SHA19884b3434a1ee6343622599683f55c1c914aceca
SHA256df5f88bf739f95d61d9b8a055f4f8e7e420222cd31132ee10343e6d3e46ac9d9
SHA5123926d6de2b626c4d8b83c637c6a5cad98bac37c1737baa129aa4735a010c05ebdf87df3c256ef365fa9ea7303cbda67358b20e4bc7e1c4dad0a426cc3ec687f2
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
Filesize248KB
MD52e9b07daf7d45c48f7de8426efe358ab
SHA1058027228aedc8935d011ee797f513b2bd7ecc66
SHA256bfcbff84d0be038b36a8fc32d1339f4a47e2ec202ca1006ec019e42794813ff4
SHA51223e21d961c3fbe3aa0635b88498ea7d1b8145274aa4cc2068d2e63549659fdf8010645aa62c560b8dd1ded4fd166f10f51dc251e1c45abf069bb4c41a4349120
-
Filesize
1.0MB
MD5f94d1f4e2ce6c7cc81961361aab8a144
SHA188189db0691667653fe1522c6b5673bf75aa44aa
SHA256610a52c340ebaff31093c5ef0d76032ac2acdc81a3431e68b244bf42905fd70a
SHA5127b7cf9a782549e75f87b8c62d091369b47c1b22c9a10dcf4a5d9f2db9a879ed3969316292d3944f95aeb67f34ae6dc6bbe2ae5ca497be3a25741a2aa204e66ad
-
Filesize
1.1MB
MD56884a35803f2e795fa4b121f636332b4
SHA1527bfbf4436f9cce804152200c4808365e6ba8f9
SHA256cf01329c0463865422caa595de325e5fe3f7fba44aabebaae11a6adfeb78b91c
SHA512262732a9203e2f3593d45a9b26a1a03cc185a20cf28fad3505e257b960664983d2e4f2b19b9ff743015310bf593810bd049eb03d0fd8912a6d54de739742de60
-
Filesize
1.2MB
MD551250dabf7df7832640e4a680676cb46
SHA174ba41bb17af6e5638171f7a6d9d49e978d8d3b3
SHA2567fa2bf61405ac573a21334e34bf713dcb5d1fc0c72674e6cebc48d33a4a14d44
SHA51243f898d7e5752312a79138dcce94c117a20fb6efd9e522fc1ed3cc2d407d13cacf5b6f810c7c1966c4c03217aeb51fce641feb31b26620ff239756132b17f57a