Analysis
-
max time kernel
744s -
max time network
500s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
16-05-2024 07:57
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://github.com/LeechxSys/Jigsawsource
Resource
win10v2004-20240426-en
General
-
Target
https://github.com/LeechxSys/Jigsawsource
Malware Config
Signatures
-
Jigsaw Ransomware
Ransomware family first created in 2016. Named based on wallpaper set after infection in the early versions.
-
Renames multiple (3783) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation JigsawRansomware.exe -
Executes dropped EXE 2 IoCs
pid Process 5988 JigsawRansomware.exe 3284 drpbx.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\firefox.exe = "C:\\Users\\Admin\\AppData\\Roaming\\Frfx\\firefox.exe" JigsawRansomware.exe -
Drops file in System32 directory 11 IoCs
description ioc Process File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk svchost.exe File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.log svchost.exe File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat svchost.exe File created C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat svchost.exe File created C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.jfm svchost.exe File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jcp svchost.exe File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jtx svchost.exe File created C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSStmp.log svchost.exe File created C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00001.jrs svchost.exe File created C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00002.jrs svchost.exe File created C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk svchost.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification C:\Program Files\Microsoft Office\root\rsod\onenote.x-none.msi.16.x-none.tree.dat drpbx.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themeless\action_poster.jpg drpbx.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\fr-ma\ui-strings.js.fun drpbx.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-96_contrast-black.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\5.png drpbx.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png drpbx.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\nb-no\ui-strings.js drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNotePageWideTile.scale-100.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailSplashLogo.scale-150.png drpbx.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\move.svg.fun drpbx.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxMailAppList.targetsize-16.png drpbx.exe File opened for modification C:\Program Files\7-Zip\Lang\ku-ckb.txt drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\Weather_LogoSmall.targetsize-24.png drpbx.exe File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] drpbx.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\ui-strings.js.fun drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\FileExtension.targetsize-256.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\OutlookMailLargeTile.scale-100.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\stickers\word_art\sticker32.png drpbx.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\sl_get.svg drpbx.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\hr-hr\ui-strings.js drpbx.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\sk-sk\ui-strings.js.fun drpbx.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\nb-no\ui-strings.js.fun drpbx.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\AttachmentPlaceholder-Dark.png drpbx.exe File created C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgeCalls.c.fun drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Lighting\Dark\CottonCandy.png drpbx.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\uk-ua\ui-strings.js.fun drpbx.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxA-Advanced-Light.scale-200.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-30_altform-lightunplated.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Sticker_DogEar.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\GetStartedSplash.scale-200_contrast-white.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\OrientationControlFrontIndicator.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\OutlookMailLargeTile.scale-400.png drpbx.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\requests\status.xml drpbx.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\adobe_spinner.gif.fun drpbx.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\selector.js drpbx.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\pt-br\ui-strings.js drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\TinyTile.scale-100_contrast-black.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\manifests\BuiltinAddCustomTags.xml drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\FileAssociation\FileAssociation.targetsize-20.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-16_contrast-white.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\Images\Ratings\Yelp7.scale-125.png drpbx.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\tr-tr\ui-strings.js.fun drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteNotebookSmallTile.scale-150.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-white\LargeLogo.scale-100_contrast-white.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\MapsAppList.targetsize-16.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Work\contrast-white\MedTile.scale-100.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-30.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNotePageLargeTile.scale-200.png drpbx.exe File created C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\MLModels\autofill_labeling_features.txt.fun drpbx.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\over-arrow-navigation.svg.fun drpbx.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\core_icons_retina.png.fun drpbx.exe File created C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_GB\List.txt.fun drpbx.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\de-de\ui-strings.js drpbx.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarWideTile.scale-100.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\AppPackageSplashScreen.scale-125_contrast-white.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\MapsAppList.targetsize-36_altform-unplated.png drpbx.exe File created C:\Program Files\Microsoft Office\root\Templates\1033\EssentialReport.dotx.fun drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.contrast-white_targetsize-60.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\RTL\contrast-black\SmallTile.scale-200.png drpbx.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\ro-ro\ui-strings.js.fun drpbx.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxA-Outlook.scale-250.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\Shield.targetsize-44_contrast-white.png drpbx.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Dial\Tolerance.png drpbx.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A taskmgr.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName taskmgr.exe -
Enumerates system info in registry 2 TTPs 6 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Modifies registry class 15 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\cs_auto_file\shell\open\command\ = "%SystemRoot%\\system32\\NOTEPAD.EXE %1" OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\薝⺪㤀踀 OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\cs_auto_file\shell\edit OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\cs_auto_file OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\cs_auto_file\shell\edit\command OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings mspaint.exe Key created \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings OpenWith.exe Set value (str) \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\薝⺪㤀踀\ = "cs_auto_file" OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\cs_auto_file\shell\open OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\cs_auto_file\shell\open\command OpenWith.exe Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3906287020-2915474608-1755617787-1000\{7CCD8209-3255-4ABF-A7E4-93C3E7BBCB92} msedge.exe Key created \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\.cs OpenWith.exe Set value (str) \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\.cs\ = "cs_auto_file" OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\cs_auto_file\shell OpenWith.exe Set value (str) \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\cs_auto_file\shell\edit\command\ = "%SystemRoot%\\system32\\NOTEPAD.EXE %1" OpenWith.exe -
Suspicious behavior: EnumeratesProcesses 57 IoCs
pid Process 2616 msedge.exe 2616 msedge.exe 3948 msedge.exe 3948 msedge.exe 1176 identity_helper.exe 1176 identity_helper.exe 4540 msedge.exe 4540 msedge.exe 3548 mspaint.exe 3548 mspaint.exe 4812 msedge.exe 4812 msedge.exe 5836 msedge.exe 5836 msedge.exe 5836 msedge.exe 4280 identity_helper.exe 4280 identity_helper.exe 692 msedge.exe 692 msedge.exe 4900 msedge.exe 4900 msedge.exe 4900 msedge.exe 4900 msedge.exe 1628 taskmgr.exe 1628 taskmgr.exe 1628 taskmgr.exe 1628 taskmgr.exe 1628 taskmgr.exe 1628 taskmgr.exe 1628 taskmgr.exe 1628 taskmgr.exe 1628 taskmgr.exe 1628 taskmgr.exe 1628 taskmgr.exe 1628 taskmgr.exe 1628 taskmgr.exe 1628 taskmgr.exe 1628 taskmgr.exe 1628 taskmgr.exe 1628 taskmgr.exe 1628 taskmgr.exe 1628 taskmgr.exe 1628 taskmgr.exe 1628 taskmgr.exe 1628 taskmgr.exe 1628 taskmgr.exe 1628 taskmgr.exe 1628 taskmgr.exe 1628 taskmgr.exe 1628 taskmgr.exe 1628 taskmgr.exe 1628 taskmgr.exe 1628 taskmgr.exe 1628 taskmgr.exe 1628 taskmgr.exe 1628 taskmgr.exe 1628 taskmgr.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 6028 OpenWith.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs
pid Process 3948 msedge.exe 3948 msedge.exe 3948 msedge.exe 5836 msedge.exe 5836 msedge.exe 5836 msedge.exe 5836 msedge.exe 5836 msedge.exe 5836 msedge.exe 5836 msedge.exe 5836 msedge.exe 5836 msedge.exe 5836 msedge.exe 5836 msedge.exe -
Suspicious use of AdjustPrivilegeToken 11 IoCs
description pid Process Token: SeRestorePrivilege 6140 7zG.exe Token: 35 6140 7zG.exe Token: SeSecurityPrivilege 6140 7zG.exe Token: SeSecurityPrivilege 6140 7zG.exe Token: SeDebugPrivilege 1628 taskmgr.exe Token: SeSystemProfilePrivilege 1628 taskmgr.exe Token: SeCreateGlobalPrivilege 1628 taskmgr.exe Token: SeSecurityPrivilege 1628 taskmgr.exe Token: SeTakeOwnershipPrivilege 1628 taskmgr.exe Token: 33 1628 taskmgr.exe Token: SeIncBasePriorityPrivilege 1628 taskmgr.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 3948 msedge.exe 3948 msedge.exe 3948 msedge.exe 3948 msedge.exe 3948 msedge.exe 3948 msedge.exe 3948 msedge.exe 3948 msedge.exe 3948 msedge.exe 3948 msedge.exe 3948 msedge.exe 3948 msedge.exe 3948 msedge.exe 3948 msedge.exe 3948 msedge.exe 3948 msedge.exe 3948 msedge.exe 3948 msedge.exe 3948 msedge.exe 3948 msedge.exe 3948 msedge.exe 3948 msedge.exe 3948 msedge.exe 3948 msedge.exe 3948 msedge.exe 3948 msedge.exe 3948 msedge.exe 3948 msedge.exe 3948 msedge.exe 3948 msedge.exe 3948 msedge.exe 3948 msedge.exe 3948 msedge.exe 3948 msedge.exe 3948 msedge.exe 3948 msedge.exe 6140 7zG.exe 5836 msedge.exe 5836 msedge.exe 5836 msedge.exe 5836 msedge.exe 5836 msedge.exe 5836 msedge.exe 5836 msedge.exe 5836 msedge.exe 5836 msedge.exe 5836 msedge.exe 5836 msedge.exe 5836 msedge.exe 5836 msedge.exe 5836 msedge.exe 5836 msedge.exe 5836 msedge.exe 5836 msedge.exe 5836 msedge.exe 5836 msedge.exe 5836 msedge.exe 5836 msedge.exe 5836 msedge.exe 5836 msedge.exe 5836 msedge.exe 5836 msedge.exe 5700 NOTEPAD.EXE 5700 NOTEPAD.EXE -
Suspicious use of SendNotifyMessage 64 IoCs
pid Process 3948 msedge.exe 3948 msedge.exe 3948 msedge.exe 3948 msedge.exe 3948 msedge.exe 3948 msedge.exe 3948 msedge.exe 3948 msedge.exe 3948 msedge.exe 3948 msedge.exe 3948 msedge.exe 3948 msedge.exe 3948 msedge.exe 3948 msedge.exe 3948 msedge.exe 3948 msedge.exe 3948 msedge.exe 3948 msedge.exe 3948 msedge.exe 3948 msedge.exe 3948 msedge.exe 3948 msedge.exe 3948 msedge.exe 3948 msedge.exe 5836 msedge.exe 5836 msedge.exe 5836 msedge.exe 5836 msedge.exe 5836 msedge.exe 5836 msedge.exe 5836 msedge.exe 5836 msedge.exe 5836 msedge.exe 5836 msedge.exe 5836 msedge.exe 5836 msedge.exe 5836 msedge.exe 5836 msedge.exe 5836 msedge.exe 5836 msedge.exe 5836 msedge.exe 5836 msedge.exe 5836 msedge.exe 5836 msedge.exe 5836 msedge.exe 5836 msedge.exe 5836 msedge.exe 5836 msedge.exe 1628 taskmgr.exe 1628 taskmgr.exe 1628 taskmgr.exe 1628 taskmgr.exe 1628 taskmgr.exe 1628 taskmgr.exe 1628 taskmgr.exe 1628 taskmgr.exe 1628 taskmgr.exe 1628 taskmgr.exe 1628 taskmgr.exe 1628 taskmgr.exe 1628 taskmgr.exe 1628 taskmgr.exe 1628 taskmgr.exe 1628 taskmgr.exe -
Suspicious use of SetWindowsHookEx 31 IoCs
pid Process 3548 mspaint.exe 2032 OpenWith.exe 6028 OpenWith.exe 6028 OpenWith.exe 6028 OpenWith.exe 6028 OpenWith.exe 6028 OpenWith.exe 6028 OpenWith.exe 6028 OpenWith.exe 6028 OpenWith.exe 6028 OpenWith.exe 6028 OpenWith.exe 6028 OpenWith.exe 6028 OpenWith.exe 6028 OpenWith.exe 6028 OpenWith.exe 6028 OpenWith.exe 6028 OpenWith.exe 6028 OpenWith.exe 6028 OpenWith.exe 6028 OpenWith.exe 6028 OpenWith.exe 6028 OpenWith.exe 6028 OpenWith.exe 6028 OpenWith.exe 6028 OpenWith.exe 6028 OpenWith.exe 6028 OpenWith.exe 6028 OpenWith.exe 6028 OpenWith.exe 6028 OpenWith.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3948 wrote to memory of 3012 3948 msedge.exe 84 PID 3948 wrote to memory of 3012 3948 msedge.exe 84 PID 3948 wrote to memory of 2112 3948 msedge.exe 85 PID 3948 wrote to memory of 2112 3948 msedge.exe 85 PID 3948 wrote to memory of 2112 3948 msedge.exe 85 PID 3948 wrote to memory of 2112 3948 msedge.exe 85 PID 3948 wrote to memory of 2112 3948 msedge.exe 85 PID 3948 wrote to memory of 2112 3948 msedge.exe 85 PID 3948 wrote to memory of 2112 3948 msedge.exe 85 PID 3948 wrote to memory of 2112 3948 msedge.exe 85 PID 3948 wrote to memory of 2112 3948 msedge.exe 85 PID 3948 wrote to memory of 2112 3948 msedge.exe 85 PID 3948 wrote to memory of 2112 3948 msedge.exe 85 PID 3948 wrote to memory of 2112 3948 msedge.exe 85 PID 3948 wrote to memory of 2112 3948 msedge.exe 85 PID 3948 wrote to memory of 2112 3948 msedge.exe 85 PID 3948 wrote to memory of 2112 3948 msedge.exe 85 PID 3948 wrote to memory of 2112 3948 msedge.exe 85 PID 3948 wrote to memory of 2112 3948 msedge.exe 85 PID 3948 wrote to memory of 2112 3948 msedge.exe 85 PID 3948 wrote to memory of 2112 3948 msedge.exe 85 PID 3948 wrote to memory of 2112 3948 msedge.exe 85 PID 3948 wrote to memory of 2112 3948 msedge.exe 85 PID 3948 wrote to memory of 2112 3948 msedge.exe 85 PID 3948 wrote to memory of 2112 3948 msedge.exe 85 PID 3948 wrote to memory of 2112 3948 msedge.exe 85 PID 3948 wrote to memory of 2112 3948 msedge.exe 85 PID 3948 wrote to memory of 2112 3948 msedge.exe 85 PID 3948 wrote to memory of 2112 3948 msedge.exe 85 PID 3948 wrote to memory of 2112 3948 msedge.exe 85 PID 3948 wrote to memory of 2112 3948 msedge.exe 85 PID 3948 wrote to memory of 2112 3948 msedge.exe 85 PID 3948 wrote to memory of 2112 3948 msedge.exe 85 PID 3948 wrote to memory of 2112 3948 msedge.exe 85 PID 3948 wrote to memory of 2112 3948 msedge.exe 85 PID 3948 wrote to memory of 2112 3948 msedge.exe 85 PID 3948 wrote to memory of 2112 3948 msedge.exe 85 PID 3948 wrote to memory of 2112 3948 msedge.exe 85 PID 3948 wrote to memory of 2112 3948 msedge.exe 85 PID 3948 wrote to memory of 2112 3948 msedge.exe 85 PID 3948 wrote to memory of 2112 3948 msedge.exe 85 PID 3948 wrote to memory of 2112 3948 msedge.exe 85 PID 3948 wrote to memory of 2616 3948 msedge.exe 86 PID 3948 wrote to memory of 2616 3948 msedge.exe 86 PID 3948 wrote to memory of 5024 3948 msedge.exe 87 PID 3948 wrote to memory of 5024 3948 msedge.exe 87 PID 3948 wrote to memory of 5024 3948 msedge.exe 87 PID 3948 wrote to memory of 5024 3948 msedge.exe 87 PID 3948 wrote to memory of 5024 3948 msedge.exe 87 PID 3948 wrote to memory of 5024 3948 msedge.exe 87 PID 3948 wrote to memory of 5024 3948 msedge.exe 87 PID 3948 wrote to memory of 5024 3948 msedge.exe 87 PID 3948 wrote to memory of 5024 3948 msedge.exe 87 PID 3948 wrote to memory of 5024 3948 msedge.exe 87 PID 3948 wrote to memory of 5024 3948 msedge.exe 87 PID 3948 wrote to memory of 5024 3948 msedge.exe 87 PID 3948 wrote to memory of 5024 3948 msedge.exe 87 PID 3948 wrote to memory of 5024 3948 msedge.exe 87 PID 3948 wrote to memory of 5024 3948 msedge.exe 87 PID 3948 wrote to memory of 5024 3948 msedge.exe 87 PID 3948 wrote to memory of 5024 3948 msedge.exe 87 PID 3948 wrote to memory of 5024 3948 msedge.exe 87 PID 3948 wrote to memory of 5024 3948 msedge.exe 87 PID 3948 wrote to memory of 5024 3948 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/LeechxSys/Jigsawsource1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3948 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8426246f8,0x7ff842624708,0x7ff8426247182⤵PID:3012
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,3354141077191785397,11445813517117625303,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:22⤵PID:2112
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,3354141077191785397,11445813517117625303,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2616
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,3354141077191785397,11445813517117625303,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:82⤵PID:5024
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3354141077191785397,11445813517117625303,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:12⤵PID:952
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3354141077191785397,11445813517117625303,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:12⤵PID:5052
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,3354141077191785397,11445813517117625303,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5432 /prefetch:82⤵PID:3076
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,3354141077191785397,11445813517117625303,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5432 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1176
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2108,3354141077191785397,11445813517117625303,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5148 /prefetch:82⤵PID:1852
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3354141077191785397,11445813517117625303,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:12⤵PID:4232
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2108,3354141077191785397,11445813517117625303,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5584 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4540
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2580
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3728
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:6080
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Jigsawsource-master\Jigsawsource-master\JigsawRansomware\" -ad -an -ai#7zMap19277:174:7zEvent300561⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:6140
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Jigsawsource-master\Jigsawsource-master\JigsawRansomware\JigsawRansomware\JigsawRansomware\Resources\ExtensionsToEncrypt.txt1⤵PID:1740
-
C:\Windows\system32\mspaint.exe"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Downloads\Jigsawsource-master\Jigsawsource-master\JigsawRansomware\JigsawRansomware\JigsawRansomware\Resources\Jigsaw.jpg" /ForceBootstrapPaint3D1⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:3548
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s DsSvc1⤵
- Drops file in System32 directory
PID:2224
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Suspicious use of SetWindowsHookEx
PID:2032
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Jigsawsource-master\Jigsawsource-master\JigsawRansomware\JigsawRansomware\JigsawRansomware\Resources\vanityAddresses.txt1⤵PID:1224
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:6028 -
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Jigsawsource-master\Jigsawsource-master\JigsawRansomware\JigsawRansomware\JigsawRansomware\Config.cs2⤵PID:3692
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5836 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8426246f8,0x7ff842624708,0x7ff8426247182⤵PID:1844
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,12679478013169450386,226368067566739351,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:22⤵PID:8
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,12679478013169450386,226368067566739351,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2416 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4812
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,12679478013169450386,226368067566739351,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2956 /prefetch:82⤵PID:4584
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,12679478013169450386,226368067566739351,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:12⤵PID:3236
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,12679478013169450386,226368067566739351,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:12⤵PID:2628
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,12679478013169450386,226368067566739351,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:12⤵PID:1096
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,12679478013169450386,226368067566739351,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4412 /prefetch:12⤵PID:1780
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,12679478013169450386,226368067566739351,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5452 /prefetch:82⤵PID:6128
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,12679478013169450386,226368067566739351,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5452 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4280
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,12679478013169450386,226368067566739351,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3580 /prefetch:12⤵PID:3008
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,12679478013169450386,226368067566739351,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:12⤵PID:4256
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2092,12679478013169450386,226368067566739351,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3540 /prefetch:82⤵PID:5504
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2092,12679478013169450386,226368067566739351,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5272 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:692
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,12679478013169450386,226368067566739351,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:12⤵PID:544
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,12679478013169450386,226368067566739351,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:12⤵PID:2364
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,12679478013169450386,226368067566739351,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:12⤵PID:1516
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,12679478013169450386,226368067566739351,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2692 /prefetch:12⤵PID:5408
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,12679478013169450386,226368067566739351,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:12⤵PID:5416
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2092,12679478013169450386,226368067566739351,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5324 /prefetch:82⤵PID:2212
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,12679478013169450386,226368067566739351,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4240 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4900
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4308
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3912
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Jigsawsource-master\Jigsawsource-master\JigsawRansomware\JigsawRansomware\JigsawRansomware\FormBackground.cs1⤵PID:2980
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Jigsawsource-master\Jigsawsource-master\JigsawRansomware\JigsawRansomware\JigsawRansomware\FormBackground.Designer.cs1⤵PID:5252
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Jigsawsource-master\Jigsawsource-master\JigsawRansomware\JigsawRansomware\JigsawRansomware\FormGame.cs1⤵
- Suspicious use of FindShellTrayWindow
PID:5700
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Jigsawsource-master\Jigsawsource-master\JigsawRansomware\JigsawRansomware\JigsawRansomware\obj\Release\JigsawRansomware.csproj.FileListAbsolute.txt1⤵PID:3300
-
C:\Users\Admin\Desktop\JigsawRansomware.exe"C:\Users\Admin\Desktop\JigsawRansomware.exe"1⤵
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
PID:5988 -
C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe"C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe" C:\Users\Admin\Desktop\JigsawRansomware.exe2⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:3284
-
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
PID:1628
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_remove_18.svg.fun
Filesize720B
MD561947d0907c945a6df0f1d86b894e4c7
SHA1fd488589b551ef61957bc329d1a10a4dd20481db
SHA256cfa663ff1da533b46726d1761848a327ff515ee7dd4bb395a9430f6cbc568bdd
SHA512296a37e91d1fbce5e951413e09b240db31eef5ff88ce783a506cb40151dfc394465e0ba617f8d2ce4310a1432b969d88873e74905012b65492cdccd11a874981
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons.png.fun
Filesize7KB
MD5a842db7ac1990b29e2c453d22188eafc
SHA1562adae12978c15a03c541c86a930d306d1a3618
SHA256577aceff95acfa55f729b8c56d5a5848d55d76ac0664b7ad4e32f1ffbc6729f3
SHA51221639cb95779a49f24fa1fc74e2c26eba8040800b2f3fcba8815b41a915cb7710d2d528d00fb9d3acce8a74ce155a83e0f1b24fd7f4614934405d10211a19554
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons_ie8.gif.fun
Filesize7KB
MD5f13b68445c6a611c58b69d0663adcd41
SHA1f4405939a8ce9d73be0b9e95bc694c0e3187d4f5
SHA256dfa70d2305ea3cc4ceedf503877087e358697aba61f28e6afe310af68dddfcee
SHA512c2e8e3fda0588bf6bf8385c654a245a597ba146e5877943db63d0f2177833de3a1e0f6118d318071f07a2c0a107001bfeac901119e036b15ebf5dfa6b7795f28
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons_retina.png.fun
Filesize15KB
MD5c8fc25207f8ceecd9227242be2efbac3
SHA146f774b5a0f7cbd381d4434ce8e50de84c3c0c12
SHA256bab54850e29f9ebc93b283187ef71904745c380cf99f7b2fa75de22a59ed3d97
SHA5128ebfe4584beb21ad2a82da8ad799aebb00e52b5c819775f4df6dbf6dd2435f45514cbb15747baaea6018d476f43ea2c7ba66f6103b551ccf55ae3642167bc653
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\new_icons.png.fun
Filesize8KB
MD5b5d8672c3a1c0c03ea94ed8e7545b730
SHA195dc280bb5e13b9979952cc20f30f6830f184901
SHA256fca20ec5c665941480e92223fc4719aac0b3235a7f115d2574d7129e7e6ee348
SHA512de8da4e24416eda326404a717e77a8d810aa6f995c5fd545c9da1ef8cb47fa9786628d3ac3273f165167e4ea4f63532303f07518c85f8198adbfd89f0342f7c3
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\new_icons_retina.png.fun
Filesize17KB
MD5ce629e483860631759ed4b212ade9bfb
SHA1f5b4a74fcd8a4c203febcbcf808d2581959ab442
SHA2565091a8ca0d8b0b72af4059110ad2197a423e2ddf8c8cc15e6a7f468c3fb2a78e
SHA512d530e96e76b674605c4cf5ec30288ad4ea93399021ba88d68961cee3b158aed0e56729925a025ab355a888dda8d668780723aa3decfdebbeabfb6d5109504b42
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon.png.fun
Filesize448B
MD5cab6c8585046fdcc0b2600cef0cb22aa
SHA12b0ce8b6523310938dceeec9fb9c9d864acc2f6b
SHA256628b2ec6f6336318df443543de6a8a1d16e3b3400753e75a54e7a68cac604720
SHA5128a88ceb9ec69d8f3cb6ac5965d7498fecb83e9c64f18d96c385ffffd9eae8fcebdc382c8a2c4b4b45581995fd1bc77e0afb0d3c568a6ce2907543092b3e6f992
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_2x.png.fun
Filesize624B
MD5363b1b98d976980f0af736f587e99651
SHA14c9dbdd0523152e757c445a0495cb0572306b5f9
SHA256bb70106809438ed5d550b69ae3d5119ecb46c75f7d8e0dddddd18e2967df73d0
SHA512ca1c0b3690e7c9ce985a7f6ff2af321685d365d5ce61d700d2d17afd231cce067c01372faf43e2634414e3e6aa0c1ebdcadbdcab7c46eab759d6e4e584030e7a
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover.png.fun
Filesize400B
MD5296b9b5580cc931820d1a1e62c29c41a
SHA1484d786dc7196520072ec4a4952ec96d88ed6e26
SHA256a36df9606a73c204e04696b1930d23c3581d33876d2b1510c9d324996186247c
SHA51258e4b6c8014c9413540733003a2075c74ce9170bfdcfc27db79b795616988d91f58b7f3234183850a24a6b38ef2b4befdc61bae828a0d50bb79e729e51e458ca
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover_2x.png.fun
Filesize560B
MD5355f9c4064151c7089fbe1126af0cb77
SHA1b138c3b0563efc29dc3ed24180dcd46cec5819b4
SHA2560d8584a9d9fbf7c7b0b54f69b308da3204281c93aa1bf2f83c02e129c73a987e
SHA512cc39d40c5058cee42fd451210b64def65499a5e2abe1475426aa88b65305e3b0a7572b7a0de15756ab68660d899bfd0c28fb62c2b6920c98d0a7e1896e292905
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon.png.fun
Filesize400B
MD5b9928ad5ffa158894354df8b8ff6b23f
SHA1e228563a9873a502801dda31c3d33be880080251
SHA256e1a2e7cd9fe8586b95860da7c13d7b9407797ab253573c24fe423c8bc4485cf7
SHA512d18f4fe5500a0cd70092f22f414895782cb8f3f3040c627a21ddafb1295faa146bf158e8b71ed4741f53c096b13d24d1046f7c6d6753fe0fe9a72b496f1093a6
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png.fun
Filesize560B
MD52e7765187796a13a10d805e0ee978a6a
SHA1c7a8e4989068703a552b2cfe13e2411a621114f2
SHA256cf050c014f972d74e2e9ef5aab5dab5ca46fb1344d07539aa4071305f51d2b9e
SHA51273fd7b93efc84fb8a7c63eca4b51c85a33c85db58c2e98161bb2045ad06fc60479a0cf672346a0fd9ee30ed4cd28e565310921315180400cab56561ce0f9ed40
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png.fun
Filesize400B
MD5d86ab3c169ebf736f5109312a9ce1c27
SHA1513eacceed79aeba7c7ef521759d65e73edb368b
SHA256aca7c25306834d60e990bbff5a59d35171811a4cd764cd6f19ed7f3d60678a6c
SHA512ae27bd93e06be3c9e392ad9ed852e5b06828ab298a7e91ea58411b04cc7997858f6d3e891212a044dde51307f9cf759fb18e90c6d3afa7e78ed8f404116ec0c4
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png.fun
Filesize560B
MD5ba92eb229413a4997d609cb7c32a262b
SHA17e3d458cb15bdd2b4dfb48cd636b915f1e216d69
SHA256307ed4b76842f00b9b5ccbdfee3dbe845027badaf9fefa0f270ffdb37d053195
SHA5124d532be35dbee30672cc2734717c827cc1ba3e9961fe5068bc21b0826edfceaabbf9e8511ed60b03522fa8f02f3c028c5c815727628a29217a8a843200ae3925
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\example_icons.png.fun
Filesize688B
MD579928359f473ca412b6619daa126ea4a
SHA155d1f1d741b2327b2853a26b9c55712460ab6433
SHA25626bc3338fa8e8f825c0e8fef85c572df98afa06dfd09dcbf6be0be93a0e7644e
SHA5126e976147cec5201ed7d9543db2b335d007dc159f571e7df373d4efd28625255c53e47d76e21ff514de08887b15995111ba68ae0b047678d5c64387465729e52e
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\example_icons2x.png.fun
Filesize1KB
MD527c2ae5ec13d9be007de8f3bd3577b19
SHA10b4fb7f92ed8c9a72bb48a2b6ff4dd0eeac45f5c
SHA2569bc2e43816cd6586b50b94902b7beac1291a4123b9ca38fa2f3cb6bf647cb9a8
SHA512832d67e486247748c3eafff6c9c0b3a039203c349c31677d26361e0f66c1e0e1e671f637be9c6dc22687b7ec77cd3ac4bc1a2d7eeac3e67204b79dfc2f664e4d
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\bg_pattern_RHP.png.fun
Filesize192B
MD5840221d27a09a3080a93c1f4bb265f5e
SHA16ed12d47df1500f7ad56ce0e3e43fa803dc040c0
SHA2569999fa3e8b7b136d9688bc0bb42a144fab43263998c28850facdcf0def8d6360
SHA512cc4afa07c610dba58ac80779196edaf2a745c733bcbb3b1a581ddf36c0a3f4e79a70e93ee448074d3f06f25362919140288ba59e71fc21a89ba46688434db7d7
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\bg_patterns_header.png.fun
Filesize704B
MD5a967c33396482152971c0a3dd54053a2
SHA12d8cf663746ad928d0ebfcf87af685988f540aca
SHA256107c2a1239238755e33ce29ef7b000935ede80dc9fdf544182d01e5c330a5a6e
SHA51263e990a4d044c2414571481e6fd40bf30d1bc59c009b6b497eef062c9b2b3443005caf0dd014055d2da08e2f7e8a12d7c324f6c63430b1bfd95d14088c9b7162
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\illustrations.png.fun
Filesize8KB
MD5a48c79d6485aa84f70909e0deac5afc6
SHA15885dd3d8553862554312632d40b04ecc583e09e
SHA25602f138096bc96757a83a6b42e855007d6f4fd1c8390c220fb5f428219253d573
SHA5123615eba5102df9ad4bc8aafa4c43ad3a43afb617f49607789c8a6c0fb80d0fc4f5a625ba27600b5e7f6ef302dfdedee3022d61ae202dfa6c319762befc31ca46
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\illustrations_retina.png.fun
Filesize19KB
MD5a5b25141ae69df8e8627814bc7da55e7
SHA1862ab0471f3d3415ded16e77f2542f84023fe8ad
SHA256bc2276d83723961e25e621e4400a2aadefb95f1e38642ba2fd8c4e7f83dda6a1
SHA512b9b0b0c3e5bf9026e684ef38ee576aab142ccb9a19759834d30771df121a0f87167d298bfda2d341055c1949e203102e88d5195a53ab96eb18ec2c6e70d614cc
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-gb\ui-strings.js.fun
Filesize832B
MD5f9d942430d103eb14bb89a8b06dd354c
SHA128c8f183fc1c03eb2f69dfc662c0d47f25dceb9c
SHA25630f745264662bb65ea8e073548faa9cbb594394fe6bb8f238fd463cd4b19a16b
SHA51251994cfee07ebe1f030eb609f5d70c42b15f7f4d7a7e7e82c44682048b405ccc52cc33aed16ac21ac189d378eb93db093e32c50ece0d1c6bb5687fa1451ffea5
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ui-strings.js.fun
Filesize1KB
MD5254e6e1f919c82e7e6386148f4fd8b85
SHA14b16f83c625875047f0e397bd22c318e3dc401f5
SHA2566fd7ad452179754ac6fe6ee17a1e9ca7277173e23096153ab776cb5c572f19f5
SHA512b9d8f88e89da06a98685ef2dab1f85115defd342d09527fcdf81712b000800fa1350db0ba085e2fc9df29ba0da394346a9d2c68395a3f9509d525e155d986ca4
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ui-strings.js.fun
Filesize1KB
MD5c8df49bb4bbdc9da2bcab074f61beb09
SHA17bec3ca11d7533d9853d2a9a6ba2dfeb7d8201a8
SHA256ef67108356c94c9c8826ab0a667fb88add02381715a352f9be62ee92ad781647
SHA51253b472bdc116931819173f7385d23a8becfce39f63fcd451962bc3c6d0e117fc5f2e7ae6dac3297bf778bb35b06d5d514c10dc882ed3a5d958f8f5cdd979a213
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\bun.png.fun
Filesize2KB
MD55a7c257c74c8c7d5352b57cde2f0b55c
SHA1ef9cac32cb1329bef6857173abee2fff4cac3ac6
SHA256b2a557b40c73eb81ca22b167c4a6ac1f43622c59b2d85e5f43119769c6d6b6f5
SHA512031764f3fb1194d778a84a294df4e0509ba00e50ddefe3a6cf7a655f48219cc38e53f5c47a56646d6ea63275ed56d19328c7b82f14e717a688d6181093764928
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview.png.fun
Filesize2KB
MD52ac07813a74d6adaa3e44db55e899e09
SHA1a0447b0b95d442c2d770987b1e007826cdae98a2
SHA256b770a96d153a9e662d5a586e571ba9687a0995b9dccf3f50afdb5dba8da465d9
SHA512940e4a99d233d99b1b342c4a8d032ce70f66ef0134d57b3c13f1cdde780453e32f54f442fe9255cfe73cc9e478f72f707a383a156aa924a95ffbd3cfc840a94c
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview2x.png.fun
Filesize4KB
MD52613b34bca30302406bbfa57c93b6c0f
SHA104a4e32759eb78be5d4397916bc9e51090fa4333
SHA25653bbcb949a287d7ac25e7a31d671cd9eb11ac609f7344a38aaa5c2f165dc4093
SHA5124c170f25c9d3238cc6572ff5522495effab28c7e0047a44eaba8939d2da46950ff9f8f1329b923d82b0b8a3e28de735dd41ebaf83711eb20b2fa52ba82f23855
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small.png.fun
Filesize304B
MD5e4e7837a4f0c71864f2ed00e23aae8e0
SHA1c35796c887fb94fc2112caf3921ba504570dde1e
SHA256e69aa05159c50cb7dc9083dcd34a21f811aa80ca24e67eda8fca86c244d9a483
SHA512296817bbf0f9faafa16577edb105f560be7a27ded19370efbbe9e14657fca5c202d3f19d0f001de5d9119fdef304e099bafda922135f679b487afe05e36d4fbb
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small2x.png.fun
Filesize400B
MD530c5fafcb889cfdfef7a7373c623221b
SHA1e4a12b7ef07ca5780ebe205201be538a34fc6154
SHA256b2bf549220418c47e80507084b43eeccd85c0a43f4da74de6858fc96dd3020af
SHA5124a621fa79335711dab7dbde3bf0fd30979b15c2f48eff9b867a0cde99ddc67a97d612ea0472db9903c5cb5555800907b8a183cf499f55d186a42fe0ad6fb023b
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\nub.png.fun
Filesize1008B
MD53c501b84ed7912d164470fb2024d29ba
SHA1f54ec8a32fe7a67acfcbd48e789c0b5d2c0b6816
SHA256d1ba5eb730cc20b906290b76d64d2697896cc25ab4d782588f98c62c9b7ea1bc
SHA512cf9adc56a6685c7f5131d703238752700cfe9b32133ee38f6e828b658dbd64af9732509a47abee3958c5cc22f3685f10cc27a1d5d76f7459b99498310fb6cdb9
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons.png.fun
Filesize1KB
MD5242c795c3e07e4f7e1db97121e007727
SHA1c0704070f2026d817b82f71878e334be06bab551
SHA2562ab2f7f6b540d3bcab915e7626db8db6ed71736ba7da94ce2ca4366d440cd822
SHA5128b990d5a35b324ebbd5ee6d6d88d74e783e211f3c778162dfdf1577e2d3c6cc32693117fbfd1175ad34d7bb46e05504e8ccdcdc116a6895eee31f50d583289cb
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons2x.png.fun
Filesize2KB
MD5a06ee81cc9009bcac3c9a5af0dab2b1d
SHA1b95ada870dd0ebfd4058b6710076d750186ca151
SHA256c82b8a9a8fa45f93bc000a754e07e9922fc1788f9d54bcdd0b4c6869145c613e
SHA512b4271b58a89b37e2c48584778eeb08668e2d32026f98990fb017215e854a7006184f09149e478bd95a5b15027e308b61982f5a2275b998174bdf281736edece8
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\nl-nl\ui-strings.js.fun
Filesize848B
MD5fe2afee9fcdf2d43940944ebd1145480
SHA1986b8b7ce80ec8b8e223f95b508532e69cd49c05
SHA256116b7fbce50c3c08cc73efca3439106f4f2e00012794fbad81ebff4598066a42
SHA512b66aec41ffabc4d1566b2316de80efe3528d2ad5dd8b0030d1a127d58c0f9257c8b76ca7c301199e92213eb35f1d557a85062dc8c432e5c554590f0a91d2ceaf
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.fun
Filesize32KB
MD5aec7bd7c96948d97d13c7df53988e89c
SHA17b906b88009e7509324ae92dc8a32ae4fb38626c
SHA25615fcb7c77cf60f287e9c81ec8053a9cdd1aa8bc0413734e8a1499a9de635c6d0
SHA51227d12f825c16d1d5349f53a23d57f71eb8d4534a1ae4af2c4eead9cda09a4440dadc518a8887a3ea818494cb6319fc82ab8147cdb85958e9b344400b7d6b2803
-
Filesize
160B
MD5000e8c41d4a15fb34d0be0dbb56e3778
SHA100c4eae64ee6239d7c65d819c6ce1ac329224f8c
SHA2568bdfa6a5b7de345cf0d4fe0e9c17d8b0e9db26d58b05b1b2ebbb3a05a068ff28
SHA512775d832eb8ab73e4a93789917dca69edb6c91fbb426e02acf7c6e213ffb4575776187209d1c471fbf57c4621ea3c23d9850f6dfc2770d62c17de9d66710800af
-
Filesize
60KB
MD5237bc384a15ba17a4f575b17029c9005
SHA126b26f6f4fda65e3a6e576b28b6da52ffa0dd3d3
SHA256211f358cd55058fc0ddae8e6607d387ba44b6f3c8f510bcf292103eab958a41a
SHA512fd985aed11525fb9953e5e28c71ff93f7fb7fc75d2c826ee7a060401267e23563a828756f199509379bf28fe63ab514cd524f862370a7a66e59ba793c3b62a67
-
Filesize
152B
MD5ae54e9db2e89f2c54da8cc0bfcbd26bd
SHA1a88af6c673609ecbc51a1a60dfbc8577830d2b5d
SHA2565009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af
SHA512e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998
-
Filesize
152B
MD5f53207a5ca2ef5c7e976cbb3cb26d870
SHA149a8cc44f53da77bb3dfb36fc7676ed54675db43
SHA25619ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23
SHA512be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499
-
Filesize
152B
MD5627d1cef9b0c0be277b50d93c6a6fc59
SHA17c36284a46b7b279b80aa57baa5139789e2a1a0b
SHA256c134980da269f503ed2644b9b4c21a71a703941641148496b06ec2ca1e085693
SHA512cba61a20c3ea1085992c5a98dbfebf9fdc7cf6e406cbca9dc6ad997c210e136ec918385d07396d9f7ed732b61ee18e070f828a25b9f846c7c2fb240a6e792db6
-
Filesize
152B
MD5ed8ffd060507259835f776ded216f54c
SHA1e9179310bba1a998b7c2dc31a62a925903d677e6
SHA2569211e535f90f588a54e4d9e1933a0040d93b7b84b8c3631c700f390548abba5b
SHA512a40aea2f09adf1ffbb0b629c4582fbb84f2e1c7f80fb34d00c8f8659a28c6956086cf8041e85e2219a3c8bef4a2028db119ee431717bb4f1c7dc75ae108a5924
-
Filesize
44KB
MD593fc3dcc843dbd9bc08ed1cfe5c5c99b
SHA1535a8513b951dae4619e45cd112c0ad03447a46f
SHA2563422587be8a8ad134e70c9e68e0525bc36e63e65a1f40772a266e8b8f74c53b0
SHA5123445165f66632143e3bd2f84ad8ca2dc0502b4b254e718a3b54b4e4f4f7ceba8ff8b32e22af625f920c4049880dc21228e476054ddcd2f2777261ef951a085ed
-
Filesize
264KB
MD5d3e181e1cfd138edb9cc2766d0cf6e0b
SHA1d70b844c91cddbf7509dcbd5650f556f5f101a67
SHA25684a872ba4b82541578530db985f3135740b2c316f2b4e4c03d8e39ec364aeead
SHA51282603c7be7bd80969ad776377090cb657148fb71a43b22dca8abc267c245a2edef19dfb5149eac275c8d18f7cb6402af27bebe95dc2562948c68714577fc0586
-
Filesize
1.0MB
MD5179ba4932dd7f92fe43f26033fc4846d
SHA1ccd81d4ad7a838695bbeb58f5da67425322b9a6c
SHA256f53d269ac679196ad3886393a74befcbdd9f445634afa438c6af54dd23493b80
SHA512cf056ea53d52cbb7b545e0bd0225e4892718e704212b837f103bbd3177784d8a8069ba1a5bf7962f6d8224766f3c73e742d0d469af7bd68830065b321eb17e04
-
Filesize
4.0MB
MD5eb137c7fa3a34b2a925b3f3f5d81e6e1
SHA1afebe4c73a35990cac0fccb4f84d9ef91db66dd4
SHA256952aea3c44ee71574598aea8da99f63b77a72654e1e633bb68a5a1540934bad4
SHA512778f2d5837979bd12a7afd937721c37031be1ddab1391e199abb7c620b4f69448eba23ce854897d48bdf918c0e8d776099b16f93fccab73d2b42582e1b495470
-
Filesize
63KB
MD55d0e354e98734f75eee79829eb7b9039
SHA186ffc126d8b7473568a4bb04d49021959a892b3a
SHA2561cf8ae1c13406a2b4fc81dae6e30f6ea6a8a72566222d2ffe9e85b7e3676b97e
SHA5124475f576a2cdaac1ebdec9e0a94f3098e2bc84b9a2a1da004c67e73597dd61acfbb88c94d0d39a655732c77565b7cc06880c78a97307cb3aac5abf16dd14ec79
-
Filesize
69KB
MD5c0b23ab60efb763d27f9f92b50b6728f
SHA1259f669d1089469b1485ab4c07942c8f32431267
SHA256c066161623da6821af1d38fb2fc8b5026e89caf02416be88d9543d1a0d337f1f
SHA5120a43c9a501a2b462b19abca689815b4a8ddab19b1abef51072f86686fe6c20f555b9d4edc62cc41d3dff6f364269507a75da6d43ec11eec129d28a44857bb717
-
Filesize
40KB
MD56d8a66867b2943d52fd3840f9debe1f2
SHA1ca2cd3ee1f427b00eb699520f299e525727f5a56
SHA2568e909258c469c0f65eef036954551e98efeea05651909622b3584a09a8930192
SHA512a0f9c2e6fc481e3b1fd564a2365ee72a3f1dfc91c5206e72c799b0b0f407edbd12c37c0977d3ea2692ab3c6e6aceb340d53c28452ab3026d8a2138d0e8835d32
-
Filesize
64KB
MD52923c306256864061a11e426841fc44a
SHA1d9bb657845d502acd69a15a66f9e667ce9b68351
SHA2565bc3f12e012e1a39ac69afba923768b758089461ccea0b8391f682d91c0ed2fa
SHA512f2614f699ac296ee1f81e32955c97d2c13177714dbd424e7f5f7de0d8869dd799d13c64929386ac9c942325456d26c4876a09341d17d7c9af4f80695d259cfea
-
Filesize
19KB
MD5635efe262aec3acfb8be08b7baf97a3d
SHA1232b8fe0965aea5c65605b78c3ba286cefb2f43f
SHA2568a4492d1d9ca694d384d89fa61cf1df2b04583c64762783313029ae405cbfa06
SHA512d4b21b43b67697f1c391147691d8229d429082c389411167386f5c94e3a798f26c2457adf6d06caec446106e0f0aa16d895bfc4e8a1ff9e9c21a51173a923e3d
-
Filesize
88KB
MD577e89b1c954303a8aa65ae10e18c1b51
SHA1e2b15a0d930dcc11f0b38c95b1e68d1ca8334d73
SHA256069a7cc0309c5d6fc99259d5d5a8e41926996bbae11dc8631a7303a0c2d8c953
SHA5125780d3532af970f3942eecf731a43f04b0d2bdb9c0f1a262dbd1c3980bcc82fe6d2126236ad33c48ea5434d376de2214d84a9a2ccec46a0671886fe0aa5e5597
-
Filesize
1.2MB
MD5ff7a93af5265c96d53494d9484916f26
SHA19a076816a8de58f4804639511f7a86d864b3dd9a
SHA256acf8de7b2820c6e91f1076f81047e1aa0a34f8131877681d94185f7cdc505c72
SHA512f18a9bb676a072e128b126d96f4806727db4eae7e95259a20a3f63714170cb59c393e1387d7631c3ceaf39d408f31207df0363b0becd2315cd6d24dc0ac95b3b
-
Filesize
32KB
MD5f7c0e32a054c3cd01031b0fd27754927
SHA1107441264051a9079929ed661a901f9601386586
SHA256928e8a9bb9407148b2ee34c6a1884647afcb19664dd04c88e73cfdf05e24819d
SHA5122f0c49d25b7e88b56ca378931f23b35d09c5d4bee54aec92212dc36563b1fe7bd99533557d6b11ea8170c52b5790c755350eb499d0ea965028dda5ab982bd834
-
Filesize
74KB
MD5773647c3c088ffd8e3f2d6381df83b24
SHA178dfbfc2c596cfc908277167e146270927bc3dbd
SHA256fd3212ee53caae486cb2674aab45c1c93fc69fcce9c3b5d5983a0640ea6cacb3
SHA51214f0da16e695c6fe94e066468637ca332788e473518753f2595ad26fabd97fa22a9f4735a655f0f1dd3872cd6ad4afeca38b560ebbdc0bd3193fa317892d9eed
-
Filesize
18KB
MD521768267e5883b8a744eab23bf965093
SHA149b7dbf68f0b440fc7a7050045946bc8910e2c00
SHA25643af0c69c1dd3bed073bf425ddf857db5b41385f806de1d34991e8f5abefddec
SHA512e92007d5482ac3f165e8ce8626cb1fe7c27aee1753ccbf2b479b7544ce88f25c5e8e7c69c29027b555d53f67987a8972d951e81ef274c60d7c3bc9fc53d95466
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize4KB
MD505a3e00fa3364a1efebcd5c60cb6d972
SHA1e98c7cc4e6222a5fb4fcec969d669414fe9df6d5
SHA256aba2d06068646dd41417465a1bdc68082dcee66b0660af3cd06e36f3942d88ef
SHA5128101e4b7df1acaf24ffe44ca8c594eccbc3daa7692f943090e17f1a9be327d7fc07b49f9eb53a9bd22a712dd37101407a198d3157714d81387cda905a5de4fbd
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD5b3a295547727209697ba7fa96a21940b
SHA1d20cc78f3e5c96ec2457254987992f767ed5f108
SHA2563ab6cd1474541fb28b2b6f67684373983cade3dfb9f96390c69b15b96dbee2a8
SHA5121c17aefaf1913769b539a9a38c1b516eb4c63daa1416de1f08801c4b0d08b4f30c7d2a611583c2826bf15e1483e1cc18652799b044785a3f1a3121f38b3510b7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize4KB
MD5272e6e699e78ad47a06941c6066aaade
SHA125d7b57c3c5e812aede80060f6fcd7a4076da921
SHA2567acd45005e19fda118ea3db4e6bddb6ebc58f20b4ff84b4e83802d30b886429b
SHA512caa1f298b6cc528dc8664a8cb31406d45c1cdeafd6f5b6e2f878bf7249d18b2de3040cc40a168de3901678c0a9c919bb688ef6d568ce8eb1be8af8d0120f8f42
-
Filesize
20KB
MD590e8630bdc4b5dcb59c5cea37e756ccc
SHA167c2c437af6c6d7255d787c2cd13b3035005139e
SHA2562607eeaf5551f45c47cb1cb40c0f0121841e03c7f74781ade1de40f2ecdd4905
SHA5121cb9e3b1f1d32a1c716158e8044964ecda66fb67f4dca9d8f0ee3b1dd8c72898d3b0fd5b8d4ffb4e935153b891b1dacd330bb2ff46579b33979452706f2fef9e
-
Filesize
319B
MD5d25d8f64a9dbcb9a504c4a4f8c128cf8
SHA154a5e92d5a5702348618e5a7f02f001b9995154d
SHA256ee9a9b5118404b3699c3fcfb964acb8740412795e7bfd50169084fd722cc287c
SHA512c18ff35ae0b9f972a70b32e74a6c10123e7b45c1db415c2acef057ed898eeded8a0d08a7e8f844cd43af5e9d178cb59a799fd135f477ce3dbeda1f401d3648e1
-
Filesize
20KB
MD53a2f39295e492e3ff901bde5b5460f83
SHA1d5ef3291f0ffb8fa344563383fb7b3b291b23e9a
SHA256906d325aed24c8785cd2bbe186e0767a4cf7c8c3804ad72cf79904427839d6d1
SHA5124093a7ac38f72d4343d606d9bcef125660f05923a4c6860dff82bfc57d8820e72b0f6534799b7e5c5a90932d1561b2d521bb40a3629464683dbacd1d6e61c484
-
Filesize
264KB
MD594d4202d37590fa5de008d69dc1e5f8d
SHA133f10cdd4b48a42b837990c14d7bc4f3384a1120
SHA2563c5d73e60ac8f3a2b72cc5fa9b2479dde2be1b3b84c0bcdf700f6f6b5386fb19
SHA512d473e0693119594a9fc25fb0e4f03d8882b5ccf6a13411f1c9ac3c497b64c9ba29ea118f87b5e723ddef7f196713b1a0fe245e226d115714e0fe9805ca2b1fc8
-
Filesize
124KB
MD5f82df2ae1fd6c1ad3d45bf1e75e23b50
SHA102fa23055f336944b8c8e98638f0143110ba4436
SHA256d4a6f6f05c31047ccd7ebd0780fd7a6cfadcd47041806b9f9fd126bd085b52bd
SHA512a6b77a538f64d980812e9672d8d99bced17b353fb1679b468f3d3574a5f3732fe64a68aef55273b550e7ca9f71a051bc7a5321c06f34e145ea1753f2d4ce04f5
-
Filesize
743B
MD5ffff991f0800e44858198e83c6fdb5b0
SHA194f0bc961d6bd6533c1834823b8c2f0f2e0da02d
SHA256b9f764ad0c542fa2204c32ba896099a4ca8cf762d81aca5c33195fbcffc0325c
SHA512b957d2633e82d03f99bf79b4421481bb1f91028380aebf79d95d7409704e430d77f251c13b111cc3d888cf8ef8edcf6d9a8a8c8c76a86e20db83f75453976431
-
Filesize
14KB
MD5092d92065e6e780813f37b2f5a048915
SHA1a5d57f484246294dc1e7dc713932d89f0f06375c
SHA256b043e269da42a65c8894d085d7ea00fe85859407c690a658977ba62435ffc225
SHA5125f4cd8c29bb9e9c72eac896c9c30f6ab84b1f60b540c25364a195be95283d95b4f3d4ec47d7a6cb73f19c27366f4bbaf614e626099f84bb0a43283027e3cf2b0
-
Filesize
331B
MD5e8362f2844107a2ffcddeca4c0208ddd
SHA1c5cf6f4dba66c8a65bbe8c35f15951d8ce137dc2
SHA2565aaaa7a82cc7ff182ac43043cb979e37eb3f73721eb140dae6d60f8672ef4fc8
SHA51202360ec2fc3180a9b5314d714ef8a87f097e32273905d9ed0959cd92617c32a67dec04c57cea0b74b4fe10ed52964de41c8241a69353c646036344cc07611c29
-
Filesize
573B
MD572d8b549c047805a5315df059bb1539a
SHA13df3770c14379441be3be79eac28f5a1344cdada
SHA256beb758c4229b5c555242bde07bb5e88edd0d43be725dd68c8a4f33e6eddf10f6
SHA5120bee533bd41e2226f9e971c9e4b75dee9d8d8ea545bc8a119d3a3c31bbea9f4c30b0ae3dcb58cfeca103ec4880171d2d63c676ac7a4a71b990e4a5ad376fe4fb
-
Filesize
1KB
MD50b35e59d4be0a81217171865ea171730
SHA1ed417c8c130ddf42878e280415d0ecb97ba267e1
SHA2561cb502c111624d5c710c8810fa95bfcb24ba7f53d88e675ff11cf0abc604c661
SHA5123c68aeafb084f7c279b07379329346e8ae2c51f52afa2b645d49b454c5ce95af882acd2331f5c29a232c2d2f3b9735b9f67d5758ad4cc09af92903cf93279cf8
-
Filesize
1KB
MD5b1c607619332df1a5e8e7857657556c2
SHA170435c9857d276b261c65230b59afc22a43374e8
SHA256bfcb39a895dfa7114594134ed7426a5dc3698d730f3f5671cca283057289bcc6
SHA51212955e74b499519522c8f3e670ccb9b9da5ccceca9a5f3c94f3e9e43b0f837d0a10579d8419f4bf89cbb27ae6e05f0d0c49d45dd69b45dec1fdbb70d9be3d689
-
Filesize
5KB
MD51d35b3d4114a25518393c85d06aa6185
SHA10afeb83c1baf301fcd84b24808a3b638bc8d97bd
SHA2565e6ac788259d95d73954cad0ae17a2deba532bc5c9cbb9ec1eed02946f684f06
SHA512708f200381985d7a94bfc779e131c1e9ddcad21977b699278cfc2dbed23e293653661b7fee6bc962009fec164a3a7d4369aa30672c2551f70546fe54f2e35a53
-
Filesize
6KB
MD51c662ecb80d1c43df02b3f1861b56f95
SHA1d912718e85bee043bf9574af46900dafd3722e16
SHA256b1bd45f80249595c4793db453baf148099bf674a4c2bde61729d780db70d36b5
SHA512a9467ea8e35e874da536370c2ffde51eaf9b64c1b07e98645a09e48d6c72d8ed4493aba0ba6f60704979536a61fb2fa366e93826d76523f7658e60fad5372495
-
Filesize
6KB
MD597b6bd78b859fc7bdf08625b08cd7b9f
SHA18cf9a94519746dcfe3cbaf2dceb73d7a91eee45e
SHA2561d112aec23605600c0393ceefd9c0773739c1dea9176b772e40b500560f975b1
SHA512c3677b1fbbfdcaf6b785c4c18c4201b37370ebb439322c3477dd9ab1c57764ce1836333b72ba4a8bb533255b8ebed6b69157800663ec3ee5684fb65f202e9c56
-
Filesize
6KB
MD56319d62fbd6fee46983d7f59cf6b9d9d
SHA1b1bc05e74e0f50f9da4a095f5d11df26bd260e03
SHA256a2ab65177c5697ac81f69db3b1499d77878241ad5b324e446d0df847b3dc2d8e
SHA512dedf32d9d939ef7ad9b5fbd324798b7eec7b49eb1e128f6d8f69e6f1a5a527a879aecdf0631fd80074baf639c9707f02fa0b3c3595e6243dab9fb1333503983a
-
Filesize
6KB
MD5a41df3a2ef0180998b4aba243f33b9bb
SHA10d7069f7d7fa01f97d78890860f316dc55caaa25
SHA256646934ff9d8791f9f53941a458880f756a003316a6136bdc83ca1170f8e157f1
SHA512fb42c48799ffda34907ea589e546852552cc52209c4e4339f814565ac34eac78ed6b6a77bfd4371ba9cc1eaf9d5ef1dddbcd49234d24ef3f41954aff945398ab
-
Filesize
7KB
MD5cbc27b19e908d3585f2193f7bfa9deae
SHA1ebef55eed145b822500b74f7f50813c3aecbf655
SHA25695f455d2d3363c5b046bc6df2b936d094ec49ef19a27adef83425217d6fbe2d7
SHA512655d1741bf2a3cdb567349cec56b8b05a446ed1f8f33086e0bdaffb97ad8658e51c12128fe36a79f5e93b573448c139543170b145ed8d715f410ecdf3c240807
-
Filesize
7KB
MD514a57feded6b5e4f778581f45b2aea9a
SHA14893dd0116de9b2ec46c367e2aa551658bbe6d0f
SHA256ec81145aa2d4c94d5c972f5e348b9f9ae0a1447cd6a2eed12805db925512fdac
SHA5126549bbcd386a31e10cf132f5fc7360f4a5334a2305c6d50a31b94a6d53544fd078e9c947724872f004435a812715d8acaff9f74dcbd1892f54bf27aef20cbb25
-
Filesize
7KB
MD5e7b5ffa8fed7c48336f50b61bee96768
SHA1ced972f60e965e7d9dba353e45e0ccb822875621
SHA256537f95627a92fa1e275af4adba34167e2888a8e778163ad7fd3f5daa2a3c8b87
SHA512cf7b09f131a9c7224b5bbe1ba28117cd59df0dfc22203bff17828374797adbd46f672ff004287e2d9d761d0435558ab85db14d08dec3c787ec3b5b09994b1b5f
-
Filesize
7KB
MD57703098b224d544bee95e648729ebe12
SHA10103944ea74155eadf3c74f0bf5a19eec95410b3
SHA2569a965172ce08c99cd2ae03a0f722e2d210feeac59e0b292373de4acc3aa70181
SHA512ef8c50f0d7c7651655a52917a8f93290f982c41066feffe1ae2ca92f8494e7f976d5329ab050a6ea673273361ac48b110b0db2ce980eeb3a40528733b93a3913
-
Filesize
33B
MD52b432fef211c69c745aca86de4f8e4ab
SHA14b92da8d4c0188cf2409500adcd2200444a82fcc
SHA25642b55d126d1e640b1ed7a6bdcb9a46c81df461fa7e131f4f8c7108c2c61c14de
SHA512948502de4dc89a7e9d2e1660451fcd0f44fd3816072924a44f145d821d0363233cc92a377dba3a0a9f849e3c17b1893070025c369c8120083a622d025fe1eacf
-
Filesize
396B
MD5b6bb206a224fae5b3144ca35211869c9
SHA1a2e10df993033279a2eeca91020addab4b8d7c9f
SHA2562111dee3907e5227ba9cb76ad6187ed27ad8eadf75b0d9a689f94093ab4f6a8a
SHA51254561304c9a13616419acadb85c6d0755b3ebe3a9e02afb9f8edba316decd248dee67823b8cdc3ab275b4bf7c49a33099bb2be5e3c31a21fa33b812ac5de4b95
-
Filesize
319B
MD51457d70e89696e79b26a0a61839d99f0
SHA15eeabb2acef4bc82abee04ae56323623711f5ffa
SHA25655bd21bc8346e1e6d783fa8ddf84a05e497b4702fb7b2f23f65d51d0884ebd90
SHA5122a3bd30064061aaaf5316db81e9b7e483bab875b57b6dbd16421e44c43f58ca2352e1828c3accb164bcc280c50639cfc3f35c2bce3f90e25311dd538a3dd74ac
-
Filesize
4KB
MD5111415d7d8f9a1019b582fecdc74e09c
SHA11d06fb40ec49b52175c54ef74b99a53997fe948b
SHA25605f9699f83b3f6b1f55227bea6ae68dc78ebd1e53100209ed82db2d54b58f1b2
SHA512fb3bd1337fd73d4f08168bcb4d0b8e4e842c04a2dcf2b9e7792048a41081c8bbb2deeaffca3ce9eb0702e90502a835d91b9ab7f7a7235b3c6f8eaabef1fa55a1
-
Filesize
2KB
MD5920c4d8570c232e7b87d45799d3ae2d1
SHA13980a6f8eb52652a5e73f4cad07bfc8ce3988546
SHA256473b9ec0088671379fbf49cfc562ac01381530ba369d74b2ac59eedf857214e6
SHA512f9b57859c8a8744b252a96b7ac3df8c054347bed7e8ef7ae6b77d676f2b5dea0deb2705912dfb56f54e2ef2e9eca04d16dd61e208622305fa00f5c6865187ed4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log
Filesize112B
MD51d4bc1360207231f5f7ab62959add14b
SHA173f3cb150b4127e1615dde21c7cef6db7b712cd8
SHA256c6af4f8b3200cb7cbf249b309fdcd4ff6a92b8a92f1417a99de770bea93b7270
SHA51237a9949df2f5a801b84f13e62e135a99bc15598d65d423416f42ff2da359335c590d2ddbac2587b00a83b88c150f326fb06dd30a0e7cdceffaec063d2bffa9a0
-
Filesize
350B
MD5d8c3f0613c0f0b95e282c7fcd0bd7097
SHA1d7b0340cb041f148c1a61c57c69f51a158f547d2
SHA256ee8f7187cdcdcd6047b5aaf818b04fa62337a5a9d9113bf6e39c0536b7128704
SHA5123e02b35591f43e705d7f4ac3461df8195d0eb8b538460b077df32ec3f4b7562f7633a2875ddd514e3a619736659b275fb299d7bfc473666993062a1c251b18f6
-
Filesize
323B
MD5325f55564f00e87d0f7b8d4d1aa89f6d
SHA1de26607029aa6883c945b82b6c649c24eb8ac843
SHA2567852e6b66b65c4369cfc2aeb81d181069b1b877f8ce3b932e5ab90d5375e4485
SHA512513bafa68e199b7493070395a646646880031608daba10113b28827344b54883e38dd29dec51f0df0505ea1fd079352a203eaa5b59aba241ad0a926eecfac36c
-
Filesize
1KB
MD510bc9985635d6fca2a034c37bb9e44e0
SHA1b12ec1c68f5ffdbdbac0fbfb812facc5e59e0a06
SHA256b2b31227c1cb8acf1201e2014cf3684c668b2fbb3ea4860db7b6aeaf52d18889
SHA512b4f8272ad040a70bc311bf5b80e387d02595a171d497b7cc98bf8568d89ddccf6c2026ffd8cbba2f9fd10ab083ac0749eded0de3172b004aa9a79af77de00470
-
Filesize
1KB
MD5bbb25dee74303f3dc519d35c82f801c1
SHA13d37b1d5cc8e1a9f67edf3af03087de8ae2af897
SHA256464dac911c4b4bf114f6a7efb98927e3f75b908976377e158128dcfa3d575ded
SHA512fe29a36bf73cac603f4b7e04a1ea07e81659277a5cf93d6aeae937e7e25a2457bf594ec80a9bbe8925194ceaea1c530cba143f292dd95927ab75aaef6c2ac2c5
-
Filesize
1KB
MD5fef5dfcd079d813ed2e48322ecb4c9a9
SHA1d837e43d23ba912777de12bc343f792e5338d598
SHA256942b222947cc60464ad6549b1514d8a1e7e8fda98d522a58fe4bf8d1884b95bd
SHA5124474c68bcb8949a3d6e7e77e7cb65118191c2f89701c02c4f2e95defd438207c258a8fd0a901e80c5fc81fca4f4c179a87055fb3d30275363f51107dad16a38f
-
Filesize
1KB
MD58e96c3d6fc7ed835f82f967bd9ab01c7
SHA169894354cc8d7663f2a8dea0e72eb3eec337294d
SHA256435439ea83c5146676dab647a4b9b42d087afefaf6a995526633d0273af583d8
SHA51217604e66ae5b27e41ac7ba9f16dbde80a167683e490af759aa8f3fd29de62cbeaff7dfc64cbbc8127960aec0ba7bba5f1aa018cd53d0d689e0d74ef1bde79358
-
Filesize
128KB
MD558ce91af2bd02781bf506f0c891b7271
SHA104dac3cc8d97eb962ffffab0c28a89878245a280
SHA256e086c494b779cf58ecd86d07462c91140fa7763d47ce5d3828a576182ca88e21
SHA512ae80bcbf5d04090fccc2b8c5eafd23bd74df85d86f597c6486370309d42e3372b25ee49a70728ee920c0b6d13b08958f0aa8c08dd9e0637e7b1ed443a65baf82
-
Filesize
16B
MD5aefd77f47fb84fae5ea194496b44c67a
SHA1dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA2564166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
136B
MD555ccec9fdf4fb80b9b5bd429287f2d2e
SHA18c6eb0941103663f0f0d5e45bd5a74894eda468f
SHA256b5cdbd59679f9c5b1a9e6c9fa4c5dc4c961f866f44a3f84fc7398764b057b555
SHA51264d7dae0e2214abdf5d9f11bfbe2816fe84dbdc605561f08cc493c754b88371dcb13836a18729e0890bd07a5d286e9079363c9563c5e7f15224fa7cccab5cc5e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000004
Filesize50B
MD5031d6d1e28fe41a9bdcbd8a21da92df1
SHA138cee81cb035a60a23d6e045e5d72116f2a58683
SHA256b51bc53f3c43a5b800a723623c4e56a836367d6e2787c57d71184df5d24151da
SHA512e994cd3a8ee3e3cf6304c33df5b7d6cc8207e0c08d568925afa9d46d42f6f1a5bdd7261f0fd1fcdf4df1a173ef4e159ee1de8125e54efee488a1220ce85af904
-
Filesize
72KB
MD5fdfc54b34ecd33e50333d43e28f56976
SHA165d4bb80a017c84cc32e6a5dbe7a325690c3e68a
SHA256703b50b8fb0ca4953e9adbfd2da319be6401872a0b81f27055b8630d6ea35d7e
SHA51263d9085b7fc8bcbfa54a647ed5539a8b75d8567b2e237b7a9ce298421932a391b053e6d1645e6260481d06c91c970df782c3feab5dd6e79153edc1ff0f434985
-
Filesize
2KB
MD5c5d2059f3994bd9a5633d6633a82bc86
SHA167d35b870ebf5c0c45672f202c7f13ca46c5bd4d
SHA2564970f932d333840905a5b5cdacf82bcd9937644a35a7c0594c56fcd993f4e1dc
SHA5127575590e0203cedf23859d74f2ebdee390e41f69fb3be374d70287a36345e8f40140e9c564756866a8dda049b2415970acbcaedf168055384fb97fb2bccc9f7c
-
Filesize
319B
MD551449a0f62d5e069299779fe16036550
SHA19cbcf2f41876fb03a2d1579ff75ddb2cc17d5449
SHA256ee85750be747cde7a9c757306be4db1c4ccb50b9e1c1dc248872c4eec64df46b
SHA51248bc51c973c412b375d824e593e5f13800bf7ace16181f319b7013587e1a7141538762ccd4fad0ce4f7c18359f5afb0fe2e44eb30d29348e8bf8f82acdbd8380
-
Filesize
565B
MD528a13afae8bd4a78017072951ec049e4
SHA10658227722d5d6d0b68346adf08cd5d141a134a4
SHA2561744ce2709eef41af374582a59de3c6ce285d6176cfa87d9a19c245b88bb7783
SHA5124ac2d8975e37d8135adda7e22cc5be4bcdb44fd90a5cea6f81019c476ebdbbf49ceefbceb4980c58bb96430e05ace9d7c27f0a51bc303d0abf20a9a2672bbfd6
-
Filesize
337B
MD5fc283413d9a965ab71039ab299cfd097
SHA139c84bbed0f850628c904c124e8a88a228c949c0
SHA25644a79073b0ae6828676340da5516acd2b0f06952e49a56f368980bd8a4de8737
SHA51223b78885313dba732804ead050878e71039eab57948aef9a466e8cff08e243c30abcfa91f46739fc1d463e4015a870f4e3efc53ddbf918e91017c1139c74442f
-
Filesize
44KB
MD5028144389ed188da792869d8a2d6018f
SHA19a67909a1c8832e04e0f17665fa8b029800b4a22
SHA256cd71d20f3ee4de9f5873f78711ec02bceac032d813b59a578567c59c3d2afdb8
SHA512170039c5a12397c2b1048ea435b6f3ab74febf1be0c4fc4c5a7cd6355d3a41d9dbe74ab7f6703805014f9acc1ecb8366ff12637b7b30a6d77a83a2b612e84dc2
-
Filesize
264KB
MD54b8171983d0ff8958a2ac82995278ab8
SHA15520866787b3a1bb972f993a685fb0ac9b3f09ce
SHA256525ec0b4f9de95fa03163c263dbdfce3c674aa452f0047ac75f99ffcdd0cf883
SHA512428ae02ca74f5b06c0897b4c0c12a3e5a3003da5d3a2789f39b7602011758054da0c0797d40025262d7d36daced8c998e639f66fd56f785e1effead590b97674
-
Filesize
4.0MB
MD5317f4b3acc7c7d55cfa639534b82910c
SHA177b662ab21157986a367b986852a465ca28d8ff6
SHA25685aa5d616a7b7357c66164e08be00af0221b44adcff1f73a9b3b6b50f727827f
SHA512e3d73aacac4e95ad92c86803be3c396954afb700e5b6154d74bb3d235a3b1792b402f9ff21102f8163ea55279a7430f4663a83055e724721f4f46e328a5ef821
-
Filesize
17KB
MD56bc4851424575eaf03ebe2efee6073ab
SHA12d014fe2feb929d03a46322645a94556ca5c9e96
SHA256abaded8e235fdf329521806af30a1cc7701eaca3fe2efccb9da760ec6d8e5e4e
SHA512af3b7d93fa2243475d74d4bd7f918ce2706bf6eca28029b9e49869f5f793e483efaafdfab1fed6306d5fc77a5ed3b27097b27448cd04560bed4df6fa3268ccf9
-
Filesize
17KB
MD5fc97b88a7ce0b008366cd0260b0321dc
SHA14eae02aecb04fa15f0bb62036151fa016e64f7a9
SHA2566388415a307a208b0a43b817ccd9e5fcdda9b6939ecd20ef4c0eda1aa3a0e49e
SHA512889a0db0eb5ad4de4279b620783964bfda8edc6b137059d1ec1da9282716fe930f8c4ebfadea7cd5247a997f8d4d2990f7b972a17106de491365e3c2d2138175
-
Filesize
16KB
MD5f55234db88c6538e3f4ad45c114435f1
SHA1c4dba9a32f50f2d9a27ce81a1d62f7587751e6b6
SHA256bf139ca7efd187c36f3ec33691f427205a63ca2707af18bc25430637928d713a
SHA5128a621fa5044977bce987b8259dc850faf83f4e82f4df1a7a689dbbb0b9b065676842f7ac462b77f66c3ef892c3272960bf5de4c0dd4f02e85430b368867feda3
-
Filesize
11B
MD5838a7b32aefb618130392bc7d006aa2e
SHA15159e0f18c9e68f0e75e2239875aa994847b8290
SHA256ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa
SHA5129e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9
-
Filesize
12KB
MD5e6b9e79eca4dd44bf39da08e82ec4339
SHA16eb83e36de367e371f6ca8414ea43bb635f1feb8
SHA256c93816cddc1b57882067802c0dfca5e325bcc43c5bb331ce11ed1b9c8983a96c
SHA512183aaa9f3cdfd2e73ef3786c6a777f8318f2fc6d48369919457e3d4c646743177869d2d1dbede2d4a9aa8b6a9b4fbf1ee725465d12d6315f9293c6d008e91e78
-
Filesize
11KB
MD56e1a4cecd26c75fe1f9d10f3bdff44c1
SHA19ccd0ea4bc4fd1c42351c788b1632b60b51e20a5
SHA2564fd23dcda53cf0390e4220ab4f6da7a04b6cd3063324073a735f2eaad5e0f8cc
SHA5128b920232a2047d67dfddaad6c0909542a491c1822253af068d3433a7af7a29c12569fd96076d0de9e160c2c7e3cbdc4b981f27c617cc0d9b1fb57b31990ccfb6
-
Filesize
11KB
MD5114eee845e4ec9b3e56f93ad937dfa3d
SHA1a289cccc57dcac8b1c45232e3fe0ba75ee65b663
SHA256d8e90b1a687cd1d60b51ec6f15bffd434ab7ab4b720b04db07eb43e274423bd0
SHA5127d6be68abed0f744e2ab6ca3e1ed9b39beebf0308358090427cb13c4b841cf2448e6aa406b963cfe826fc4e85144662a93746a286d03c051a17a439e98ca2727
-
Filesize
11KB
MD51832d56c277c545bd54422f2e948b00f
SHA1b8e1a2b32c05a38298fb012830350dfc74dab655
SHA2565366900f1a2ee763ef9065554e0eb095ab83bbf6488d63b49f72504450a44078
SHA512404ab47b62661d554742f0a4212cedfa5f26aa3edf72e173c09de8bd8f2ef84b22759a9baab534a6fdca697b907152b76a219c1f35bd0681e8a02386dcece8ce
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
Filesize
4B
MD5364415d048afad33c3b8141a45ceb8a1
SHA11e9777fc3b62b0294a9dcb8b1c77fe26511b0f37
SHA256f22e224d777a18c7503f5439f1b12a5922b6cd55afcb5191b1a4469370045ff5
SHA512bff384eecf1052d1f5bfd1d76b663c7e3b4e17305335d66ae4564d145f98db4da40ba897a7d489859608e1c8b185fa92b0c4cccdda1aa7ce505d00e08e575dd2
-
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres
Filesize4KB
MD5d691bb0fd252b1886aa48473ae2dc530
SHA1ef4cf757edfcbd4854f2372a843d78b94ab6b79b
SHA256e44d7607821198d2b0e112ce69cdff17ef3997c1244ee339a2e4bb299adc3654
SHA51205281c92be1f40c127724cb1e19f01e2db2f3840ffd30eac87415502fcdcf345f085b6cfc90a833b2df642eb3d4bac96b30c21a3f85b4ff43f6877dd90135282
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.fun
Filesize8KB
MD5420960c4b17842a24bbf117222c60e47
SHA14e2f5bc3a3fe7da4ea60dfaae851b1b88e48751d
SHA256e94c37d7dc8dd954bfee8e340abc882bc361baf0d3771ed442ed625a3bcb0174
SHA512b42f16f6fca9b66d49a2ad7c80e56c51e04d023a4ae50e984dbd267e204682ecbb929fefb5c7ee67775597773b08b6bd39416f13b87f1782cf8c5d553ecd7ce5
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{c2066bf6-8098-4d79-bae9-cfb04f518f0f}\0.1.filtertrie.intermediate.txt.fun
Filesize16B
MD59817c637ea440822e5d3ff2144d17467
SHA184080fede70d3544aad82976cec9b51c83c472ec
SHA256df1b3b60351e48245d6ac589c68ddf77dba1aa9ba12427405b90daa9143d8252
SHA512399bd0074e50829c3f5b5000c5e6da863de969adab921b5244da53ae35661ffbc24687176ecc1411f0da78d6a186c999846d454c365500f9833607095a0f2373
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{c2066bf6-8098-4d79-bae9-cfb04f518f0f}\0.2.filtertrie.intermediate.txt.fun
Filesize16B
MD52a89b7646b4d795f4bfc5bb4269138e7
SHA1ff1ffe4b11ab6094419b961bcdc9b923369293bf
SHA2569dd722337fac6f6363c0697082384f6866d27ad7f5f3d541cb494c91afe14c16
SHA5124a2cfc5c842227c576b3f93962fa38001db85ae56f5989880e6938c31cc77718b69d94c900cbe150d2126d1952242450981bf2f3f148909b5e056d69579bf3d9
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133586086594688776.txt.fun
Filesize77KB
MD5d92ae3086e943718bcd3f616dfcd9c74
SHA1da7058d763cc861826a2d31cf1d54a6ef78dd8d1
SHA256e5d50f3cf13351402e5b3e7b058f4b96bbdebc7e1c465a1d94ef350ad1b352f2
SHA512488184e924f9ae0718314083d4efc07e956ae397dc597c9eaba6230fab5ef726abf0e126910c400942c8fc3751d7dd7a3a1e7e1e3e35d937715a5bed226a3e10
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133586091897989945.txt.fun
Filesize48KB
MD5f25ac2da94a57accc21e1d03c7da66ab
SHA1930f724b574f63aabcc15ae1712eff1396ab806a
SHA2565dab01dd61900dfca1def5e70586bb4d8dfb69194a1c525bb8f0734b67a0ff46
SHA512c261448ce54ef33f5721dc6fd8400e1c538aec9d3ebb580c32bf617373c8efc3ef34c1dc554a6b29f044dbf740e9306a53b7a7b52553e5740ca0d5c079c7efa5
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133586094768785820.txt.fun
Filesize66KB
MD5c78e97985bdccc06dad7cbd0eba8e289
SHA11568390cdcaba8285002cec36d7a0e466b681ab3
SHA256a5f2cfeb672eea234f8d35ef047299bb66c80e3bd04a08096ab9f7f7d6774e2a
SHA512e7f66a3d5615c0f7a96a7d808dadab2f26fd247fa2d58fa3c72c6a4040795b75dfa9ed17e8699f7ac174c28565e17308420c11262f2e89d91198cb4ea86f06da
-
Filesize
16B
MD5cfdae8214d34112dbee6587664059558
SHA1f649f45d08c46572a9a50476478ddaef7e964353
SHA25633088cb514406f31e3d96a92c03294121ee9f24e176f7062625c2b36bee7a325
SHA512c260f2c223ecbf233051ac1d6a1548ad188a2777085e9d43b02da41b291ff258e4c506f99636150847aa24918c7bbb703652fef2fe55b3f50f85b5bd8dd5f6e3
-
Filesize
4.5MB
MD5db3dfa800da5f96fe1f53497d3ec6a48
SHA1f5639cbef48bc3ded2a54a7654b8b226bad9e5f2
SHA2567728ccee7992aa4703cc25d565c3a81efdc4e9ce8010aba0a5e8109135333025
SHA512bb0be1b703b5fd0d39131514793976b4c9ba359593840f83b091378316aa35cf917335fa51cb602c0bad38ee1e4571654ace2a3c06c897b4143d70e8cc38ee69
-
C:\Users\Admin\Downloads\Jigsawsource-master\Jigsawsource-master\JigsawRansomware\JigsawRansomware\JigsawRansomware\Config.cs
Filesize7KB
MD54f3265743a4802ba9844297d18929c5b
SHA1a3be5bddaf0b82bdbd614d9bd72a6116cceb0b42
SHA25632e1c6f6376ed33b890830afd94c210859d22b8604de9a0cb4c4a093c0c4876d
SHA51215b59a5defbb1cf7158e3ba890dc0c6cdf7741d2189ec9014e9360351859e5ccb8c046594a1c0e964e9386af4f4965af2455eae98bed15719e8fa1182f3ae9d4
-
C:\Users\Admin\Downloads\Jigsawsource-master\Jigsawsource-master\JigsawRansomware\JigsawRansomware\JigsawRansomware\Resources\ExtensionsToEncrypt.txt
Filesize664B
MD5e7bfe05c7274bf9c9435806a17c0d865
SHA1c47e51d3bf87ffabdbd91a8148d9e3ffa40ef55b
SHA2566d629e443e50bb4dccbb7bfe0cad600bc6cdcb133224c2e469b9088cfd146cca
SHA51231ccaeee5b9890d12b776f276084c72d825ffbda0aa529c9e3dca2ae364c12169ac05da6e77843273555484fa4a5061ece23d092e6ea302ff69ab705bab4d6ba
-
C:\Users\Admin\Downloads\Jigsawsource-master\Jigsawsource-master\JigsawRansomware\JigsawRansomware\JigsawRansomware\Resources\Jigsaw.jpg
Filesize25KB
MD5c67b677f59c2702f91772cda8050a009
SHA14de94fd16dcf06a90c6c43672a65573ada806071
SHA2564cb768435f03722823fce419445acc7c485a2dc78bd575ace1567bd0962811c0
SHA512014d308496c185265c20e9e230ffd52fc39e3b35a9d540d4ea4958c2e0e0681d85e8edd409ba7f3970d53238bf41cd5bfb6c2da8b1f0bf39fa67ad63307eb4e2
-
C:\Users\Admin\Downloads\Jigsawsource-master\Jigsawsource-master\JigsawRansomware\JigsawRansomware\JigsawRansomware\Resources\vanityAddresses.txt
Filesize34B
MD5d0ed0eb65e34bcf5d7f6bc3b73f70d66
SHA15fd846855bc0f82f4776a4f68d065de0c7d4e174
SHA256e3a58e194f93976b3ce43b7b114e49334fc8a157234d1ed1271b708510e98fbd
SHA512d63def415ec6adbcb742e6b1a1960c95f2cde12e655d7e990007a6a07c06dd5b35320dc340dfab488f8e80ee046c5b9ffa927382c31ba5b89d4df3188b37daf3
-
C:\Users\Admin\Downloads\Jigsawsource-master\Jigsawsource-master\JigsawRansomware\JigsawRansomware\packages\Newtonsoft.Json.10.0.3\lib\net35\Newtonsoft.Json.xml
Filesize503KB
MD56c3875873b2275390e2de0786d145c50
SHA1388dd44dfc5acd8055a4e77c8ac12da7cebae165
SHA256e3e0978edc9f357a4b7b1089a6c1fec9386bbc503bc15dcdfafe5b7629984ca7
SHA512d65d06c22c95a7a19ec6179d2fdb4c877f26cd8c22cae705bde7712c2fc9831ecdcc4bf171bf4bbd63ba1db9800d61bf9a1726d906816cfeaf16bf57ebac93df
-
C:\Users\Admin\Downloads\Jigsawsource-master\Jigsawsource-master\JigsawRansomware\JigsawRansomware\packages\Newtonsoft.Json.10.0.3\lib\net45\Newtonsoft.Json.xml.fun
Filesize658KB
MD5e3ab3f6e3dd3856197ef93ab05bc2048
SHA105a5ebab502ac54af84109bf361cfbab147d4eb4
SHA25689ab2878576875ad4b5f06ef7ee0f76311a86d87a50c17ec2d2e34dbe9c15fa1
SHA5124047bea983fa05ee89257fcfa060fb6ec4c01e33f948a3277792f9f1a643a0f20d9b8c0f2dafd5619d7fd9d8d03f89ba36bcd681a0bb61d3265a388451a4ce5b