Resubmissions
30-06-2024 00:59
240630-bcjr6svbkk 1020-06-2024 02:02
240620-cf43ysxbnk 1020-06-2024 01:44
240620-b5v1xawemk 1019-06-2024 01:10
240619-bjmseavfmp 1018-06-2024 20:40
240618-zfwsxawdpa 1018-06-2024 13:45
240618-q2vcjawdle 10Analysis
-
max time kernel
1354s -
max time network
1178s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
-
submitted
30-06-2024 00:59
General
-
Target
Documents/Ransomware.Jigsaw/jigsaw.exe
-
Size
283KB
-
MD5
2773e3dc59472296cb0024ba7715a64e
-
SHA1
27d99fbca067f478bb91cdbcb92f13a828b00859
-
SHA256
3ae96f73d805e1d3995253db4d910300d8442ea603737a1428b613061e7f61e7
-
SHA512
6ef530b209f8ec459cca66dbf2c31ec96c5f7d609f17fa3b877d276968032fbc6132ea4a45ed1450fb6c5d730a7c9349bf4481e28befaea6b119ec0ded842262
-
SSDEEP
6144:7fukPLPvucHiQQQ4uuy9ApZbZWxcZt+kTfMLJTOAZiYSXjjeqXus:7fu5cCT7yYlWi8kTfMLJTOAZiYSXjyqX
Malware Config
Signatures
-
Jigsaw Ransomware
Ransomware family first created in 2016. Named based on wallpaper set after infection in the early versions.
-
Suspicious use of NtCreateProcessExOtherParentProcess 4 IoCs
-
Renames multiple (3792) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Boot or Logon Autostart Execution: Port Monitors 1 TTPs 12 IoCs
Adversaries may use port monitors to run an adversary supplied DLL during system boot for persistence or privilege escalation.
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 1 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks SCSI registry key(s) 3 TTPs 15 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 6 IoCs
-
Modifies data under HKEY_USERS 22 IoCs
-
Modifies registry class 1 IoCs
-
Opens file in notepad (likely ransom note) 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
-
Suspicious use of AdjustPrivilegeToken 15 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 64 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Jigsaw\jigsaw.exe"C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Jigsaw\jigsaw.exe"1⤵
- Checks computer location settings
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe"C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe" C:\Users\Admin\AppData\Local\Temp\Documents\Ransomware.Jigsaw\jigsaw.exe2⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of FindShellTrayWindow
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Downloads\ShowConnect.mht1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0x120,0x124,0xfc,0x128,0x7ffb7ffc46f8,0x7ffb7ffc4708,0x7ffb7ffc47182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,17103721558146777487,14580073802057630622,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2028 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2020,17103721558146777487,14580073802057630622,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2020,17103721558146777487,14580073802057630622,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,17103721558146777487,14580073802057630622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,17103721558146777487,14580073802057630622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:12⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s fdPHost1⤵
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\vcredist2012_x86_0_vcRuntimeMinimum_x86.log1⤵
- Opens file in notepad (likely ransom note)
-
C:\Windows\system32\werfault.exewerfault.exe /h /shared Global\b4b2597ca91442b88eea24723abaa22f /t 3068 /p 34281⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb91f9ab58,0x7ffb91f9ab68,0x7ffb91f9ab782⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1724 --field-trial-handle=1844,i,18079249652616784200,2035754481317327268,131072 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 --field-trial-handle=1844,i,18079249652616784200,2035754481317327268,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2272 --field-trial-handle=1844,i,18079249652616784200,2035754481317327268,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3120 --field-trial-handle=1844,i,18079249652616784200,2035754481317327268,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3140 --field-trial-handle=1844,i,18079249652616784200,2035754481317327268,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4420 --field-trial-handle=1844,i,18079249652616784200,2035754481317327268,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4100 --field-trial-handle=1844,i,18079249652616784200,2035754481317327268,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4688 --field-trial-handle=1844,i,18079249652616784200,2035754481317327268,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3924 --field-trial-handle=1844,i,18079249652616784200,2035754481317327268,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1740 --field-trial-handle=1844,i,18079249652616784200,2035754481317327268,131072 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 --field-trial-handle=1844,i,18079249652616784200,2035754481317327268,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵
-
C:\Windows\system32\werfault.exewerfault.exe /h /shared Global\e3ffa307a7d0471fa6045809606adf9c /t 180 /p 17681⤵
-
C:\Windows\System32\spoolsv.exeC:\Windows\System32\spoolsv.exe1⤵
- Boot or Logon Autostart Execution: Port Monitors
- Checks SCSI registry key(s)
- Modifies data under HKEY_USERS
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\vcredist2012_x86_0_vcRuntimeMinimum_x86.log1⤵
- Opens file in notepad (likely ransom note)
Network
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Port Monitors
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Port Monitors
1Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_remove_18.svg.funFilesize
720B
MD575a585c1b60bd6c75d496d3b042738d5
SHA102c310d7bf79b32a43acd367d031b6a88c7e95ed
SHA2565ebbfc6df60e21044486a5df3cb47ccdcd7a4d5f197804555715ffd9bf6c5834
SHA512663a302e651b9167f4c4e6ae30028307b4d8da0dda3a0e5fd414104951d50419862fc9396c5b39fe5c4b696efd3efbf0b575688983b1d341f3ef38becf500505
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons.png.funFilesize
7KB
MD572269cd78515bde3812a44fa4c1c028c
SHA187cada599a01acf0a43692f07a58f62f5d90d22c
SHA2567c78b3da50c1135a9e1ecace9aea4ea7ac8622d2a87b952fc917c81010c953f7
SHA5123834b7a8866e8656bbdbf711fc400956e9b7a14e192758f26ccf31d8f6ab8e34f7b1983c1845dc84e45ff70555e423d54a475f6a668511d3bcbdd1d460eeb4b0
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons_ie8.gif.funFilesize
7KB
MD5eda4add7a17cc3d53920dd85d5987a5f
SHA1863dcc28a16e16f66f607790807299b4578e6319
SHA25697f6348eaa48800e603d11fa22c62e10682ad919e7af2b2e59d6bd53937618f2
SHA512d59fa9648dc7cb76a5163014f91b6d65d33aaa86fc9d9c73bf147943a3254b4c4f77f06b2e95bb8f94246a982ea466eb33dac9573dd62f40953fd23de1c1b498
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons_retina.png.funFilesize
15KB
MD57dbb12df8a1a7faae12a7df93b48a7aa
SHA107800ce598bee0825598ad6f5513e2ba60d56645
SHA256aecde4eb94a19095495d76ef3189a9abd45bcfd41acbed7705d22b4c7d00aa77
SHA51296e454ebb4c96573e8edc6822290c22d425f4c7f7adbab35e6dc4b3ce04a5916ae9254c2c312c98299835ecbf3c5aa95da2939b8408ac25fbae44ba87a3795dc
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\new_icons.png.funFilesize
8KB
MD582a2e835674d50f1a9388aaf1b935002
SHA1e09d0577da42a15ec1b71a887ff3e48cfbfeff1a
SHA256904372666ca3c40f92b20317d92ca531678958affbc34591401e338146fe0ecb
SHA512b10a8e384d0bd088443a5085f5c22a296f6f4d295a053d4526690ba65846e887daec47d01cf18fdf1160db98061a8b7c4040de56e6e604451a821fadccf32698
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\new_icons_retina.png.funFilesize
17KB
MD5150c9a9ed69b12d54ada958fcdbb1d8a
SHA1804c540a51a8d14c6019d3886ece68f32f1631d5
SHA2562dee41184747742fbdc527b2023d67fecec1ccdfdf258439a06cd75d4fd33f43
SHA51270193ee6f0919eb14311f43b5a5da041deacb568db55fc43290ee76e17af902ac468435b37a150630ea3b7871c724073915ae5dcba3c301ac42f2d68dd598e2f
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon.png.funFilesize
448B
MD5880833ad1399589728c877f0ebf9dce0
SHA10a98c8a78b48c4b1b4165a2c6b612084d9d26dce
SHA2567a27d891097df183fbf0031e3894bdac0ce77aef15d666ddd9f6a04e9836fb27
SHA5120ddf247892a72a390437390d535debf6e41d12e51b31eb4f0353b710ec380c5fbc531a48e76935088063a41aca843287d3def9c1cd46be05b8dcb69f5017a464
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_2x.png.funFilesize
624B
MD5409a8070b50ad164eda5691adf5a2345
SHA1e84e10471f3775d5d706a3b7e361100c9fbfaf74
SHA256a91790b778026db625c9dedfe1c6d94b884818b33d7977e86b2f9c2f3c500796
SHA512767a75edd37d29b3433040ce21cda849cd11ba549f27581f7edc6416c433ba7047c56908d40956422393ab0f35ede61617d4bd2aad0bde3d1ebd276584c858c7
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover.png.funFilesize
400B
MD52884524604c89632ebbf595e1d905df9
SHA1b6053c85110b0364766e18daab579ac048b36545
SHA256ae2facd997527426fc4def82e0db68be29b44499bfff86a28c36f7c31b177d4f
SHA5120b506397627823a1768796129c6b37d146821471b89338b5f2d0fd3aea707fd46a8e197ee0e298ddfb3b50eef0a0b064946006346b060f733ef19cbd5d24fc90
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover_2x.png.funFilesize
560B
MD5e092d14d26938d98728ce4698ee49bc3
SHA19f8ee037664b4871ec02ed6bba11a5317b9e784a
SHA2565e8ec278a273be22199884d519a79f748801baa3a45b76e57569fdfffe96e7fb
SHA512b2fcb5d46339cdf6b5a954f2a083cf913779e57cb6e8699bc5da1fba1c370c41117b7ddefb50075622067eb7b02a20268bc047171bd883bcda4a497c2ec64ea4
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon.png.funFilesize
400B
MD50c680b0b1e428ebc7bff87da2553d512
SHA1f801dedfc3796d7ec52ee8ba85f26f24bbd2627c
SHA2569433084e61062d2b709c1390e298ddaf3fb0226656662c04c0b7026a44dee750
SHA5122d1399a6bf225b048d2b12656e941ad912636acae2dec387f92f33ac80629a1e504bca63580ba73a8ed073788f697274d5eb76ea1b089f0555fd397a8f5cbbff
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png.funFilesize
560B
MD5be26a499465cfbb09a281f34012eada0
SHA1b8544b9f569724a863e85209f81cd952acdea561
SHA2569095e9b4759e823e96984981af41b7a9915a5ecaa6be769f89c13484cef9e0f5
SHA51228196e5de9670e9f63adcf648368bd3ea5926a03e28a13adc2fb69c567fba2f84e4f162637c487acb64eda2e30993f849806f2313820ba693c7e70303542d04f
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png.funFilesize
400B
MD52de4e157bf747db92c978efce8754951
SHA1c8d31effbb9621aefac55cf3d4ecf8db5e77f53d
SHA256341976b4fe312824d02512d74770a6df9e1c37123781655532bd9cd97ea65fa9
SHA5123042a742c38434ae3ee4fe10f7137462cdebad5cae0f9a85fb61063d15a30e1b54ac878b1af65f699c6ca1a9d2c3e58d245e54bdebfadc460cbd060836734e11
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png.funFilesize
560B
MD5ad091690b979144c795c59933373ea3f
SHA15d9e481bc96e6f53b6ff148b0da8417f63962ada
SHA2567805ac9d0e05d560023e5aabed960d842e4f3ec2aa3db45a9cfb541688e2edb1
SHA51223b4c799a7b25f70962e8dd0ec7286ba7150053cab7c88f5fb1efc1095c2987bd6f3572e7fb3ee4b2238958e52a763de2c84a74615df7a6d3a19a034584fd687
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\example_icons.png.funFilesize
688B
MD565368c6dd915332ad36d061e55d02d6f
SHA1fb4bc0862b192ad322fcb8215a33bd06c4077c6b
SHA2566f9c7ebec5a707de439e3fd2e278fdfa07a39465d56157b70b24f091509bf76f
SHA5128bb9a7690aeb3c0b9e14e1a6ebc5741536d354cf2324fd74ee0c3e4ef511718f7795039a94c8d2df94b6e6d0fb1762191cb649089d1def12abdf34003f0cdd0f
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\example_icons2x.png.funFilesize
1KB
MD50d35b2591dc256d3575b38c748338021
SHA1313f42a267f483e16e9dd223202c6679f243f02d
SHA2561ca0cfc2df0354c8d886285ae5e743d9c7cc030e1afd68ac113c0f2ce43ad5fa
SHA512f6c58c27bbde7508a866bd0e7fabadb13a4f020378cd8b8cfc0c9fa23f645d811d6cdea04b81afdf30c064c6248152e74b3e6a78ec7a3d1d19037a0db8897d7e
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\bg_pattern_RHP.png.funFilesize
192B
MD5b8454390c3402747f7c5e46c69bea782
SHA1e922c30891ff05939441d839bfe8e71ad9805ec0
SHA25676f8ed1dd50e50c7d62b804a0d6901a93e5534787d7b38467933d4c12ce98a0d
SHA51222b26c62473e80d17c1f78df14757ccfb6c7175faa541705edc153c02baa7ab0982b5daabe8dd2c8c9efb92af81f55ccaeeecffe8ed9a0b3c26e89135ca50923
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\bg_patterns_header.png.funFilesize
704B
MD56e333be79ea4454e2ae4a0649edc420d
SHA195a545127e10daea20fd38b29dcc66029bd3b8bc
SHA256112f72ef2bc57de697b82b731775fba3f518d1ae072120cd11b732bf4a782e36
SHA512bed5906c7373814acc8a54c1631428a17f0aa69282920447a1575d8db826afd5dab262301dc6da610ff8bb81d24ec6babd3d9fb99fd6945f1aca9cb9c76ec2c9
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\illustrations.png.funFilesize
8KB
MD53ae8789eb89621255cfd5708f5658dea
SHA16c3b530412474f62b91fd4393b636012c29217df
SHA2567c5b1d8469e232a58359ccbcb89e619c81c20e6d2c7579e4292eb9a19849bc5a
SHA512f6998dbae1a2fa56f962045261a11a50b8e03573d9d4cf39083da3be341cc104e0ecf5908076f03961bcdb1356d05a7450d69940ec3aaab73623a6fe180e7051
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\illustrations_retina.png.funFilesize
19KB
MD5b7c62677ce78fbd3fb9c047665223fea
SHA13218c7b6fd8be5e0a8b67d3953d37d5dbd0c71d8
SHA256aa638be6e1107ed1f14e8430abedd6f6d0a837a31b1b63e6a7741d6d417eddc2
SHA5129e0cc29835845f2a0260a6989c1b362bac22a8e0c2825bc18f1dde812ce7868503881d2deaf951429a80b5017b6ce31e785ff524883e08d730aa38b36a2fb074
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-gb\ui-strings.js.funFilesize
832B
MD5117d6f863b5406cd4f2ac4ceaa4ba2c6
SHA15cac25f217399ea050182d28b08301fd819f2b2e
SHA25673acdc730d8a9ec8f340c724b4db96fc222bb1eaf836cec69dfe3fab8d6ac362
SHA512e10883029c1e0fbc64bec9aac0a6957a8499af255e1790843717212077926474e02b2870c5dd04b057c956b97ad4bb1747fe73e731ea61b891f4b38dd80494d7
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ui-strings.js.funFilesize
1KB
MD5433755fcc2552446eb1345dd28c924eb
SHA123863f5257bdc268015f31ab22434728e5982019
SHA256d6c290e942ee665d71e288229423a1f1866842988eac01f886910b0ec383aa9b
SHA512de83b580ce27012a7677e1da867c91e2a42dbc6b5872dcf756ace51c2862801814665ecca997171f2e550e8b9a3de19994d2516a4e5d4d57e16c7b4b823236c0
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ui-strings.js.funFilesize
1KB
MD5781ed8cdd7186821383d43d770d2e357
SHA199638b49b4cfec881688b025467df9f6f15371e8
SHA256a955039cd9e53674395f4b758218e4d59c89e99a0c4d2a909e49f6008b8f5dd4
SHA51287cb9c4288586df232200f7bbacee3dee04f31c9444902dd369ad5c392d71e9837ebf8b3bb0fcb4a5db8a879cf757e97ce248939e3316c6bf3a3fe7cbe579534
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\bun.png.funFilesize
2KB
MD551da980061401d9a49494b58225b2753
SHA13445ffbf33f012ff638c1435f0834db9858f16d3
SHA2563fb25ddd378ab756ec9faa56f16b76691cf6d9c7405bb9a09ce542a6f5b94e44
SHA512ecc5eb2a045ce2508d461b999f16caba6cce55aa0c00b34bd73a33e0458795f93a77caff5026212912684164057be016f51dc57ec83821c2a1f2e27417c47b2c
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview.png.funFilesize
2KB
MD52863e8df6fbbe35b81b590817dd42a04
SHA1562824deb05e2bfe1b57cd0abd3fc7fbec141b7c
SHA2567f1238332901b740cde70db622abcfb533fc02f71e93101340073552f4820dad
SHA5127b2d95465ea66951ea05c341549535a0a939d26dbde365b212e3983e4047fa6912c37d737cb8054c41bb1a7d92586d968a0154c666572a70ebc59a4776897f38
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview2x.png.funFilesize
4KB
MD579f6f006c95a4eb4141d6cedc7b2ebeb
SHA1012ca3de08fb304f022f4ea9565ae465f53ab9e8
SHA256e9847d0839d3cf1039bebdc49820ee7813d70941347ce420990592e5e3bd998e
SHA512c143a4cf1ccfa98039b73214978722408188535ee4aa3dac08a34760b94bdf6d36ad0ff0de893da5b17fd69c96a6dfb25098ab7fec219fad1a77532113d0353e
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small.png.funFilesize
304B
MD5b88e3983f77632fa21f1d11ac7e27a64
SHA103a2b008cc3fe914910b0250ed4d49bd6b021393
SHA2568469b8a64e80d662eec71c50513f6d295ef4a3a9992763dbcac9d81253cef9d5
SHA5125bf93d4f4250ca96169f3d27d4e648cc5d6e00b7558a3ef32e07edcbae36dadb8008d7ba5f83ac3ed812b72c9d52730e866191b4de7a339df57b5697e00df50d
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small2x.png.funFilesize
400B
MD5f77086a1d20bca6ba75b8f2fef2f0247
SHA1db7c58faaecd10e4b3473b74c1277603a75d6624
SHA256cf10d2a22b638cf0978cf30ecaf39ecb5bb0e3ad78cd920afa433ad60cc1290d
SHA512a77a897c0b41f4052cb9546d4cfd6e0856b288b6b8583a86d6c7e79059a05b19cc2593599251581e79107235e9d5cd589c392bf490452be04ff57e944cd19df3
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\nub.png.funFilesize
1008B
MD5e03c9cd255f1d8d6c03b52fee7273894
SHA1d0e9a9e6efd1746bc9ccb4eb8e7701c1cd707e2e
SHA25622a34c8321384fc7682102e40d082e7812232a9109e4d4e8fa2152fda3f260f6
SHA512d4bd002197b725316e1f1f2dd0a70ee44a82a53ac0dafa8c6b1166343adc406e147d0c4cca30d65a32aa545f1b327c6b69c0ec1d15330af48a6faa234dc4b5ac
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons.png.funFilesize
1KB
MD562b1443d82968878c773a1414de23c82
SHA1192bbf788c31bc7e6fe840c0ea113992a8d8621c
SHA2564e96529c023168df8dde241a9acdbf4788ea65bc35605e18febff2b2071f1e24
SHA51275c8604ea65e0cdd9ea74b4802930444dd16a945da1e7f0af4a9a3762259ee9eb41ea96973555d06f4814ee2f6b73ab662c6b314b97876e9628fa5d4536e771c
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons2x.png.funFilesize
2KB
MD5bca915870ae4ad0d86fcaba08a10f1fa
SHA17531259f5edae780e684a25635292bf4b2bb1aac
SHA256d153ed6c5ea8c2c2f1839f8dadcc730f61bd8cd86ad732bab002a258dea1d037
SHA51203f23de6b0ae10e63c41e73308b3844d49379c55d2df75fa1dc00771b26253d832c21081d8289f04260369df996e31273b7c0788cf3b5c78a27ec909f14a283a
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\nl-nl\ui-strings.js.funFilesize
848B
MD514145467d1e7bd96f1ffe21e0ae79199
SHA15db5fbd88779a088fd1c4319ff26beb284ad0ff3
SHA2567a75b8ec8809c460301f30e1960b13c518680792e5c743ce7e9a7f691cfafc38
SHA512762d499c54c5a25aba4357a50bb4e6b47451babeda84fa62cfbd649f8350bca55204ad002883b9147e78dda3dbabaae8da1dc94b716204226bb53326030772b7
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.funFilesize
32KB
MD5829165ca0fd145de3c2c8051b321734f
SHA1f5cc3af85ab27c3ea2c2f7cbb8295b28a76a459e
SHA256a193ee2673e0ba5ebc5ea6e65665b8a28bd7611f06d2b0174ec2076e22d94356
SHA5127d380cda12b342a770def9d4e9c078c97874f3a30cd9f531355e3744a8fef2308f79878ffeb12ce26953325cb6a17bc7e54237dfdc2ee72b140ec295676adbcb
-
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\invalid32x32.gif.funFilesize
160B
MD5580ee0344b7da2786da6a433a1e84893
SHA160f8c4dd5457e9834f5402cb326b1a2d3ca0ba7e
SHA25698b6c2ddfefc628d03ceaef9d69688674a6bc32eb707f9ed86bc8c75675c4513
SHA512356d2cdea3321e894b5b46ad1ea24c0e3c8be8e3c454b5bd300b7340cbb454e71fc89ca09ea0785b373b483e67c2f6f6bb408e489b0de4ff82d5ed69a75613ba
-
C:\Users\Admin\AppData\Local\Drpbx\drpbx.exeFilesize
283KB
MD52773e3dc59472296cb0024ba7715a64e
SHA127d99fbca067f478bb91cdbcb92f13a828b00859
SHA2563ae96f73d805e1d3995253db4d910300d8442ea603737a1428b613061e7f61e7
SHA5126ef530b209f8ec459cca66dbf2c31ec96c5f7d609f17fa3b877d276968032fbc6132ea4a45ed1450fb6c5d730a7c9349bf4481e28befaea6b119ec0ded842262
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.datFilesize
40B
MD572e4c3ebb537e0f3004613ddcb1f1f7a
SHA1189caeb981f4cd50c861744d69fa90a0a726aea8
SHA25696d6be3f6368eb7b759108d76717fa07adbce7c17f538d10bc04f71538460670
SHA512433652038e10b0473a9e552d63a6a8ade2defd8d82c09b64908e49e3b2bcde64cf09359c6ad0686f9faec3f614ab956ca7c94e915e3a024a779586d144c31588
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0Filesize
44KB
MD581c745a7b9da1870cb19b0adfba3e11c
SHA1fae41656aacf3fac21e386c58766b9f9b8e6700d
SHA256fe15bddb3882ff5c83526c80620fdad5412d911c553bb351816ee26f8d61a91d
SHA5125faef262e2fa510d67728a6d327c56f95238d87aa9a1429718263cd44c0293f4da8529fa9d82c2ba12ae9b1794ac56b1f9e46e26a55beabb80d893c3c3cfa6bc
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1Filesize
264KB
MD501970935c674f63ca63204d759a8c7cb
SHA1cba8da3336b3b50381861cd73a8b5108439b3069
SHA2566a1f6935f74975a5907d0676377abe28d77e841475389ac4e6e0a5c254362e5b
SHA512278ca4a8c01d514580f412be09797488f2a6394541204ffc28761d05a520836bc960b270d291918b8d50abd1a8ddf064e92e94cf4082825716a86fcfd86c2b13
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2Filesize
1.0MB
MD5c4cc026ba9c6a06fb7237734d18d13a0
SHA165b5b78b21cc2f82ddb5b7ede3777872a676c5ee
SHA256c620ab7d666c26e8873b9805fcb06d812fb6c5e7ecb55198b8dd924b17da486f
SHA5127311a34058c0671e1fea5b5863c8744d5df8abaf85865825a8e013639d36daaf8556c92e18fb32d28fda8c591e643e962d4ac08bb0ec1e8a0f5551b5400dbfc0
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3Filesize
4.0MB
MD5c1bcbe601dd74de7e292508c7d4690d2
SHA1507efa66aece1f3a8517211f8c01fc2cdf8e11c2
SHA256414426141bafd1eb80481706dde44b584f0ae5a4bbfc05e89912b05343c4e8fd
SHA51243342a45b995aa305f68678d34a6f8c28086f90e40c4ce0604f83f16a42a653c43ce76123487ead556d04c9e7545df68314a8a6fc32811a5b0efbb692eab4cb7
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005Filesize
35KB
MD526a31ce75ac8de1d6c95dfa64a71c9ef
SHA1344db07d1d45301e7ac65978f8a9756b0e6e6fe5
SHA256021c57f13e1e9eeefa54e0b14f352549bb3772e8b0d846b27c0b04eac1d585ef
SHA5128ec5e308b3fa0f40255546576d5f0a014db71f14d992c35c66f8eb3d981dba74fa7fde308b8e34431f28a58b24e0e0cec5fb076811614985d88a196c91806c5c
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006Filesize
59KB
MD51d5f57b36984d3bc13513937212f7c85
SHA16962d480bc6216080b90505c9f25c8a3ed4c8df0
SHA2567c5544c2101aa4a9ab3bd0ed98d6d1126457f802c8073333d2e7fb7be273dc30
SHA512dcb01342a2eb9ff3ed03a23b7e0914ccb626e1136c2a24dc4e8144cd785c90acdbffc877408a922519055f0a375b4a31172e3120744de656d55dcd83b84a4f4a
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007Filesize
41KB
MD5cfd2fdfedddc08d2932df2d665e36745
SHA1b3ddd2ea3ff672a4f0babe49ed656b33800e79d0
SHA256576cff014b4dea0ff3a0c7a4044503b758bceb6a30c2678a1177446f456a4536
SHA512394c2f25b002b77fd5c12a4872fd669a0ef10c663b2803eb66e2cdaee48ca386e1f76fe552200535c30b05b7f21091a472a50271cd9620131dfb2317276dbe6c
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending ReportsFilesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD5d081d45ad4a76f9cd48ccadef2f18445
SHA1e601ce653c9e6acf1f5429dabf0a21567dc858e2
SHA256072653951345a9019dcd9e33c1850d39eae0869565ccabad226850597053b01c
SHA512db25d3d4d0aca8b48c264b9fb5e4254bb0a3abefac07a16ac1fc1dda8a81ea17255b4e7c44d24564ca4806ddc19682f8184f9dc37e9b4b231742905d9ffdb21d
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0Filesize
44KB
MD57a80e942bd78ca60aec4ed288dde8b75
SHA1fdf7df7a014cfe4b8a7ec73059d4fa87c1169653
SHA2560fa04a271404bc3c9635d5f326d1a918857f60238b8784d2cfc683d6a1315f49
SHA51211a6c88d72894a2e75622a64d0b186e729196e65d56826af50377209949c1b763e13da2c2712fd146157aa36c2b5f365aac94302809354dcb9bf98fdd8012a6f
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1Filesize
264KB
MD55c6dfc6e77b99ee870e40d22bfab50a1
SHA19a9045aa66242a04152f98920e54c9d3ba12e48c
SHA2568e6490d21c00a1b7e079c896128ae16e0509771dc81a1bd3d3f605900299f892
SHA51232d1f23863e33babcde04b26d49db6655269537778245718b572d4595586e98bcf9b9c566e984b73ada30c5774fd9505ccab6786ed745e14742684b4ca2b9fed
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_3Filesize
4.0MB
MD55ff8f8987906c1a7271ff7d9db09824e
SHA1d4ae9dc7afc8689a09708b71a6bcd0df112f195e
SHA25619fea9161a1d71c6c2476aaba0586c64cf6cc5b29db8c1836e0146f24269c071
SHA512b2f45874a3de891e7b5a359d550036c339094a032349217774a993f3d612b05852c76c38c4d3cf7cdc9922f83088e937f2bc7c3d8c6474d3f28b6e1ec71ee915
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
138KB
MD5a9e8b8b5c1002967e8a3999a9cf3f2ae
SHA19586e32bca3acfdbddfe9283d71b2288bf225df6
SHA256fe4727792968d55bf5006207f68631b4c5f964b2d3ee7fa2ab7a16c5d085e6f5
SHA51282ad63120da655ce80dddce99660b1156e4145275c0d5322d31a894af0a29def538348bfce1b4a742f2fdb0808f948f1db389c20aa82f4d689498bd88536d36f
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD554b2455bfcdddf3c06291afc710b4f11
SHA1a174a51217de5cbdf959e83677b25c5722223e28
SHA256fafcd6b8f27b5df5c1b68a819c252d50b7db403ac6be9aae50dbb226528a728b
SHA512e85ff8341fac21e5252f55a8cb833d3d498bd766e23987f9fd059d7b196bb0ed10230e90dfc26956752a7b49a2971ad17fde1787ea18af5f1b1b880b0da2c50b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD572fd997643f377e598a94b56fd757298
SHA1f89647302abba836fae8f18f312997ebae7b8332
SHA2564dd8ede795910cd3dab744e6fe7c66bb195a68fa5021e36d5be31dcb41f76c92
SHA5124e2df8a2a436c4229f87cd2ce31f48c639236e6412d0e7911a2507f13000cce9d246804f5083fd90e628c1a0e2122ae6ca2d5695c41dcddefff159ccc045cf3f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD547f25abfb63f30fbbd3252de5f576beb
SHA134f1e502699adfb251a42589eca267fe5c1fbae0
SHA256117d877bd0b3ce08ce73d02f32cf3074a0af0a75483224358f474d7fae8dce17
SHA5127297075c02cbbb1002a7220e075e3ceb035c72092b061a345e50231cc8c1d7265dcd8ce508d60c5b6a0a883cc3df736d1cd165e3c064bea6e25c1f3ba36fc145
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\throttle_store.datFilesize
20B
MD59e4e94633b73f4a7680240a0ffd6cd2c
SHA1e68e02453ce22736169a56fdb59043d33668368f
SHA25641c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304
SHA512193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD570e9da5b08506dc7b1633b22af2c5e7f
SHA1309d197fb0bfbfd93e44acf88222c50fc8de965d
SHA256276f77c7b64bbe94711af616aeb03ae943a1d2eb941b6e3174896ea6f8d36420
SHA5123bfcfeeb7d50299fc8bd2b43f0c6d30893a19a6b8564ed25296ebcbf3716640142291516529be21a2e4009735280fbf0cdb00026d80d9a0133348b2cc9436159
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD51653479da817d09f7eb67986a9148ba7
SHA1ef38bdd57d2d2130685d009c6711d9731597805d
SHA256fd6fa0e7c7f58648e5e962495f322f0cf348a9fc2638374aff6be2d0cbea662d
SHA5120d091452cf929beac2105ac8897e18abad0393d3aeb5904ce5b8683fc63b10785ad69dd57f79ecec28420742816d403a19dd98ee0d6bc70b4dceb4d09a21a071
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD510e64fe948d832948d1c1c059a133849
SHA16cc7a0534ff745c6bdbc44e19c0ead01f3cd9830
SHA2566b64626fc0ba3a847d9abbdbcfa3310d65431e68cd14c9bc41fb118b72351504
SHA5123896c5cc4da7f0479fb16b9c2b0132e79c87c018b56682af4cd3ac74b0d665f685d84e9bb529d8709fb7f110b95f27a9511941d940f0eba7ea75b8b49e12b993
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.funFilesize
8KB
MD5f22599af9343cac74a6c5412104d748c
SHA1e2ac4c57fa38f9d99f3d38c2f6582b4334331df5
SHA25636537e56d60910ab6aa548e64ca4adafdcabde9d60739013993e12ba061dfd65
SHA5125c8afc025e1d8342d93b7842dc7ef22eca61085857a80a08ba9b3f156ee3b814606bb32bc244bd525a7913e7915bdf3a86771d39577f4a1176ade04dc381c6d4
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{fbf257de-6570-4630-902c-10acf3a7613b}\0.1.filtertrie.intermediate.txt.funFilesize
16B
MD51fd532d45d20d5c86da0196e1af3f59a
SHA134adcab9d06e04ea6771fa6c9612b445fe261fab
SHA256dae6420ea1d7dbe55ab9d32b04270a2b7092a9b6645ed4e87ad2c2da5fdd6bae
SHA512f778cd0256eda2c1d8724a46f82e18ab760221181f75649e49dd32e9a2558bec0e9c52c5306ad17b18ab60395d83c438742103fe9adddf808e40c3d8384ea0b0
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{fbf257de-6570-4630-902c-10acf3a7613b}\0.2.filtertrie.intermediate.txt.funFilesize
16B
MD5f405f596786198c6260d9c5c2b057999
SHA1f8f3345eb5abc30606964a460d8eef43d3304076
SHA25658e3090edb9316d9141065ac654a08169f2833091e6eb3a53b5a774a61b7e30a
SHA512a0b3573dae218ade265709a6fdee5f7700c9754eb10747de5af34af340ae95909d0a8902159a735e82eb5d7091f50a7997113661a7ec3fcc2b408fb6c78a4c39
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133626047950574231.txt.funFilesize
77KB
MD5c408fe54ebacb4f32d787b81ef224d39
SHA1e3d2528a5ff4a52c9e2d9ab562a04a2c710da1c7
SHA25699262dd9d9e4a7219143051937efbd2a98fe5db1d1e60dbfc2bc6601fc01efc8
SHA5127556ab93b16b72f3c9d619b30e574b67f95a1983ed5dd05e63ef33b23893ab3768b4d139691b4fb36490c1d5170854bb954aa17adc8446eb204847caa20e0012
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133626052813607644.txt.funFilesize
48KB
MD54f162a341c5623f4f9fb48bde1bd8687
SHA13c4f2000b4b73b9e32eb8bc28f2a9b50c06bfef9
SHA256aaacfbd30fec8f67ef3119075b1ce9e81afc6b7ceffc6e9f55c5fa6fcd13ce46
SHA5123b6d1146b4a75c5d4def3d80a2981baaaabf016580b0671b65195b555263a05139c2c79b15efa2cfcc24ce3aada0e1c643bec9ef0dc9a12aee454eeeeea8ead8
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133626055682919415.txt.funFilesize
66KB
MD50c4039e2bc1d499f82cc957a90885637
SHA101ca3eedaf8d2ea5311722a37755285288b72fac
SHA256c08e5c75b9dc71a283489dd7e3fd97b55fd5c7a8e1032d1b19ba780f693c39e3
SHA51227fa753b784246affa1f4e911595503af53a422e5938b481649392c7d8efc1d3ccda19a45d0abad2027298b2dc1f7599dd0bed95c96c9fd05938a978e32d4b6a
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\StartUnifiedTileModelCache.datFilesize
13KB
MD55ef891f52576f52daa5eec976e97760c
SHA102c028947ea73c943539eb8a162f9231ceafe3cd
SHA256774f23c7171a5bc84f53f9c1d61153b43defbc4b3589a608e01f6d46d2b0bc91
SHA512048598e3cfdbdc3832da4fd97b5d3d9a39a73ef3c2ead8dcac408ef576039ece040d0ac29ed210a5baa01cc818cd25261468ed53322e3dc4f49980d94f95ed8a
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\~tartUnifiedTileModelCache.tmpFilesize
14KB
MD5907f7b3d3410d67b7a65b849fe4c5c66
SHA10d1f94d02810d191376d8d2a39c7f385e6f85785
SHA256fb2c68005df09ffdd2520d038bf095ea209864a82168b10ee7d625c6e2a32276
SHA512861d05c8f9a3f250e5ffe6fb6eff205d9d267d4fd1eb896ddc009152235613297709d99fa1735d6ab5ddef09769019801b5e6a79f03db7d78fd693d4488fcec2
-
C:\Users\Admin\AppData\Local\Temp\{5F535ACF-FADC-4643-A2F0-24045D70E4A2} - OProcSessId.dat.funFilesize
16B
MD58ebcc5ca5ac09a09376801ecdd6f3792
SHA181187142b138e0245d5d0bc511f7c46c30df3e14
SHA256619e246fc0ac11320ff9e322a979948d949494b0c18217f4d794e1b398818880
SHA512cec50bfc6ad2f57f16da99459f40f2d424c6d5691685fa1053284f46c8c8c8a975d7bcb1f3521c4f3fbdc310cf4714e29404aa23be6021e2e267c97b090dc650
-
\??\pipe\LOCAL\crashpad_3548_EVIKICAXLOFNQCABMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/2884-3832-0x000001A4AA780000-0x000001A4AA781000-memory.dmpFilesize
4KB
-
memory/2884-3839-0x000001A4AA780000-0x000001A4AA781000-memory.dmpFilesize
4KB
-
memory/2884-3838-0x000001A4AA780000-0x000001A4AA781000-memory.dmpFilesize
4KB
-
memory/2884-3837-0x000001A4AA780000-0x000001A4AA781000-memory.dmpFilesize
4KB
-
memory/2884-3840-0x000001A4AA780000-0x000001A4AA781000-memory.dmpFilesize
4KB
-
memory/2884-3841-0x000001A4AA780000-0x000001A4AA781000-memory.dmpFilesize
4KB
-
memory/2884-3842-0x000001A4AA780000-0x000001A4AA781000-memory.dmpFilesize
4KB
-
memory/2884-3843-0x000001A4AA780000-0x000001A4AA781000-memory.dmpFilesize
4KB
-
memory/2884-3833-0x000001A4AA780000-0x000001A4AA781000-memory.dmpFilesize
4KB
-
memory/2884-3831-0x000001A4AA780000-0x000001A4AA781000-memory.dmpFilesize
4KB
-
memory/3428-3824-0x00007FFB82FC0000-0x00007FFB83961000-memory.dmpFilesize
9.6MB
-
memory/3428-20-0x00007FFB82FC0000-0x00007FFB83961000-memory.dmpFilesize
9.6MB
-
memory/3428-3979-0x00007FFB82FC0000-0x00007FFB83961000-memory.dmpFilesize
9.6MB
-
memory/3428-3826-0x00007FFB82FC0000-0x00007FFB83961000-memory.dmpFilesize
9.6MB
-
memory/3428-3825-0x00007FFB82FC0000-0x00007FFB83961000-memory.dmpFilesize
9.6MB
-
memory/3428-3830-0x00007FFB82FC0000-0x00007FFB83961000-memory.dmpFilesize
9.6MB
-
memory/3428-256-0x00007FFB82FC0000-0x00007FFB83961000-memory.dmpFilesize
9.6MB
-
memory/3428-255-0x00007FFB82FC0000-0x00007FFB83961000-memory.dmpFilesize
9.6MB
-
memory/3428-254-0x00007FFB82FC0000-0x00007FFB83961000-memory.dmpFilesize
9.6MB
-
memory/3428-23-0x000000001B5B0000-0x000000001B5B8000-memory.dmpFilesize
32KB
-
memory/3428-22-0x00007FFB82FC0000-0x00007FFB83961000-memory.dmpFilesize
9.6MB
-
memory/3428-21-0x00007FFB82FC0000-0x00007FFB83961000-memory.dmpFilesize
9.6MB
-
memory/3428-3829-0x00007FFB82FC0000-0x00007FFB83961000-memory.dmpFilesize
9.6MB
-
memory/4028-19-0x00007FFB82FC0000-0x00007FFB83961000-memory.dmpFilesize
9.6MB
-
memory/4028-5-0x000000001BF40000-0x000000001BFDC000-memory.dmpFilesize
624KB
-
memory/4028-3-0x00007FFB82FC0000-0x00007FFB83961000-memory.dmpFilesize
9.6MB
-
memory/4028-4-0x000000001BA70000-0x000000001BF3E000-memory.dmpFilesize
4.8MB
-
memory/4028-2-0x0000000000F60000-0x0000000000F98000-memory.dmpFilesize
224KB
-
memory/4028-1-0x00007FFB82FC0000-0x00007FFB83961000-memory.dmpFilesize
9.6MB
-
memory/4028-0-0x00007FFB83275000-0x00007FFB83276000-memory.dmpFilesize
4KB
