jigsaw | a705e662a0fd1415561578f65c029d21f20aabd1b3baffa7fb66294e92616a98

Analysis

max time kernel
709s
max time network
707s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
04-08-2024 08:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d.jpg
Size

589B
MD5

2e934e6e0af68871e37923b402f78219
SHA1

dd35ec46244325473359bd8b0ec393827c0358d6
SHA256

a705e662a0fd1415561578f65c029d21f20aabd1b3baffa7fb66294e92616a98
SHA512

c1bb7e2fbc4bd6f60deff92b6d38d2c7e950ee66f7a3a9dc606ef4bb7960cbd5f44c3be774f1a9aef1a55585e8f646e7443e0f66a2aefbb40f96bd7909bfdafd

Score

10^/10

jigsaw discovery persistence ransomware spyware stealer

Malware Config

Signatures

Jigsaw Ransomware
Ransomware family first created in 2016. Named based on wallpaper set after infection in the early versions.
ransomware jigsaw
Renames multiple (3745) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware
Downloads MZ/PE file
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.

Query Registry
T1012

System Information Discovery
T1082

Processes:

jigsaw.exe

description ioc process

Key value queried \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Control Panel\International\Geo\Nation jigsaw.exe
Deletes itself 1 IoCs

Processes:

drpbx.exe

pid process

2868 drpbx.exe
Executes dropped EXE 6 IoCs

Processes:

ChilledWindows.exeRensenware.exeRensenware.exejigsaw.exedrpbx.exejigsaw.exe

pid process

6108 ChilledWindows.exe
3624 Rensenware.exe
2136 Rensenware.exe
2112 jigsaw.exe
2868 drpbx.exe
844 jigsaw.exe
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Control Panel\International\Geo\Nation	jigsaw.exe

pid	process
2868	drpbx.exe

pid	process
6108	ChilledWindows.exe
3624	Rensenware.exe
2136	Rensenware.exe
2112	jigsaw.exe
2868	drpbx.exe
844	jigsaw.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

jigsaw.exejigsaw.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\firefox.exe = "C:\\Users\\Admin\\AppData\\Roaming\\Frfx\\firefox.exe"	jigsaw.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\firefox.exe = "C:\\Users\\Admin\\AppData\\Roaming\\Frfx\\firefox.exe"	jigsaw.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

ChilledWindows.exe

description	ioc	process
File opened (read-only)	\??\G:	ChilledWindows.exe
File opened (read-only)	\??\N:	ChilledWindows.exe
File opened (read-only)	\??\Q:	ChilledWindows.exe
File opened (read-only)	\??\V:	ChilledWindows.exe
File opened (read-only)	\??\Z:	ChilledWindows.exe
File opened (read-only)	\??\A:	ChilledWindows.exe
File opened (read-only)	\??\K:	ChilledWindows.exe
File opened (read-only)	\??\M:	ChilledWindows.exe
File opened (read-only)	\??\O:	ChilledWindows.exe
File opened (read-only)	\??\R:	ChilledWindows.exe
File opened (read-only)	\??\E:	ChilledWindows.exe
File opened (read-only)	\??\H:	ChilledWindows.exe
File opened (read-only)	\??\I:	ChilledWindows.exe
File opened (read-only)	\??\L:	ChilledWindows.exe
File opened (read-only)	\??\W:	ChilledWindows.exe
File opened (read-only)	\??\Y:	ChilledWindows.exe
File opened (read-only)	\??\B:	ChilledWindows.exe
File opened (read-only)	\??\J:	ChilledWindows.exe
File opened (read-only)	\??\P:	ChilledWindows.exe
File opened (read-only)	\??\S:	ChilledWindows.exe
File opened (read-only)	\??\T:	ChilledWindows.exe
File opened (read-only)	\??\U:	ChilledWindows.exe
File opened (read-only)	\??\X:	ChilledWindows.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 18 IoCs

Web Service

T1102

Processes:

flow	ioc
175	raw.githubusercontent.com
176	raw.githubusercontent.com
177	raw.githubusercontent.com
182	raw.githubusercontent.com
283	raw.githubusercontent.com
423	raw.githubusercontent.com
431	raw.githubusercontent.com
434	raw.githubusercontent.com
436	raw.githubusercontent.com
184	raw.githubusercontent.com
185	raw.githubusercontent.com
281	raw.githubusercontent.com
282	raw.githubusercontent.com
421	raw.githubusercontent.com
437	raw.githubusercontent.com
183	raw.githubusercontent.com
422	raw.githubusercontent.com
435	raw.githubusercontent.com

Drops file in System32 directory 2 IoCs

Processes:

chrome.exe

description	ioc	process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Drops file in Program Files directory 64 IoCs

Processes:

drpbx.exe

description	ioc	process
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\A12_Spinner.gif	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\BadgeLogo.scale-125.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-16_altform-unplated_contrast-white.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Xbox.TCUI_1.23.28002.0_neutral_~_8wekyb3d8bbwe\AppxBlockMap.xml	drpbx.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\uk-ua\ui-strings.js.fun	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\AppxManifest.xml	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.targetsize-20_altform-unplated.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-36_contrast-white.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\423x173\7.jpg	drpbx.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\es-es\ui-strings.js	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarLargeTile.scale-100.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Yahoo-Light.scale-300.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\BadgeLogo.scale-200_contrast-white.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarAppList.targetsize-40_altform-lightunplated.png	drpbx.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\vi_get.svg	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x64__8wekyb3d8bbwe\Microsoft.Advertising\ormma.js	drpbx.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\ccloud_retina.png	drpbx.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\file_info.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\MedTile.scale-100.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\AppxBundleManifest.xml	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-48_altform-unplated_contrast-white.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-Advanced-Light.scale-300.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxAccountsLargeTile.scale-100.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarSmallTile.scale-150.png	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\S_IlluNoSearchResults_180x160.svg.fun	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_neutral_split.scale-100_8wekyb3d8bbwe\images\Square44x44Logo.scale-100.png	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\download.svg.fun	drpbx.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win8-scrollbar\arrow-up.gif	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\RTL\contrast-white\MedTile.scale-100.png	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\hi_contrast\aic_file_icons_hiContrast_wob.png.fun	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-64_altform-unplated.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\RunningLate.scale-80.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSectionGroupSmallTile.scale-100.png	drpbx.exe
File created	C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\en_CA\README_en_CA.txt.fun	drpbx.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\ind_prog.gif	drpbx.exe
File created	C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\en_GB\README_en_GB.txt.fun	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\nl-nl\ui-strings.js.fun	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\187.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Sticker_Sun.png	drpbx.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\back-arrow-hover.svg	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailSplashLogo.scale-250.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Videos\SmartSelect\Magic_Select_add_tool.mp4	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\back-arrow-default.svg.fun	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteSectionMedTile.scale-100.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\ExchangeBadge.scale-400.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarLargeTile.scale-400.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.People_10.1902.633.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\PeopleSplashScreen.scale-125.png	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\en-il\ui-strings.js.fun	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\hu-hu\ui-strings.js.fun	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\LightGray.png	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\js\nls\ui-strings.js.fun	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\themes\dark\core_icons.png.fun	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.UI.Xaml.2.0_2.1810.18004.0_x64__8wekyb3d8bbwe\AppxBlockMap.xml	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxApp_48.49.31001.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\GamesXboxHubWideTile.scale-125_contrast-high.png	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_filterselected-hover_32.svg.fun	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_neutral_~_8wekyb3d8bbwe\AppxBlockMap.xml	drpbx.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Corbel.xml.fun	drpbx.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-white_scale-180.png	drpbx.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\cldrdata.jar.fun	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_gridview-hover.svg.fun	drpbx.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\new_icons.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_neutral_split.scale-200_8wekyb3d8bbwe\AppxBlockMap.xml	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailBadge.scale-100.png	drpbx.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

dw20.exedw20.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	dw20.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	dw20.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	dw20.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	dw20.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	dw20.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	dw20.exe

Enumerates system info in registry 2 TTPs 10 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

dw20.exechrome.exedw20.exemsedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	dw20.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	dw20.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dw20.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dw20.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies data under HKEY_USERS 3 IoCs

Processes:

chrome.exemsedge.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133672357208998070"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe

Modifies registry class 7 IoCs

Processes:

msedge.exemsedge.exeOpenWith.exemsedge.exeChilledWindows.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2170637797-568393320-3232933035-1000\{4FFC73F9-26AF-4719-8F2E-CF0C65B131EF}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2170637797-568393320-3232933035-1000\{F7FB835C-1D96-44F3-BBED-8405E554183B}	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2170637797-568393320-3232933035-1000\{A539CE12-7612-45DE-B961-003DFEBAD30D}	ChilledWindows.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2170637797-568393320-3232933035-1000\{2B937A9F-BD1E-4E98-8BB9-F7CC6E555E32}	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 11 IoCs

Processes:

chrome.exechrome.exemsedge.exemsedge.exe

pid	process
644	chrome.exe
644	chrome.exe
644	chrome.exe
5708	chrome.exe
5708	chrome.exe
5708	chrome.exe
5708	chrome.exe
1836	msedge.exe
1836	msedge.exe
4900	msedge.exe
4900	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

OpenWith.exe

pid process

3052 OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs

Processes:

chrome.exemsedge.exe

pid	process
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exeChilledWindows.exemsedge.exe

pid	process
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
6108	ChilledWindows.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

chrome.exemsedge.exe

pid	process
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe

Suspicious use of SetWindowsHookEx 17 IoCs

Processes:

OpenWith.exe

pid	process
3052	OpenWith.exe
3052	OpenWith.exe
3052	OpenWith.exe
3052	OpenWith.exe
3052	OpenWith.exe
3052	OpenWith.exe
3052	OpenWith.exe
3052	OpenWith.exe
3052	OpenWith.exe
3052	OpenWith.exe
3052	OpenWith.exe
3052	OpenWith.exe
3052	OpenWith.exe
3052	OpenWith.exe
3052	OpenWith.exe
3052	OpenWith.exe
3052	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 644 wrote to memory of 2912	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 2912	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 2076	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 2076	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 2076	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 2076	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 2076	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 2076	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 2076	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 2076	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 2076	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 2076	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 2076	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 2076	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 2076	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 2076	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 2076	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 2076	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 2076	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 2076	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 2076	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 2076	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 2076	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 2076	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 2076	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 2076	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 2076	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 2076	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 2076	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 2076	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 2076	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 2076	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 968	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 968	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 3180	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 3180	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 3180	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 3180	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 3180	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 3180	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 3180	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 3180	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 3180	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 3180	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 3180	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 3180	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 3180	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 3180	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 3180	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 3180	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 3180	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 3180	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 3180	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 3180	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 3180	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 3180	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 3180	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 3180	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 3180	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 3180	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 3180	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 3180	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 3180	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 3180	644	chrome.exe	chrome.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\d.jpg
1⤵
PID:4844

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4440,i,11251706013556949551,5157034131170452377,262144 --variations-seed-version --mojo-platform-channel-handle=3032 /prefetch:8
1⤵
PID:3628

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
PID:4452

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=3844,i,11251706013556949551,5157034131170452377,262144 --variations-seed-version --mojo-platform-channel-handle=4092 /prefetch:1
1⤵
PID:2324

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4192,i,11251706013556949551,5157034131170452377,262144 --variations-seed-version --mojo-platform-channel-handle=2728 /prefetch:1
1⤵
PID:3300

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --field-trial-handle=5428,i,11251706013556949551,5157034131170452377,262144 --variations-seed-version --mojo-platform-channel-handle=5484 /prefetch:1
1⤵
PID:5116

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5448,i,11251706013556949551,5157034131170452377,262144 --variations-seed-version --mojo-platform-channel-handle=5624 /prefetch:8
1⤵
PID:2616

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5616,i,11251706013556949551,5157034131170452377,262144 --variations-seed-version --mojo-platform-channel-handle=5648 /prefetch:8
1⤵
PID:1528

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --field-trial-handle=6128,i,11251706013556949551,5157034131170452377,262144 --variations-seed-version --mojo-platform-channel-handle=6124 /prefetch:1
1⤵
PID:4952

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --field-trial-handle=5160,i,11251706013556949551,5157034131170452377,262144 --variations-seed-version --mojo-platform-channel-handle=5152 /prefetch:1
1⤵
PID:4712

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --field-trial-handle=5292,i,11251706013556949551,5157034131170452377,262144 --variations-seed-version --mojo-platform-channel-handle=5348 /prefetch:1
1⤵
PID:3148

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=6540,i,11251706013556949551,5157034131170452377,262144 --variations-seed-version --mojo-platform-channel-handle=5572 /prefetch:8
1⤵
PID:4924

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --field-trial-handle=5524,i,11251706013556949551,5157034131170452377,262144 --variations-seed-version --mojo-platform-channel-handle=5568 /prefetch:8
1⤵
PID:3612

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x494 0x328
1⤵
PID:1680

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=6012,i,11251706013556949551,5157034131170452377,262144 --variations-seed-version --mojo-platform-channel-handle=6700 /prefetch:8
1⤵
PID:3788

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --field-trial-handle=6784,i,11251706013556949551,5157034131170452377,262144 --variations-seed-version --mojo-platform-channel-handle=6824 /prefetch:1
1⤵
PID:4724

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --field-trial-handle=6312,i,11251706013556949551,5157034131170452377,262144 --variations-seed-version --mojo-platform-channel-handle=6996 /prefetch:1
1⤵
PID:1164

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --field-trial-handle=6920,i,11251706013556949551,5157034131170452377,262144 --variations-seed-version --mojo-platform-channel-handle=4492 /prefetch:8
1⤵
- Modifies registry class
PID:4380

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=30 --field-trial-handle=6908,i,11251706013556949551,5157034131170452377,262144 --variations-seed-version --mojo-platform-channel-handle=7204 /prefetch:1
1⤵
PID:4908

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=31 --field-trial-handle=7256,i,11251706013556949551,5157034131170452377,262144 --variations-seed-version --mojo-platform-channel-handle=7276 /prefetch:1
1⤵
PID:3120

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=32 --field-trial-handle=6764,i,11251706013556949551,5157034131170452377,262144 --variations-seed-version --mojo-platform-channel-handle=7432 /prefetch:1
1⤵
PID:2348

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=7768,i,11251706013556949551,5157034131170452377,262144 --variations-seed-version --mojo-platform-channel-handle=4492 /prefetch:8
1⤵
PID:412

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --field-trial-handle=5820,i,11251706013556949551,5157034131170452377,262144 --variations-seed-version --mojo-platform-channel-handle=5848 /prefetch:8
1⤵
PID:5076

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=35 --field-trial-handle=5884,i,11251706013556949551,5157034131170452377,262144 --variations-seed-version --mojo-platform-channel-handle=7440 /prefetch:1
1⤵
PID:1316

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=36 --field-trial-handle=7936,i,11251706013556949551,5157034131170452377,262144 --variations-seed-version --mojo-platform-channel-handle=8012 /prefetch:1
1⤵
PID:2196

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffd53e6cc40,0x7ffd53e6cc4c,0x7ffd53e6cc58
  2⤵
  PID:2912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1904,i,8553696318605342580,17426647236927713276,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1900 /prefetch:2
  2⤵
  PID:2076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1864,i,8553696318605342580,17426647236927713276,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2220 /prefetch:3
  2⤵
  PID:968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2280,i,8553696318605342580,17426647236927713276,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2508 /prefetch:8
  2⤵
  PID:3180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3164,i,8553696318605342580,17426647236927713276,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:2572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3416,i,8553696318605342580,17426647236927713276,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3428 /prefetch:1
  2⤵
  PID:844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4644,i,8553696318605342580,17426647236927713276,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4656 /prefetch:1
  2⤵
  PID:5220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4848,i,8553696318605342580,17426647236927713276,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4860 /prefetch:8
  2⤵
  PID:5416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5020,i,8553696318605342580,17426647236927713276,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5056 /prefetch:8
  2⤵
  PID:5520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5464,i,8553696318605342580,17426647236927713276,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5460 /prefetch:1
  2⤵
  PID:5804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5568,i,8553696318605342580,17426647236927713276,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5800 /prefetch:8
  2⤵
  PID:716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5556,i,8553696318605342580,17426647236927713276,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6020 /prefetch:8
  2⤵
  PID:1044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5896,i,8553696318605342580,17426647236927713276,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5528 /prefetch:8
  2⤵
  PID:4752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5672,i,8553696318605342580,17426647236927713276,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3444 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:5708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6140,i,8553696318605342580,17426647236927713276,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5532 /prefetch:8
  2⤵
  PID:440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5564,i,8553696318605342580,17426647236927713276,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5908 /prefetch:8
  2⤵
  PID:2136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5972,i,8553696318605342580,17426647236927713276,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6048 /prefetch:8
  2⤵
  PID:6112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3284,i,8553696318605342580,17426647236927713276,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5524 /prefetch:8
  2⤵
  PID:5616
- C:\Users\Admin\Downloads\Rensenware.exe
  "C:\Users\Admin\Downloads\Rensenware.exe"
  2⤵
  - Executes dropped EXE
  PID:3624
- - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe
    dw20.exe -x -s 844
    3⤵
    - Checks processor information in registry
    - Enumerates system info in registry
    PID:5304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=4072,i,8553696318605342580,17426647236927713276,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4084 /prefetch:1
  2⤵
  PID:4004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=6116,i,8553696318605342580,17426647236927713276,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5056 /prefetch:1
  2⤵
  PID:2144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5352,i,8553696318605342580,17426647236927713276,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3428 /prefetch:1
  2⤵
  PID:3280

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5200

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5484

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5824,i,11251706013556949551,5157034131170452377,262144 --variations-seed-version --mojo-platform-channel-handle=7596 /prefetch:8
1⤵
PID:5620

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=7760,i,11251706013556949551,5157034131170452377,262144 --variations-seed-version --mojo-platform-channel-handle=5780 /prefetch:8
1⤵
PID:5660

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:6084

C:\Users\Admin\Downloads\ChilledWindows.exe
"C:\Users\Admin\Downloads\ChilledWindows.exe"
1⤵
- Executes dropped EXE
- Enumerates connected drives
- Modifies registry class
- Suspicious use of FindShellTrayWindow
PID:6108

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=127.0.6533.89 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=127.0.2651.86 --initial-client-data=0x238,0x23c,0x240,0x234,0x25c,0x7ffd3614d198,0x7ffd3614d1a4,0x7ffd3614d1b0
  2⤵
  PID:5564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2280,i,4552292667819906908,15146656211208104914,262144 --variations-seed-version --mojo-platform-channel-handle=3164 /prefetch:2
  2⤵
  PID:5592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --field-trial-handle=1912,i,4552292667819906908,15146656211208104914,262144 --variations-seed-version --mojo-platform-channel-handle=3280 /prefetch:3
  2⤵
  PID:1252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --field-trial-handle=2260,i,4552292667819906908,15146656211208104914,262144 --variations-seed-version --mojo-platform-channel-handle=3540 /prefetch:8
  2⤵
  PID:4032
- C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=4496,i,4552292667819906908,15146656211208104914,262144 --variations-seed-version --mojo-platform-channel-handle=4520 /prefetch:8
  2⤵
  PID:5404
- C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=4496,i,4552292667819906908,15146656211208104914,262144 --variations-seed-version --mojo-platform-channel-handle=4520 /prefetch:8
  2⤵
  PID:4700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4248,i,4552292667819906908,15146656211208104914,262144 --variations-seed-version --mojo-platform-channel-handle=4744 /prefetch:1
  2⤵
  PID:2560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --field-trial-handle=5044,i,4552292667819906908,15146656211208104914,262144 --variations-seed-version --mojo-platform-channel-handle=5080 /prefetch:8
  2⤵
  PID:6096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --field-trial-handle=4688,i,4552292667819906908,15146656211208104914,262144 --variations-seed-version --mojo-platform-channel-handle=5232 /prefetch:8
  2⤵
  PID:5560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5532,i,4552292667819906908,15146656211208104914,262144 --variations-seed-version --mojo-platform-channel-handle=5548 /prefetch:1
  2⤵
  PID:936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5524,i,4552292667819906908,15146656211208104914,262144 --variations-seed-version --mojo-platform-channel-handle=5616 /prefetch:1
  2⤵
  PID:3196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5612,i,4552292667819906908,15146656211208104914,262144 --variations-seed-version --mojo-platform-channel-handle=5844 /prefetch:1
  2⤵
  PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=4576,i,4552292667819906908,15146656211208104914,262144 --variations-seed-version --mojo-platform-channel-handle=5508 /prefetch:8
  2⤵
  PID:3236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=4744,i,4552292667819906908,15146656211208104914,262144 --variations-seed-version --mojo-platform-channel-handle=4520 /prefetch:8
  2⤵
  PID:1200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=3060,i,4552292667819906908,15146656211208104914,262144 --variations-seed-version --mojo-platform-channel-handle=2960 /prefetch:8
  2⤵
  PID:3584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --field-trial-handle=5396,i,4552292667819906908,15146656211208104914,262144 --variations-seed-version --mojo-platform-channel-handle=5384 /prefetch:8
  2⤵
  PID:1116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5712,i,4552292667819906908,15146656211208104914,262144 --variations-seed-version --mojo-platform-channel-handle=5504 /prefetch:1
  2⤵
  PID:4464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=6360,i,4552292667819906908,15146656211208104914,262144 --variations-seed-version --mojo-platform-channel-handle=6268 /prefetch:8
  2⤵
  PID:6120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=6308,i,4552292667819906908,15146656211208104914,262144 --variations-seed-version --mojo-platform-channel-handle=6368 /prefetch:1
  2⤵
  PID:6008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=6212,i,4552292667819906908,15146656211208104914,262144 --variations-seed-version --mojo-platform-channel-handle=6176 /prefetch:1
  2⤵
  PID:5608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=6776,i,4552292667819906908,15146656211208104914,262144 --variations-seed-version --mojo-platform-channel-handle=6240 /prefetch:8
  2⤵
  PID:4380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=6340,i,4552292667819906908,15146656211208104914,262144 --variations-seed-version --mojo-platform-channel-handle=6348 /prefetch:1
  2⤵
  PID:5956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --field-trial-handle=6236,i,4552292667819906908,15146656211208104914,262144 --variations-seed-version --mojo-platform-channel-handle=6272 /prefetch:8
  2⤵
  PID:1412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=6644,i,4552292667819906908,15146656211208104914,262144 --variations-seed-version --mojo-platform-channel-handle=6168 /prefetch:8
  2⤵
  - Modifies registry class
  PID:468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=6756,i,4552292667819906908,15146656211208104914,262144 --variations-seed-version --mojo-platform-channel-handle=5912 /prefetch:1
  2⤵
  PID:1220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=6168,i,4552292667819906908,15146656211208104914,262144 --variations-seed-version --mojo-platform-channel-handle=5924 /prefetch:1
  2⤵
  PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=7060,i,4552292667819906908,15146656211208104914,262144 --variations-seed-version --mojo-platform-channel-handle=7140 /prefetch:1
  2⤵
  PID:60
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --field-trial-handle=5896,i,4552292667819906908,15146656211208104914,262144 --variations-seed-version --mojo-platform-channel-handle=7476 /prefetch:8
  2⤵
  PID:2588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --field-trial-handle=6296,i,4552292667819906908,15146656211208104914,262144 --variations-seed-version --mojo-platform-channel-handle=7340 /prefetch:8
  2⤵
  PID:2584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=7604,i,4552292667819906908,15146656211208104914,262144 --variations-seed-version --mojo-platform-channel-handle=7600 /prefetch:1
  2⤵
  PID:2348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=7896,i,4552292667819906908,15146656211208104914,262144 --variations-seed-version --mojo-platform-channel-handle=7856 /prefetch:8
  2⤵
  PID:2000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=8112,i,4552292667819906908,15146656211208104914,262144 --variations-seed-version --mojo-platform-channel-handle=8072 /prefetch:8
  2⤵
  PID:2580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=7548,i,4552292667819906908,15146656211208104914,262144 --variations-seed-version --mojo-platform-channel-handle=7544 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --field-trial-handle=7716,i,4552292667819906908,15146656211208104914,262144 --variations-seed-version --mojo-platform-channel-handle=7852 /prefetch:8
  2⤵
  PID:4804

C:\Users\Admin\Downloads\Rensenware.exe
"C:\Users\Admin\Downloads\Rensenware.exe"
1⤵
- Executes dropped EXE
PID:2136
- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe
  dw20.exe -x -s 844
  2⤵
  - Checks processor information in registry
  - Enumerates system info in registry
  PID:5760

C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\elevation_service.exe"
1⤵
PID:1696

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
PID:6140

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3052

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\Ransomware.Jigsaw\" -spe -an -ai#7zMap17747:92:7zEvent21124
1⤵
PID:5324

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\Ransomware.Jigsaw\" -spe -an -ai#7zMap30547:92:7zEvent25251
1⤵
PID:4888

C:\Users\Admin\Desktop\Ransomware.Jigsaw\jigsaw.exe
"C:\Users\Admin\Desktop\Ransomware.Jigsaw\jigsaw.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
PID:2112
- C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe
  "C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe" C:\Users\Admin\Desktop\Ransomware.Jigsaw\jigsaw.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:2868

C:\Users\Admin\Desktop\Ransomware.Jigsaw\jigsaw.exe
"C:\Users\Admin\Desktop\Ransomware.Jigsaw\jigsaw.exe"
1⤵
- Executes dropped EXE
- Adds Run key to start application
PID:844

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_remove_18.svg.fun

Filesize
720B

MD5
75a585c1b60bd6c75d496d3b042738d5

SHA1
02c310d7bf79b32a43acd367d031b6a88c7e95ed

SHA256
5ebbfc6df60e21044486a5df3cb47ccdcd7a4d5f197804555715ffd9bf6c5834

SHA512
663a302e651b9167f4c4e6ae30028307b4d8da0dda3a0e5fd414104951d50419862fc9396c5b39fe5c4b696efd3efbf0b575688983b1d341f3ef38becf500505

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons.png.fun

Filesize
7KB

MD5
72269cd78515bde3812a44fa4c1c028c

SHA1
87cada599a01acf0a43692f07a58f62f5d90d22c

SHA256
7c78b3da50c1135a9e1ecace9aea4ea7ac8622d2a87b952fc917c81010c953f7

SHA512
3834b7a8866e8656bbdbf711fc400956e9b7a14e192758f26ccf31d8f6ab8e34f7b1983c1845dc84e45ff70555e423d54a475f6a668511d3bcbdd1d460eeb4b0

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons_ie8.gif.fun

Filesize
7KB

MD5
eda4add7a17cc3d53920dd85d5987a5f

SHA1
863dcc28a16e16f66f607790807299b4578e6319

SHA256
97f6348eaa48800e603d11fa22c62e10682ad919e7af2b2e59d6bd53937618f2

SHA512
d59fa9648dc7cb76a5163014f91b6d65d33aaa86fc9d9c73bf147943a3254b4c4f77f06b2e95bb8f94246a982ea466eb33dac9573dd62f40953fd23de1c1b498

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons_retina.png.fun

Filesize
15KB

MD5
7dbb12df8a1a7faae12a7df93b48a7aa

SHA1
07800ce598bee0825598ad6f5513e2ba60d56645

SHA256
aecde4eb94a19095495d76ef3189a9abd45bcfd41acbed7705d22b4c7d00aa77

SHA512
96e454ebb4c96573e8edc6822290c22d425f4c7f7adbab35e6dc4b3ce04a5916ae9254c2c312c98299835ecbf3c5aa95da2939b8408ac25fbae44ba87a3795dc

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\new_icons.png.fun

Filesize
8KB

MD5
82a2e835674d50f1a9388aaf1b935002

SHA1
e09d0577da42a15ec1b71a887ff3e48cfbfeff1a

SHA256
904372666ca3c40f92b20317d92ca531678958affbc34591401e338146fe0ecb

SHA512
b10a8e384d0bd088443a5085f5c22a296f6f4d295a053d4526690ba65846e887daec47d01cf18fdf1160db98061a8b7c4040de56e6e604451a821fadccf32698

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\new_icons_retina.png.fun

Filesize
17KB

MD5
150c9a9ed69b12d54ada958fcdbb1d8a

SHA1
804c540a51a8d14c6019d3886ece68f32f1631d5

SHA256
2dee41184747742fbdc527b2023d67fecec1ccdfdf258439a06cd75d4fd33f43

SHA512
70193ee6f0919eb14311f43b5a5da041deacb568db55fc43290ee76e17af902ac468435b37a150630ea3b7871c724073915ae5dcba3c301ac42f2d68dd598e2f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon.png.fun

Filesize
448B

MD5
880833ad1399589728c877f0ebf9dce0

SHA1
0a98c8a78b48c4b1b4165a2c6b612084d9d26dce

SHA256
7a27d891097df183fbf0031e3894bdac0ce77aef15d666ddd9f6a04e9836fb27

SHA512
0ddf247892a72a390437390d535debf6e41d12e51b31eb4f0353b710ec380c5fbc531a48e76935088063a41aca843287d3def9c1cd46be05b8dcb69f5017a464

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_2x.png.fun

Filesize
624B

MD5
409a8070b50ad164eda5691adf5a2345

SHA1
e84e10471f3775d5d706a3b7e361100c9fbfaf74

SHA256
a91790b778026db625c9dedfe1c6d94b884818b33d7977e86b2f9c2f3c500796

SHA512
767a75edd37d29b3433040ce21cda849cd11ba549f27581f7edc6416c433ba7047c56908d40956422393ab0f35ede61617d4bd2aad0bde3d1ebd276584c858c7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover.png.fun

Filesize
400B

MD5
2884524604c89632ebbf595e1d905df9

SHA1
b6053c85110b0364766e18daab579ac048b36545

SHA256
ae2facd997527426fc4def82e0db68be29b44499bfff86a28c36f7c31b177d4f

SHA512
0b506397627823a1768796129c6b37d146821471b89338b5f2d0fd3aea707fd46a8e197ee0e298ddfb3b50eef0a0b064946006346b060f733ef19cbd5d24fc90

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover_2x.png.fun

Filesize
560B

MD5
e092d14d26938d98728ce4698ee49bc3

SHA1
9f8ee037664b4871ec02ed6bba11a5317b9e784a

SHA256
5e8ec278a273be22199884d519a79f748801baa3a45b76e57569fdfffe96e7fb

SHA512
b2fcb5d46339cdf6b5a954f2a083cf913779e57cb6e8699bc5da1fba1c370c41117b7ddefb50075622067eb7b02a20268bc047171bd883bcda4a497c2ec64ea4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon.png.fun

Filesize
400B

MD5
0c680b0b1e428ebc7bff87da2553d512

SHA1
f801dedfc3796d7ec52ee8ba85f26f24bbd2627c

SHA256
9433084e61062d2b709c1390e298ddaf3fb0226656662c04c0b7026a44dee750

SHA512
2d1399a6bf225b048d2b12656e941ad912636acae2dec387f92f33ac80629a1e504bca63580ba73a8ed073788f697274d5eb76ea1b089f0555fd397a8f5cbbff

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png.fun

Filesize
560B

MD5
be26a499465cfbb09a281f34012eada0

SHA1
b8544b9f569724a863e85209f81cd952acdea561

SHA256
9095e9b4759e823e96984981af41b7a9915a5ecaa6be769f89c13484cef9e0f5

SHA512
28196e5de9670e9f63adcf648368bd3ea5926a03e28a13adc2fb69c567fba2f84e4f162637c487acb64eda2e30993f849806f2313820ba693c7e70303542d04f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png.fun

Filesize
400B

MD5
2de4e157bf747db92c978efce8754951

SHA1
c8d31effbb9621aefac55cf3d4ecf8db5e77f53d

SHA256
341976b4fe312824d02512d74770a6df9e1c37123781655532bd9cd97ea65fa9

SHA512
3042a742c38434ae3ee4fe10f7137462cdebad5cae0f9a85fb61063d15a30e1b54ac878b1af65f699c6ca1a9d2c3e58d245e54bdebfadc460cbd060836734e11

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png.fun

Filesize
560B

MD5
ad091690b979144c795c59933373ea3f

SHA1
5d9e481bc96e6f53b6ff148b0da8417f63962ada

SHA256
7805ac9d0e05d560023e5aabed960d842e4f3ec2aa3db45a9cfb541688e2edb1

SHA512
23b4c799a7b25f70962e8dd0ec7286ba7150053cab7c88f5fb1efc1095c2987bd6f3572e7fb3ee4b2238958e52a763de2c84a74615df7a6d3a19a034584fd687

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\example_icons.png.fun

Filesize
688B

MD5
65368c6dd915332ad36d061e55d02d6f

SHA1
fb4bc0862b192ad322fcb8215a33bd06c4077c6b

SHA256
6f9c7ebec5a707de439e3fd2e278fdfa07a39465d56157b70b24f091509bf76f

SHA512
8bb9a7690aeb3c0b9e14e1a6ebc5741536d354cf2324fd74ee0c3e4ef511718f7795039a94c8d2df94b6e6d0fb1762191cb649089d1def12abdf34003f0cdd0f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\example_icons2x.png.fun

Filesize
1KB

MD5
0d35b2591dc256d3575b38c748338021

SHA1
313f42a267f483e16e9dd223202c6679f243f02d

SHA256
1ca0cfc2df0354c8d886285ae5e743d9c7cc030e1afd68ac113c0f2ce43ad5fa

SHA512
f6c58c27bbde7508a866bd0e7fabadb13a4f020378cd8b8cfc0c9fa23f645d811d6cdea04b81afdf30c064c6248152e74b3e6a78ec7a3d1d19037a0db8897d7e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\bg_pattern_RHP.png.fun

Filesize
192B

MD5
b8454390c3402747f7c5e46c69bea782

SHA1
e922c30891ff05939441d839bfe8e71ad9805ec0

SHA256
76f8ed1dd50e50c7d62b804a0d6901a93e5534787d7b38467933d4c12ce98a0d

SHA512
22b26c62473e80d17c1f78df14757ccfb6c7175faa541705edc153c02baa7ab0982b5daabe8dd2c8c9efb92af81f55ccaeeecffe8ed9a0b3c26e89135ca50923

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\bg_patterns_header.png.fun

Filesize
704B

MD5
6e333be79ea4454e2ae4a0649edc420d

SHA1
95a545127e10daea20fd38b29dcc66029bd3b8bc

SHA256
112f72ef2bc57de697b82b731775fba3f518d1ae072120cd11b732bf4a782e36

SHA512
bed5906c7373814acc8a54c1631428a17f0aa69282920447a1575d8db826afd5dab262301dc6da610ff8bb81d24ec6babd3d9fb99fd6945f1aca9cb9c76ec2c9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\illustrations.png.fun

Filesize
8KB

MD5
3ae8789eb89621255cfd5708f5658dea

SHA1
6c3b530412474f62b91fd4393b636012c29217df

SHA256
7c5b1d8469e232a58359ccbcb89e619c81c20e6d2c7579e4292eb9a19849bc5a

SHA512
f6998dbae1a2fa56f962045261a11a50b8e03573d9d4cf39083da3be341cc104e0ecf5908076f03961bcdb1356d05a7450d69940ec3aaab73623a6fe180e7051

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\illustrations_retina.png.fun

Filesize
19KB

MD5
b7c62677ce78fbd3fb9c047665223fea

SHA1
3218c7b6fd8be5e0a8b67d3953d37d5dbd0c71d8

SHA256
aa638be6e1107ed1f14e8430abedd6f6d0a837a31b1b63e6a7741d6d417eddc2

SHA512
9e0cc29835845f2a0260a6989c1b362bac22a8e0c2825bc18f1dde812ce7868503881d2deaf951429a80b5017b6ce31e785ff524883e08d730aa38b36a2fb074

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-gb\ui-strings.js.fun

Filesize
832B

MD5
117d6f863b5406cd4f2ac4ceaa4ba2c6

SHA1
5cac25f217399ea050182d28b08301fd819f2b2e

SHA256
73acdc730d8a9ec8f340c724b4db96fc222bb1eaf836cec69dfe3fab8d6ac362

SHA512
e10883029c1e0fbc64bec9aac0a6957a8499af255e1790843717212077926474e02b2870c5dd04b057c956b97ad4bb1747fe73e731ea61b891f4b38dd80494d7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ui-strings.js.fun

Filesize
1KB

MD5
433755fcc2552446eb1345dd28c924eb

SHA1
23863f5257bdc268015f31ab22434728e5982019

SHA256
d6c290e942ee665d71e288229423a1f1866842988eac01f886910b0ec383aa9b

SHA512
de83b580ce27012a7677e1da867c91e2a42dbc6b5872dcf756ace51c2862801814665ecca997171f2e550e8b9a3de19994d2516a4e5d4d57e16c7b4b823236c0

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ui-strings.js.fun

Filesize
1KB

MD5
781ed8cdd7186821383d43d770d2e357

SHA1
99638b49b4cfec881688b025467df9f6f15371e8

SHA256
a955039cd9e53674395f4b758218e4d59c89e99a0c4d2a909e49f6008b8f5dd4

SHA512
87cb9c4288586df232200f7bbacee3dee04f31c9444902dd369ad5c392d71e9837ebf8b3bb0fcb4a5db8a879cf757e97ce248939e3316c6bf3a3fe7cbe579534

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\bun.png.fun

Filesize
2KB

MD5
51da980061401d9a49494b58225b2753

SHA1
3445ffbf33f012ff638c1435f0834db9858f16d3

SHA256
3fb25ddd378ab756ec9faa56f16b76691cf6d9c7405bb9a09ce542a6f5b94e44

SHA512
ecc5eb2a045ce2508d461b999f16caba6cce55aa0c00b34bd73a33e0458795f93a77caff5026212912684164057be016f51dc57ec83821c2a1f2e27417c47b2c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview.png.fun

Filesize
2KB

MD5
2863e8df6fbbe35b81b590817dd42a04

SHA1
562824deb05e2bfe1b57cd0abd3fc7fbec141b7c

SHA256
7f1238332901b740cde70db622abcfb533fc02f71e93101340073552f4820dad

SHA512
7b2d95465ea66951ea05c341549535a0a939d26dbde365b212e3983e4047fa6912c37d737cb8054c41bb1a7d92586d968a0154c666572a70ebc59a4776897f38

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview2x.png.fun

Filesize
4KB

MD5
79f6f006c95a4eb4141d6cedc7b2ebeb

SHA1
012ca3de08fb304f022f4ea9565ae465f53ab9e8

SHA256
e9847d0839d3cf1039bebdc49820ee7813d70941347ce420990592e5e3bd998e

SHA512
c143a4cf1ccfa98039b73214978722408188535ee4aa3dac08a34760b94bdf6d36ad0ff0de893da5b17fd69c96a6dfb25098ab7fec219fad1a77532113d0353e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small.png.fun

Filesize
304B

MD5
b88e3983f77632fa21f1d11ac7e27a64

SHA1
03a2b008cc3fe914910b0250ed4d49bd6b021393

SHA256
8469b8a64e80d662eec71c50513f6d295ef4a3a9992763dbcac9d81253cef9d5

SHA512
5bf93d4f4250ca96169f3d27d4e648cc5d6e00b7558a3ef32e07edcbae36dadb8008d7ba5f83ac3ed812b72c9d52730e866191b4de7a339df57b5697e00df50d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small2x.png.fun

Filesize
400B

MD5
f77086a1d20bca6ba75b8f2fef2f0247

SHA1
db7c58faaecd10e4b3473b74c1277603a75d6624

SHA256
cf10d2a22b638cf0978cf30ecaf39ecb5bb0e3ad78cd920afa433ad60cc1290d

SHA512
a77a897c0b41f4052cb9546d4cfd6e0856b288b6b8583a86d6c7e79059a05b19cc2593599251581e79107235e9d5cd589c392bf490452be04ff57e944cd19df3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\nub.png.fun

Filesize
1008B

MD5
e03c9cd255f1d8d6c03b52fee7273894

SHA1
d0e9a9e6efd1746bc9ccb4eb8e7701c1cd707e2e

SHA256
22a34c8321384fc7682102e40d082e7812232a9109e4d4e8fa2152fda3f260f6

SHA512
d4bd002197b725316e1f1f2dd0a70ee44a82a53ac0dafa8c6b1166343adc406e147d0c4cca30d65a32aa545f1b327c6b69c0ec1d15330af48a6faa234dc4b5ac

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons.png.fun

Filesize
1KB

MD5
62b1443d82968878c773a1414de23c82

SHA1
192bbf788c31bc7e6fe840c0ea113992a8d8621c

SHA256
4e96529c023168df8dde241a9acdbf4788ea65bc35605e18febff2b2071f1e24

SHA512
75c8604ea65e0cdd9ea74b4802930444dd16a945da1e7f0af4a9a3762259ee9eb41ea96973555d06f4814ee2f6b73ab662c6b314b97876e9628fa5d4536e771c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons2x.png.fun

Filesize
2KB

MD5
bca915870ae4ad0d86fcaba08a10f1fa

SHA1
7531259f5edae780e684a25635292bf4b2bb1aac

SHA256
d153ed6c5ea8c2c2f1839f8dadcc730f61bd8cd86ad732bab002a258dea1d037

SHA512
03f23de6b0ae10e63c41e73308b3844d49379c55d2df75fa1dc00771b26253d832c21081d8289f04260369df996e31273b7c0788cf3b5c78a27ec909f14a283a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\nl-nl\ui-strings.js.fun

Filesize
848B

MD5
14145467d1e7bd96f1ffe21e0ae79199

SHA1
5db5fbd88779a088fd1c4319ff26beb284ad0ff3

SHA256
7a75b8ec8809c460301f30e1960b13c518680792e5c743ce7e9a7f691cfafc38

SHA512
762d499c54c5a25aba4357a50bb4e6b47451babeda84fa62cfbd649f8350bca55204ad002883b9147e78dda3dbabaae8da1dc94b716204226bb53326030772b7

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.fun

Filesize
32KB

MD5
829165ca0fd145de3c2c8051b321734f

SHA1
f5cc3af85ab27c3ea2c2f7cbb8295b28a76a459e

SHA256
a193ee2673e0ba5ebc5ea6e65665b8a28bd7611f06d2b0174ec2076e22d94356

SHA512
7d380cda12b342a770def9d4e9c078c97874f3a30cd9f531355e3744a8fef2308f79878ffeb12ce26953325cb6a17bc7e54237dfdc2ee72b140ec295676adbcb

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\invalid32x32.gif.fun

Filesize
160B

MD5
580ee0344b7da2786da6a433a1e84893

SHA1
60f8c4dd5457e9834f5402cb326b1a2d3ca0ba7e

SHA256
98b6c2ddfefc628d03ceaef9d69688674a6bc32eb707f9ed86bc8c75675c4513

SHA512
356d2cdea3321e894b5b46ad1ea24c0e3c8be8e3c454b5bd300b7340cbb454e71fc89ca09ea0785b373b483e67c2f6f6bb408e489b0de4ff82d5ed69a75613ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
4fd2e1e0ee89ab2efcf64b13813dfb57

SHA1
f1469469ac1884f002fbe3cba1d8be88cfdf39af

SHA256
b94064c9e6abef05638da45947d0760325acfec963626406aa73bdeb3f3e77a6

SHA512
f28e540f5e356191f33a7e5cb091d9e6fcafac73a94e87d6b96823ff9cd8d914ed319cb3ad1ea76a5e788b7637826b6b5fa6b3a6c96f24353c0c44f9ce0b00cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
2KB

MD5
d328766f6ad7cf7ea0fab830f9b2c09a

SHA1
239776ea9741ca4d06ee300def2c0abb517c879e

SHA256
4d42e7ebed1b028f316a99e2d137766a17b48da8146bb778b14dba30dc2d8e41

SHA512
cc70f9a1e461af0c241fae320f690d3c96ed504d437381d59e19e25f73a20d066b4532a7e9b21d3e77ce5a8c1dbc17e77db0bb2d692c88851241febf3da79f97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
e840baae0f007f5f085b3082e578e33a

SHA1
674a8ad5a0dd45cc9b227d24c24953462c12ecd9

SHA256
9e28815e876782609ed7901561f8164342dbd57a809d65c60f30be1eaac0be17

SHA512
c1d8c25bc4dcf257170036f6279e8b0c781dd71a80773b87bc4e8bc5d9c99d8eaf3865279f44cdc9af7d4ff8d6588044859ddf583fb3647f3638ef437113513e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
335f4fdc51a7ec4d6b9de519bdc68969

SHA1
d3fd09844841c4bfa262a73bcb8d9e251905e6b8

SHA256
a2be192fdfce3e7ac67c04473b94e3a65917feeafc9c1598549e17ba84d48dce

SHA512
0623dfdf1d258d2436cb7d2a57283c5cc4a1c6910ab88bb9bed35490c239b5f14392655973e5d4072b113f9e263b1912a280a2d4db41e6b24af599a5e674e144

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
cc634d313982ab6ac3be83c5ff1f7285

SHA1
7c7ba3b31d42f46ae5332c190399fb8f02d1f7cf

SHA256
c2d4fea6cfa628e2993f290bfee27ffa90af17a5511b9c5d5b54776f9c8ddcb6

SHA512
a8724490c85cdc8cb39562bf487819a046dd208e185b22e56ad1f6624464ea88e53067c8bff1316fb08b88ffb077ddcb1227e1ebcf50becc3e6fe70b5f8a3fb7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
2358870eb4ca3562a1c60140db9dd2a6

SHA1
e17a3897b728c6042b40ff08a303afb9b5a69416

SHA256
dbde1ea10d7c125a152f01edc9b518209bdd708721132a523c3b9f842c9410f5

SHA512
193f1462e7effdace6cfde44bbd68ede711addc1fda35d00cc5c7b51aaf68a7192f52e02f0d50eacd67eb69dc76656fe27c54854edc7fe40287c41f0029e2b1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
d6ea460eef22d4a9d2a1388367c1de34

SHA1
ac95c5de36c4597e7baec4e4e2e4c82ccce47d90

SHA256
69caa5139569af0770aea225ede063415e03f1699dfca10bf626c22ea3420bba

SHA512
850ff7f01d2569c31c1403882680e073d30508fea44aa30db4245c0d7ae1eb83cb78fd94e3d6ca0ac65d99f62ea3b3456ac867e2ee3a6be1e5abbcec2d5f5dc5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
121c6aa8c3fdf46d14b4bc2755ffd8d4

SHA1
5be08ff74eef8baeafc94eacc79c00d52c666afd

SHA256
522288a2d4237f49d9a06afb422bb672fd35b2c3cd74e93b5e767f04571af49c

SHA512
e2237a8afb15b45f0cd66846cd45296dacd81edeca6a5452daa4aa48dc3ee4ba67ab43ac5f5e5d0e417da8aee340a4bf7fd279a5e685aa001260e42b129a8fb9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
580eae17847009914b543efb79a78a05

SHA1
57bf5b96302a9da52501a73fac068a8afb3a248d

SHA256
2dc45701ed06ffc16934202ef6190bb676fbf5b4098bdfabe3837ec049e1bc9a

SHA512
b6b6fc0bab0b280212c7ccc26554d1afca2e68697e2f772aa635348de15a86cfd24cb267d4a3d6d57b30195051e419bcc645596f65ab01bc0becddf0ebc374ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
30f68184c16e3f98fc24173fb7a83372

SHA1
9d3a5089f2340f67f66215f105bc3b404c97d86d

SHA256
40902d9e310eaf1df172bfa99da3dbc421c1301246f9123cfa9a46379572c7d2

SHA512
f5bb5c7b7f0617e7118aacf1695b38dc9774db75e5e185a2a05e3d10fc2ba5fb41bd530f081a6a07e13ce44789989f2321e7ed54f5950c3ee819ea411adb7578

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
114499a6f72e978b903369c62cc9e301

SHA1
34b103ed935b6f4f47461d2d5cb446288ed6e0cf

SHA256
14f93aaee48bebb18b80f5a3d42b12a1f96e4f79ff113f10c73f15b95ada64b2

SHA512
4ddd7d842be8a8060f5040431adaaf85d02171a8355e0d825a1fb941a2dc480fbf977c10e72d342be0fe19dd33ec1679edd8bbca080dbfc9e10e5ee07d77f141

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f167a5ec18a9dadb8cda5b75b5a27409

SHA1
26ff1243286786872859c4a373ef1c96019bc39a

SHA256
89276bcc2742b9073a8933d183dcc58abb64c768980e6af905657ec0470a0de7

SHA512
849bac32de2347a0439b3f17926fa82036ff47ac6ef14015bacd73ba22f8127b22fcedd3531b39641f2be1efd00185194b56c42aed926b0c6baf4a5a5a70322b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4693c996b75d94b207caaded7b03e336

SHA1
680e69b386cf7475031db8875f5a57b981e44fba

SHA256
128d49b855e8a55f414ff1ebf5694c176f1ed0f615b13364984979f2d1baf75d

SHA512
7b90cf5c376000d0bceb5a905bc5ae948d51326a1466a5efda3ad460133a7464c482ef19cefede5c433433af7b5a3e0755f3cf8f4b35cc9869af9f7b228962d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4ff94479c04b62abc3b9868d57fd654f

SHA1
e7465c6e0121507f270a0191c51ef03f81174b2a

SHA256
2270d5783eb8553cb0298b960c5cec69aec4bac0a440b315e37bf9a39ab09a81

SHA512
34c1f0b3cbbc8c964eed2842b235b67e1b3ec61d095f922013bb7920b6ca13aa9449eb1f18c690b7a08bad8d62c580e863e67927e53782e06cdfe697fdedac65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0366972474a755c1d3f1d0f6225f208b

SHA1
925da3f94fee4ee23577db5d9c24530d3260dec4

SHA256
c9b70151b63a68b12a0fd641b54ddd972d29c9eb07fad152a4e68c2a3fbdea70

SHA512
8cccfbe47c9987e07de2cf683899cf10a92ce42d8534f55916d1ebc9bd6d67f7128938a454115028d82c8b1c38c9dfc12739652380fd52c44540ecf598e8624c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
afef1f618df678fc5994741c3f45c965

SHA1
89db2a2e0e885bb61e75c531ac74efea64f5151a

SHA256
85bc30cf9e564786c9907531dc63715df00bf4b37b6feac0f5314d126f819742

SHA512
2949d887be9e6c80e53540bcaa1cda84f99fd6a1713efd348368a6403e04b9fdc4773ada21ea3badf3e8a4305bf90b9c88d07f9b42efd6e15435e23ad95c8935

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
53c171d80fb6642e05c07ed65367215a

SHA1
42e98994f4c8396c52e263e9ddf55d7edd763474

SHA256
60270071a886503dbf4a0848b5c85d738001e28885de1a98aefda857fb8bb41f

SHA512
d289a507d69b1a36ef1a4f15ae31fce8941d9cf05d96e05ae7bb1e3cc07c4f21376102fd9fb12012eafeaeef5ceec06d0b789bf806539a8e294c07153f42b824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
621f9de71022c48b4fed6253480af574

SHA1
ea68c9628007f1753724cb74c8b920d3780f78ec

SHA256
a2a40c54d4486444874540bccc52f1d05211b57379e89e06b3233b9e17594cee

SHA512
9dbc1a36e180fc6b2ce387a93d931204225c4a3661d935918c5188543d94f7979be7dd9afea0abfca7752e8a07673dea3c16e080cac4a83b2f6eae60fbaa11c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
5579e98b38fee89a8e536c970cd78039

SHA1
04437adf3c4cdf73303b2823146706ef6f5ed4d7

SHA256
dc103e70c8918c3cd4b800d05e071e4d6130c06fc0f63b3dae2c69e7bf340347

SHA512
50f674ce861c0d7deafec971d316b108a3c21105ccfefcf9d483b2c41b787f88dd5a8ade210f6c7a9a769ff1df6af57cab0728bc176e2a5829a978df99971598

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6297d67b3e7c4d13d6fe17f5fe3543a9

SHA1
660c5f9d320905d28271b790d5d53d755d3ee59a

SHA256
8215197423b33b5dcabeb4bc0f8e37052c2b3ee778599341723de2e15d108950

SHA512
31496a002582f38069daa5ecd1e4078aee82bfba26c711dca35ec5745897fcff7f8b7c6e4e901e217c666a7d8180cfa8567c3000fadd0a6b07d600fdfbc910eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
800acfc8ccfdb0680dd952fb85c60cdb

SHA1
29b18c88535ad49d5e0a280dabe9c75addb1cd1d

SHA256
ded6289c2c784f340bbd8b6093a55701dc1cfa6ad67b264cbd68e95df3a4cd85

SHA512
2490b91f686cee2f3185f7e45999a94b24a160185223e41ae3c9302def1b3f9d021239ae44ab10b7b44be55c2ced666b77178f6faf59f2b284ba3a1b547a2246

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5613cda35c8d40c77320c94c7345ae0f

SHA1
469e9a20ba8141f045c44fb02ceb82d6db7ec2aa

SHA256
c7acfdaf5e3b2917859d66c36fda2348bb8663cf5a60274dd7174da47cbfb0c3

SHA512
bcf5d7d069c6973e036d44f31d08b14291d370b25498836e1e1e5b41c8434a164da81cc33ee7a56d28f2d9e763944ae48f378ad7789da409479235b1e79d6bbf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5da798c9b5606901a395c1261107924f

SHA1
ee86336fd9440221bb538d0423576162bd57d6f2

SHA256
867323f9f9143101a0e1b3cf1a6a477b6560ff827c48bbffe8ce7495ae7e26d7

SHA512
304bc6464f212c7057b6dccfce5e99029b80d511bdd38946b6e94eb273f86730e037335154fb9f67641dbe6e92368b84f79ad52062aa0a6acc1359930b7a734b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8afde9dc7e4046c971daff9832009f07

SHA1
e8a8d5075d69c8c93cb34afebe6f9f05bd1e0f40

SHA256
0f250ba5301b6965fe965f1e0fca81dfee24bf81e54e168cc00151636984d840

SHA512
99927447b9d9eb26835aaae6a72e798c1b0de7cc584e6fe53600b03569efaeadc9c12839822b8741c55cf819062afaaa1e8b1f68a689d9d1b7c5bb4fcfa6e9b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d4a0d2f3a433500cf2d1a65bcd5cd804

SHA1
7c0f1a314493b19f37a41ff5b8b88a5e74d77f49

SHA256
6bcc241fdb8922b57cc71d6022938cb1aafd661f78cc682b919a9d6063adcda8

SHA512
6348cc1b672019acd874428b4e1e9181ef75feb574d884b16937575bcd05cd2765c134c14d1f3057425992206ae49e34c71c20e4b0d5e086dffa1b820b8e8167

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
926954842635b9a83ce1ebd5a1f178ca

SHA1
d2e7d5a13f0716ab8908182b39a2cc3591f9806c

SHA256
67ad4ebf940523897f85fd69fa6e9d959df3ef0da98d07a276f646546afb9f6d

SHA512
f8b981133efbf6388ba56c8f3f1ebac19b112422cadcbb1dfa383e7b4617b42722a7f3b01cc6c08dd1747720739da3788f9a869a678185718e50dbb0d26a9a3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
127da91ad3b6c6353cec1c1596d2b5f4

SHA1
91b943901ff73eda10305fddf1816af8bfedd332

SHA256
b1315cadd1f5b8cee04d28d65bde24a63b21f0835e97a2c2d64cf23c04b9ccdd

SHA512
63e2cfbefc9ed7f0001ee4371d895133914ce09e93d6d79d1e9160a639ad08827d91b4fe7e1d381683bbe7f9978fcee6e3cc5825394166065975d3830df5786d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8e9505ae27263d55205502efdb590bfd

SHA1
0101842c0b786b890df9ac60e40c17ce439af049

SHA256
011c409cfaf03ad56ed027be1e77184244c896848b4fbb7f94a85b0acede6131

SHA512
f2c1e5592a95b4c32780ef8bed030e96b5e972bf59cf069034a93a44d08bffb3daf5a70e2275817cc1ca2656a3d967911add621755063736d219b9fdad5bde0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
83b6bc8a86b86f97f3c30c1fe3339109

SHA1
e5c5ef79145fb4bbad00d04e63cd051df4826fdb

SHA256
584ba974c7a3ee555946238aae94b74f512ac5e088ea64f722fabc713384608d

SHA512
54a3680927ed49700728a12d9a441c176d7b1a1103e51caf6f5991d293855d92011a80397d9e3a602a9bb367074fc0368f6821dae3727a9aafdeaf67a075e862

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7bc07775789cfa31d4b06c56c26e9cf5

SHA1
84d27db7298eff830f146ea46c455972322cfd66

SHA256
f7225dd41469e11918558a874b20e4163c2c7b8bd0754680d826a1e297e71fce

SHA512
ebc23d7e151175492345727c5489e846cd86823a2c313e9e4ba256553860104863bbfe7d7b786b55054e9ac34e7c71db82378856fed29ae37cc0ed226414d9e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
aa02f37e37456f08559277264e218b07

SHA1
b557d33928f0c9b1e253efd1a058f7ac94c4d301

SHA256
41e64efe15661134f7877367a92e134c636f7d03290e1b9001295e2dd3ce3931

SHA512
a53ea6ccfba3bf86ae89ce672805be8a749d4bb6f5da58d14e13fa1e6b9a00e6b054a5c66f19ed6dc45986499efd4d3b1c61e4166e3f46739398e21c917197bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a0049952e9309a90ac9daf7de7a6f4e8

SHA1
7ae209c256a5b3163326919e3f513d40d38444d1

SHA256
5fb65837359e95d95fdc1d13f5cc2f29839e8ef33c56eee9cb47edd0a007eebf

SHA512
4282d173479e503adf6035be614b20627a16b02d2e2ae1fab6d7783cccb55f00bbd6080f14f2ef88ca5100b5f36a295fd3923b7bcb53c335c713bde7f763cdba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e799da1c17b7acd029444c95b5f9531c

SHA1
ca15396ba2b3fc2350021ff51569c8ae343ca5a8

SHA256
52e26240151f63f8155aa34e31fd74120ff2b71fc9e482ade53914177150dfac

SHA512
787a1f62a971804ba28d19048a426fbdc3c52a9bc93421fadb0a52a51889ce89ea0b95238063ab917e9759657f766c91ebd7423032e1d522aa859982dcd38c8f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bf4ff7745324a4962a2e92f882f5e011

SHA1
ddefd72397504fd690bb0e6f61eca08fa4336d88

SHA256
3715305a8213aad644b3d10daab5308976aa3823181c9c171dc3bd218a42750e

SHA512
6f22d9c696b44d4037969c855059c76d59952ad801c6804ffd3950ad7081782471c8e8d5598e7b15f14a936d2ee9e377919d739f24acecfb35ef2bd2562b305c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2d601e6d0b8bb91b678c4f34bb487471

SHA1
25abc6b7715c37dd257d43aa50686ba586d4ebc5

SHA256
f87ee61d66df2ef620010952f13827c7414764ef1953f21067c357a84b059139

SHA512
297d722dcc1967bc03312dc6d9a434effae2db133d63347eab79e9358da5cec04027c7810a9da4010e0691d03826fe9e0c8e13fb58db0620f64f4c0126019f90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0e2ef7f7729aa31ade00806b02dabcd2

SHA1
1e8c953d6533401fa56e5d422aa7b4a58f66d962

SHA256
424857418ce4a7d952c0c9d46ea514d279f515357c6a4ee5a9f8dfe4b7238e32

SHA512
f8edb57e803cb83ac728fe3bd8e11ab01e4353831427f1c3817f568c9ca895554aef26b2a112391c703a204b7366c07edb9ae46591324da2a523a1639a1d7767

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0e7a1ecc034d2392c4f5166f609de3fb

SHA1
89c785d24d1be75fd55503c2af69dc99bd1cfdb3

SHA256
f0932c9c31b25ac3f5902a5e39d538b18dc8b743786ff07be50058fc015118da

SHA512
e3a5ee2c0da81dde5d8d1b9f47229c7750d4dba174a9d3ade83d1a959e915d8297d72824064a395aceddb5fb932a48f660278ac55a8cdba01e0c315791c609b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b117adec2e0fbfabfff51c211b86b886

SHA1
e5b20206f936346bd71b5f383a9e4f779765b819

SHA256
3eff290abb236d9d20678e94021cefcab8ad20416a7546e85f769fa5c73e1721

SHA512
6ada72586564cd78316be14ddc50d90f1b3c44716e7c30fa5845ca1eca63f316d070d3168e0728195ecb1d1a3eb3070c94e0a0c8b100b13a08320eb8414ca160

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
544ee571a1ddb8c2435a84fbe42c40cc

SHA1
bfef3b32f03662a828863f678e1edeaac6ce7d38

SHA256
f6b4dd4ed02bef00ca58bddc83b129090f44c93f4c8f9362c118969fc5ba6a6b

SHA512
d4437ba8fe74d50e7524d3fbedaf9684e203961591e70a5b549ec9299d8221328d4e95f5478720e007428bce2a9fe69772aa729f84a1047138355815cdccb4e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1b49574e3e4696609922a9a4c18ed3a7

SHA1
5f38555269d61444b5b27842213349ae415c6f09

SHA256
3ca1330e6560bf0ba3628005c407537f689f21534c1901c6d903135350666159

SHA512
38da24ac0a00ff1a617b05d344a7a3175d1f9b9e330f5c1f9b062a7ca44e6d1c9c31eaf4f4106ffc1c7a89da17ec208bfede7cfde0af20d0ff367390e5760238

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b2bc08ab2380e6ffa00bc06ddcd8719d

SHA1
05248c2123bc0a2e16dbcc82e3edd092c059775e

SHA256
dbc2eb20331e1999f1a6397419b10f8231f2dd56c57ec8f920a3bc20fa5b529b

SHA512
00b66746ea3a1808ef55bba4f6be165a61061d10bdb3e0acdc30f479d382ea9aacefc15e187de1857f81d2cfbd8cb9bdc716af2c42bd53b04dce8db123b8c99c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b9db3fd2cf5a85b597e03c57024b1898

SHA1
6b8630e5a321ce90f806670709b4d305e72a043c

SHA256
0708a0cfcda54714bcf69b275ad095c215491a07ad2bbab6ae2f5554625d7eda

SHA512
71cebe1f6af540746a9bf9f7df5d10797f64829076725cc57763b3ccc9012ffc128a9ccf565e77865cf267de83f454cad2bb7cd0c25f679be4574020c264d980

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b2b155f8d5b307f58801eabfb31f3658

SHA1
4c6f20804423ee2977af61201cc812398fc9df8e

SHA256
56f006167d58e84e29682ca741e6a3d51db7295b4377d8945e31f0b0c0098022

SHA512
5e7079b912003cf0044b6e7c895250889fc6f247d55f45dc0584725b08ba49c830a14e7d582c7bb3fca36229616bd44699055fd59ee9f309a234f8e6fc2c08d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3f89cbc1b9cfd7cfdfe7102ea6727abf

SHA1
3d31cbf61264cfae936a380597b96c2dd66ba55b

SHA256
26660c52bee8b02f28a0cec7aa86aba8bc9b70a69d6d412901d81e474b6bbc41

SHA512
bc5d43cc9f4dfebd7adb5f08b3ba83b1039d09c67de19f1d2be6ef3b78115c14a7a66f337245674fcce8c1c4a948a682a5620c03f2fb7b7e263514ccbdae4472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5b9ecd900d2afe3793aabd49b2027621

SHA1
73e323ef9a3accfb12e3a97ebbe314a58d6ffb91

SHA256
313813de7cd2aed841bda29ed6e7cddeb1e6d10291815d4229150c0f0a86b6fd

SHA512
d24b9a37a796fa93dbf63a595fde50d04323eab11b1e7c88f8f7663b477091498155ff84e3a29b3172b79c01ae1fc6469b2ca299a598e0864cf559f2e49c43c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
cd46eeffed676e24e6e82061e3314ff4

SHA1
03d45b7cc68154e30d046e95245bcef7bf3adfa2

SHA256
6761205dbfdd63e33e31b50b4feb37ba7c58cdd639c9adeb0edf8627c75919e3

SHA512
d4904b2dac4c8167753e06472d24d3b82cbec2d764543859dbf54c324a48b8da60e70ea3af4bc82e86057c98e542ef4db8868ec1597f5e653f6657ead0b73a26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
652af13a561abb0cd2ffd3dd21a29f75

SHA1
5cbfe7f1243b0601df7f709fbce99c6ff52de4c5

SHA256
c7cf08dd3cd940ce9550bfb85d72a3e47f8eb58464c76a41b602a20ed85e9052

SHA512
8f23573ccff8e862076f40c5b585162c734d5ac2f458b029e540613387dab89824eaf04a1b99975652e2d94af3863f2a528a91117ac5dc55a20a279fca91f5df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4f899bd3280788ee0042545745f9e5a3

SHA1
7dbedee6782d9366b02cc49b85b9c878187f53fe

SHA256
4e6650fde7ff843d9b1e7b3c727a27f33217548331e4b62997846e8fba7f0be7

SHA512
d8fce593401a2334675688d87dbb07ddd3048acfa1b414bb6c84d8f541e2f21c865a13a276bd5bbf82bd72c85d45154fffbef4687e2a97de5cef314ec0b3ec63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
25c7f8f43ed3edd9cee30ba7262ea838

SHA1
ede0d0eabac74843bd65dbeb723ff5a453e06b7e

SHA256
8e2ad67fbe59bd8a4f6b52427ac12e262facfa7ed913ebe24fee95210e1d9ac4

SHA512
1352101a484ea9787bdb27b9368e60eb160bd9058a531f0df59ec4839975adb8878ff764558fe67308d9bfa8ea16aaeb566382e6967ce303cf9893115ca0f08b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5e4cfa3f17270546926367a82849af21

SHA1
1442597370a833a6ffc546ef87dc3578a33538fb

SHA256
7ecf4b2f9fbd975efa0ca880b6b22b65ccf21d9766579140939d43518db67ddc

SHA512
04f61791699b1cb9217b2ae39aed1f3a09f5d0d474384f224b6fbb2beda34a2c5ed38b3d6458c1796a651e2e6f23d57739dd2342e7380c8afa2edff9c9e93fb5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7b7d1995267258c9deda50a66b961d75

SHA1
32dd3282563710f4d2c4657a4ace4f1bb544df72

SHA256
0a7f6467158e21a98e1fd7d8bf0d79bb9c07beacef5697dacac8599b49499021

SHA512
bfdaa7b9a998c471dfa5da4ead011d69de613e2f4217af638f1e0595b49478051f78910fda8c8b57e3631353929e5c00283de725957c5875921b64a689b53952

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7f82ab85efb67ec58a5b297186c2d088

SHA1
486a5e4b34e47f537b27b7574d28b2d40409a78d

SHA256
b76b04eaa476ba3c2bda3e1b62ba30e00ddcf7629ff0d4cf3e1e68dd37e06e25

SHA512
2624f7d64e45b7c5a6eace8469e156b5cc141403fd054cfbd6f37b9cd3eff23f0d770c7211e9870aab03a35214d41b21367a55e84d8ee3db2973735ce43860db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f2356dbeaa6c8fe69f8378e25654058e

SHA1
6c8b35d4b687e3780e0ac29ae51325059d451535

SHA256
3bfb0d415b1d8150f0765d891a2984bf1d12a23a705b40c4b19c09a00a11aa2b

SHA512
391b021e1deee3c16da92314f4ed92363c62c230f1d9a9ab00ab7397c1668ceb8c40c43583117671e81d750494b706fe5900f19c55288d6e49f409a61502fc99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
010a6ec3ec7f928195be5558bc3c27e9

SHA1
935f52ee7d4620d664aa556fe720a32f41db5c9b

SHA256
7d3819958ac921abe7567f9c9e56acd982f533e6f9df32f4d6155ce0ed75be59

SHA512
09a4ec39b1ec3579fe8cb595f428d3da08bbcc8dcde1615929357b36e629afa9c73a5040cbdc1a337db10ba7253562445477aa365ac066f7fb4ead1849cc5064

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
51a300f2a0cfe4398f7c8bed29b28b2b

SHA1
211ad107b41fe44cedf3c104a9dbb4f837650e0a

SHA256
500dc61b1eb9e4e13f2be67ddf5a7ce04b4e2a5df3ebcc6930971a3de35d863b

SHA512
05816d39f364cef05a96a873c37b9818dc7b425a61c9e6610186edb044f9e6fa485202fee92a7392e990bac6028a51e6d78012d8396013c77f80fe7d8b1773ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
9c4d5feb5880db284371da10b01ff231

SHA1
7602de625fc39f54195fd5432f582b26e760fa76

SHA256
7eb152736d8a630bb0984508e77f0085f481bcc0efdbb4ea01441dea234e81ac

SHA512
17821370b742da8290b55d2a78438853047f4c3c9fa4b580b0b2af329235e145d935d024e0d4ec6b8579e7a48d494b9140918b17911d4ab12534457401bb1590

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
23942b24bbbf78b58fd3d76dfcc61c9f

SHA1
c35c5e0f199ab7c7ed2aa5d84f922c7f5d9a7e5a

SHA256
947f2978ec85e097f91352a6ae3053e93edaa8c7e40532f9f17a12dabf651733

SHA512
52f6502524e4fbcd337db7f81988e2658c1f52dbf11a5a7c1d00403f9ca28eaa8a6128160dc26d87762fc95bd6bb98973272eb8ec9e8cbbe268fac5e3f9c382c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v2.0\UsageLogs\jigsaw.exe.log

Filesize
430B

MD5
de04f2e81c0501dee6d2f449fb6f3885

SHA1
761a51e13b7958c5ec2e51de258428eedec0ae51

SHA256
92e5dd3c966959c5a39d98226668f5a2745e16db2ebf034eb5ee5d5f160ed8bb

SHA512
65e64986ec8b0681d72b7ec9590abe4ed443be492a4085dc4d9a6428e8f2e92d9bf46733f95bdf6de8e9efc97f035ab66d4400e83ac75d359dacecd7870161a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
8d3c2d3ee04040c62372da482c2af933

SHA1
fce2dc65ec221954a425bdf68a4213567d5fec9f

SHA256
220b1cfbb22a3230319e7d14f9c51c356bff955176669154b1622bde3cfddb9f

SHA512
5541c9b99728fdebf27b3cd4aaa4ce4900675959e6d1f7ed84855452e795f111611c9e0aa9bdf45055e98a6f3beedd61faa9e472b54b1c01236e33d6712ddff5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old

Filesize
334B

MD5
68c4fabf422a8f1ac4d5acd73eda6aeb

SHA1
e6fab13b7a42bf5cdf748262b55819b9598912ff

SHA256
603e6fcba7556f06b0db8e6f500d04aa6865d82bf48490dca9185d899587270b

SHA512
4a5a8b430f1040fd04a9dea59dea0ebc9ee7ac51165257907b54a55a8cef60637f1cd36a9fc1321529ad55d4afa023c28b81c00b00466bcd859490f1fbb4948c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
f93edbfc7716316232cd1d09cee22bbc

SHA1
28bf814d2e585d2398c86b2b7eb52bbabe2bc829

SHA256
5ef382825c0251c70ad0966031592cf75f9276180b65919e9ee73f567342ba8a

SHA512
737b13e0e341753f55befc117ebf489b710c7fbbb89d0f30231a1835653581ddca9b148aa59593f1a24a1c3911939e48a0f341e4394202fa4270d3241f9d057e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
a4f89034a13025b3233625bd501d4d66

SHA1
9c6e68a3da6bffe07bddf904963460a8b894dd29

SHA256
e4c7bc6e84fc66a1a4a9f77ac5adb220eb2f3c77b9714bcdfa0df670c9580ae9

SHA512
44ca09c307e91a1c22d3a99b7305da4456369c4a191a98ba39c96231dd201b3cd23caa977ad9c002d80348df2f2dfd1ced0f23f50dc60b0f10e28a6cf1aa8afe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
7b3c3ef032731998d44a738ed2685f7e

SHA1
2a297e73190d70de9195c74fbbc0783c656b188f

SHA256
db1122eb26c25a508fa066a803de8e70c2ef12d7e957552e79c1d18202a43053

SHA512
eb4b1b6626428db192ba7ad2006981793a3973317169391902f88fb14c06a18670224761352aaa80f5fca473d19013afba73c507e851c4e28c8b4ac3d7bb5011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
211B

MD5
4896b1e39516ea946992daa8f2db62dd

SHA1
4e3d6daa99ad5892ce81a0c770eb2716385804b5

SHA256
ee08f4787bd71780c865ae4ecb735a1079c9fd3e04965a15ff3b421ae4c3b0ea

SHA512
2b177800128c5b32d6030b5e14fb65a66725f6ab7d7b09924994bffa30540bbc7aa8bfc97049f5ab5cc90fbdfdff26f697daaf6fa5cdfae3a3bf4e49f8736dea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
211B

MD5
0eaf5315588e0e5b122e0ce88a3c92b3

SHA1
4a9d2d20ad043f4f1bcb221dc045c9abebb772d5

SHA256
c831e816c13f439fdf14a6257482e74809890070ad11d1cfe19e97e73b99d5a0

SHA512
3d944bf1d75d5d31fafbc8768b7106774bd0f37ca09e1bbb23725b41afa24121a284fd0b0912373106efb89247051ab1b3b2685a087244c5051b5302e821ff3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
6f5a59812bfff9f0254308339455869c

SHA1
445f1c2cefad6f449359bc2bb930c401cb645637

SHA256
28f2d3236e16eb6cf05a03de42b823cd2d4cf8132f47f1f7737606d071ab1234

SHA512
d7d272f28b73818f0869f74c047af34786cc438e659022080ed31eb117b34823f6a5e5dbe67f87f2505ddfeccd47c6ec7dee5b1d7d667371ce0a0fc7bb7e5ea7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
93fabc9ffdadeac30445966fa5d11c01

SHA1
4d77cc5809691ec4aa38a578070c5eeb5252b9e0

SHA256
3c93c028804b07106453de16e8af5feca67b1c78d1d16dafeaa0224c81f6e66b

SHA512
d0bf4e0942c7d96423103bbbd34c5285151c54580bbff58cb457990502e0e07af6b290f688636f5bc0cc8e51add4cc2824229dc341e7996777d1a4cfaa3010a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
a55d49a1b9e8401e785be8d8fec1eff1

SHA1
b7b473358d1e05e6df3429d76bc6d8f709fdde17

SHA256
5ca65878676dbcb65c2f2d4128bd9aa464b473f54e7e2d2514fd094a0332cb81

SHA512
78ad4a5bdaeefea98671134d9469ed839fd14a5e8dba9b6c670a1ac49321e645fd13e7d490804610819aee00af8d55d2f2426a4beb3410b635757180ea8c838e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
eef3cb4a3c41e8ea71a34453c7216f18

SHA1
a6dd063fea492f93cf9536a9fbf61bdc6eefab45

SHA256
3c06b7154c0edaf8291d34d8fd495c245f36e8d09ffdfb0b005bf01013cc90bc

SHA512
8b77e0a279468c46eb69a32d5c2c42c5db5da4c7649651d21601786faa041b5df29d62084ce57fe783b42e77ad9b30851bb1f1fafad53cb47591feed851fbc40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
ab4bbe8593de583dea98f16820943184

SHA1
cc14f2f2df9341853471712fa27f8985bed16146

SHA256
9760ee98629b13be2b61490707c4c5af67a5dde465c0b5bd7f95f13acc344fed

SHA512
9047e13d9b27545ff1ae2bfb02aabfc2ad2fd56d8f5d00f792093cc22f33c2b53d1f7de65422bb04174ae0932588fb797374fa596e845d8b0c968434eb3f5847

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
e4f407aabcec84f18cbc3f690dee223b

SHA1
285df266ba63eac8ee1604d4c70864a490b85717

SHA256
b7cdeec599b912f2f46153db47d6738637ea2814b4dd0b90a9328c46ee28df09

SHA512
cd7fec634cc5a9962875d83a31853035dbaaffc2ea4f470b2d5c1271c1e01b8650eacfb2914eb985bb903eb7b8f65ed0a2259be57155618cc4b88ff2ee4e9136

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
78b13d612959408ab928e3596f1ce58b

SHA1
7e6a99f1d1984b599d5ddc868bdebe39af871f1e

SHA256
dd52f437af0a3e4950e701b0e86138e838f34169d2e5757ec7fb07a77b7c74eb

SHA512
9865cf349865604baabbefb7506a0038d887cd71de315b58e1d6677a813b7c6e6fbf91b807a05f7182033fcfdcdb51373794dc9a5c231c8845ffaeb9e43c6f88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
50f45f0f8225e9a4c5ccd23d0451652a

SHA1
2c052f12f805da7e7ea843a5a61fa15d84d91033

SHA256
8a3fa06ae23ced04ea5cd2f01792fd57ae112b3b413933c83ea3c858ffd725a0

SHA512
dc19c6751c4d6df00376289b5065839f294a1dc04d365c4d0d14a5e6de69e7ba1c64bed4eac17fd11f85900bf3c71ffc7b92f097c06c3627648d9611e90e4b5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
bbd9dcf618e423917124fe3866f1bc15

SHA1
3b3efb01232f5d8792135a8b9dd37683ae3a03e0

SHA256
cd83568968a317256cc3f753cd08ba4f107987a14e3f12050377bcc2ee77fa4b

SHA512
d5c91119eaa222f7bbd76d877aad6388a903a4972a0e8807599875aa37605c521ac99cc99bfa81c425887ac7be3771c5cb2de340d2ef96615c9ffda36787d3d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
a5806085a29310c3d4b95de19580b404

SHA1
ef63152e0d5b28c15952144af0b8f5e9d2dccf57

SHA256
060b93fb317e46866d883788b6925bc86f8f1cd3187664f347755dca5f1643fe

SHA512
875b7546f4f342dc1a89f1236861fb61c883b30374dad452c354292ed3ed6bafcc0e07200b54c71a262e1a727ddb200be30f0e1eafbdcb0c8e50d366a76e5c40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
9f27a447d267741f6a8016654e8e637a

SHA1
28ee04f572fce44f27e446f09f62906f104d3bf8

SHA256
7a943a54cd1ed2a90e224cbd268e77dee4ace3e8d6110e9fdbebb0d88cbce2cf

SHA512
1c638c83407514fab3d3c527659b808a3dc0e3a8ecc54fecc5ddb2432fd1e293b010d2a7c8fdd2958255829c96fa9eb6f85685e0e1d52f6b044fa245dcc8c536

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d5d36f28-b7d2-4c5d-bee9-22b72a398676.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
62KB

MD5
0818537ff0698736a44ec255213e9071

SHA1
fdb9044abc707f1e174b32cee709bd1acf4d2eff

SHA256
304ae9da4077a4911aef7f051b42c0a379e941305a53bc3b4344b2ab08a03d7f

SHA512
c860aa49ce85f40f56a475d808eedea061f5c2670cb1d376a4a0c52d2dc80f96f1d0caa01849849305ddeaa5538a265accb5c24fc98cdb9a9918ba56024c483f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
94KB

MD5
0a09efb66cd05b86c88e00f0162804d1

SHA1
1999a4ab59179f79d30dbffd94193ea3a8885692

SHA256
c76cbf8fa533f53ae876d9cc776be947d6f986fcb99299784d892b88648cdee0

SHA512
d6e2a113b44251c52fc7cc2eaf8e4f4017dd45c9d27bd24c02a39654cc96df82fd118d8a319d711ccf44d6b59732b2500e1aa34622671a2d6452f6040e333d79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
62KB

MD5
159dc81c2b479b610d17588b40a25800

SHA1
1281090a3c2d731db184f4dbd42752d9c48396f2

SHA256
d52f1de75a62a7c52e867fffc654ea57922fd2d84b2e249e875118c66c90a94c

SHA512
2f446c3013dec41e6508a3ba43c9e154e5fca07c5e0d5537237fab364c062f778f16cd53443711bda1afd19f2e714208687bf9c5dd7f3819223613a0a1160666

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
62KB

MD5
850137e6244d29220c9b1f36c4d13a95

SHA1
e378f4476ff9532b4fa67f61c77e4d74217f59e9

SHA256
24810e279ba9b37d5d147ff893bd91483ff090171b0f4c97fe2554aeabd381c6

SHA512
a130ce14c5d876ab62ba01f19c2b34d3457e9ae75b0eaa03463a9126bfe694c95cab4c4d5a6b6a47422c6dcf1a8c820617f711bded9b41628b3dc83408692fdc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
62KB

MD5
1423f9557b3fe3630d8524372316bcd2

SHA1
00031761ab583da76c068add5673d66425fdc108

SHA256
c8cda989209b15042cdd75a893436a84f40704f2fbf63fa1522074d144ca1e02

SHA512
b08295d011265ee7f726892d5a843706c484ad892bc65de0f7e21be728242158e878f83705e32a9e848ebb8e399af222b1df06c82893bb3074e4c048f06adab2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache

Filesize
9B

MD5
b6f7a6b03164d4bf8e3531a5cf721d30

SHA1
a2134120d4712c7c629cdceef9de6d6e48ca13fa

SHA256
3d6f3f8f1456d7ce78dd9dfa8187318b38e731a658e513f561ee178766e74d39

SHA512
4b473f45a5d45d420483ea1d9e93047794884f26781bbfe5370a554d260e80ad462e7eeb74d16025774935c3a80cbb2fd1293941ee3d7b64045b791b365f2b63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
768KB

MD5
8f990ab8669dc795dc2339c7cda60a1e

SHA1
6937d838341688dc5b5d5237efd63626c5f92fcf

SHA256
7298264b91462f43d52d334641fdaace63a31dea5ac0ba85032210612898f9e9

SHA512
394cdbd6be4d39a902e262ac1e053d152024b4ccd60b1b8ddb64a969470ac9ac0dc0fd0e93d77c5444ef991d4aa27a92525423a40b72399346cf99a4b9085248

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML

Filesize
9KB

MD5
7050d5ae8acfbe560fa11073fef8185d

SHA1
5bc38e77ff06785fe0aec5a345c4ccd15752560e

SHA256
cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

SHA512
a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.fun

Filesize
8KB

MD5
f22599af9343cac74a6c5412104d748c

SHA1
e2ac4c57fa38f9d99f3d38c2f6582b4334331df5

SHA256
36537e56d60910ab6aa548e64ca4adafdcabde9d60739013993e12ba061dfd65

SHA512
5c8afc025e1d8342d93b7842dc7ef22eca61085857a80a08ba9b3f156ee3b814606bb32bc244bd525a7913e7915bdf3a86771d39577f4a1176ade04dc381c6d4

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{af42a4ec-f0ef-46b9-8b23-f6d04fa330ce}\0.1.filtertrie.intermediate.txt.fun

Filesize
16B

MD5
1fd532d45d20d5c86da0196e1af3f59a

SHA1
34adcab9d06e04ea6771fa6c9612b445fe261fab

SHA256
dae6420ea1d7dbe55ab9d32b04270a2b7092a9b6645ed4e87ad2c2da5fdd6bae

SHA512
f778cd0256eda2c1d8724a46f82e18ab760221181f75649e49dd32e9a2558bec0e9c52c5306ad17b18ab60395d83c438742103fe9adddf808e40c3d8384ea0b0

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{af42a4ec-f0ef-46b9-8b23-f6d04fa330ce}\0.2.filtertrie.intermediate.txt.fun

Filesize
16B

MD5
f405f596786198c6260d9c5c2b057999

SHA1
f8f3345eb5abc30606964a460d8eef43d3304076

SHA256
58e3090edb9316d9141065ac654a08169f2833091e6eb3a53b5a774a61b7e30a

SHA512
a0b3573dae218ade265709a6fdee5f7700c9754eb10747de5af34af340ae95909d0a8902159a735e82eb5d7091f50a7997113661a7ec3fcc2b408fb6c78a4c39

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133670754539994357.txt.fun

Filesize
77KB

MD5
09c3f9cf5e46800e5d34b877848fc5a5

SHA1
d9fd2aadb9aa0c2efc588aef1c90e42d02b475c5

SHA256
3bcb5e3ed9b647a9190fc9badd3678256c5fff397a4cd7058fba87e973888810

SHA512
7f4c17506ff87bfe0eabe3c38dc72119a57cfaae70498a66d09fe1cce481aba12bb9103ad235a7794321fa82fc29d7584f7b0daae912909ca1737ed632788185

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133670756582511987.txt.fun

Filesize
48KB

MD5
41b79aefcc236b89924263bd59f81269

SHA1
f9aef524f1892577dcf449c0bed61518fde7074b

SHA256
3c079fabfc4b5dfbecf792845679168ac5eaaf8aea5f63dfce500d5dc88b1f87

SHA512
956e6b1817cd892c7e006617e3095b1b1deed158a63a9a8766bdf24f9d1fe4004824f41df00f3e6dc21c3df3b8b34f7dae11168dfe529c9954a1c61eb1918555

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133670763699431882.txt.fun

Filesize
66KB

MD5
b0aa7e9d38d147d4e7cc4ee7edcdca0e

SHA1
16f04d8b4f41f9065907f102477671b19e235a15

SHA256
21e5765e57408a9a2180b0f1605576078fa208699105e9987d97ee5f2f0e0e7a

SHA512
053ca33504169e81fde639a817e22dca55b3651ea4f9abe56d1bd68987418ba0a541ef6ce631cd1ca491bd9eeebc7cdbfa5c61b19bbf58d19ce4695eafbde3e6

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133670774861744740.txt.fun

Filesize
76KB

MD5
2bf16d42fe5dea6042eb3b2d4602b15e

SHA1
4060b2baf76b3b91f031ffdb90f274ff2da5cda0

SHA256
9180740c0684001b4987a3f035d43190e7c300b1e6d59d621771fc6b246e4ce5

SHA512
1348aa673b20be97b872c03c9f11669f5676bf9048148c58d4a567a09dcdbd9c5b8d0749b65d5627d0295432cf6156487933f1e4112025c14a9297dac5009663

Download Submit
C:\Users\Admin\AppData\Local\Temp\{19748C48-5E1B-4055-A34F-B3342873231E} - OProcSessId.dat.fun

Filesize
16B

MD5
8ebcc5ca5ac09a09376801ecdd6f3792

SHA1
81187142b138e0245d5d0bc511f7c46c30df3e14

SHA256
619e246fc0ac11320ff9e322a979948d949494b0c18217f4d794e1b398818880

SHA512
cec50bfc6ad2f57f16da99459f40f2d424c6d5691685fa1053284f46c8c8c8a975d7bcb1f3521c4f3fbdc310cf4714e29404aa23be6021e2e267c97b090dc650

Download Submit
C:\Users\Admin\Desktop\Ransomware.Jigsaw\jigsaw.exe

Filesize
283KB

MD5
2773e3dc59472296cb0024ba7715a64e

SHA1
27d99fbca067f478bb91cdbcb92f13a828b00859

SHA256
3ae96f73d805e1d3995253db4d910300d8442ea603737a1428b613061e7f61e7

SHA512
6ef530b209f8ec459cca66dbf2c31ec96c5f7d609f17fa3b877d276968032fbc6132ea4a45ed1450fb6c5d730a7c9349bf4481e28befaea6b119ec0ded842262

Download Submit
C:\Users\Admin\Downloads\Rensenware.exe

Filesize
96KB

MD5
60335edf459643a87168da8ed74c2b60

SHA1
61f3e01174a6557f9c0bfc89ae682d37a7e91e2e

SHA256
7bf5623f0a10dfa148a35bebd899b7758612f1693d2a9910f716cf15a921a76a

SHA512
b4e5e4d4f0b4a52243d6756c66b4fe6f4b39e64df7790072046e8a3dadad3a1be30b8689a1bab8257cc35cb4df652888ddf62b4e1fccb33e1bbf1f5416d73efb

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 251588.crdownload

Filesize
239KB

MD5
3ad6374a3558149d09d74e6af72344e3

SHA1
e7be9f22578027fc0b6ddb94c09b245ee8ce1620

SHA256
86a391fe7a237f4f17846c53d71e45820411d1a9a6e0c16f22a11ebc491ff9ff

SHA512
21c21b36be200a195bfa648e228c64e52262b06d19d294446b8a544ff1d81f81eb2af74ddbdebc59915168db5dba76d0f0585e83471801d9ee37e59af0620720

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 310208.crdownload

Filesize
4.4MB

MD5
6a4853cd0584dc90067e15afb43c4962

SHA1
ae59bbb123e98dc8379d08887f83d7e52b1b47fc

SHA256
ccb9502bf8ba5becf8b758ca04a5625c30b79e2d10d2677cc43ae4253e1288ec

SHA512
feb223e0de9bd64e32dc4f3227e175b58196b5e614bca8c2df0bbca2442a564e39d66bcd465154149dc7ebbd3e1ca644ed09d9a9174b52236c76e7388cb9d996

Download Submit
C:\Users\Admin\Downloads\chilledwindows.mp4

Filesize
3.6MB

MD5
698ddcaec1edcf1245807627884edf9c

SHA1
c7fcbeaa2aadffaf807c096c51fb14c47003ac20

SHA256
cde975f975d21edb2e5faa505205ab8a2c5a565ba1ff8585d1f0e372b2a1d78b

SHA512
a2c326f0c653edcd613a3cefc8d82006e843e69afc787c870aa1b9686a20d79e5ab4e9e60b04d1970f07d88318588c1305117810e73ac620afd1fb6511394155

Download Submit
\??\pipe\crashpad_644_YTKDBNNGZZQQEOIF

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/2112-1418-0x0000000000EB0000-0x0000000000EE8000-memory.dmp

Filesize
224KB

Download
memory/2868-1441-0x00000000014A0000-0x00000000014A8000-memory.dmp

Filesize
32KB

Download
memory/3624-438-0x000000001C1F0000-0x000000001C28C000-memory.dmp

Filesize
624KB

Download
memory/3624-437-0x000000001BD20000-0x000000001C1EE000-memory.dmp

Filesize
4.8MB

Download
memory/6108-239-0x0000000000BD0000-0x0000000001034000-memory.dmp

Filesize
4.4MB

Download
memory/6108-251-0x000000001BD00000-0x000000001BD08000-memory.dmp

Filesize
32KB

Download
memory/6108-252-0x0000000021AB0000-0x0000000021AE8000-memory.dmp

Filesize
224KB

Download
memory/6108-253-0x0000000021A50000-0x0000000021A5E000-memory.dmp

Filesize
56KB

Download