jigsaw | 86a391fe7a237f4f17846c53d71e45820411d1a9a6e0c16f22a11ebc491ff9ff

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
15-09-2024 22:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

jigsaw.exe
Size

283KB
MD5

2773e3dc59472296cb0024ba7715a64e
SHA1

27d99fbca067f478bb91cdbcb92f13a828b00859
SHA256

3ae96f73d805e1d3995253db4d910300d8442ea603737a1428b613061e7f61e7
SHA512

6ef530b209f8ec459cca66dbf2c31ec96c5f7d609f17fa3b877d276968032fbc6132ea4a45ed1450fb6c5d730a7c9349bf4481e28befaea6b119ec0ded842262
SSDEEP

6144:7fukPLPvucHiQQQ4uuy9ApZbZWxcZt+kTfMLJTOAZiYSXjjeqXus:7fu5cCT7yYlWi8kTfMLJTOAZiYSXjyqX

Score

10^/10

jigsaw discovery persistence ransomware spyware stealer

Malware Config

Signatures

Jigsaw Ransomware
Ransomware family first created in 2016. Named based on wallpaper set after infection in the early versions.
ransomware jigsaw
Renames multiple (3735) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\Control Panel\International\Geo\Nation	jigsaw.exe

Executes dropped EXE 1 IoCs

pid	Process
2316	drpbx.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\firefox.exe = "C:\\Users\\Admin\\AppData\\Roaming\\Frfx\\firefox.exe"	jigsaw.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\Retail\NinjaCatOnDragon.scale-100.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-48_contrast-black.png	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\ru-ru\ui-strings.js.fun	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-Outlook.scale-300.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Generic-Light.scale-250.png	drpbx.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\de-de\ui-strings.js	drpbx.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Red Orange.xml	drpbx.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\fr-fr\ui-strings.js	drpbx.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\uk-ua\ui-strings.js	drpbx.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\ca-es\ui-strings.js	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Advanced-Light.scale-150.png	drpbx.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_reject_18.svg	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\hi_contrast\aic_file_icons_hiContrast_bow.png.fun	drpbx.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\tr-tr\ui-strings.js	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\OutlookMailSmallTile.scale-400.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_neutral_split.scale-100_kzf8qxf38zg5c\Assets\Images\SkypeLargeTile.scale-100_contrast-white.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\Logo.scale-125_contrast-white.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Home\contrast-white\WideTile.scale-200.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Google.scale-125.png	drpbx.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_CA\List.txt	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-256_contrast-black.png	drpbx.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_flat_10_000000_40x100.png.fun	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_listview.svg.fun	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\manifests\BuiltinAccessibilityChecker.xml	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\lo-LA\View3d\3DViewerProductDescription-universal.xml	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-white\WideTile.scale-100_contrast-white.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\197.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-32_altform-unplated_contrast-white.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-40.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteNotebookLargeTile.scale-150.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.scale-400_contrast-white.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\TrafficHub\contrast-white\LargeTile.scale-200.png	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\ui-strings.js.fun	drpbx.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jmc.txt	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteNewNoteSmallTile.scale-400.png	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\themes\dark\example_icons2x.png.fun	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchWide310x150Logo.scale-200_contrast-black.png	drpbx.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_history_18.svg	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_2.34.28001.0_x64__8wekyb3d8bbwe\Assets\GameBar_WideTile.scale-200.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\MedTile.scale-150_contrast-black.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\LTR\contrast-white\LargeTile.scale-125.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-30_altform-lightunplated.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-24_altform-unplated_contrast-white.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Viewpoints\Light\Cabinet.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\Square71x71\PaintSmallTile.scale-400.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\SplashScreen.scale-125_contrast-black.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageAppList.targetsize-60_contrast-white.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-white\PeopleAppList.targetsize-32.png	drpbx.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\back-arrow-down.svg	drpbx.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png	drpbx.exe
File opened for modification	C:\Program Files\7-Zip\Lang\uz-cyrl.txt	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteNotebookWideTile.scale-400.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Thumbnails\Sticker_Icon_Lollipop.png	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png.fun	drpbx.exe
File created	C:\Program Files\Microsoft Office\root\rsod\osm.x-none.msi.16.x-none.boot.tree.dat.fun	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-72_altform-unplated_contrast-white.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\198.png	drpbx.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\share_icons2x.png	drpbx.exe
File created	C:\Program Files\Microsoft Office\root\rsod\powerpivot.x-none.msi.16.x-none.tree.dat.fun	drpbx.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\en-US\about_Mocking.help.txt	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\GenericMailSmallTile.scale-125.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxGameOverlay_1.46.11001.0_x64__8wekyb3d8bbwe\AppxManifest.xml	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-72_altform-lightunplated.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Sticker_Nose.png	drpbx.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 20 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 12 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
5112	msedge.exe
5112	msedge.exe
2960	msedge.exe
2960	msedge.exe
1620	chrome.exe
1620	chrome.exe
5664	msedge.exe
5664	msedge.exe
3136	msedge.exe
3136	msedge.exe
2952	chrome.exe
2952	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
2960	msedge.exe
2960	msedge.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
2960	msedge.exe
2960	msedge.exe
3136	msedge.exe
3136	msedge.exe
2952	chrome.exe
2952	chrome.exe
2952	chrome.exe
3136	msedge.exe
3136	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeCreatePagefilePrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeCreatePagefilePrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeCreatePagefilePrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeCreatePagefilePrivilege	1620	chrome.exe
Token: SeDebugPrivilege	3324	firefox.exe
Token: SeDebugPrivilege	3324	firefox.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeCreatePagefilePrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeCreatePagefilePrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeCreatePagefilePrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeCreatePagefilePrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeCreatePagefilePrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeCreatePagefilePrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeCreatePagefilePrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeCreatePagefilePrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeCreatePagefilePrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeCreatePagefilePrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	2952	chrome.exe
Token: SeCreatePagefilePrivilege	2952	chrome.exe
Token: SeShutdownPrivilege	2952	chrome.exe
Token: SeCreatePagefilePrivilege	2952	chrome.exe
Token: SeShutdownPrivilege	2952	chrome.exe
Token: SeCreatePagefilePrivilege	2952	chrome.exe
Token: SeDebugPrivilege	6512	firefox.exe
Token: SeDebugPrivilege	6512	firefox.exe
Token: SeShutdownPrivilege	2952	chrome.exe
Token: SeCreatePagefilePrivilege	2952	chrome.exe
Token: SeShutdownPrivilege	2952	chrome.exe
Token: SeCreatePagefilePrivilege	2952	chrome.exe
Token: SeShutdownPrivilege	2952	chrome.exe
Token: SeCreatePagefilePrivilege	2952	chrome.exe
Token: SeShutdownPrivilege	2952	chrome.exe
Token: SeCreatePagefilePrivilege	2952	chrome.exe
Token: SeShutdownPrivilege	2952	chrome.exe
Token: SeCreatePagefilePrivilege	2952	chrome.exe
Token: SeShutdownPrivilege	2952	chrome.exe
Token: SeCreatePagefilePrivilege	2952	chrome.exe
Token: SeShutdownPrivilege	2952	chrome.exe
Token: SeCreatePagefilePrivilege	2952	chrome.exe
Token: SeShutdownPrivilege	2952	chrome.exe
Token: SeCreatePagefilePrivilege	2952	chrome.exe
Token: SeShutdownPrivilege	2952	chrome.exe
Token: SeCreatePagefilePrivilege	2952	chrome.exe
Token: SeShutdownPrivilege	2952	chrome.exe
Token: SeCreatePagefilePrivilege	2952	chrome.exe
Token: SeShutdownPrivilege	2952	chrome.exe
Token: SeCreatePagefilePrivilege	2952	chrome.exe
Token: SeShutdownPrivilege	2952	chrome.exe
Token: SeCreatePagefilePrivilege	2952	chrome.exe
Token: SeShutdownPrivilege	2952	chrome.exe
Token: SeCreatePagefilePrivilege	2952	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2316	drpbx.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
3324	firefox.exe
3324	firefox.exe
3324	firefox.exe
3324	firefox.exe
3324	firefox.exe
3324	firefox.exe
3324	firefox.exe
3324	firefox.exe
3324	firefox.exe
3324	firefox.exe
3324	firefox.exe
3324	firefox.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
3324	firefox.exe
3324	firefox.exe
3324	firefox.exe
3324	firefox.exe
3324	firefox.exe
3324	firefox.exe
3324	firefox.exe
3324	firefox.exe
3324	firefox.exe
3324	firefox.exe
3324	firefox.exe
3324	firefox.exe
3324	firefox.exe
3324	firefox.exe
3324	firefox.exe
3324	firefox.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3324	firefox.exe
6512	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1204 wrote to memory of 2316	1204	jigsaw.exe	81
PID 1204 wrote to memory of 2316	1204	jigsaw.exe	81
PID 2960 wrote to memory of 2208	2960	msedge.exe	91
PID 2960 wrote to memory of 2208	2960	msedge.exe	91
PID 2960 wrote to memory of 1344	2960	msedge.exe	92
PID 2960 wrote to memory of 1344	2960	msedge.exe	92
PID 2960 wrote to memory of 1344	2960	msedge.exe	92
PID 2960 wrote to memory of 1344	2960	msedge.exe	92
PID 2960 wrote to memory of 1344	2960	msedge.exe	92
PID 2960 wrote to memory of 1344	2960	msedge.exe	92
PID 2960 wrote to memory of 1344	2960	msedge.exe	92
PID 2960 wrote to memory of 1344	2960	msedge.exe	92
PID 2960 wrote to memory of 1344	2960	msedge.exe	92
PID 2960 wrote to memory of 1344	2960	msedge.exe	92
PID 2960 wrote to memory of 1344	2960	msedge.exe	92
PID 2960 wrote to memory of 1344	2960	msedge.exe	92
PID 2960 wrote to memory of 1344	2960	msedge.exe	92
PID 2960 wrote to memory of 1344	2960	msedge.exe	92
PID 2960 wrote to memory of 1344	2960	msedge.exe	92
PID 2960 wrote to memory of 1344	2960	msedge.exe	92
PID 2960 wrote to memory of 1344	2960	msedge.exe	92
PID 2960 wrote to memory of 1344	2960	msedge.exe	92
PID 2960 wrote to memory of 1344	2960	msedge.exe	92
PID 2960 wrote to memory of 1344	2960	msedge.exe	92
PID 2960 wrote to memory of 1344	2960	msedge.exe	92
PID 2960 wrote to memory of 1344	2960	msedge.exe	92
PID 2960 wrote to memory of 1344	2960	msedge.exe	92
PID 2960 wrote to memory of 1344	2960	msedge.exe	92
PID 2960 wrote to memory of 1344	2960	msedge.exe	92
PID 2960 wrote to memory of 1344	2960	msedge.exe	92
PID 2960 wrote to memory of 1344	2960	msedge.exe	92
PID 2960 wrote to memory of 1344	2960	msedge.exe	92
PID 2960 wrote to memory of 1344	2960	msedge.exe	92
PID 2960 wrote to memory of 1344	2960	msedge.exe	92
PID 2960 wrote to memory of 1344	2960	msedge.exe	92
PID 2960 wrote to memory of 1344	2960	msedge.exe	92
PID 2960 wrote to memory of 1344	2960	msedge.exe	92
PID 2960 wrote to memory of 1344	2960	msedge.exe	92
PID 2960 wrote to memory of 1344	2960	msedge.exe	92
PID 2960 wrote to memory of 1344	2960	msedge.exe	92
PID 2960 wrote to memory of 1344	2960	msedge.exe	92
PID 2960 wrote to memory of 1344	2960	msedge.exe	92
PID 2960 wrote to memory of 1344	2960	msedge.exe	92
PID 2960 wrote to memory of 1344	2960	msedge.exe	92
PID 2960 wrote to memory of 5112	2960	msedge.exe	93
PID 2960 wrote to memory of 5112	2960	msedge.exe	93
PID 2960 wrote to memory of 844	2960	msedge.exe	94
PID 2960 wrote to memory of 844	2960	msedge.exe	94
PID 2960 wrote to memory of 844	2960	msedge.exe	94
PID 2960 wrote to memory of 844	2960	msedge.exe	94
PID 2960 wrote to memory of 844	2960	msedge.exe	94
PID 2960 wrote to memory of 844	2960	msedge.exe	94
PID 2960 wrote to memory of 844	2960	msedge.exe	94
PID 2960 wrote to memory of 844	2960	msedge.exe	94
PID 2960 wrote to memory of 844	2960	msedge.exe	94
PID 2960 wrote to memory of 844	2960	msedge.exe	94
PID 2960 wrote to memory of 844	2960	msedge.exe	94
PID 2960 wrote to memory of 844	2960	msedge.exe	94
PID 2960 wrote to memory of 844	2960	msedge.exe	94
PID 2960 wrote to memory of 844	2960	msedge.exe	94
PID 2960 wrote to memory of 844	2960	msedge.exe	94
PID 2960 wrote to memory of 844	2960	msedge.exe	94
PID 2960 wrote to memory of 844	2960	msedge.exe	94
PID 2960 wrote to memory of 844	2960	msedge.exe	94

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\jigsaw.exe
"C:\Users\Admin\AppData\Local\Temp\jigsaw.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:1204
- C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe
  "C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe" C:\Users\Admin\AppData\Local\Temp\jigsaw.exe
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - Suspicious use of FindShellTrayWindow
  PID:2316

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9fbfa46f8,0x7ff9fbfa4708,0x7ff9fbfa4718
  2⤵
  PID:2208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,16506717933237491085,17574310777579228077,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2024 /prefetch:2
  2⤵
  PID:1344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2012,16506717933237491085,17574310777579228077,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2012,16506717933237491085,17574310777579228077,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:8
  2⤵
  PID:844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,16506717933237491085,17574310777579228077,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:4488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,16506717933237491085,17574310777579228077,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:3344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,16506717933237491085,17574310777579228077,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3792 /prefetch:1
  2⤵
  PID:5136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,16506717933237491085,17574310777579228077,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1
  2⤵
  PID:5200

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3044

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2720

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff9f9e5cc40,0x7ff9f9e5cc4c,0x7ff9f9e5cc58
  2⤵
  PID:1684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1960,i,16884988975051103180,9085213785094046891,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1956 /prefetch:2
  2⤵
  PID:452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2192,i,16884988975051103180,9085213785094046891,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2216 /prefetch:3
  2⤵
  PID:348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2440,i,16884988975051103180,9085213785094046891,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2428 /prefetch:8
  2⤵
  PID:1500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3120,i,16884988975051103180,9085213785094046891,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3140 /prefetch:1
  2⤵
  PID:3892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3168,i,16884988975051103180,9085213785094046891,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:3188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4616,i,16884988975051103180,9085213785094046891,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4624 /prefetch:1
  2⤵
  PID:4224

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:3192
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:3324
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1984 -parentBuildID 20240401114208 -prefsHandle 1896 -prefMapHandle 1888 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {74c9dbea-bb1c-4d26-b04e-34f781977aa2} 3324 "\\.\pipe\gecko-crash-server-pipe.3324" gpu
    3⤵
    PID:5400
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2444 -parentBuildID 20240401114208 -prefsHandle 2412 -prefMapHandle 2408 -prefsLen 23716 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d6b2572c-8b6d-47f3-874d-33529198bb29} 3324 "\\.\pipe\gecko-crash-server-pipe.3324" socket
    3⤵
    - Checks processor information in registry
    PID:5604
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3424 -childID 1 -isForBrowser -prefsHandle 3416 -prefMapHandle 3412 -prefsLen 23857 -prefMapSize 244658 -jsInitHandle 812 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bb75fd56-b52a-4611-ab91-5a4bd9519212} 3324 "\\.\pipe\gecko-crash-server-pipe.3324" tab
    3⤵
    PID:6052
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2820 -childID 2 -isForBrowser -prefsHandle 3196 -prefMapHandle 3224 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 812 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {99a3393e-e699-45aa-a32c-9638ed1badd6} 3324 "\\.\pipe\gecko-crash-server-pipe.3324" tab
    3⤵
    PID:5368
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5024 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 5012 -prefMapHandle 4992 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e009c744-3ca5-464f-b033-e1da85b8f67d} 3324 "\\.\pipe\gecko-crash-server-pipe.3324" utility
    3⤵
    - Checks processor information in registry
    PID:6668
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5316 -childID 3 -isForBrowser -prefsHandle 5308 -prefMapHandle 5304 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 812 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {83fbcefa-c670-4928-9abc-f4c7fabc90a0} 3324 "\\.\pipe\gecko-crash-server-pipe.3324" tab
    3⤵
    PID:6808
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5564 -childID 4 -isForBrowser -prefsHandle 5484 -prefMapHandle 5488 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 812 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8534737b-dc0c-4425-8f79-fd8d1422c63f} 3324 "\\.\pipe\gecko-crash-server-pipe.3324" tab
    3⤵
    PID:6820
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5752 -childID 5 -isForBrowser -prefsHandle 5672 -prefMapHandle 5676 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 812 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {90ab3ce7-1920-4945-8cb8-ceb3599f2b44} 3324 "\\.\pipe\gecko-crash-server-pipe.3324" tab
    3⤵
    PID:6832

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3528

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:3136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9fbfa46f8,0x7ff9fbfa4708,0x7ff9fbfa4718
  2⤵
  PID:6216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2300,15963066966726365225,6858317811790877147,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2312 /prefetch:2
  2⤵
  PID:5652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2300,15963066966726365225,6858317811790877147,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2300,15963066966726365225,6858317811790877147,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2672 /prefetch:8
  2⤵
  PID:6688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2300,15963066966726365225,6858317811790877147,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
  2⤵
  PID:2256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2300,15963066966726365225,6858317811790877147,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3592 /prefetch:1
  2⤵
  PID:8
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2300,15963066966726365225,6858317811790877147,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1
  2⤵
  PID:3440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2300,15963066966726365225,6858317811790877147,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:1
  2⤵
  PID:1804

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2956

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
PID:2952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9f9e5cc40,0x7ff9f9e5cc4c,0x7ff9f9e5cc58
  2⤵
  PID:3644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2344,i,18430334367175647509,14664093817686031956,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2340 /prefetch:2
  2⤵
  PID:6556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1788,i,18430334367175647509,14664093817686031956,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2496 /prefetch:3
  2⤵
  PID:6536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1968,i,18430334367175647509,14664093817686031956,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2564 /prefetch:8
  2⤵
  PID:6440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3092,i,18430334367175647509,14664093817686031956,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3128 /prefetch:1
  2⤵
  PID:5800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3100,i,18430334367175647509,14664093817686031956,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:7132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4516,i,18430334367175647509,14664093817686031956,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4484 /prefetch:1
  2⤵
  PID:5896

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4176

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:6908
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:6512
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1964 -parentBuildID 20240401114208 -prefsHandle 1888 -prefMapHandle 1880 -prefsLen 23650 -prefMapSize 242961 -appDir "C:\Program Files\Mozilla Firefox\browser" - {aa0434c6-10c7-43ad-9fd7-226ab892b995} 6512 "\\.\pipe\gecko-crash-server-pipe.6512" gpu
    3⤵
    PID:6916
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2424 -parentBuildID 20240401114208 -prefsHandle 2400 -prefMapHandle 2388 -prefsLen 23969 -prefMapSize 242961 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {29ef75f8-785d-4dfb-b74a-8f4bdc77bd01} 6512 "\\.\pipe\gecko-crash-server-pipe.6512" socket
    3⤵
    PID:5728
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3296 -childID 1 -isForBrowser -prefsHandle 3028 -prefMapHandle 3180 -prefsLen 24994 -prefMapSize 242961 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {da4c4507-bffc-4788-83ab-ed2d69ca7ea1} 6512 "\\.\pipe\gecko-crash-server-pipe.6512" tab
    3⤵
    PID:6104
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3636 -childID 2 -isForBrowser -prefsHandle 3100 -prefMapHandle 3780 -prefsLen 29520 -prefMapSize 242961 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {49804a05-7136-41b1-9754-bec8f05d2b80} 6512 "\\.\pipe\gecko-crash-server-pipe.6512" tab
    3⤵
    PID:6256
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4744 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4736 -prefMapHandle 1036 -prefsLen 29696 -prefMapSize 242961 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1623eb12-36a0-4ddc-88ed-c2c849c8d5fb} 6512 "\\.\pipe\gecko-crash-server-pipe.6512" utility
    3⤵
    - Checks processor information in registry
    PID:1124
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5184 -childID 3 -isForBrowser -prefsHandle 5164 -prefMapHandle 5172 -prefsLen 27542 -prefMapSize 242961 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {da1bc17a-6ff1-47cf-a454-f16b9f7a6d4d} 6512 "\\.\pipe\gecko-crash-server-pipe.6512" tab
    3⤵
    PID:2984
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5328 -childID 4 -isForBrowser -prefsHandle 5144 -prefMapHandle 5128 -prefsLen 27542 -prefMapSize 242961 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6a92ae58-1d36-4c48-aa5f-24442991360f} 6512 "\\.\pipe\gecko-crash-server-pipe.6512" tab
    3⤵
    PID:5276
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5508 -childID 5 -isForBrowser -prefsHandle 5588 -prefMapHandle 4692 -prefsLen 27632 -prefMapSize 242961 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a5391cdf-0f99-4cb3-ab46-765807575bf1} 6512 "\\.\pipe\gecko-crash-server-pipe.6512" tab
    3⤵
    PID:5760

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5380

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_remove_18.svg.fun

Filesize
720B

MD5
75a585c1b60bd6c75d496d3b042738d5

SHA1
02c310d7bf79b32a43acd367d031b6a88c7e95ed

SHA256
5ebbfc6df60e21044486a5df3cb47ccdcd7a4d5f197804555715ffd9bf6c5834

SHA512
663a302e651b9167f4c4e6ae30028307b4d8da0dda3a0e5fd414104951d50419862fc9396c5b39fe5c4b696efd3efbf0b575688983b1d341f3ef38becf500505

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons.png.fun

Filesize
7KB

MD5
72269cd78515bde3812a44fa4c1c028c

SHA1
87cada599a01acf0a43692f07a58f62f5d90d22c

SHA256
7c78b3da50c1135a9e1ecace9aea4ea7ac8622d2a87b952fc917c81010c953f7

SHA512
3834b7a8866e8656bbdbf711fc400956e9b7a14e192758f26ccf31d8f6ab8e34f7b1983c1845dc84e45ff70555e423d54a475f6a668511d3bcbdd1d460eeb4b0

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons_ie8.gif.fun

Filesize
7KB

MD5
eda4add7a17cc3d53920dd85d5987a5f

SHA1
863dcc28a16e16f66f607790807299b4578e6319

SHA256
97f6348eaa48800e603d11fa22c62e10682ad919e7af2b2e59d6bd53937618f2

SHA512
d59fa9648dc7cb76a5163014f91b6d65d33aaa86fc9d9c73bf147943a3254b4c4f77f06b2e95bb8f94246a982ea466eb33dac9573dd62f40953fd23de1c1b498

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons_retina.png.fun

Filesize
15KB

MD5
7dbb12df8a1a7faae12a7df93b48a7aa

SHA1
07800ce598bee0825598ad6f5513e2ba60d56645

SHA256
aecde4eb94a19095495d76ef3189a9abd45bcfd41acbed7705d22b4c7d00aa77

SHA512
96e454ebb4c96573e8edc6822290c22d425f4c7f7adbab35e6dc4b3ce04a5916ae9254c2c312c98299835ecbf3c5aa95da2939b8408ac25fbae44ba87a3795dc

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\new_icons.png.fun

Filesize
8KB

MD5
82a2e835674d50f1a9388aaf1b935002

SHA1
e09d0577da42a15ec1b71a887ff3e48cfbfeff1a

SHA256
904372666ca3c40f92b20317d92ca531678958affbc34591401e338146fe0ecb

SHA512
b10a8e384d0bd088443a5085f5c22a296f6f4d295a053d4526690ba65846e887daec47d01cf18fdf1160db98061a8b7c4040de56e6e604451a821fadccf32698

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\new_icons_retina.png.fun

Filesize
17KB

MD5
150c9a9ed69b12d54ada958fcdbb1d8a

SHA1
804c540a51a8d14c6019d3886ece68f32f1631d5

SHA256
2dee41184747742fbdc527b2023d67fecec1ccdfdf258439a06cd75d4fd33f43

SHA512
70193ee6f0919eb14311f43b5a5da041deacb568db55fc43290ee76e17af902ac468435b37a150630ea3b7871c724073915ae5dcba3c301ac42f2d68dd598e2f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon.png.fun

Filesize
448B

MD5
880833ad1399589728c877f0ebf9dce0

SHA1
0a98c8a78b48c4b1b4165a2c6b612084d9d26dce

SHA256
7a27d891097df183fbf0031e3894bdac0ce77aef15d666ddd9f6a04e9836fb27

SHA512
0ddf247892a72a390437390d535debf6e41d12e51b31eb4f0353b710ec380c5fbc531a48e76935088063a41aca843287d3def9c1cd46be05b8dcb69f5017a464

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_2x.png.fun

Filesize
624B

MD5
409a8070b50ad164eda5691adf5a2345

SHA1
e84e10471f3775d5d706a3b7e361100c9fbfaf74

SHA256
a91790b778026db625c9dedfe1c6d94b884818b33d7977e86b2f9c2f3c500796

SHA512
767a75edd37d29b3433040ce21cda849cd11ba549f27581f7edc6416c433ba7047c56908d40956422393ab0f35ede61617d4bd2aad0bde3d1ebd276584c858c7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover.png.fun

Filesize
400B

MD5
2884524604c89632ebbf595e1d905df9

SHA1
b6053c85110b0364766e18daab579ac048b36545

SHA256
ae2facd997527426fc4def82e0db68be29b44499bfff86a28c36f7c31b177d4f

SHA512
0b506397627823a1768796129c6b37d146821471b89338b5f2d0fd3aea707fd46a8e197ee0e298ddfb3b50eef0a0b064946006346b060f733ef19cbd5d24fc90

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover_2x.png.fun

Filesize
560B

MD5
e092d14d26938d98728ce4698ee49bc3

SHA1
9f8ee037664b4871ec02ed6bba11a5317b9e784a

SHA256
5e8ec278a273be22199884d519a79f748801baa3a45b76e57569fdfffe96e7fb

SHA512
b2fcb5d46339cdf6b5a954f2a083cf913779e57cb6e8699bc5da1fba1c370c41117b7ddefb50075622067eb7b02a20268bc047171bd883bcda4a497c2ec64ea4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon.png.fun

Filesize
400B

MD5
0c680b0b1e428ebc7bff87da2553d512

SHA1
f801dedfc3796d7ec52ee8ba85f26f24bbd2627c

SHA256
9433084e61062d2b709c1390e298ddaf3fb0226656662c04c0b7026a44dee750

SHA512
2d1399a6bf225b048d2b12656e941ad912636acae2dec387f92f33ac80629a1e504bca63580ba73a8ed073788f697274d5eb76ea1b089f0555fd397a8f5cbbff

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png.fun

Filesize
560B

MD5
be26a499465cfbb09a281f34012eada0

SHA1
b8544b9f569724a863e85209f81cd952acdea561

SHA256
9095e9b4759e823e96984981af41b7a9915a5ecaa6be769f89c13484cef9e0f5

SHA512
28196e5de9670e9f63adcf648368bd3ea5926a03e28a13adc2fb69c567fba2f84e4f162637c487acb64eda2e30993f849806f2313820ba693c7e70303542d04f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png.fun

Filesize
400B

MD5
2de4e157bf747db92c978efce8754951

SHA1
c8d31effbb9621aefac55cf3d4ecf8db5e77f53d

SHA256
341976b4fe312824d02512d74770a6df9e1c37123781655532bd9cd97ea65fa9

SHA512
3042a742c38434ae3ee4fe10f7137462cdebad5cae0f9a85fb61063d15a30e1b54ac878b1af65f699c6ca1a9d2c3e58d245e54bdebfadc460cbd060836734e11

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png.fun

Filesize
560B

MD5
ad091690b979144c795c59933373ea3f

SHA1
5d9e481bc96e6f53b6ff148b0da8417f63962ada

SHA256
7805ac9d0e05d560023e5aabed960d842e4f3ec2aa3db45a9cfb541688e2edb1

SHA512
23b4c799a7b25f70962e8dd0ec7286ba7150053cab7c88f5fb1efc1095c2987bd6f3572e7fb3ee4b2238958e52a763de2c84a74615df7a6d3a19a034584fd687

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\example_icons.png.fun

Filesize
688B

MD5
65368c6dd915332ad36d061e55d02d6f

SHA1
fb4bc0862b192ad322fcb8215a33bd06c4077c6b

SHA256
6f9c7ebec5a707de439e3fd2e278fdfa07a39465d56157b70b24f091509bf76f

SHA512
8bb9a7690aeb3c0b9e14e1a6ebc5741536d354cf2324fd74ee0c3e4ef511718f7795039a94c8d2df94b6e6d0fb1762191cb649089d1def12abdf34003f0cdd0f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\example_icons2x.png.fun

Filesize
1KB

MD5
0d35b2591dc256d3575b38c748338021

SHA1
313f42a267f483e16e9dd223202c6679f243f02d

SHA256
1ca0cfc2df0354c8d886285ae5e743d9c7cc030e1afd68ac113c0f2ce43ad5fa

SHA512
f6c58c27bbde7508a866bd0e7fabadb13a4f020378cd8b8cfc0c9fa23f645d811d6cdea04b81afdf30c064c6248152e74b3e6a78ec7a3d1d19037a0db8897d7e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\bg_pattern_RHP.png.fun

Filesize
192B

MD5
b8454390c3402747f7c5e46c69bea782

SHA1
e922c30891ff05939441d839bfe8e71ad9805ec0

SHA256
76f8ed1dd50e50c7d62b804a0d6901a93e5534787d7b38467933d4c12ce98a0d

SHA512
22b26c62473e80d17c1f78df14757ccfb6c7175faa541705edc153c02baa7ab0982b5daabe8dd2c8c9efb92af81f55ccaeeecffe8ed9a0b3c26e89135ca50923

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\bg_patterns_header.png.fun

Filesize
704B

MD5
6e333be79ea4454e2ae4a0649edc420d

SHA1
95a545127e10daea20fd38b29dcc66029bd3b8bc

SHA256
112f72ef2bc57de697b82b731775fba3f518d1ae072120cd11b732bf4a782e36

SHA512
bed5906c7373814acc8a54c1631428a17f0aa69282920447a1575d8db826afd5dab262301dc6da610ff8bb81d24ec6babd3d9fb99fd6945f1aca9cb9c76ec2c9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\illustrations.png.fun

Filesize
8KB

MD5
3ae8789eb89621255cfd5708f5658dea

SHA1
6c3b530412474f62b91fd4393b636012c29217df

SHA256
7c5b1d8469e232a58359ccbcb89e619c81c20e6d2c7579e4292eb9a19849bc5a

SHA512
f6998dbae1a2fa56f962045261a11a50b8e03573d9d4cf39083da3be341cc104e0ecf5908076f03961bcdb1356d05a7450d69940ec3aaab73623a6fe180e7051

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\illustrations_retina.png.fun

Filesize
19KB

MD5
b7c62677ce78fbd3fb9c047665223fea

SHA1
3218c7b6fd8be5e0a8b67d3953d37d5dbd0c71d8

SHA256
aa638be6e1107ed1f14e8430abedd6f6d0a837a31b1b63e6a7741d6d417eddc2

SHA512
9e0cc29835845f2a0260a6989c1b362bac22a8e0c2825bc18f1dde812ce7868503881d2deaf951429a80b5017b6ce31e785ff524883e08d730aa38b36a2fb074

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-gb\ui-strings.js.fun

Filesize
832B

MD5
117d6f863b5406cd4f2ac4ceaa4ba2c6

SHA1
5cac25f217399ea050182d28b08301fd819f2b2e

SHA256
73acdc730d8a9ec8f340c724b4db96fc222bb1eaf836cec69dfe3fab8d6ac362

SHA512
e10883029c1e0fbc64bec9aac0a6957a8499af255e1790843717212077926474e02b2870c5dd04b057c956b97ad4bb1747fe73e731ea61b891f4b38dd80494d7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ui-strings.js.fun

Filesize
1KB

MD5
433755fcc2552446eb1345dd28c924eb

SHA1
23863f5257bdc268015f31ab22434728e5982019

SHA256
d6c290e942ee665d71e288229423a1f1866842988eac01f886910b0ec383aa9b

SHA512
de83b580ce27012a7677e1da867c91e2a42dbc6b5872dcf756ace51c2862801814665ecca997171f2e550e8b9a3de19994d2516a4e5d4d57e16c7b4b823236c0

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ui-strings.js.fun

Filesize
1KB

MD5
781ed8cdd7186821383d43d770d2e357

SHA1
99638b49b4cfec881688b025467df9f6f15371e8

SHA256
a955039cd9e53674395f4b758218e4d59c89e99a0c4d2a909e49f6008b8f5dd4

SHA512
87cb9c4288586df232200f7bbacee3dee04f31c9444902dd369ad5c392d71e9837ebf8b3bb0fcb4a5db8a879cf757e97ce248939e3316c6bf3a3fe7cbe579534

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\bun.png.fun

Filesize
2KB

MD5
51da980061401d9a49494b58225b2753

SHA1
3445ffbf33f012ff638c1435f0834db9858f16d3

SHA256
3fb25ddd378ab756ec9faa56f16b76691cf6d9c7405bb9a09ce542a6f5b94e44

SHA512
ecc5eb2a045ce2508d461b999f16caba6cce55aa0c00b34bd73a33e0458795f93a77caff5026212912684164057be016f51dc57ec83821c2a1f2e27417c47b2c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview.png.fun

Filesize
2KB

MD5
2863e8df6fbbe35b81b590817dd42a04

SHA1
562824deb05e2bfe1b57cd0abd3fc7fbec141b7c

SHA256
7f1238332901b740cde70db622abcfb533fc02f71e93101340073552f4820dad

SHA512
7b2d95465ea66951ea05c341549535a0a939d26dbde365b212e3983e4047fa6912c37d737cb8054c41bb1a7d92586d968a0154c666572a70ebc59a4776897f38

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview2x.png.fun

Filesize
4KB

MD5
79f6f006c95a4eb4141d6cedc7b2ebeb

SHA1
012ca3de08fb304f022f4ea9565ae465f53ab9e8

SHA256
e9847d0839d3cf1039bebdc49820ee7813d70941347ce420990592e5e3bd998e

SHA512
c143a4cf1ccfa98039b73214978722408188535ee4aa3dac08a34760b94bdf6d36ad0ff0de893da5b17fd69c96a6dfb25098ab7fec219fad1a77532113d0353e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small.png.fun

Filesize
304B

MD5
b88e3983f77632fa21f1d11ac7e27a64

SHA1
03a2b008cc3fe914910b0250ed4d49bd6b021393

SHA256
8469b8a64e80d662eec71c50513f6d295ef4a3a9992763dbcac9d81253cef9d5

SHA512
5bf93d4f4250ca96169f3d27d4e648cc5d6e00b7558a3ef32e07edcbae36dadb8008d7ba5f83ac3ed812b72c9d52730e866191b4de7a339df57b5697e00df50d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small2x.png.fun

Filesize
400B

MD5
f77086a1d20bca6ba75b8f2fef2f0247

SHA1
db7c58faaecd10e4b3473b74c1277603a75d6624

SHA256
cf10d2a22b638cf0978cf30ecaf39ecb5bb0e3ad78cd920afa433ad60cc1290d

SHA512
a77a897c0b41f4052cb9546d4cfd6e0856b288b6b8583a86d6c7e79059a05b19cc2593599251581e79107235e9d5cd589c392bf490452be04ff57e944cd19df3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\nub.png.fun

Filesize
1008B

MD5
e03c9cd255f1d8d6c03b52fee7273894

SHA1
d0e9a9e6efd1746bc9ccb4eb8e7701c1cd707e2e

SHA256
22a34c8321384fc7682102e40d082e7812232a9109e4d4e8fa2152fda3f260f6

SHA512
d4bd002197b725316e1f1f2dd0a70ee44a82a53ac0dafa8c6b1166343adc406e147d0c4cca30d65a32aa545f1b327c6b69c0ec1d15330af48a6faa234dc4b5ac

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons.png.fun

Filesize
1KB

MD5
62b1443d82968878c773a1414de23c82

SHA1
192bbf788c31bc7e6fe840c0ea113992a8d8621c

SHA256
4e96529c023168df8dde241a9acdbf4788ea65bc35605e18febff2b2071f1e24

SHA512
75c8604ea65e0cdd9ea74b4802930444dd16a945da1e7f0af4a9a3762259ee9eb41ea96973555d06f4814ee2f6b73ab662c6b314b97876e9628fa5d4536e771c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons2x.png.fun

Filesize
2KB

MD5
bca915870ae4ad0d86fcaba08a10f1fa

SHA1
7531259f5edae780e684a25635292bf4b2bb1aac

SHA256
d153ed6c5ea8c2c2f1839f8dadcc730f61bd8cd86ad732bab002a258dea1d037

SHA512
03f23de6b0ae10e63c41e73308b3844d49379c55d2df75fa1dc00771b26253d832c21081d8289f04260369df996e31273b7c0788cf3b5c78a27ec909f14a283a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\nl-nl\ui-strings.js.fun

Filesize
848B

MD5
14145467d1e7bd96f1ffe21e0ae79199

SHA1
5db5fbd88779a088fd1c4319ff26beb284ad0ff3

SHA256
7a75b8ec8809c460301f30e1960b13c518680792e5c743ce7e9a7f691cfafc38

SHA512
762d499c54c5a25aba4357a50bb4e6b47451babeda84fa62cfbd649f8350bca55204ad002883b9147e78dda3dbabaae8da1dc94b716204226bb53326030772b7

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.fun

Filesize
32KB

MD5
829165ca0fd145de3c2c8051b321734f

SHA1
f5cc3af85ab27c3ea2c2f7cbb8295b28a76a459e

SHA256
a193ee2673e0ba5ebc5ea6e65665b8a28bd7611f06d2b0174ec2076e22d94356

SHA512
7d380cda12b342a770def9d4e9c078c97874f3a30cd9f531355e3744a8fef2308f79878ffeb12ce26953325cb6a17bc7e54237dfdc2ee72b140ec295676adbcb

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\invalid32x32.gif.fun

Filesize
160B

MD5
580ee0344b7da2786da6a433a1e84893

SHA1
60f8c4dd5457e9834f5402cb326b1a2d3ca0ba7e

SHA256
98b6c2ddfefc628d03ceaef9d69688674a6bc32eb707f9ed86bc8c75675c4513

SHA512
356d2cdea3321e894b5b46ad1ea24c0e3c8be8e3c454b5bd300b7340cbb454e71fc89ca09ea0785b373b483e67c2f6f6bb408e489b0de4ff82d5ed69a75613ba

Download Submit
C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe

Filesize
283KB

MD5
2773e3dc59472296cb0024ba7715a64e

SHA1
27d99fbca067f478bb91cdbcb92f13a828b00859

SHA256
3ae96f73d805e1d3995253db4d910300d8442ea603737a1428b613061e7f61e7

SHA512
6ef530b209f8ec459cca66dbf2c31ec96c5f7d609f17fa3b877d276968032fbc6132ea4a45ed1450fb6c5d730a7c9349bf4481e28befaea6b119ec0ded842262

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
34d5f753bb13744c8dbc6fef1a6518f9

SHA1
c7c5d802e1ba258d9dbff7d1c526fbb4de903fcc

SHA256
8932393213556e7c6a68060d76c2b9ceb0cd10dd8b1c5846f15e0d5ccaeca10f

SHA512
ffdec2ef3bc47ad5c889af3d178e8478aafb7a08746e5bc3925ee1553535afe49f2ccc074b5724449f9cae71c5e86fe4dc2310602e20c486dc90fff038cc6e7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
d75d7552876759bc353bc5893e15aaa4

SHA1
678224105c2f9bba163fa5329a48fb008cb3931f

SHA256
94f62d288ab361ad9920a64a558f83f53dfdb25defd42b9ffea692a034624c18

SHA512
10d9a10c3e0e4bec3aaddde6aa4d8fd843a697866af68d07e728211fb0df6f165c6c7c31e8dca5a0f45d11763d731f6da74ce7e126e1b89288f699517f7c1efc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
8b0c33e75d287f06b78eca6d039d210a

SHA1
b030f9d3d4a6aca52119187d3cf5b551eb09eb83

SHA256
5e195a571c2d63f475cffb70b7626add40b07d2a6d9cac1876b7f9595ac4fb45

SHA512
a7909dbd53d8649fdbb75f1ca5c8ef4c93e170f9beca7fd25f7ca14f988b69fc34eab5e05080ca378d1c12a9e1831e800fa79af0bb0652ed59bf2ddde5586273

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
11ea1a911db3c30efb8574de5bb5ec2a

SHA1
97f60de148779b9e428d96d4db213d02ab76b2d4

SHA256
bc9b31b71cdb077205359dc1ad280c4e41709c9a741f5a5b588f244750aededd

SHA512
4a369743c4262d868fdfcc1fb33f8a5ec90b4e99ddf91b41040f97acd1eba5520fbba215460fec0a2018fd4beb5199cd01b14661be8ff0e2dfcede45adf77337

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
5889386f8dfdd943747b6028b9b992f2

SHA1
0d1a39c398bc6de62e63d8ba0295e9713096d3d2

SHA256
ac140012422ccebd5543bbc6a368fc0efc5e939ae0583fd3c2849cd381ae7773

SHA512
b250b2d9937f756c08846b0a164904a7fc6704fcecc97f05f379c306c1837a57604d3ac3f6228d29f8015d027e13bfb0cdf4da2c260b8a7efe6ddee565d7ddbd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
f89e7a3759920d519aac6b8eaff74630

SHA1
8eaa1fc052f5d2002018b26fa63076d9ecdf11b3

SHA256
376a8991355255aee859049a341dd5c5fd822068f5484824c51af12e8c5e5c8c

SHA512
363f69d456a3b13782c655d2af22c68a2bbf21f7e445c8c32e37912d331261da86ebb6af3b984bd06db58641d090a0d4854c35ff2865cd5e3bf5ae0fba109207

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Reporting and NEL

Filesize
36KB

MD5
94be85200a7d3925c0498a68b9480928

SHA1
b257b7f82e524398a31259adeba683693c0c602c

SHA256
f7ca3917b0916bee91cef474007b919b412b9961655ff6f3fcedcfc802ae33bb

SHA512
78deb62b5dd5c08e2b66c986d8ff10c66f072cc9c2c02d8920e3c8b51053b5927774657527e8dadb2f05589548f61fdb6256a3874a8d7f52d784314556b62c40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
1a8408295a31de46814cb659331ffb57

SHA1
a80bccdb10055080e07c3b229478a49339dac8ae

SHA256
18e03a8f866d6d890a75d94119cc284a48c2299f9cbd4e025efb5cfc6a89ab1e

SHA512
5daaa36781e01ca327c81aefbdf179c566295bdf1a60b21d25860bbb173e2f3c6df6b74763ab0e345b45113eb2d60cc91b3f1182deb98e0b4da45d8503503d11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0b9bfb7ac59adbd4a20fcbab4d4b2dfc

SHA1
7602e8ffe314f8ef28eacd0c1ccc9625ad7362a6

SHA256
826a4423bc2b8e6e747d873371a679de8653d47e0c6c73bb1ed8a8a39fd302b1

SHA512
94709f3626db4a87f7ad98fb6d05c9f52070a5017c7d7ecbcb241683bccc7bc32ae32f47a1fc98eabb5de20c1c265f707810ec6f7e6e9a4e887a692ae746d598

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
114c043b4c49ac7cad548b66b7850dce

SHA1
573397de33e22658ed77281d46c30c1f61ee7d96

SHA256
75b38d3a08495b331de97da421fb7d85a7c2c910f3d5fa16ff3e518e85d71de4

SHA512
5b1ebecf5d3ee24885546f1575d36b4e78319728363b712a7e0e2243be1cddc58ed505e15e340ad5e66f6bd6369a1dd7cd8719576426b406f13fa7b26e507804

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e7ddb48d0b006bd34dc5bb7208a1513b

SHA1
06387b70966a54217a06ddf8ad0a2d2171db946d

SHA256
3da20f2666ae265c270445972d0b12d3c7265fd0bd1f596bfc581936a93c41b3

SHA512
69f7f241b795e9680323fbb8e3492c9598cf57f3610ee0ccefed830dac71d59f9f46b05da8813543e5ca8bb840e97956292a2882cea5eb60ad1ebc1e28107f2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a561cd80f2e4834663cf7b798bf3b5bd

SHA1
6dce7295b2eabbf852dd6af872e86f5ac727a0b2

SHA256
f7b94fadb565e24dd288f59df9885098dee5adcee161335d043bede83e0273f9

SHA512
56bed269e5f0c711666e5651ba1685753ac7a1f3c9834a424bcc8b9d2248455b3574c8d7af5701165024eed7a9c1fe926b2d386634a28bdddc8b546dc297c8db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8ac177fef6e680b5a5464383c0cb7f38

SHA1
5145a8116aa7b9614f3ddf672c2f3ed67ac6cd44

SHA256
9aadb5111cc80c4d2692180f83bd9e3a6a128e5f7c4decd869a0e0d3ae0d08d7

SHA512
fda1d9121f0ce5c7c1d03c8b67323265a87a383e3532496a4549927fb06798ae838507c17aa82e5076fe315745d4ba96ecc83ae3ee055ea74ba9cc97ac9e6dab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0ccc212f147e2945638dafa2b1021e87

SHA1
924c81acb81ea8da19885957d9593391c320fd9a

SHA256
54973439673f9c7e74e6a304cfbbfb18b836a2e4238721f99427e3b240d549df

SHA512
8bf326d47f411fa9db84f17ebb1be6e055c697767ea85618f0ecebee396ac7d6d63c6ebea2bd42cea73f601582fefa3a5fed7450e6b42a2bee84f79045c356f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c0707cab7419368d6223035db8b9dfbf

SHA1
d4595c06141af124de96c8a666d5f4f61143be24

SHA256
40b490fcb5f15403a16d6a282fb6de2c535ab7ac75e3892957daace67b50b189

SHA512
d56516ca8e07af29b53239c9db95ff56188481beaa208ffb28022e35262e316f0e924b17b5844e2b01b48f735e9787a612ebe0c0a86da1dfc86fba666bbcd488

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b34e9930ec5e58b96a5811c5c3bbede6

SHA1
4e9a086814b7860efbaffa4ba13146a10075b5f4

SHA256
2ef628c726dbb751471413f2a313f69bb21bd12a14f14e08e861d4d0895b0a59

SHA512
32ba3b70b41a6c545c1fb1712f0c1867f43a2d57bd8bc9f07add35b4a2c8ed5376e340dac2b7c7ee5761b697b4bf0b5429eb24bdbd85276c6497cceb5d7717f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
321B

MD5
ceee72450456c8312eca3f5ea3a784d6

SHA1
eefa9faabccb89091834567f6526389484478929

SHA256
6b524fa39fe2e6618ea26d90db19876292f605a7c4e728162cbe588fdea7be2c

SHA512
7ee043f2828390857b290005a2ea3eacb210762bd3c1a83b7b772d72c724ac3db19330c729130a146f00f6f11052a77b0361873933c86eb215918d7e35db82c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
ef48733031b712ca7027624fff3ab208

SHA1
da4f3812e6afc4b90d2185f4709dfbb6b47714fa

SHA256
c9ce8dbbe51a4131073db3d6ceef1e11eaca6308ad88a86125f221102d2cee99

SHA512
ce3a5a429e3796977a8019f47806b8c0671b597ead642fcbfbe3144e2b8112d35a9f2250896b7f215d237d0d19c5966caf3fe674165a6d50e14cb2b88c892029

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
32670656289bf54851dfa6b6b1b8ca96

SHA1
685660b27c7c0e7d24417e9ee4b4c3ac84c8aeff

SHA256
2aea7f3fe2b9e05b3ced46e13b6130f979b2b27a2b09c908eb8fb97fba6784eb

SHA512
cecebd5b654d78627019a0b37378f6d341530b27de7a8765330460327b270e8a23b38d3b0e448db9ecc062efa175ab02086278b134f66f315fda459f41c724d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
813ba4310d6cf09ef129f7ba868d3ec7

SHA1
c5c4800b3fdc78a63b31c8d66d6fd59f51a0efed

SHA256
c394016b2af99c2d3dcaee86f4c72278405ed281c48a74dd2f1fffbf28a712d9

SHA512
74abc0199629dddd6fc685cce209bf122a5b8afdb23f62b51c92d9f7265c064ba05fee214245289e642986bc3656368d1e3d0b7709e6886a72b6116d7fb4f361

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
5b5f4d319cf7cbae1059333ee68b4fd5

SHA1
8d52d9161dbb796d63b02001ce40318c2ea2a566

SHA256
6a619baa75e8183cc164d432e42df818a3d595501f83f1b95a48c8792964f976

SHA512
480f1d40e36caa237308b5492be8ef470154ff6df654ed698d1ffd86055cf32d293b4851354414cc6170974eab1a216c0c05df8dd12fdf11e30c71710c7ad45e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
4e33c7ca5cccf9c11b5a33e62c4f748d

SHA1
9fdb5901aaa9beaa609d5e40348ad4eef409d234

SHA256
6d3543908b2a741438c07e70d943d5ea9d60e9aea95f463336a59fdab5a286ec

SHA512
f4af1e70d4670ff518f9bf852a537ca6214f6c896ba63c831129b7c5a4e324674ae298747c542cc7018ddd1f172ccbac7cab6b25e13075efb01bc976dc7dadae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
40a4179676b760f467036288cba1e139

SHA1
2af644440d86fcc0251642ffd70f803e99fb4fd5

SHA256
dc27285db5921aea9bcaf0d71185b848cfbc2c4e95a7cfdb29338ffc3267a945

SHA512
1684c1d09a4b2165bdf0de9fc001b41aac81c0c4b8460215c797699af945d3102e2268071bde3ff6d9613f303049aeb5a8322e04fcc5a820019715c7a16e2128

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
af1a561cd0b2ddd493ccb6ab01d1fbcd

SHA1
02e0ded597c9f364246c6a1b08ba8dc4ae793f99

SHA256
af88e914f6f267dfd19b43efcc36db535d29a660ec409b43d66b51d98ef3567b

SHA512
0de63355fa60363162f18ae2b1abb5a638489eaac5ee642d0857f8c9773f85fbfd86677812f2da5c092128fb54548170e389499041d5317b79b0af75abe5a764

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2dc1a9f2f3f8c3cfe51bb29b078166c5

SHA1
eaf3c3dad3c8dc6f18dc3e055b415da78b704402

SHA256
dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa

SHA512
682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e4f80e7950cbd3bb11257d2000cb885e

SHA1
10ac643904d539042d8f7aa4a312b13ec2106035

SHA256
1184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124

SHA512
2b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\6ab8db98-2d97-4fb1-a158-60fc389e60a7.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
09c93fde09471ec97c5f17f2ded17f19

SHA1
4464b6b36160fc96aff5eef8dc83e8c9790b283a

SHA256
0aa76790b66459f9ba0625364569d070159c671630a84f93794ece101b7343d5

SHA512
7063b72982c05ab921092c4072324063134b5981404805d9ee646dc2f1fbbe2db5c20a3bbb6c87b9675cb03b648a2ac376e812d73eb2c00db73bf78a176d2f4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
60f37d69164c2422de4bd25cfec566ae

SHA1
d740d80b66c0d79d847163a20e51a250fab13492

SHA256
7fccaaf8083fac3bd85b40e1d93675e15ea75eec044a5e4f46c4e23fba5778d8

SHA512
efa35b325ec972398a852a1f6b6e0839137519c555cb15caf0d50475393d54952630cd334ceb11e7fa4455a847b98f404ef8d95e9fd13e86f3e8b1467997d9c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
322B

MD5
e47e41667d7b0d83c59ad59ac8881056

SHA1
78e5205aeca253c8036032d1489f3bb7b25bc4aa

SHA256
61bb74bf17916bc214785235b85e5efaf853a3251dbc68aa9ee5a43831463b8d

SHA512
65db935016e501347e3181d0ddc5bbf72e0ef380b468812443f57f256ac254c142dff7bf628d2a1699729e66e71da5f8e4b88eecdafc24d9f64dbdaa40c2f7ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
6B

MD5
a9851aa4c3c8af2d1bd8834201b2ba51

SHA1
fa95986f7ebfac4aab3b261d3ed0a21b142e91fc

SHA256
e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191

SHA512
41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
334B

MD5
9eb380e0cf8aacae4859e87e2f973293

SHA1
927892929ebd577190ec1a00912e4651d2fa8bd9

SHA256
8894b973855702c42670c1f7e9791d1706b0d82d04472a0b35f3eae4be91a7b3

SHA512
958d1f6262b5dcc9495092063c5340eb4db58c056b1860bb575346739f329bd7cab433b05caed95d437b14dda19f97a609cc8c97d8311895a0010ae2c2742e91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3ff27e3a6142e1e9eb20e59507315cd2

SHA1
40d469b4b9a1b659129de16a06bc95fd99c16f7b

SHA256
5bc489571fdf6537f5343a756aa14ac483923b90f7fb6f2919ebbe0b5bf9e8c4

SHA512
a034c0fa8ce65af192ad4de57c1fbc3d4b6cfc2883df30781c6fe2d775881c6d5455a0b6b7f0ea5c5a0959967843646e2b38503fc5347973e4c4713c4973c407

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3ca3721149818db3ee1e0b362762c948

SHA1
e88860e6c6074f59116bcffd85bf6cb84b8c3ce8

SHA256
362bacd7ee11fbeb1182cbe409cf671d529e515317b93c7f45a94309aae374b1

SHA512
f81da91e6babd475a24f47a97389e88a955b4f63f33361f9405f29889c66dd5bd5f5c9dc9207322bbbf69b891679f6a6c05354084c30798d37c9161f371d5051

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
db9b059e91908f87c3f96e82e5afa80b

SHA1
174af269ef30c54e677e8054eef5b1ca0c2ab265

SHA256
098d580ffc18ba84415e739f226d083edf25d9fdfe404354c2636e599fae798b

SHA512
9cbed98bdc9be74d1b4d0e262a2387d1d4117c48fc03aad8067afdb77299141f72d2d86f515baff6641e46162f9c9c539a846180353069367ba6654089531690

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5aeac63ed71debae230190f0927dc6cb

SHA1
1dd86e978bf9a3d344932b435d07f9e87978abc1

SHA256
ac212b8ac844da5bfd3d39c62c94ad9d07420e58e22aad4a89b6d68caa0733ab

SHA512
c5fc516db7e9b14487a2021985e2215afe073d1ecf58e2bf5ae5f85fc8dc7f290d0a33f87c216b1e3ec6a74151fdefa4e3a5905644fdad70cc326e28f78e21e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a176466c132775bee3ecb8cd1c33d5d8

SHA1
ddab8d06954f689e80660132e5dcd6329a3cc0ce

SHA256
2f1849687a4112beb3747b2da01e290b7df7b38327f51aa78675854f74ab3631

SHA512
76a0e8acbfa5b89d84c2323d2bf45c177a651cce0dd5373a0b8d7ae1e5192fa95927a926c40e8bc84dcb0c35a9e7d93ef79a984dae01781da5dd05df2943001f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
137B

MD5
a62d3a19ae8455b16223d3ead5300936

SHA1
c0c3083c7f5f7a6b41f440244a8226f96b300343

SHA256
c72428d5b415719c73b6a102e60aaa6ad94bdc9273ca9950e637a91b3106514e

SHA512
f3fc16fc45c8559c34ceba61739edd3facbbf25d114fecc57f61ec31072b233245fabae042cf6276e61c76e938e0826a0a17ae95710cfb21c2da13e18edbf99f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
322B

MD5
ffc793d36331c09b93594324c253ddb7

SHA1
6f3e49f15da9e25edf53bea74342cb4077686da7

SHA256
4826402b94a99e6bb13f4b296b3a4e3e7355a629f008280af6a5282c998f6a35

SHA512
1f91bed08759c58bd0d815f60b8b348ba3971715aded1b0ea73c5b602244ff6945bbb4a3fd17b728d0034537a5b9693877b0af46cb314cf7be266f82f9d16cb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13370912411297547

Filesize
1KB

MD5
a537a75288492b8f82738796d993bf16

SHA1
0f4711d7d654f8c21ca2e5d5938fc8b77e384c94

SHA256
93a0a6ff9bbd2f7bf3b04d503c5b0272361026bc36d7db73c32210bb9dfe4967

SHA512
c53b4ca176756ece55457574b720c04a1afb4916e2581eeff4ff1734bdbc1bc717075ce1fddea422c22dafbe4d7a35cd4d83aa53a213bca5c7b706062c18ae9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
31defbac97ad802856d3f39a30aa9d2c

SHA1
9ec51cb0798db65139ea6f9a6cb369c8c85b3d8d

SHA256
4230aa30a3c59a8eedeea280920cfbb4efa695e02c29d7df459319e9243b6376

SHA512
c5d618d413b2d09501af4d596bce33c41c06248239f69d244528130121b1cc9ccf132f1f341bdbfa8bf037deb68c472ee151b109581d3f025a2bdf731fdedc40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
cf6e92585583cf73b0b04161d6eede14

SHA1
bff1a51c18d3cb163baf00c8ce5cabbff9c003ae

SHA256
7f092e827cca1979198f334e9328d3b2cc5239a53097fb6c688266c8888627b9

SHA512
b71d94836631e119a2b5d74e65b1aefef1b97163c2c405ce2c88c5d97eb9af98748dcf7c756b59d0f997414c5e1cfb3b3cbb9d808adfc58abd13bb5d84f335b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
957bc4dd36f7b92111d29ff7955fbf2b

SHA1
8b36aba4e11465ba01a35c0bb424cd86c04d7e78

SHA256
810403db895c89622b146b1fe3d93bd873567e5af2ebd427cad69a89219057b3

SHA512
6cc687c62be38d93214b0797e18b7f8df0f5a91e1c2c5fdb25c013eede3b1dfcac86cbd7e0c4f9f4f1f73f15c9fb867591f7be64ebab7f5e9d7286a01f95ad36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
75ccdc2a9820f39b40765d00e9cf1e5c

SHA1
19be29aa53e9e4facc4271ad7653eddee8f5a78d

SHA256
49d9a05360d9855258e44c62b7dcf953f9f15424b24ce8d566be28701f737c54

SHA512
477775ae232e31b7937dd75e309e29c2dba7ec8e819f9eba38e679b53c66f3b33bee53f24c2cfd121ff923c4f26db2fcb765c32d3cb86790545e4fce030ad5ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
194B

MD5
a48763b50473dbd0a0922258703d673e

SHA1
5a3572629bcdf5586d79823b6ddbf3d9736aa251

SHA256
9bb14ea03c24f4c3543b22a8b4e9d306b926d4950cfcc410808ecac2407409fd

SHA512
536406435e35f8204ce6d3b64850ffb656813aacbc5172af895c16c4f183005d69999c4f48f948875d9837890f290b51a7358ff974fb1efc6ba3d1592426cca1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
dd8d0c4d3e1cff5a75c5f33acd31e916

SHA1
21ecadfb7543040e44a7c7835083a2f8482369d2

SHA256
682ee0cfe8f5bcb34b14030ac8f344d65bf7ec22e7f2a50d2254fc4e64ddc700

SHA512
5cabf90048effc13021f9556196a2978dad5f1221651c29888b3b3490a92fcd8520cd41e2948b40461e6259c6af409ee8affb35be2dc992edb1db29428b07617

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
a520ae03254d34a5cfd5384ecfb80d2a

SHA1
b869a2a6c8bdbb9a25445f7d49a5b2c54fbb7f14

SHA256
aeda89b65cf6e048c3603c77e983c7d66674b8b513ed1c3e0bcf00936e698fee

SHA512
2381beb81f4a6259f94f2dc91c1e29bf62c462ecafa2a6e237fd9906bbf28e4e85ca33086f5c90647103f292963d2158649194c31c00892045dd19e4702e8eb1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
c8dcafb1ecfc8695f4da318bcfa8e628

SHA1
99bd1eeb07e718af47241c8aabb3de3cd7f12312

SHA256
f84f0129b728036085808413ee56ca3a014e76bc044f6f0bc89c3676010f88b2

SHA512
d47a2e482125564d7624988cafd5d4b35add2b6f5423b669362a9f7a18762f0ac4b38fdeacf91d69336e682c3bf93b7d031901a382fea7dccf56c9e02f607d14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
41f8443c36256b7ff09215f3d825ff48

SHA1
066c40de3da1274f3c0d6dcfa3c2bfa05b2f6e0e

SHA256
c23c18cbd929202cf1747b3dc7141886b334ec36e15351c81cb5da9aee9185ef

SHA512
54a7d80ef5559b7931d9b76e6bd9a0831e49c48ee001382186257814867bc3fc7ae20d0a513b104fa7d7557b745e25a7ad3fa38daf8734a01a2777c5639effa1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001

Filesize
22KB

MD5
1ac9e744574f723e217fb139ef1e86a9

SHA1
4194dce485bd10f2a030d2499da5c796dd12630f

SHA256
4564be03e04002c5f6eaeaea0aff16c5d0bbdad45359aef64f4c199cda8b195e

SHA512
b8515fb4b9470a7ce678331bbd59f44da47b627f87ea5a30d92ec1c6d583f1607539cd9318a5bccf0a0c6c2bd2637992e0519bd37acdf876f7a11ed184fb5109

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000002

Filesize
17KB

MD5
913728da90cf90d8e78af59c60b47c3d

SHA1
f42f2a545d4fcaf4f76d0f060f52e33a47df7f1e

SHA256
b0b478f9aa6aaf8d5811e296047ae1f8ee07f4c4998fe9d7b960755ea1fafb82

SHA512
3af86e053dd56aef03e6f967a49b1a0d492616a71e2e49090e0c8e5cbe58ff37ccc55e91f06bf34096059a49f3de84b0bca587f3f17c366f97c0f7a0fd17c974

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0457cd65dec1da74adf0f93e8a98b572

SHA1
8ccb03351ada0d5e85020972abb6396a172e2ef5

SHA256
ba291c9e4e49df66a1dc89e93a6adf9ba50d3d44eee5da79d3a5c34e37d3fbeb

SHA512
9d030005f9245947094995fc5e392f57b554d4ae94caf2ef544ac6b3f5e6a99db5a59ca54cef3e10a7605f2f3e66a681b5c372d76d330d2c92fd8f30fa9cac38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
947e5e78e9144cef0ac502162c71c43f

SHA1
ef7f675070c80445343222ae856e86801b8183b2

SHA256
09f9445f1c932c81f48eb6675634ea1879e7514594c0f2bb7763fb310681571f

SHA512
97277f315c11e69db4e9192808796b944e80cdd41ebd7e44f16a8045016d14105fbe2352be5d193bbc6110324b93248da929b8c62a4448a0ab87f9c99b2ef297

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e9437bcd2c678b0e548a2996d53324dd

SHA1
5bfe91c94e7536b561f4ac6402df75fca9bee829

SHA256
ddb0a5f2e9fed33304f915fbd5dbbadde1ece4fa16e9653c49ba8d6342767365

SHA512
282af742099ff61d8a151f6213da313f75f96fdb3ef2b8d7025e82b091cd0e61253902d07c4507ca3e0f537dac2f0b60bb86ba7f30da15144574c20751bd7e20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
c2d3b6350514fa81d94ea75d328397a5

SHA1
0abe79feb55db427896f7b9f0c207d5eee892a63

SHA256
fa4e1988f3f86b9c64ebf1b0a34a7f07679e5aa3f1fb57b75dc3bfa500dec1b1

SHA512
0459a589d911cc7ae28e822a083c8a0b85e03a64e626a85ee9b4b676c7c4ca4a3988886b58fd92919596112f12c9b11bbe4b8dad8d813f5ceac9618af062ad6f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\activity-stream.discovery_stream.json

Filesize
36KB

MD5
cbf86dcb8c4cb95ffe8f40f3d08994db

SHA1
473d6ae6b9845a21eb5b5102012985cdcdf1ac23

SHA256
d206db4483bc95fa9a62338790bbd22629bab772f4127ac98aad7b884060075d

SHA512
c131ec82c2ef856dcaeab17fbbf480a549d96e2135254dfd73f0cd25bbf466926e3bc1b59fa568b247ff9254bd315853984b3ca02aca672abbce6cc7c476a31d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\cache2\entries\22386449CA13D8975B935875780066C6EF52CE37

Filesize
13KB

MD5
fba3850612f6932fcea1f8369d9d8650

SHA1
2ebb983cfda3d72ba0ba8315ef4cd4b7b2324449

SHA256
473fc61889f3ce9374cff854b1172bc6af7f45293e28ee43ca702c4376624782

SHA512
591098246777c1841f89e9b372ac6f05cbceff5da4c3aca5a92bc70d70caf40b3273dc54468cfc3955382e08c9ca6594460d53c09e99f578f1f5fa83c8e8814b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\cache2\entries\E0600FF3C285DFEDD495A398052F302E4D1BFECA

Filesize
13KB

MD5
57406e2a4eb65e93636dbe0c150d05b5

SHA1
6bd74b11fc8c8320fc7d35b880ebdcccf6cca98d

SHA256
2b80b03dfa9634e7e380d46e232227ec310398b922330dcc0f7a469f4b402e53

SHA512
8e7f3aaaffae497e65918f716b1834e4b9db84dabc2c201e885018c20502014c96021b6a8066b91318f77708c71f3f978a5d8107e6901ae149a926ca3fce7710

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\startupCache\scriptCache-child.bin

Filesize
462KB

MD5
24d6c20c2371bb9028a30bf2a6c873cb

SHA1
0c3e9dd4ae0d70fa241ff9c9104bc8800a8e703c

SHA256
5531f258fd34995aad0248d4781fa9182332fdad29406e3dee6d99fc2b7205ee

SHA512
a06ec9cc88980c6a9c8f18f65a205599f49eb62071d5a06e0328853de9e888687eb6eba70d7f0e4bc8d403a5cff532d2f93defbeefa3d469986c0466d8e02dc9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\startupCache\scriptCache.bin

Filesize
8.8MB

MD5
14aee0284060bfcaa820d501aa57b00b

SHA1
6be353e8c2cd6973a7fab94d5c3242840564da27

SHA256
08f995238c8387afff9c9a82b063f268577b337eeb3f278d38667afc89a50bcc

SHA512
e6df028a717839a4d7fbace01da11da3efb6f3923b72c7423ae13179f4ed4eb5e9781ae89dace5eb9a2daa92a2c8e0165def17ceb198c14d076f5b13f107c246

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\startupCache\urlCache.bin

Filesize
3KB

MD5
53be20d0cd0f1ac1b0ccc948de79a556

SHA1
f6ab8cde73a17f4395b4f6515a042487155bb7c0

SHA256
455b4e4298254f479015014b9bfce015510e4bf1542f5115af9a1c782c23a68b

SHA512
c33c549ddfc646cee314905a066d621e069834a2ea42f0582a7a3f4da6c63632fe2cded03973fc35730f6e81718986d3a5d3c6e64f2a8f10ba860a3b2abce8da

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\startupCache\webext.sc.lz4

Filesize
107KB

MD5
ea41ebca22c5a7b2878549e58876e4ef

SHA1
ddda141a1cce35c84bd704860142ba67f3af5704

SHA256
ed4d19cc1724d88efad5d127447407d9dc58954b5b012c6ee0995f06a4c4f35c

SHA512
926a825a5c596069726007ed9acbbf1e29da5edd9948765880e17213ac552955432d121f972f8a1fe31af11c141166e713b86c0c29d34296b92e00b71d796582

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.fun

Filesize
8KB

MD5
f22599af9343cac74a6c5412104d748c

SHA1
e2ac4c57fa38f9d99f3d38c2f6582b4334331df5

SHA256
36537e56d60910ab6aa548e64ca4adafdcabde9d60739013993e12ba061dfd65

SHA512
5c8afc025e1d8342d93b7842dc7ef22eca61085857a80a08ba9b3f156ee3b814606bb32bc244bd525a7913e7915bdf3a86771d39577f4a1176ade04dc381c6d4

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{c695ba85-b786-4811-9987-1d9bef1506a1}\0.1.filtertrie.intermediate.txt.fun

Filesize
16B

MD5
1fd532d45d20d5c86da0196e1af3f59a

SHA1
34adcab9d06e04ea6771fa6c9612b445fe261fab

SHA256
dae6420ea1d7dbe55ab9d32b04270a2b7092a9b6645ed4e87ad2c2da5fdd6bae

SHA512
f778cd0256eda2c1d8724a46f82e18ab760221181f75649e49dd32e9a2558bec0e9c52c5306ad17b18ab60395d83c438742103fe9adddf808e40c3d8384ea0b0

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{c695ba85-b786-4811-9987-1d9bef1506a1}\0.2.filtertrie.intermediate.txt.fun

Filesize
16B

MD5
f405f596786198c6260d9c5c2b057999

SHA1
f8f3345eb5abc30606964a460d8eef43d3304076

SHA256
58e3090edb9316d9141065ac654a08169f2833091e6eb3a53b5a774a61b7e30a

SHA512
a0b3573dae218ade265709a6fdee5f7700c9754eb10747de5af34af340ae95909d0a8902159a735e82eb5d7091f50a7997113661a7ec3fcc2b408fb6c78a4c39

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133670754003539867.txt.fun

Filesize
77KB

MD5
09f9e9241891a05077e3f7a621ba97c9

SHA1
fca0fd914e537a616b7d6e49ab516a26a2b01268

SHA256
dddcba5522d7c214fce3df76bf3260a355874e95e75030fc0b7ee8279e68599e

SHA512
128b6379453072d145b2eb1fadf7e47d35d3647807ecf988232961d8fbb1a4914d690cc9d3a13738167f18ec31cd70d4e6261f141a18646631c815627cebd566

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133670756898663578.txt.fun

Filesize
47KB

MD5
61718a0654c8e48f28bb621291b3b43d

SHA1
4712a3466f4e2a6bf8481df97b7b7c664ff657cd

SHA256
8648d561d404ae8b343fd246c10fc3d241a595af3a3968d98e23f8117a4e2349

SHA512
a9210a37b1ae5b85d7ee7c95c0deab28ac9f83166c440dae09f2e092bd60625b229d5280768ad8971a04fd4572fc8e348270b24d19d73a1295c3c34ae44f9bf4

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133670762611830444.txt.fun

Filesize
65KB

MD5
0a6fc6957d9da30cbb0d0c925ba657b1

SHA1
b29086d455aa4f9d36204a1ce917272a415ecc2d

SHA256
f581722807a442022e500acc8d622aa7d81f1fe94bc6ecf84e4765a0b20ebc6c

SHA512
13ac2e28bf9b6146332b9a6e9fcb2bef28c7451940650e4a1331df5c6782a05cca9c777ef4090d2282f81eb3467c5d786b1106bd0f91460a40c4cbf59c69adc1

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133670782786528470.txt.fun

Filesize
75KB

MD5
cec6b18cfaec02f0ff05c82aff5c68be

SHA1
5d6f711ab3b74a0bb214829dcec81f015d7e4390

SHA256
c3888cfad5d2a45a9bfad2b0da8d8cd043e70e826b67a0e00a9a40debc8b1111

SHA512
19ae1a382be5a48c70afcf0a0ab2998f8088e5a8004b60015a2b09ffc1bcf5fa48132a66a648765fcfa42b6fd0dc7a41557c61cc7383c33eb399528f7e964f36

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\{FAB1CFE8-37BE-4B2D-AB0F-3642571DADF5} - OProcSessId.dat.fun

Filesize
16B

MD5
8ebcc5ca5ac09a09376801ecdd6f3792

SHA1
81187142b138e0245d5d0bc511f7c46c30df3e14

SHA256
619e246fc0ac11320ff9e322a979948d949494b0c18217f4d794e1b398818880

SHA512
cec50bfc6ad2f57f16da99459f40f2d424c6d5691685fa1053284f46c8c8c8a975d7bcb1f3521c4f3fbdc310cf4714e29404aa23be6021e2e267c97b090dc650

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\AlternateServices.bin

Filesize
6KB

MD5
67eb68d5ddddea18ce9747bbb237c0df

SHA1
861972a2c184a7061de73dc5d8461a4777f8701b

SHA256
68c7b985e1b103a2934edc3f018a8b7b43570925d089636e8d4d05ff795e52fb

SHA512
19cb5c38d2611c3289e54d8a985a703b75b90524613785fee79b1a50c5319aac44c330a6f3c3b7dc5c30fbaf38bedd8b9e8fbe371e0341babf395151ece86dff

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\AlternateServices.bin

Filesize
10KB

MD5
f3e67c2c590e04568bab13df28e8d5a9

SHA1
96b7eac62ee542db26c0d6c48ed69967652b9696

SHA256
9c205ff73c9ddfdd7efbb28e3ece916d27f7a6af8c37a0fdf022657112a18322

SHA512
57965f0244f1174bc8536d47de325801934ebc494524c9ee3f9b5b847c5e7142003b1e9781e6849d7072d2db38b922c1ee1aee3f01a2a7d220edb1c29edc8e04

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\AlternateServices.bin

Filesize
6KB

MD5
78b8af886fdda87c38ba98e7d34578e7

SHA1
4d888ed00b6c0921f23478bf1c4aa785a79c0aa3

SHA256
e7617c5898e13cfcaf9dfd74de0004cebacefdfe45b46b42059f2cdb26c20589

SHA512
170e26814bf3a429cc49090790a31a541e05af5b6156695bd3add1e5d890ade0cc0aa092778cd1111d30dbf2968e8ea6e62dedafd87e68b2139af7d4efc5478d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\addonStartup.json.lz4

Filesize
5KB

MD5
27edd1b56aa0f3ab9985c85ca39345bf

SHA1
cd08d996a03dfd672e46583cca80d659c36d1097

SHA256
6d4efbddfc47641893ed5ff9863767521e72f4ef30e470ae49ebbec8914d59a7

SHA512
2442f3c02c29b68cb5511963826406b2482b0249646bf594537f23c11dfdd05762647871e707ac9a3e164e0e09a57fd65a30404dc8d51f93ff4a9329a9dea14b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\addons.json

Filesize
24B

MD5
3088f0272d29faa42ed452c5e8120b08

SHA1
c72aa542ef60afa3df5dfe1f9fcc06c0b135be23

SHA256
d587cec944023447dc91bc5f71e2291711ba5add337464837909a26f34bc5a06

SHA512
b662414edd6def8589304904263584847586ecca0b0e6296fb3adb2192d92fb48697c99bd27c4375d192150e3f99102702af2391117fff50a9763c74c193d798

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\datareporting\glean\db\data.safe.tmp

Filesize
182B

MD5
c58234a092f9d899f0a623e28a4ab9db

SHA1
7398261b70453661c8b84df12e2bde7cbc07474b

SHA256
eaec709a98b57cd9c054a205f9bfa76c7424db2845c077822804f31e16ac134c

SHA512
ae2724fc45a8d9d26e43d86bcc7e20f398d8ab4e251e89550087ace1311c4d2571392f2f0bed78da211fcb28766779c1853b80742faa69f722b2c44c283569fd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
25b5e18081ef56a5e2f2f1b7aab6acde

SHA1
1f8c6313ebf0415e531d78345d780d1b324ad513

SHA256
f9075bbb86aac7463f81271a65e963e4b252e74c901a29caba233e44fbcc0c28

SHA512
abad814a5dd59ab41724981fd188ab1c5fa25a9aac6997c29737724ae3d09f83428fe841fb73935a5b7972940c96e64385c2353c45f9a92732936be3c2d82e86

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
a9bab67112b6d66f76b30bb3871f5720

SHA1
e8083b9ebbd290f6169ce184822f03f7578a28db

SHA256
0eebab161a88eb6411bf021b6cf8bb7e27066720a6f2de7c58ab5ce9fdf0344c

SHA512
7c88877abf9c870f83d367d5d669f30651e5e3702c7c8320860d97ee6d6889438d4d458fe8cb1ed498ebb85e328bc756b2e28cba8cd7aeef3214d0cac1a6db4b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\datareporting\glean\deletion_request\e1a23eeb-6f05-4442-ae55-63b0594fcbb2

Filesize
575B

MD5
b6cbe6df674bd1bb16dcf6f98f056d2b

SHA1
669578c42a30d3fdd0ec78fc3b0f6d895aeb216d

SHA256
a2dd51da58973a6b87ddd0c5857ddedc2a69f8db440c3b8a2030acff60c39bfd

SHA512
40ed0d9dcdb407cdc308fcdb3e09f6d286d0e739e5e8ae6ed950282569129d4f8c97a39bd1c79bc7b0fc17d356dd2796b7e4caf322b8ebb00465ed0e3453e8e7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\datareporting\glean\pending_pings\3ce109c5-b767-4117-93a2-3025c7cd933d

Filesize
982B

MD5
a03170d3d172ed1590df100d101bfed8

SHA1
e859fa264c6613da9476afa1d4a5e456db5a25ec

SHA256
86d332e3bbddd1b353fc5df8411e68b5489bbb256eab8c003fd9d866e235caeb

SHA512
607ce1c3cb0bba0f9760204b9ce91038c008a97c716794cea86d3f1e749ed8c77dba8dfc51dbc3e725c1b9062122efdde5684ea86954a1f1fa55acf67a634162

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\datareporting\glean\pending_pings\45b86e56-025f-4123-a2c7-e8add56127be

Filesize
25KB

MD5
b68651473e8a58c5a76e7336c5b3d14d

SHA1
5fa3c7229bc9d050d60aee16db758b1a47dc4a0f

SHA256
82cdb296c804ce3b965c315a9f57a99db803f811f290355afcae211ce66e79a8

SHA512
4a2692d207ca30db820e1cef46d1912bbe82298f76782e0396a6c6c540b7a1687cc544f5ff1ae42066dbc2438ba9c68a7038161304beb73b77f180dd7aa11fbe

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\datareporting\glean\pending_pings\c2f2dfa6-8bde-4568-9d6b-e036c1453386

Filesize
671B

MD5
b166e0a288b7040acf473bc5fad6daca

SHA1
9a409ce74bb5fb39f63290637628bb000447f45d

SHA256
4844653a7ba4d7f336dfd87afc934623fe0204f9043d5ddca93e07adddffcc1e

SHA512
2a51109f3927c3b4176797200be63c436ed0c4a2dd62a667accb09f2690e8c4a2afef9c4a3854ebe8e6fc7947801d613e7ba0d56b5a40f93a2cefacf259f468b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\prefs-1.js

Filesize
11KB

MD5
872262b2b74451dc916b13f83a1ab6c3

SHA1
07cdc19a90ca901c566c27fe18903c513f903900

SHA256
05dd12815835de943dc69f8d26464777940a8970c7277495be5c625f3efa6e07

SHA512
a621e3699d5a7b40cdd12aef68b695877301dac4698f68c277a344531f08a9f5ca7bbe08d58e072c9328699824ca695a387ca042bd48278142e9cb9bc4f57771

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\prefs-1.js

Filesize
11KB

MD5
39a1457939cac4c30ab2f439744ee2d6

SHA1
8c9119fa723029030246f0db9fc9b3d50f0bd6d5

SHA256
67814e2b93bd027e79afa0eac8ae987e0fddac08c0c805ab0235c4b4ed439b97

SHA512
166950d86c0c6238f1229f7517302748e0c29653b9c3d50c26b34a466d588f988efd75e264342eedce5e443024ea6753e42ccafa2525b6fe12be23cc7093a6df

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\prefs.js

Filesize
12KB

MD5
9ad4014dc5e226a1099c27e5e920aa37

SHA1
73c0251a6cd2a43881fa27c859ff4b815ba6b8ed

SHA256
58ae9a58307abe661f672f1b8f75ee15cd33db14779835c0a3afb30f16fe8bb4

SHA512
7053c1994f5a869464d3015251b5c75ae8bc5e46fb1fa40abf8f2df01b24b23404c8b6d675a2558bdbbfcd7346d83d4a6c53515ccf26c669d2e7862f0b0811b3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\prefs.js

Filesize
11KB

MD5
dd77b7381515ab1b672159666a178afc

SHA1
4df4d16942ba867a5a63e42f859df04da5ed9a08

SHA256
e8c062b5d2a6d87640e20206027f135084b16babb665243af22fdb7ca60db828

SHA512
401f6bc216ee821dde22cf51f5dd977f2fef2391a5dd3bf2ff0377ee763fa6cf95ae582a4ca25030bd82481101a472423a9fa08321b1d9235ba571cd39b7f2f9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\prefs.js

Filesize
12KB

MD5
c7a799cfabcc622eca49407ca7e896ba

SHA1
bbe5697e9c6716a0504054f0c577e6d540c45354

SHA256
55c40c0724ec294bce21dbc656d89cabf46411ba1ce1f35b71ad3460ef85dcfa

SHA512
5073757334ee340273c596c2a7bb325679b1c39d529de2372fcc51c01fed53da29dc1b165c92d21c042870357b49f4bf9dbedd0e83465b5b12597f60059e37a6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\prefs.js

Filesize
11KB

MD5
b812b84996de1020ececeaabbe69f877

SHA1
f493443a69d14a4f6749acc2d70f5c21e0137fe2

SHA256
d1bbc178714529d89c3b3ce5c9b1ab9dfbe247dbaa99cc7b24c6dc3486fe1074

SHA512
61b5a3505c76b166ea9a63acca29c6430cac5fb26f9fbf8595db8de50d5fdabbf899c44159c1dad90f4aaea4b731f0fc0c4f76c67913799fee68534e5ce95326

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\sessionCheckpoints.json

Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\sessionCheckpoints.json.tmp

Filesize
288B

MD5
948a7403e323297c6bb8a5c791b42866

SHA1
88a555717e8a4a33eccfb7d47a2a4aa31038f9c0

SHA256
2fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e

SHA512
17e2f65c33f47c8bb4beca31db2aff3d4bbb6c2d36924057f9f847e207bdcb85ffcbb32c80dd06862ffc9b7f0bd3f5e2e65b48bb1bc3363732751101d5596b1a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
fc40c03ae2f3696b015336e3952e174c

SHA1
fdfc15231c30783a19cb1b877d570e45d9096601

SHA256
013da902d426b017db63d642c99626dedaca9b21c1a1c12b817ab3284c26b167

SHA512
feb73a0202e76a281be5109c0556423e4fcff5e2f4249d7d8da4d46d7ec8879d5458f21fadb054ce278dccd2992c3eb46ba0dad7b85b92b4b4fbdfaeebb939eb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
520KB

MD5
668e73461658793336cb4a56d741a8e3

SHA1
7287c5ec5beb701dd4d2f07cdd137a27396dc395

SHA256
f71fd96be74f081c657d31aae5a52d2dd286ad67556bcb06d054849d40db6203

SHA512
a28105233632266cfdda709041168a9561378f43b1e14bab0abbc9e6af523cc786b85c3c34f87a499ba7567a1adb7fbd122bf8e850c6cb8ad24e28127712631e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
888KB

MD5
cb305b2ac5374828d3bdb3440ab8ca2b

SHA1
64d6114c4684f2a730ad191f76fbd8df051e49a7

SHA256
b5958c1079627114ca6acdbbf24b4e62621f1a562390816d732f61901749869a

SHA512
a03db11ca4a6e1ec04a65bdddec551c8f97eecd1489091d683bf2ac64b69dda14bbf344afbf0f408cf3c63b5210c916c158c2f6d522e33f565ee1790730e58d6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
1.1MB

MD5
2981a8b1d57ba3ab99147cbed3f4447b

SHA1
ff0fccf66dc58bb9d8c3712aa7d7113578802b78

SHA256
4a96ad3eb36ba3619be6ae663b034d9dcfc3b2240510d827c6bd19d5793daf93

SHA512
32678c1e277bbdc3c13e567210cc64743bb494c597b10301e1a24380326cc6520e1ad3bf5f498ebb7e194ab87d41c39f05a236e10e197873c4a9ecbb6f887fdb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\xulstore.json

Filesize
120B

MD5
8d689c06cb844185099c0398a280537e

SHA1
57073c7526ec37e94bb9db44fedc6d50276f7a6b

SHA256
96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d

SHA512
3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

Download Submit
memory/1204-1-0x00007FF9FECC0000-0x00007FF9FF661000-memory.dmp

Filesize
9.6MB

Download
memory/1204-2-0x00007FF9FECC0000-0x00007FF9FF661000-memory.dmp

Filesize
9.6MB

Download
memory/1204-3-0x0000000001820000-0x0000000001858000-memory.dmp

Filesize
224KB

Download
memory/1204-4-0x000000001C560000-0x000000001CA2E000-memory.dmp

Filesize
4.8MB

Download
memory/1204-5-0x000000001CA30000-0x000000001CACC000-memory.dmp

Filesize
624KB

Download
memory/1204-19-0x00007FF9FECC0000-0x00007FF9FF661000-memory.dmp

Filesize
9.6MB

Download
memory/1204-0-0x00007FF9FEF75000-0x00007FF9FEF76000-memory.dmp

Filesize
4KB

Download
memory/2316-20-0x00007FF9FECC0000-0x00007FF9FF661000-memory.dmp

Filesize
9.6MB

Download
memory/2316-21-0x00007FF9FECC0000-0x00007FF9FF661000-memory.dmp

Filesize
9.6MB

Download
memory/2316-22-0x00007FF9FECC0000-0x00007FF9FF661000-memory.dmp

Filesize
9.6MB

Download
memory/2316-23-0x000000001B890000-0x000000001B898000-memory.dmp

Filesize
32KB

Download