jigsaw | hxxps://github[.]com/AtomTools/Multi-tools

Analysis

max time kernel
2401s
max time network
2598s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
02-10-2024 17:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/AtomTools/Multi-tools

Score

10^/10

jigsaw discovery execution persistence ransomware spyware stealer

Malware Config

Signatures

Jigsaw Ransomware
Ransomware family first created in 2016. Named based on wallpaper set after infection in the early versions.
ransomware jigsaw
Renames multiple (1869) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Blocklisted process makes network request 2 IoCs

flow	pid	Process
103	1820	powershell.exe
105	5340	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 2 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
1820	powershell.exe
5340	powershell.exe

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rTErod.url	Ransomware.Unnamed_0.exe

Executes dropped EXE 1 IoCs

pid	Process
4488	drpbx.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003
Uses the VBS compiler for execution 1 TTPs

Command and Scripting Interpreter
T1059

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000\Software\Microsoft\Windows\CurrentVersion\Run\firefox.exe = "C:\\Users\\Admin\\AppData\\Roaming\\Frfx\\firefox.exe"	jigsaw.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 13 IoCs

Web Service

T1102

flow	ioc
167	raw.githubusercontent.com
16	camo.githubusercontent.com
66	camo.githubusercontent.com
67	camo.githubusercontent.com
78	raw.githubusercontent.com
70	camo.githubusercontent.com
166	raw.githubusercontent.com
175	raw.githubusercontent.com
176	raw.githubusercontent.com
3	camo.githubusercontent.com
65	camo.githubusercontent.com
68	camo.githubusercontent.com
69	camo.githubusercontent.com

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3908 set thread context of 4172	3908	Ransomware.Unnamed_0.exe	230

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsStore_12104.1001.1.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\LibrarySquare150x150Logo.scale-200.png	drpbx.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\Configuration\config.xml	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_2.2106.2807.0_x64__8wekyb3d8bbwe\Assets\Store\StoreLogo.scale-400.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.40978.0_x64__8wekyb3d8bbwe\Assets\contrast-black\SmallTile.scale-400_contrast-black.png	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\variant.js.fun	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Todos_0.33.33351.0_x64__8wekyb3d8bbwe\Assets\Wide310x150Logo.scale-200.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_21.21030.25003.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.targetsize-32_altform-lightunplated_contrast-white.png	drpbx.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vreg\office.x-none.msi.16.x-none.vreg.dat	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsNotepad_10.2102.13.0_x64__8wekyb3d8bbwe\Assets\NotepadAppList.targetsize-20_altform-lightunplated.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsNotepad_10.2102.13.0_x64__8wekyb3d8bbwe\Assets\contrast-white\NotepadAppList.targetsize-80.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsStore_12104.1001.1.0_x64__8wekyb3d8bbwe\Assets\AppTiles\StoreAppList.scale-200.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_1.0.6.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\WeatherAppList.targetsize-60_altform-unplated_contrast-black.png	drpbx.exe
File opened for modification	C:\Program Files\Microsoft Office\PackageManifests\AppXManifestLoc.16.en-us.xml	drpbx.exe
File created	C:\Program Files\Microsoft Office\root\Office16\WINWORD.VisualElementsManifest.xml.fun	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe\images\CardUIBkg.scale-200.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.40831.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\LargeTile.scale-100_contrast-black.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarAppList.targetsize-20_altform-unplated.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.21012.10511.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\Logo.scale-125_contrast-black.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Getstarted_10.2.41172.0_x64__8wekyb3d8bbwe\Assets\TipsBadgeLogo.scale-100.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_11.2104.2.0_x64__8wekyb3d8bbwe\Assets\SnipSketchAppList.targetsize-96_altform-unplated.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.6.3102.0_x64__8wekyb3d8bbwe\Win10\Classic\TriPeaks.Large.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Exchange.scale-200.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Getstarted_10.2.41172.0_x64__8wekyb3d8bbwe\Assets\TipsAppList.targetsize-80_altform-lightunplated_contrast-white.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.40978.0_x64__8wekyb3d8bbwe\Assets\contrast-white\WideTile.scale-100_contrast-white.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_1.0.36.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.targetsize-30_altform-unplated.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\AppIcon.targetsize-72.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsNotepad_10.2102.13.0_x64__8wekyb3d8bbwe\Assets\contrast-black\NotepadWideTile.scale-200.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.2103.1172.0_x64__8wekyb3d8bbwe\Assets\contrast-black\FeedbackHubAppList.targetsize-32_altform-unplated.png	drpbx.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\basicstylish.dotx.fun	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_1.0.22.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\MapsAppList.targetsize-96_contrast-white.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.42251.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppPackageStoreLogo.scale-125.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe\images\contrast-black\HxMailAppList.targetsize-80.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_1.0.36.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.targetsize-20_altform-unplated_contrast-white.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_1.0.36.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.targetsize-96_altform-unplated_contrast-white.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_1.0.38.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.targetsize-96.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingNews_1.0.6.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\NewsLargeTile.scale-125_contrast-white.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_1.0.22.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\MapsAppList.scale-125_contrast-black.png	drpbx.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\security\policy\limited\local_policy.jar	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Getstarted_10.2.41172.0_x64__8wekyb3d8bbwe\Assets\TipsAppList.targetsize-60_contrast-black.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.41182.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-60_altform-unplated.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\AppIcon.targetsize-64_altform-lightunplated.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe\images\OutlookMailWideTile.scale-400.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.PowerAutomateDesktop_1.0.65.0_x64__8wekyb3d8bbwe\Images\contrast-black\PowerAutomateSquare71x71Logo.scale-200.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe\images\HxMailAppList.targetsize-60.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.21012.10511.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-20_altform-unplated_contrast-black.png	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\rename.svg.fun	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.41182.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-30_altform-unplated.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.41182.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-48_altform-unplated.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppValueProp.svg	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.PowerAutomateDesktop_1.0.65.0_x64__8wekyb3d8bbwe\Images\contrast-black\PowerAutomateSquare150x150Logo.scale-140.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Todos_0.33.33351.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\Illustrations\icon3.scale-100_theme-light.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe\images\contrast-white\ExchangeWideTile.scale-125.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsStore_12104.1001.1.0_x64__8wekyb3d8bbwe\Assets\AppTiles\StoreSplashScreen.scale-200_altform-colorful_theme-light.png	drpbx.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\core_icons_retina.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe\images\ExchangeBadge.scale-400.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.2103.1172.0_x64__8wekyb3d8bbwe\Assets\trace.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Paint_10.2104.17.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\PaintLargeTile.scale-125.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2012.21.0_x64__8wekyb3d8bbwe\Assets\Graphing.targetsize-24_contrast-black.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe\images\HxA-Advanced-Dark.scale-250.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_4.0.2.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\Icons\StickyNotesWideTile.scale-100_altform-colorful_theme-light.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe\images\contrast-white\OutlookMailWideTile.scale-100.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_21.21030.25003.0_x64__8wekyb3d8bbwe\Assets\ShareProvider_CopyFile24x24.scale-200.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2012.21.0_x64__8wekyb3d8bbwe\Assets\Scientific.targetsize-24_contrast-white.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2012.21.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-36_altform-unplated_contrast-black.png	drpbx.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chromedriver.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Ransomware.Unnamed_0.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	csc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cvtres.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vbc.exe

Enumerates system info in registry 2 TTPs 12 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133723631873859199"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 5 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings	chrome.exe

NTFS ADS 14 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Ransomware.Jigsaw.zip:Zone.Identifier	msedge.exe
File created	C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe\:Zone.Identifier:$DATA	jigsaw.exe
File opened for modification	C:\Users\Admin\Downloads\Shrek-Tools.zip:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\tldw-Beta-v0.6.zip:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Discord-Gen-Bot-main.zip:Zone.Identifier	msedge.exe
File created	C:\Users\Admin\Ransomware.Unnamed_0.exe\:Zone.Identifier:$DATA	Ransomware.Unnamed_0.exe
File opened for modification	C:\Users\Admin\Downloads\Ransomware.RedBoot.zip:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Ransomware.RedBoot (1).zip:Zone.Identifier	msedge.exe
File created	C:\Users\Admin\AppData\Roaming\Frfx\firefox.exe\:Zone.Identifier:$DATA	jigsaw.exe
File opened for modification	C:\Users\Admin\Downloads\Nexus-MultiTool-Latest-v4.2.zip:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\Reliant-master.zip:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Reliant.zip:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Ransomware.Unnamed_0.zip:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Xvirus-Tools-1.7.1.zip:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
5348	chrome.exe
5348	chrome.exe
3416	msedge.exe
3416	msedge.exe
4688	msedge.exe
4688	msedge.exe
5052	msedge.exe
5052	msedge.exe
1816	identity_helper.exe
1816	identity_helper.exe
5452	msedge.exe
5452	msedge.exe
5452	msedge.exe
5452	msedge.exe
2160	msedge.exe
2160	msedge.exe
200	msedge.exe
200	msedge.exe
1484	msedge.exe
1484	msedge.exe
4048	msedge.exe
4048	msedge.exe
668	msedge.exe
668	msedge.exe
1820	powershell.exe
1820	powershell.exe
5340	powershell.exe
5340	powershell.exe
3044	chrome.exe
3044	chrome.exe
1644	msedge.exe
1644	msedge.exe
5148	msedge.exe
5148	msedge.exe
2120	identity_helper.exe
2120	identity_helper.exe
5504	msedge.exe
5504	msedge.exe
1572	msedge.exe
1572	msedge.exe
3908	Ransomware.Unnamed_0.exe
3908	Ransomware.Unnamed_0.exe
3908	Ransomware.Unnamed_0.exe
4172	vbc.exe
4172	vbc.exe
4172	vbc.exe
4172	vbc.exe
4172	vbc.exe
4172	vbc.exe
4172	vbc.exe
4172	vbc.exe
4172	vbc.exe
4172	vbc.exe
4172	vbc.exe
4172	vbc.exe
4172	vbc.exe
4172	vbc.exe
4172	vbc.exe
4172	vbc.exe
4172	vbc.exe
4172	vbc.exe
4172	vbc.exe
4172	vbc.exe
4172	vbc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 43 IoCs

pid	Process
5348	chrome.exe
5348	chrome.exe
5348	chrome.exe
5348	chrome.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
5148	msedge.exe
5148	msedge.exe
5148	msedge.exe
5148	msedge.exe
5148	msedge.exe
5148	msedge.exe
5148	msedge.exe
5148	msedge.exe
5148	msedge.exe
5148	msedge.exe
5148	msedge.exe
5148	msedge.exe
5148	msedge.exe
5148	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5348	chrome.exe
Token: SeCreatePagefilePrivilege	5348	chrome.exe
Token: SeShutdownPrivilege	5348	chrome.exe
Token: SeCreatePagefilePrivilege	5348	chrome.exe
Token: SeShutdownPrivilege	5348	chrome.exe
Token: SeCreatePagefilePrivilege	5348	chrome.exe
Token: SeShutdownPrivilege	5348	chrome.exe
Token: SeCreatePagefilePrivilege	5348	chrome.exe
Token: SeShutdownPrivilege	5348	chrome.exe
Token: SeCreatePagefilePrivilege	5348	chrome.exe
Token: SeShutdownPrivilege	5348	chrome.exe
Token: SeCreatePagefilePrivilege	5348	chrome.exe
Token: SeShutdownPrivilege	5348	chrome.exe
Token: SeCreatePagefilePrivilege	5348	chrome.exe
Token: SeShutdownPrivilege	5348	chrome.exe
Token: SeCreatePagefilePrivilege	5348	chrome.exe
Token: SeShutdownPrivilege	5348	chrome.exe
Token: SeCreatePagefilePrivilege	5348	chrome.exe
Token: SeShutdownPrivilege	5348	chrome.exe
Token: SeCreatePagefilePrivilege	5348	chrome.exe
Token: SeShutdownPrivilege	5348	chrome.exe
Token: SeCreatePagefilePrivilege	5348	chrome.exe
Token: SeShutdownPrivilege	5348	chrome.exe
Token: SeCreatePagefilePrivilege	5348	chrome.exe
Token: SeShutdownPrivilege	5348	chrome.exe
Token: SeCreatePagefilePrivilege	5348	chrome.exe
Token: SeShutdownPrivilege	5348	chrome.exe
Token: SeCreatePagefilePrivilege	5348	chrome.exe
Token: SeShutdownPrivilege	5348	chrome.exe
Token: SeCreatePagefilePrivilege	5348	chrome.exe
Token: SeShutdownPrivilege	5348	chrome.exe
Token: SeCreatePagefilePrivilege	5348	chrome.exe
Token: SeShutdownPrivilege	5348	chrome.exe
Token: SeCreatePagefilePrivilege	5348	chrome.exe
Token: SeShutdownPrivilege	5348	chrome.exe
Token: SeCreatePagefilePrivilege	5348	chrome.exe
Token: SeShutdownPrivilege	5348	chrome.exe
Token: SeCreatePagefilePrivilege	5348	chrome.exe
Token: SeShutdownPrivilege	5348	chrome.exe
Token: SeCreatePagefilePrivilege	5348	chrome.exe
Token: SeShutdownPrivilege	5348	chrome.exe
Token: SeCreatePagefilePrivilege	5348	chrome.exe
Token: SeShutdownPrivilege	5348	chrome.exe
Token: SeCreatePagefilePrivilege	5348	chrome.exe
Token: SeShutdownPrivilege	5348	chrome.exe
Token: SeCreatePagefilePrivilege	5348	chrome.exe
Token: SeShutdownPrivilege	5348	chrome.exe
Token: SeCreatePagefilePrivilege	5348	chrome.exe
Token: SeShutdownPrivilege	5348	chrome.exe
Token: SeCreatePagefilePrivilege	5348	chrome.exe
Token: SeShutdownPrivilege	5348	chrome.exe
Token: SeCreatePagefilePrivilege	5348	chrome.exe
Token: SeShutdownPrivilege	5348	chrome.exe
Token: SeCreatePagefilePrivilege	5348	chrome.exe
Token: SeShutdownPrivilege	5348	chrome.exe
Token: SeCreatePagefilePrivilege	5348	chrome.exe
Token: SeShutdownPrivilege	5348	chrome.exe
Token: SeCreatePagefilePrivilege	5348	chrome.exe
Token: SeShutdownPrivilege	5348	chrome.exe
Token: SeCreatePagefilePrivilege	5348	chrome.exe
Token: SeShutdownPrivilege	5348	chrome.exe
Token: SeCreatePagefilePrivilege	5348	chrome.exe
Token: SeShutdownPrivilege	5348	chrome.exe
Token: SeCreatePagefilePrivilege	5348	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
5348	chrome.exe
5348	chrome.exe
5348	chrome.exe
5348	chrome.exe
5348	chrome.exe
5348	chrome.exe
5348	chrome.exe
5348	chrome.exe
5348	chrome.exe
5348	chrome.exe
5348	chrome.exe
5348	chrome.exe
5348	chrome.exe
5348	chrome.exe
5348	chrome.exe
5348	chrome.exe
5348	chrome.exe
5348	chrome.exe
5348	chrome.exe
5348	chrome.exe
5348	chrome.exe
5348	chrome.exe
5348	chrome.exe
5348	chrome.exe
5348	chrome.exe
5348	chrome.exe
5348	chrome.exe
5348	chrome.exe
5348	chrome.exe
5348	chrome.exe
5348	chrome.exe
5348	chrome.exe
5348	chrome.exe
5348	chrome.exe
5348	chrome.exe
5348	chrome.exe
5348	chrome.exe
5348	chrome.exe
5348	chrome.exe
5348	chrome.exe
5348	chrome.exe
5348	chrome.exe
5348	chrome.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
5348	chrome.exe
5348	chrome.exe
5348	chrome.exe
5348	chrome.exe
5348	chrome.exe
5348	chrome.exe
5348	chrome.exe
5348	chrome.exe
5348	chrome.exe
5348	chrome.exe
5348	chrome.exe
5348	chrome.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
5148	msedge.exe
5148	msedge.exe
5148	msedge.exe
5148	msedge.exe
5148	msedge.exe
5148	msedge.exe
5148	msedge.exe
5148	msedge.exe
5148	msedge.exe
5148	msedge.exe
5148	msedge.exe
5148	msedge.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
5364	OpenWith.exe
5364	OpenWith.exe
5364	OpenWith.exe
5364	OpenWith.exe
5364	OpenWith.exe
5176	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5348 wrote to memory of 3984	5348	chrome.exe	79
PID 5348 wrote to memory of 3984	5348	chrome.exe	79
PID 5348 wrote to memory of 2396	5348	chrome.exe	80
PID 5348 wrote to memory of 2396	5348	chrome.exe	80
PID 5348 wrote to memory of 2396	5348	chrome.exe	80
PID 5348 wrote to memory of 2396	5348	chrome.exe	80
PID 5348 wrote to memory of 2396	5348	chrome.exe	80
PID 5348 wrote to memory of 2396	5348	chrome.exe	80
PID 5348 wrote to memory of 2396	5348	chrome.exe	80
PID 5348 wrote to memory of 2396	5348	chrome.exe	80
PID 5348 wrote to memory of 2396	5348	chrome.exe	80
PID 5348 wrote to memory of 2396	5348	chrome.exe	80
PID 5348 wrote to memory of 2396	5348	chrome.exe	80
PID 5348 wrote to memory of 2396	5348	chrome.exe	80
PID 5348 wrote to memory of 2396	5348	chrome.exe	80
PID 5348 wrote to memory of 2396	5348	chrome.exe	80
PID 5348 wrote to memory of 2396	5348	chrome.exe	80
PID 5348 wrote to memory of 2396	5348	chrome.exe	80
PID 5348 wrote to memory of 2396	5348	chrome.exe	80
PID 5348 wrote to memory of 2396	5348	chrome.exe	80
PID 5348 wrote to memory of 2396	5348	chrome.exe	80
PID 5348 wrote to memory of 2396	5348	chrome.exe	80
PID 5348 wrote to memory of 2396	5348	chrome.exe	80
PID 5348 wrote to memory of 2396	5348	chrome.exe	80
PID 5348 wrote to memory of 2396	5348	chrome.exe	80
PID 5348 wrote to memory of 2396	5348	chrome.exe	80
PID 5348 wrote to memory of 2396	5348	chrome.exe	80
PID 5348 wrote to memory of 2396	5348	chrome.exe	80
PID 5348 wrote to memory of 2396	5348	chrome.exe	80
PID 5348 wrote to memory of 2396	5348	chrome.exe	80
PID 5348 wrote to memory of 2396	5348	chrome.exe	80
PID 5348 wrote to memory of 2396	5348	chrome.exe	80
PID 5348 wrote to memory of 1028	5348	chrome.exe	81
PID 5348 wrote to memory of 1028	5348	chrome.exe	81
PID 5348 wrote to memory of 3568	5348	chrome.exe	82
PID 5348 wrote to memory of 3568	5348	chrome.exe	82
PID 5348 wrote to memory of 3568	5348	chrome.exe	82
PID 5348 wrote to memory of 3568	5348	chrome.exe	82
PID 5348 wrote to memory of 3568	5348	chrome.exe	82
PID 5348 wrote to memory of 3568	5348	chrome.exe	82
PID 5348 wrote to memory of 3568	5348	chrome.exe	82
PID 5348 wrote to memory of 3568	5348	chrome.exe	82
PID 5348 wrote to memory of 3568	5348	chrome.exe	82
PID 5348 wrote to memory of 3568	5348	chrome.exe	82
PID 5348 wrote to memory of 3568	5348	chrome.exe	82
PID 5348 wrote to memory of 3568	5348	chrome.exe	82
PID 5348 wrote to memory of 3568	5348	chrome.exe	82
PID 5348 wrote to memory of 3568	5348	chrome.exe	82
PID 5348 wrote to memory of 3568	5348	chrome.exe	82
PID 5348 wrote to memory of 3568	5348	chrome.exe	82
PID 5348 wrote to memory of 3568	5348	chrome.exe	82
PID 5348 wrote to memory of 3568	5348	chrome.exe	82
PID 5348 wrote to memory of 3568	5348	chrome.exe	82
PID 5348 wrote to memory of 3568	5348	chrome.exe	82
PID 5348 wrote to memory of 3568	5348	chrome.exe	82
PID 5348 wrote to memory of 3568	5348	chrome.exe	82
PID 5348 wrote to memory of 3568	5348	chrome.exe	82
PID 5348 wrote to memory of 3568	5348	chrome.exe	82
PID 5348 wrote to memory of 3568	5348	chrome.exe	82
PID 5348 wrote to memory of 3568	5348	chrome.exe	82
PID 5348 wrote to memory of 3568	5348	chrome.exe	82
PID 5348 wrote to memory of 3568	5348	chrome.exe	82
PID 5348 wrote to memory of 3568	5348	chrome.exe	82
PID 5348 wrote to memory of 3568	5348	chrome.exe	82

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/AtomTools/Multi-tools
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd45b2cc40,0x7ffd45b2cc4c,0x7ffd45b2cc58
  2⤵
  PID:3984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1756,i,10883602432098356178,7087269552747376959,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1752 /prefetch:2
  2⤵
  PID:2396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2028,i,10883602432098356178,7087269552747376959,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2092 /prefetch:3
  2⤵
  PID:1028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2164,i,10883602432098356178,7087269552747376959,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2180 /prefetch:8
  2⤵
  PID:3568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3064,i,10883602432098356178,7087269552747376959,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3096 /prefetch:1
  2⤵
  PID:5556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3088,i,10883602432098356178,7087269552747376959,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:5608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4460,i,10883602432098356178,7087269552747376959,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4348 /prefetch:8
  2⤵
  PID:4136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4808,i,10883602432098356178,7087269552747376959,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4876 /prefetch:1
  2⤵
  PID:4692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4716,i,10883602432098356178,7087269552747376959,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3676 /prefetch:1
  2⤵
  PID:5952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5068,i,10883602432098356178,7087269552747376959,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5128 /prefetch:8
  2⤵
  - NTFS ADS
  PID:5768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5656,i,10883602432098356178,7087269552747376959,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5684 /prefetch:8
  2⤵
  - NTFS ADS
  PID:5788

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:224

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1960

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5196

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\Xvirus-Tools-1.7.1\setup.bat" "
1⤵
PID:4324
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /K start.bat
  2⤵
  PID:5372
- - C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
    python Xvirus.py
    3⤵
    PID:3956
- - C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
    python Xvirus.py
    3⤵
    PID:3788

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\Xvirus-Tools-1.7.1\start.bat" "
1⤵
PID:564
- C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
  python Xvirus.py
  2⤵
  PID:1064

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\Xvirus-Tools-1.7.1\start.bat" "
1⤵
PID:5392
- C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
  python Xvirus.py
  2⤵
  PID:1368

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\Xvirus-Tools-1.7.1\setup.bat" "
1⤵
PID:5448
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /K start.bat
  2⤵
  PID:5480
- - C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
    python Xvirus.py
    3⤵
    PID:4104

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5364

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\Nexus-MultiTool-main\setup.bat" "
1⤵
PID:6008

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xe0,0x10c,0x7ffd456d3cb8,0x7ffd456d3cc8,0x7ffd456d3cd8
  2⤵
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1852,15557589832230315400,14854510489420890101,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1856 /prefetch:2
  2⤵
  PID:3352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1852,15557589832230315400,14854510489420890101,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1852,15557589832230315400,14854510489420890101,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2536 /prefetch:8
  2⤵
  PID:3368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,15557589832230315400,14854510489420890101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:3324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,15557589832230315400,14854510489420890101,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:3376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,15557589832230315400,14854510489420890101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4612 /prefetch:1
  2⤵
  PID:2096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,15557589832230315400,14854510489420890101,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4640 /prefetch:1
  2⤵
  PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1852,15557589832230315400,14854510489420890101,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3296 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5052
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1852,15557589832230315400,14854510489420890101,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4156 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,15557589832230315400,14854510489420890101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:3332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,15557589832230315400,14854510489420890101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
  2⤵
  PID:3956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,15557589832230315400,14854510489420890101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1
  2⤵
  PID:3152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,15557589832230315400,14854510489420890101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
  2⤵
  PID:5308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,15557589832230315400,14854510489420890101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
  2⤵
  PID:2460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,15557589832230315400,14854510489420890101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
  2⤵
  PID:4188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,15557589832230315400,14854510489420890101,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
  2⤵
  PID:4448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,15557589832230315400,14854510489420890101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:1
  2⤵
  PID:3176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,15557589832230315400,14854510489420890101,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1
  2⤵
  PID:4072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1852,15557589832230315400,14854510489420890101,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5920 /prefetch:8
  2⤵
  PID:2160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,15557589832230315400,14854510489420890101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
  2⤵
  PID:1064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,15557589832230315400,14854510489420890101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4812 /prefetch:1
  2⤵
  PID:1240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,15557589832230315400,14854510489420890101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
  2⤵
  PID:5192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,15557589832230315400,14854510489420890101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6796 /prefetch:1
  2⤵
  PID:6096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1852,15557589832230315400,14854510489420890101,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6124 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1852,15557589832230315400,14854510489420890101,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4752 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:2160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,15557589832230315400,14854510489420890101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
  2⤵
  PID:3844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1852,15557589832230315400,14854510489420890101,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6036 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,15557589832230315400,14854510489420890101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6576 /prefetch:1
  2⤵
  PID:3376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1852,15557589832230315400,14854510489420890101,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3472 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:1484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,15557589832230315400,14854510489420890101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
  2⤵
  PID:4972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1852,15557589832230315400,14854510489420890101,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2760 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:4048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,15557589832230315400,14854510489420890101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1
  2⤵
  PID:5508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1852,15557589832230315400,14854510489420890101,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6596 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:668

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1076

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4204

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Discord-Gen-Bot-main\Discord-Gen-Bot-main\setup.bat" "
1⤵
PID:1744

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Discord-Gen-Bot-main\Discord-Gen-Bot-main\start.bat" "
1⤵
PID:5584

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\Nexus-MultiTool-main\setup.bat" "
1⤵
PID:332

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Reliant\Reliant.bat" "
1⤵
PID:4796
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c "prompt #$H#$E# & echo on & for %b in (1) do rem"
  2⤵
  PID:5220
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell -nologo -noprofile -command "Invoke-WebRequest 'https://arcanecici.github.io/Reliant/updates.txt' -OutFile 'C:\Users\Admin\Downloads\Reliant\assets\updater\updates.txt'"
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  PID:1820

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Shrek-Tools\Setup.bat" "
1⤵
PID:5980
- C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
  python --version
  2⤵
  PID:708

C:\Users\Admin\Downloads\Shrek-Tools\chromedriver.exe
"C:\Users\Admin\Downloads\Shrek-Tools\chromedriver.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:924

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Shrek-Tools\utilities\Start.bat" "
1⤵
PID:1104
- C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
  python Menu.py
  2⤵
  PID:6020

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Reliant-master\Reliant-master\Reliant.bat" "
1⤵
PID:6060
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c "prompt #$H#$E# & echo on & for %b in (1) do rem"
  2⤵
  PID:1596
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell -nologo -noprofile -command "Invoke-WebRequest 'https://arcanecici.github.io/Reliant/updates.txt' -OutFile 'C:\Users\Admin\Downloads\Reliant-master\Reliant-master\assets\updater\updates.txt'"
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  PID:5340

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\Nexus-MultiTool-main\setup.bat" "
1⤵
PID:4400

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:3044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd45b2cc40,0x7ffd45b2cc4c,0x7ffd45b2cc58
  2⤵
  PID:1360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1824,i,7302620359609333889,15617760207043342891,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1820 /prefetch:2
  2⤵
  PID:1028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1804,i,7302620359609333889,15617760207043342891,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2044 /prefetch:3
  2⤵
  PID:4780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2204,i,7302620359609333889,15617760207043342891,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1948 /prefetch:8
  2⤵
  PID:4440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3080,i,7302620359609333889,15617760207043342891,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:1032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3144,i,7302620359609333889,15617760207043342891,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:2388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3068,i,7302620359609333889,15617760207043342891,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4460 /prefetch:1
  2⤵
  PID:1876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4288,i,7302620359609333889,15617760207043342891,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4348 /prefetch:8
  2⤵
  PID:5680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4580,i,7302620359609333889,15617760207043342891,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4564 /prefetch:8
  2⤵
  PID:3056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4596,i,7302620359609333889,15617760207043342891,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4768 /prefetch:8
  2⤵
  PID:3416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4732,i,7302620359609333889,15617760207043342891,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4748 /prefetch:8
  2⤵
  PID:1344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4116,i,7302620359609333889,15617760207043342891,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4976 /prefetch:1
  2⤵
  PID:3008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5048,i,7302620359609333889,15617760207043342891,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1120 /prefetch:8
  2⤵
  PID:5372

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3892

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2792

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
1⤵
PID:6080

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:5148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffd456d3cb8,0x7ffd456d3cc8,0x7ffd456d3cd8
  2⤵
  PID:2776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1836,7513727630755214648,5757480653219524812,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1808 /prefetch:2
  2⤵
  PID:1520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1836,7513727630755214648,5757480653219524812,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1836,7513727630755214648,5757480653219524812,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2552 /prefetch:8
  2⤵
  PID:3700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,7513727630755214648,5757480653219524812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:2820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,7513727630755214648,5757480653219524812,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:5572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,7513727630755214648,5757480653219524812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4100 /prefetch:1
  2⤵
  PID:2880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,7513727630755214648,5757480653219524812,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4168 /prefetch:1
  2⤵
  PID:8
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,7513727630755214648,5757480653219524812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4108 /prefetch:1
  2⤵
  PID:3900
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1836,7513727630755214648,5757480653219524812,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5412 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1836,7513727630755214648,5757480653219524812,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4080 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,7513727630755214648,5757480653219524812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
  2⤵
  PID:2652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,7513727630755214648,5757480653219524812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3492 /prefetch:1
  2⤵
  PID:4932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,7513727630755214648,5757480653219524812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
  2⤵
  PID:716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,7513727630755214648,5757480653219524812,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
  2⤵
  PID:4832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,7513727630755214648,5757480653219524812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3936 /prefetch:1
  2⤵
  PID:1048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,7513727630755214648,5757480653219524812,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
  2⤵
  PID:2568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,7513727630755214648,5757480653219524812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1728 /prefetch:1
  2⤵
  PID:3324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1836,7513727630755214648,5757480653219524812,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5320 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:1572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,7513727630755214648,5757480653219524812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6404 /prefetch:1
  2⤵
  PID:4032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1836,7513727630755214648,5757480653219524812,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6540 /prefetch:8
  2⤵
  - NTFS ADS
  PID:5392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1836,7513727630755214648,5757480653219524812,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5556 /prefetch:8
  2⤵
  - NTFS ADS
  PID:4712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,7513727630755214648,5757480653219524812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
  2⤵
  PID:248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1836,7513727630755214648,5757480653219524812,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6584 /prefetch:8
  2⤵
  - NTFS ADS
  PID:2448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1836,7513727630755214648,5757480653219524812,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2348 /prefetch:2
  2⤵
  PID:5656

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3908

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4784

C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.Unnamed_0.zip\Ransomware.Unnamed_0.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.Unnamed_0.zip\Ransomware.Unnamed_0.exe"
1⤵
- Drops startup file
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:3908
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\g3jod5oy\g3jod5oy.cmdline"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3356
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
    C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES57B4.tmp" "c:\Users\Admin\AppData\Local\Temp\g3jod5oy\CSCA2DFD5215D9648CD939BC6EC943E8E8F.TMP"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:464
- C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
  "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:4172
- - C:\Windows\notepad.exe
    "C:\Windows\notepad.exe" -c "C:\Users\Admin\AppData\Local\JesYXqkYNx\cfg"
    3⤵
    PID:1400

C:\Users\Admin\Downloads\Ransomware.Jigsaw\jigsaw.exe
"C:\Users\Admin\Downloads\Ransomware.Jigsaw\jigsaw.exe"
1⤵
- Adds Run key to start application
- NTFS ADS
PID:4896
- C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe
  "C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe" C:\Users\Admin\Downloads\Ransomware.Jigsaw\jigsaw.exe
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:4488

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5176

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.fun

Filesize
32KB

MD5
829165ca0fd145de3c2c8051b321734f

SHA1
f5cc3af85ab27c3ea2c2f7cbb8295b28a76a459e

SHA256
a193ee2673e0ba5ebc5ea6e65665b8a28bd7611f06d2b0174ec2076e22d94356

SHA512
7d380cda12b342a770def9d4e9c078c97874f3a30cd9f531355e3744a8fef2308f79878ffeb12ce26953325cb6a17bc7e54237dfdc2ee72b140ec295676adbcb

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\invalid32x32.gif.fun

Filesize
160B

MD5
580ee0344b7da2786da6a433a1e84893

SHA1
60f8c4dd5457e9834f5402cb326b1a2d3ca0ba7e

SHA256
98b6c2ddfefc628d03ceaef9d69688674a6bc32eb707f9ed86bc8c75675c4513

SHA512
356d2cdea3321e894b5b46ad1ea24c0e3c8be8e3c454b5bd300b7340cbb454e71fc89ca09ea0785b373b483e67c2f6f6bb408e489b0de4ff82d5ed69a75613ba

Download Submit
C:\ProgramData\Microsoft\Windows\LfSvc\Geofence\GeofenceApplicationID.dat.fun

Filesize
16B

MD5
8ebcc5ca5ac09a09376801ecdd6f3792

SHA1
81187142b138e0245d5d0bc511f7c46c30df3e14

SHA256
619e246fc0ac11320ff9e322a979948d949494b0c18217f4d794e1b398818880

SHA512
cec50bfc6ad2f57f16da99459f40f2d424c6d5691685fa1053284f46c8c8c8a975d7bcb1f3521c4f3fbdc310cf4714e29404aa23be6021e2e267c97b090dc650

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe

Filesize
283KB

MD5
2773e3dc59472296cb0024ba7715a64e

SHA1
27d99fbca067f478bb91cdbcb92f13a828b00859

SHA256
3ae96f73d805e1d3995253db4d910300d8442ea603737a1428b613061e7f61e7

SHA512
6ef530b209f8ec459cca66dbf2c31ec96c5f7d609f17fa3b877d276968032fbc6132ea4a45ed1450fb6c5d730a7c9349bf4481e28befaea6b119ec0ded842262

Download Submit
C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe:Zone.Identifier

Filesize
86B

MD5
1d726d00a7033a5dab753d6012eee269

SHA1
0eec68c618a8c4d44299dfb8415b9add0eb03863

SHA256
fcce59c5531bcd9542bc0fcd0427669e9527e71384a83a31199d91f157a01928

SHA512
c50f27a7ed7f26f928fe740d4086c863e7a3c5e86d85cd99ccb83534e6d58b662cd0e4608ac4729774d7028cd4b62e38349e94c67c80a8ecec9c5d637b1b0a3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
1eb34c97499d5de69f067ed37f2a3a5c

SHA1
0f9e5c1792e5c8e03075f09c7b15af959d73b38b

SHA256
d1f4804c565d6079ee2472b8c87f2a37dc7d3836c1fc4186d309fe79b74ef124

SHA512
240db569ceecba6bdd8131d2bd0cf07ae24aaccbcdbea5076d7110d557419d055173212ef63d81f16ffcb765f2d9afab552924115eb05fdbed991b3cddf04727

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
0a83de56722249e03fd7fde2833e2f6a

SHA1
081e5eaf8e93b1e9a160a09e78c94df5effc007d

SHA256
2a5b4888da5ee3279179d34daadb0491411ad884da0fc23208ab167fee4e2be7

SHA512
c1a7c382bc223a8c20a164b9de0ab38d9d54ddbd3ed40665f979f574cbe2f194cc4b6f126f661cc02c955f8e574a626795b9a58db2fa853688a16b7d0ca9c303

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
37KB

MD5
1b6703b594119e2ef0f09a829876ae73

SHA1
d324911ee56f7b031f0375192e4124b0b450395e

SHA256
0a8d23eceec4035c56dcfea9505de12a3b222bac422d3de5c15148952fec38a0

SHA512
62b38dd0c1cfb92daffd30d2961994aef66decf55a5c286f2274b725e72e990fa05cae0494dc6ad1565e4fbc88a6ddd9685bd6bc4da9100763ef268305f3afe2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000003

Filesize
20KB

MD5
a6f79c766b869e079daa91e038bff5c0

SHA1
45a9a1e2a7898ed47fc3a2dc1d674ca87980451b

SHA256
d27842b8823f69f4748bc26e91cf865eceb2a4ec60258cbca23899a9aef8c35a

SHA512
ed56aaa8229e56142ffa5eb926e4cfa87ac2a500bfa70b93001d55b08922800fe267208f6bd580a16aed7021a56b56ae70dae868c7376a77b08f1c3c23d14ab7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004

Filesize
37KB

MD5
7d5e7a78ee541dabdfc8e6dd88336d05

SHA1
f77828679e7c7c76c5efc2790ad1cad935ea7000

SHA256
d17ba43fc0287d5c6238d78921c89db344c3970808d07d6f51bad70161da0bd2

SHA512
f197be9fb96ff55703acfa3d184e0de2773fdee0b94ac566840179d6f9390c384c641a0a06c4daf22d6fa0030790dc5892444165e8da437c831cc2c258bc82c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
24KB

MD5
e9085bbce2730ad18477a5e6b2a053e5

SHA1
81b04f132e7c01d796d1730cace6a922eed47c5f

SHA256
0d3da8c2f0f202ed280cfc0ce71a43264f3793e1f7d5a837822ebed5ee1af188

SHA512
80f905992a6be57b31da4e63f69674a2c9a3c3f0e8c182103afd12d60d689936c5ac76a32bc809b672c564b9b65f1608960be800e72ce058842c698d1bea9fe8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
18KB

MD5
2e23d6e099f830cf0b14356b3c3443ce

SHA1
027db4ff48118566db039d6b5f574a8ac73002bc

SHA256
7238196a5bf79e1b83cacb9ed4a82bf40b32cd789c30ef790e4eac0bbf438885

SHA512
165b1de091bfe0dd9deff0f8a3968268113d95edc9fd7a8081b525e0910f4442cfb3b4f5ac58ecfa41991d9dcabe5aa8b69f7f1c77e202cd17dd774931662717

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
17KB

MD5
4859fe9009aa573b872b59deb7b4b71a

SHA1
77c61cbe43af355b89e81ecc18567f32acf8e770

SHA256
902bb25ea8a4d552bc99dea857df6518eb54f14ffa694f2618300212a8ce0baa

SHA512
6f12570d2db894f08321fdb71b076f0a1abe2dba9dca6c2fbe5b1275de09d0a5e199992cc722d5fc28dad49082ee46ea32a5a4c9b62ad045d8c51f2b339348be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
23KB

MD5
6c8bb8a9f68c7a901cba999975d07231

SHA1
e9f9b5ef0271fc9a43b9cf50c344f62186b038dc

SHA256
331de87ff40405a85bfc4e57f3bbaaaefdedd16983e18e02144d762c07070957

SHA512
c6d4745871cd0ee8f5208ac2129df5e945a7807f7ed65103ba2f887217ab1daf6777351a786a884f462f7ec17280492879c21faa28972a8648de508cf995b6a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
59KB

MD5
25534ad5d9d998a5d25f3cc598f41fbc

SHA1
66c6233f973376a42e3b1ae80d8530244164e41b

SHA256
923cce0c041c93155bc962ff43c5d3189a7352800c67206ef03dea996f3afd93

SHA512
42a81f8703a92d2c96d2a2d210e6396a931e9cf6d701d6df36e86e2957d83042d287361ab19b879ccbd66b1e62e122512a55774d5685b886c72323a27a59561f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
53KB

MD5
cfff8fc00d16fc868cf319409948c243

SHA1
b7e2e2a6656c77a19d9819a7d782a981d9e16d44

SHA256
51266cbe2741a46507d1bb758669d6de3c2246f650829774f7433bc734688a5a

SHA512
9d127abfdf3850998fd0d2fb6bd106b5a40506398eb9c5474933ff5309cdc18c07052592281dbe1f15ea9d6cb245d08ff09873b374777d71bbbc6e0594bde39b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
144KB

MD5
fc5aecb42adee9ae58e9c43c3c9d221d

SHA1
efee94896bb4823e20ddba7c44f1557b5354d205

SHA256
ef62057c9347494ee2788065b7cbad7931adf6893f6c27d66cec046a2994fd24

SHA512
60ecf396fdf08e268caae64fc723aac0dc6b0a6ce178b92eb4e784248fb71758b8210f348b98153530c61b89732987b937374dcabc32a15f33aa90118ed65d7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
20KB

MD5
babc647deb39b98406ff27d971b71f05

SHA1
fcb43685cd12fb447020eff89f1987c1bab9786a

SHA256
3a02d769507cd721b3c38da2c5e522ce87960c709d2acb60053a68e9bac62b66

SHA512
3a5f5efaad7594abcbdb1c4f7c816691b4015b3f17ccd6dadaac51da9fa80525d14cdc41afbdb3b5d1140756bee7f4692027343e84b5316ae117aa92026489df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
37KB

MD5
97edd91866f66df1b9e540f76fa6a030

SHA1
17b7c05b6b82fb74eaa02741399f8c01016f46c3

SHA256
6f74e794dae2e57c0d50ac89b83b1cf1426711588200893edc6f2cebc9626390

SHA512
ed0ac2136d96d01d62afa7cef6dc61da3ad4f0dfefa9bb55cd19ddf53b01f1365953ae0355ffed75f3595f48ff3c6bbab25eb04e75535523678c153500924453

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
20KB

MD5
938a7a50fa4d288dcce25a70a94a25b7

SHA1
c59996246ee374a9f4853c9d24315d64ddb51b22

SHA256
d38fac30d5d7db7ea5a0fe0208a457f05c296b9037a61608ceb9c8deb5613a0d

SHA512
438c092ddca42fb19642436e225e6e4f181e98f758d2d60ab4a537bc68ea8655bef5d15137db61912799307a6fe33d4d0111a0d5461bf9b85df8e2ba0f9623f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
339KB

MD5
32ee1796142043c1096d842c12dca802

SHA1
94991b887b6c1680241ad5ecff5781795070bedf

SHA256
3616cca94ceea13addf3704fa003bc4df30918c563d28f8bb5fff8b55213ad40

SHA512
4430f9f6c728db6c6e78c7d1b0ae5f64f51e6ba1c9aaa4ebbb380c722513816bf6c64db76d6f661618d78c0572621eda586fc03848cf0bebf67836b44e00c9df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000027

Filesize
213KB

MD5
f942900ff0a10f251d338c612c456948

SHA1
4a283d3c8f3dc491e43c430d97c3489ee7a3d320

SHA256
38b76a54655aff71271a9ad376ac17f20187abd581bf5aced69ccde0fe6e2fd6

SHA512
9b393ce73598ed1997d28ceeddb23491a4d986c337984878ebb0ae06019e30ea77448d375d3d6563c774856d6bc98ee3ca0e0ba88ea5769a451a5e814f6ddb41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\31f67a59e91dffa8_0

Filesize
318B

MD5
1bcee40057f9b911478191158addf800

SHA1
330df5354c6598c6ac568f20de585b1548e69db2

SHA256
60a97a6058e4cc96baf6e771f2b27fa60d5396d028a6095fcd13c3060e0b43ed

SHA512
93db2a4c5195be95982434a6e6b9cd97c7ad9b76bdeb1498b358e337d460e3d42aa9259398afbd325f9bfe5742d40c235f54aa34de21a5148fc2b0421e5d2687

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\427075385d94c9da_0

Filesize
14KB

MD5
536a7cd4fbd9d7781742f7c9d23cecb3

SHA1
a407a93703e142474c4a53384954094d3a3299ea

SHA256
b6b5c5d7361d07d9922d32712e55c5fe8ce66fcde1fd2b56e8a13811c768cee4

SHA512
67bf108b0449c2c4b1dd75a38785bf8889267cba1cacd675ae81c9e95174b30fe3e04f5c0eb89520df6c2c7f2160f08707a6ffdac5b015c7af8948b2797549b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\4bc6bf5847160a1a_0

Filesize
12KB

MD5
b2d90c4ed43919a3f58b6cdf4700a5a0

SHA1
6fad218e91acc2499193ff8ef7d76a479383f524

SHA256
946a54bbd486384b386e1211ff15a36d6e19f86e400e752ccd27f7ea682b6abc

SHA512
ad86ea00df754779a6a121badd19c1552f04595ec0883913b8923feed415abb5afe9a374941add165f3c561d54c7bedca0c008e64daf0d85f158ea37bf1236f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\67d5aaf96cdd429d_0

Filesize
8KB

MD5
2177f087e2fbbf3ce4186dd94b93466d

SHA1
68144caa2933c3d92ce664a074b25a7e84c04179

SHA256
a1a12fe1d31de24558c1ffe6a68a2dd555831ec6e07e2460354cedccedb71414

SHA512
c3d6f347e2d6887a35931c5231f25773398c52fedba502b6f0f0edf5a071694e7310a30ef24dac4f0be71cd9c0e5c9bd7c6adab9950f0e10204edb457ffc9396

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\79a4e9dbb6f4b80d_0

Filesize
8KB

MD5
a7220b59590d9f07c1cb12880166c118

SHA1
971b9b71e84325e7144c1f9d5b19d8fded49b7cb

SHA256
a9de7aaa9682f40645c425e4144bbc2d2f2824aabb4a6f551d15029a3f82983e

SHA512
9b117b5e19a1d637de7db8c615e2a89d43630dcdf8baf19b9d98c7f2c25472862395b9514735da04d64c8b97d6dce3e1ea079684ab381817ecaecefaac1bb969

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\a012144762675e0f_0

Filesize
1KB

MD5
f5dd829b454c61c3dcb0533faeb5dfa1

SHA1
5a8326d3b85fd977d334af7b99eeabbda04bde7c

SHA256
92e41a945a9ac121194f53dcc9ac47e8c4113265cc336193185bba026857e281

SHA512
77d7506c299e82602644f345d9c8f9af0d5ff359a7cacba3974408263df89403277afd187b7c9528e692f1064d3e7a3e3f50a177ca116b22cefe9647a3ecb8c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\a6dc1aea3c672f68_0

Filesize
2KB

MD5
6125196f4e65e4266953157bcbbb794c

SHA1
6a8f2286817b9e7c78f5e27f733247bded11e943

SHA256
d63b3ce872469d0782e3c5a7cfce56f6d457de635397d42578fbd88b16019f69

SHA512
84e3efa330a10e6df655fefdf8957d92ded62124a05022382f81aecc95e4daa53e11a45ee56819f37696900fb7cac73bc86da1d82c89c5f87341827defefdfa9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\bdef780674ba2b27_0

Filesize
36KB

MD5
affcb44109f1b44eefd802571ffa17e9

SHA1
25f7a9b734279d6ea1deac81076ab1c3aa5c6605

SHA256
a64d69a5c66b3603e8e9a8e59f471ba68b72f87acbb37ae99d064b397d8b3d2b

SHA512
4cd05039f37bfcecb20cefaf43aae2a158c40712c14d86f9f825dca89392210c7b463f07e7f7a13a4474c9c4f7db9edab3334d40c792b503803ae9b39a971717

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\bf7f7dc6dda4e326_0

Filesize
33KB

MD5
4b03a5ca279f5159286a688eec8a1e21

SHA1
f92c7d5119d95690b6752ce8d69a75931e980e94

SHA256
ec73761733cd5528733a5f99158f0305c1cc20cec8f2207871bf6ddb2c111b2c

SHA512
09b73d5391098c08c81d2aeb84de945443d0f250c95e5595b4a66d5b92a190a621ce4c89bab227a3a473f13f4f4cf5d6f9f48ef2ab3b05b4e46ed9b19443a290

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\c4f2da4e4b4dba36_0

Filesize
324B

MD5
d2278197ef985938498caedfdafeac11

SHA1
ba3985cbf3536fd7f68ac84cb7287287d153958a

SHA256
5bf88ced00986a910d9cd2220d7a11195e767d4e2d7632d6991be4f1067be922

SHA512
db586546c5e625b9feabaaf694509367dcb3f767754612a91472665fde3696b05a529ad9cd6cf9238d33d98a0f6e68122f378007e60fc3f5f9702cd454a0a64d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\cb307b4160083434_0

Filesize
2KB

MD5
39476231d830e2d039af820beae98955

SHA1
2a9addb3ead28bab673797a6601e2608d37d8f34

SHA256
22de2071c5639b3ed62d4c330623b6d8a613db0ec0e4ba6049c3aa6f7ccbe8a4

SHA512
2574685b2d1498e2d4dbd97fe46ea5b1dd45802c2cdf373c84876d577516f68213968bcab6cc7566e61937daab82470cc8ce0d281da47630ec365280213f34f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\d5667bf87cc6b1b8_0

Filesize
1KB

MD5
52959de75b5f72b02c4e9bbc420a8791

SHA1
8438a758f8a8b907344dd511934c116ccdf99034

SHA256
41a85d003391d24e331b8c0b25abcd5177fd7a9a53a8852fa8b5b937e3509035

SHA512
83a0ee4bf1a6a004ed95ba406c1faec41fdd52a94a564e9be7287a25a75dd2e2b217be42f0c4dedfdca53d59de0e0184b74ce9388d3c0152110d56157d9e0454

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\d6ee81079c1cbac4_0

Filesize
2KB

MD5
ba405192080a217f34641a2e8b019b6d

SHA1
3bb6e77f9b324f729e45b5ebfd4478b9099265aa

SHA256
0b5dcafc5c200c2fb6a5eff2e5a62e62df2cb2b72b42e94d59551089d3a6a79b

SHA512
5538a74ac7cfdb92f73ae26baa22e973cf145294f89a446d898cd9e2ffbed2ff33f929642faf6e49ced6b2faa01af53b0bc3fb7f6cefd138d2fef6a9c290c36c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
fe73442e9b4207d7fa7fb838562e2136

SHA1
7b7b0a7ebc519b9e0396577e6fa9289ff74ac792

SHA256
806fdd039d8d291c2a8fbe7b3441dc75cb4c6db9b994503d6ead78002d57a166

SHA512
596da306f126dc87338d118fbdc291105a28a72bb7523fa36f01a6fe5ca6013a407bae43da1bad6a17063c38d700137bf0676fdd2637527b0d4d8d5e8c61272d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
08d36c3fc79374c204f2183a3fdc0397

SHA1
48a3802c0bc57b51aed02bf0cd9c5b8fd9cc2128

SHA256
12d58c90eef77a70499de3278fd4f9d92522e62de1f93d656a95e5e5528d97eb

SHA512
6e6e1e7daa17625dd62335d76ae09b7a7b2e72d5edc3b6222d3096308efcc82a45819445eef82206181d62777700d2c83a9bc6c1f8b67ee04601ca9dae8922b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
f0ae2fd1e2f853694808550fc2ffa246

SHA1
2a4fd26dd38ee038de278d364b88a79df42128ee

SHA256
5013af08cd030b35328ecb611bf10ae116fb16c8a8a5e96602431d17d94b2929

SHA512
f80af773feded2158af670ff69a73a32127e1feafacecc1c1163141a31bd37e21eaac4eb95380fc614f2c895fe28c810f5c65d3594c53d7f0ebb1e4965683798

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
e66c10c5e49f27531004c8216158979e

SHA1
cfb6740a45bd68cee8f0c972f8b609be736713be

SHA256
a69f422088ebbb85af9f23bb3cc35d885179197f39ec77e8f62cfea393187c89

SHA512
a7bce41686c7262dbbafb6db7db76227a7560b884101dd59a40bddf689c1ff08611c1d31347d9cce1dd623b02b89ee4a74ae69f8fbec7b6dd11f7b687dff3075

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
5130692adb443af2acf15ec98ed6fa0f

SHA1
9d3f3d64d81da2619ceef6ad4143a762838f7067

SHA256
8a997c0414b37213ed033a4dbbe50d287ae0ab0e316e0ae2397f23ad2703e140

SHA512
5950872e009516b198ba5badf4741917fed62e7918012abd5e82f82865577c6cf46e555f317b9bb8424c716df184e0ce180e2dfdcb35372aa103ae5f579282a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
138683b012438a6a6b9f6a9df04f71c3

SHA1
990e5f25fb6afdfdabf1b8e2dca85b16f7d9af5a

SHA256
8bf9c72cbec6f537cfe30d9da601f76babb35cd85202465a8e1b84cdfba76af2

SHA512
4aa4cd9ede5c333b39faaf3379c511704a0380b9f1ac787f753726334e524a9d2921c2cebc3b9ccd5c2c2ddbb90aa9be794a27038386c2c0863f0377cf708501

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
0202bef359094e6aa7d659525ea050f2

SHA1
ea622fd607f7b9b78836e24c203c7b64a342fa95

SHA256
d648699b2be28bbed30c30af455273f9855f38552cd836db7ecafad60760bcee

SHA512
d41a0dea9e4f912c044e7aa329ee12b6bff2bd4d3cf9096c0d4583cad1c389cc472f3483381d3adf4f4fda486aa5549981f4a42ee090217328e45a87387117c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0bb369685597c5fdc7ab68f1c3fa2b98

SHA1
c60321e1349669983860d2e290261e77f241fa5f

SHA256
270a0b6c17f07486e6850f0001821950809acea753256da7559c3ad34181d1ac

SHA512
501830a5a9a242c1644af0dc2039949cb3365ffa377ca3f8fb8c49c7bfa7a4b9473eb5b2de894caddba5896119875aec4c22cafd0c46288d9a4e5de3f020966c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d134aee5c40b355c1d06e2aecdba374e

SHA1
d73ae853c291113b67d3a9239662bd37d6724de2

SHA256
b0b2d96c205cc6963820ea4eba6a81221eae8709a401ebf82cf6423f444a3f00

SHA512
ad4ca59f3800925f9d51f6642e249ab032c3430b38453810baae4fbd1bab665451aee971fe74f93487c0fd3ec05aceeb57b5b686718ff9bac958e545cba1d441

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
95b1ea6d108210b29ba1c65c2746000a

SHA1
8b08fd1f7671e30d4eab316a5b87570425e3fbc1

SHA256
7cb8a15fc2e52938530cf4b54368050a458e8f0c7d0dd72d2b722a6819b1751c

SHA512
a2aebc49db57260d418324ceeaf886b871ccf900b5264375518369ec0ccbb618e3f2c6da9a01feb4cad64b9f94fc73664ffbf9bf77ab46718565075c659f4c22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
143bb71148c14a5ee10769845d4fdb04

SHA1
02538bf636248e2317cc50b2caea9a21f67c14aa

SHA256
200f1acf5c3d3516dfad4ae895540c833ad71c86ecadf1530b5372530017c450

SHA512
1abf8e279cbdf46d26d2834fbb7f11983071d2315f308dce521821c8a5b3dea45519692306f7bc68df9a478dad7709a2043e3c38f58528c813a83cd5a8df01b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
2decb8ff0494b495f140da5b3531df70

SHA1
01dc7ab5916ba93e26663b58e17a626aaa51f527

SHA256
315b35426f645b5ff2c495a6ee0a207e924ace975250d027964b0d94d0dd10e7

SHA512
d7838fe9ac1337fcd328a3e5b6e810d328f4d6b2123428fb24822db1518d1d019505df7f60b8b73b182cd6d77cfbc1eb0eb80f46793a2212a6a11557fa21b828

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
2858b0e95ba18ddaea5e0385e849deb7

SHA1
f84675f0eb287a4790d7322f72f63e183de5c10d

SHA256
bbce9b435337ef44d7e84e8d9c1c3780adbf6f935c172e84257f985e9dbffb01

SHA512
7ab3d041819ca57db5fa1aa48a659250f7cbadddfe54ca463f01913cca8d6590df571f18c01518e8e1abf08222149c44b0a4c2eaa42a6310fc04db2f4b0d8561

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
92acb148943364b6f39bd2ee51b9d3fd

SHA1
a8ae6ee73e7c8491650c66d275369800fcc5641b

SHA256
5e3ef29b3d792f9cf2363aa1912b85b0aa3c0d6a88ef7027548f91ac4c8d2145

SHA512
64484475717b1ce7cbf657aa044cd4de2474eba701068bb33c9ed540a5e35b5d3b79bdb4dc6dcbd5836c78ea853e77a22ab4b6e3fa5b41c31e9ac5061c3b3819

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
acab2d3f238fd9775803babf144857f0

SHA1
8de620dbb55150d13d77fda3dbfbf00730507268

SHA256
ce2c0a38f668aca7500e561668d163018a1713145d130e9a0480ff0344ab2b1b

SHA512
8d3d6d6a055fa0712b0d30a4fcde77a6667d9970c871991a1e57b09a184bf0fa0519f8a52f981db833116ddb71c2156f1e62206739b8e13a342b78390ac5bd24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ab8bd354a2e410e4d8c37ecc7511cd90

SHA1
f17ed3b6fc4d7668f6062556cc5167b10cede2d1

SHA256
78a393e3995bbf522839d0e228a584dd3ee1e9b8ef73f99247ce09301611c654

SHA512
c098b9bd8fb55537df20903422912ea275afd3728a926a92e3237687aec7b6f8abb79035fd6d9874cd910d98ef20d09a35cd5e836d2825d10866f109777565a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8625c0c76dd31831323d652332b639ea

SHA1
b632ce86c4b0b6c63c35802254b66d23ba59626e

SHA256
afd3b13b2a28e1eefea0ee5ecdce8afb415ceeddd0e31b1c706eecfe1321c1f8

SHA512
c70b17d465dd9ad5613a2c379ae478c2177c79bebea5046ba2586055f0156a8d291a96bcaf6fc8b641e51d41da86e34dabb05697895693495891e96e6fbbcd73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c02fd1182691e861892f168750ac7251

SHA1
93707db74207dceb573b349175adb9fd12741067

SHA256
9a19aca644fdaa24fd96b52c5e5c25bf4f5f710829d41ae47992ef172f70926a

SHA512
775310b3d6778d5f563e458ec2c6c3f8de8d7047d9160470ffe696dece0f08a1289d279f22c89e0fcabf1342b7096728b187ba490e12491003706c7f8544b077

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
97a0f8a7adf5c72bca6372667a1b028b

SHA1
ee6767e823f041a05bc9eb5ef4730aa6e6f9316d

SHA256
3f3fd5ddfd4927b71d2a4e456388da2b2776a4f95705a4136687c71ab0be1f58

SHA512
26460406bbea89799239087734ac923808edde3fcae9af550b05cc310be577afc2c0949e3498eba9afc30452c86f3c8460db9a137e0d85c2b436941eaf0eed2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
81464617427d942b0d1256b086854cb8

SHA1
958cdf89da874adc00f4f7a4a605c508804cf9a3

SHA256
8ab0b60e65322ac1653a688c84e47ff505a170ac14efa57d2467abdea0e26fe7

SHA512
9db14d6af32989322b6399536b684cea0d85e63bf67f96b96cec0c649c491aade06f8dc2e87cd79c5bf9c6a56fbdeca25fc3ec7d27faca6ece7a2063f2f9bed2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
13d5cb16fae0efa36ed860be340c7064

SHA1
f5f05ab4dff980b67cd20eeb6ee6d95cc1af8f6a

SHA256
8677d1c7ca00f45c680c48ba706d2b55844cee7ca6556213a78685ae255723c0

SHA512
d22d05001bfa536a6e18d243d092bf4ddb97ef9401f550ac1e74a0940004f727b5d7c4ac35e28e11bee03fb6d3a740541017ea5102995eb99a166969ed0fdda0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
fe4a91794deda33628623e682b838a51

SHA1
a576e5e1da432063ef493cecc9ba533d479fec94

SHA256
2411d089b909c6a322caf701f447083a9377b76ef493c17563b0f51f92031a83

SHA512
7152577ac81fe6aa41e2942ef3d6724168a818e2dd8a4a4187adb6a5716398b3fbf1f05517f78fdb440b6305208e41f95ddc42796f4c8c422b6c0641ed6632d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d79ea49ba654f5a8cc54e830650ed5a1

SHA1
870a91340ba0e29802be1468658c9b8431e0b92f

SHA256
85fe32197660f276d789681f1d8f5c9a66d2513b17e231fb96ad54b7eed48f9f

SHA512
cd873ec315eafb385aafaac32b239b3c417ecb3488f0cfe2784b95c6d476756b2c8622b8adca9badafb400783627fe3009ba063b2230e8af8f3aef1504b496eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
393ac33eb315f74d78d8409d60f41e1b

SHA1
10a644bea74bb2de21bfa326b554b4a99652f474

SHA256
79f1c15ccd14f44e69c0a2ab769a6a98185da8b296f2acda37692f4043e96071

SHA512
022056545e489c4d6529692bf39ce759593d13dd893786973bb2454067c4cb22898799b092e8eda6c3d0b0e91f96b3c6ddf2d2ee25346c4d9ab720ad416afc8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9641189a1fd80da2f5efa1b4beffc119

SHA1
85b0046c1ea68b9d4208098a1f815258faf8a9a5

SHA256
7cf3223e794e5fe8c48bd6ff4715cc4a4f41d2c681c1a0cdc0db8a1ea95b0f57

SHA512
cfd849368c236c2292409632b6e15b9accb8209d0389ca2c2db541f598f114129858cbcde132b27f6b67dc58deb7c6df8b3dfd2be2a51e97956370fbc6964368

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
bbb16c01001ef17e8a2d8c2d0ffcd56c

SHA1
c213586162af7a03e20ba3077255ab889099962b

SHA256
85f96e6ee2ccfbb36ee68c9c92e37ce25fda0b335aef5161e0810a4d4685f0cb

SHA512
007b2c2a87ce762ec86e3dfea3c8d7faffb220afb3930257a077a90854eb68433e88eef097ac42dd5606219d164713297a140c8dbde34e502bcc23b49bb0ff3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e2c7f6f7b0be31c29f6184ddf757efff

SHA1
a2cec4bf91755508c24f88ce0b1300f0e3799594

SHA256
640f352e21054bebb2c7f7dcace6e4d9e2cdb7de3c97d17bc69bc721724e4a57

SHA512
8520c7dec92fbee1ce090f27a4adc0728dc54b3b0406da8259bcc2fa529322d1f38645bbfdc8eb582e3fbed296f6b7c69094f3364d0c5febc9b26f0f1accb469

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6465fc65c0415568667a9ff820403f1f

SHA1
8df9acb53707791e909a1cd806e9c4a8654e17e4

SHA256
090a360ea137469a1d64af6986a7cac8ec566f31b5b33887852c413489b2b0ab

SHA512
8f6ad37edd82507cbde2e6d1b46fe3a069ee42796a12caed9b29195eb0c554908860ca1ce0a3c334a8e8bf75ad2be1722e3c9409764e1e1220c183d1ccb9dccd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
88810bac7a15a1d7f7a3b4981b3ba1d4

SHA1
57e7b9fc56cb0611970b5d600755ad448316a31c

SHA256
80e45fe8eed20ef95aa7e368c967d7cb42d9f5eaaf2d98f59f6114191f86a6fa

SHA512
f0e4dfc9195cb0c57507c079fb6c936f4547ca71225b6286470193c06ccfe36732f7da3a72e3c5559bbb204cec9f0e60ddcde2153c462f23548eb39411778788

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
96b2d77faa13606bfc8f5b238e46f224

SHA1
051272e4bfaa9e140b1e2eb88c2162d068d4a850

SHA256
e381420b20b9b68c58eeb9407747cadebeb6edbe73dc5363871741b000b8610e

SHA512
1b328fc671ae136bc917b14184e348b2420fee16b47b9413bd143f7b7680f9fa06e1b500a276fbb3a1dfe30e3b57808829c775df71ffec28a3ee33e5a710ebd8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
829da328e3043a0b6824168b601ddbde

SHA1
28844c84b2d1784c84d0d5bd0474f9aeedfda270

SHA256
920933f7eb08d9b7b12e805371af79926add4d3734ccdc85c91f72a6d7675639

SHA512
deb16d1f1d0599d32b796fa3ba350ed0a6153bc92649e11e1dce67d26235cd131a348b1c3a83b2e1670da63a3f7a915a6eebd96c078830fa6357231dc2d256ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
eee4f36b7fbfee33d21f98ef449c0569

SHA1
f15bf6e483eae7c0da4055e1adf8ad92ec7dee70

SHA256
1dfe3df35572ee0b3c3c2d4bdf32489787306a03b13d99c9924f45e9e65ea85f

SHA512
fcd5299e7286e64a158e5a1758c03daf7f973c8fcb151933db82b0123c26dcb44a89849bd6b48b92fa98584876e98aba8f760174d908af7122197a6999680384

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a4e3afa286be96f58db43c64f3433439

SHA1
700053596b539b352a9cab4f22fe3e53de9f5bb6

SHA256
2dd5729e9f220c87f6292c3ebf867b51203cd4301ad218a95190b8b2a162532a

SHA512
62679232fb46b5186327b185ff10dddfb4f643e0a8d72398adf6cc7b4cea3dfdd8c6a370455028323e4120f5db898244eddf14ef1dbadba11022a13e5cfc5242

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f5e909d20289e3cb53f23515ac29cc6c

SHA1
dca90ef3043b14ebabbbb2e2a2f89ebb042717db

SHA256
f05d532bfef1ac57013fd632bd2160e47908e34cfbd7e8bd8e78842dd2215b64

SHA512
4207d30ba4948a93499f0f4e5494556f44f6a0a92fc23ca3a34a3cc1aa38e4fef3d048610e0155b47d74241d309211f5a4e78626b28b64ca88e4f2d5bfab230e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0e3b4528917b90c5123e3ed5cd55302e

SHA1
04f42fd91cb80d52eac005e77a81063f56810df1

SHA256
7c65973bf806ce445ef875b5584073a513bddd19aab9b4493615ed38b108fe29

SHA512
1b43d5080c80cde5e63c46be3e671b5b688a72a0cacf92de3b2da951879d8ac9383eae00b01e4952710d8cfba801d637c4b903ec5b86d839ecd7144a77e7f742

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c4bdef768256600f293e92107ad599ac

SHA1
17652c1bf952629d65662955f292911cd3253a73

SHA256
7724bca8d941b96b8ba3047d46c225776ba578d56bc1128317674071b1131760

SHA512
4df97a95653ee45568bc9a645b969b525aa81e457c788e62e2a28ad03953ebd34f030e7e62640d8a8beceb8e7ba126870f4a6f0c881cacc1c108884d8ebd8cd9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
4b2900091bc4b7b50e4abf9deb96edcf

SHA1
4c395c629741bbdd0037223cf2b5c880040c8e54

SHA256
27d6aaf6a43edf858d2b004c7afc73a5274cadc58adc49a9154568e2b40dce94

SHA512
b4d482763e3be8feb833838fad71974adfeecc399eddb2f34fd3dac2778e8b62b9d0006e8f8b97a4e3ab43d23fdad13ffc5790b876da4e29f3418d151d0a6dec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\e53987ef-4339-4d47-b3a5-5b5bb6329ce6.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
b01c0efe6202b45d15c8cdb643b9c9b7

SHA1
29289446b368d6be8cdaf18cfb851f9a4a260794

SHA256
dda3adb88294a0054a65a4b21e6ecd47c0c968f62343447c83f2c7faa6425ab4

SHA512
ece31c54c37666c8130e7e525cdaedbb935d5e46f814912db153ed086efd49447bd4fb56951daaf95de8205e03c0e85e60cd118530ebb8f60809bb4f6d252baf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
501629f18f2506f341121260e307ca79

SHA1
98d8418294fe94f08077df30c22f87569cb6d731

SHA256
4289e9f902fe848b60fe4eb7dd7f65688fe4ac9d11d20928867809a8e3a95313

SHA512
46378306bc9b7bb39af292997c519aafe15953af75fbf181cb99cd43aae8fbfc0d3a59d2c8035443375a62bda9b863e4bf2b96f0bee0045b523f3fe3722c94b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
211KB

MD5
48a465e84d08864991f10a1c54bf5ac2

SHA1
909babcb5626dd55effde59e7f86a451f2157a82

SHA256
9260628535593c62a713d5c3937b8d7c03066173adf05174d2d0f594dd4180b5

SHA512
de49705d2e352f16d9eccacf0852d044760121b459d557b8d4eecac4b4c716f00437c2add8881358e5ef9ee1ce7a9277e0e27b99572f0c254f9c276fa70caa9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
9edd25c2f1fba4e66f9479907ce7cb82

SHA1
fdaa45b42b7d5c1b6378d8d59f7b57e8d6daa0c1

SHA256
5e107239426d4e3b5395ab4a0815963c15a2d07253ee0ce01f3f85cdc6178f14

SHA512
59e719d551c7abce212aaed534ef4615873bbfd5e5d9bb3b527662b701f03507221240e4cba9f10b2ce0deb8e060cfcb232d24fe89af77b5b7dfe5bf29681bbb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
e32a33aeed800ba23a1bdeec244e5c01

SHA1
944b1ac108419a8367ec393c93619dca6b794316

SHA256
9cfff0ffe5f5e17a72fc9f04a4c5b73771ea0d4d1a62d697213f352b2e0ce85b

SHA512
1a2a9e13641dc44702f26ae8113556f9323779a906fa57d41d154fd0c9f728419c7243a7f074652f948750224c86c3dd6ccf1e017b8b6019ae51778257387cad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
218f8a8adf700bd626eab41aa9bdbe5a

SHA1
ca195b52f832d10110291a624fc2d1a98cca07e8

SHA256
50cecc3f0187b7c3c41ed67f0469cb913591225bf5191c7468e37aadf1be480d

SHA512
f2d8d76caf861e6c5e5ed0eb9f3e4241442df671818042e45a7790e0dda20f4625dd9954dff9280e10d02560577ae9a70884c154d4d8049a61a91fd301f009e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
211KB

MD5
332a1a6c29997357618ac8d6669e9629

SHA1
f69b3eb4d98d531aed1b15e9a02e105c5b174882

SHA256
0bca8fb46bf5baee28f5b479ba0f478e4a929c8b9808f7a03b281d739bda645f

SHA512
d96546c121ff181a1442d4df87d7a1525e90a45e5a43902094ce36535d70a0430ee8186c1a41d2720ff1047901022f74031ceb1cbe3fac476afd81fb0e025083

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
2KB

MD5
5f4c933102a824f41e258078e34165a7

SHA1
d2f9e997b2465d3ae7d91dad8d99b77a2332b6ee

SHA256
d69b7d84970cb04cd069299fd8aa9cef8394999588bead979104dc3cb743b4f2

SHA512
a7556b2be1a69dbc1f7ff4c1c25581a28cb885c7e1116632c535fee5facaa99067bcead8f02499980f1d999810157d0fc2f9e45c200dee7d379907ef98a6f034

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
228fefc98d7fb5b4e27c6abab1de7207

SHA1
ada493791316e154a906ec2c83c412adf3a7061a

SHA256
448d09169319374935a249b1fc76bcf2430b4e1436611f3c2f3331b6eafe55a2

SHA512
fa74f1cc5da8db978a7a5b8c9ebff3cd433660db7e91ce03c44a1d543dd667a51659ba79270d3d783d52b9e45d76d0f9467458df1482ded72ea79c873b2a5e56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
026e0c65239e15ba609a874aeac2dc33

SHA1
a75e1622bc647ab73ab3bb2809872c2730dcf2df

SHA256
593f20dfb73d2b81a17bfcc1f246848080dfc96898a1a62c5ddca62105ed1292

SHA512
9fb7644c87bdd3430700f42137154069badbf2b7a67e5ac6c364382bca8cba95136d460f49279b346703d4b4fd81087e884822a01a2a38901568a3c3e3387569

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cb0f4ae5d65be851d313f3ecb0980bcb

SHA1
248c99427b54d8fa86707c39d92540276b9ed2de

SHA256
0f70fc24e9118bea6ffc5c36e63610096bd4ba658feb8e93e8cd3a3dfc16ff76

SHA512
7195c890ef94269c545f1122b6dc9ee6fa2b3951c45fe0bace9c3c0710ee23974290c3cafe07faec586e0012e991b66f0b0aa84680032c425d8885ad1b16e17d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
23KB

MD5
0197507598cf4edbf6490cb6171034f8

SHA1
4d813b595026669b686ddf7b879c30ca8fb144fe

SHA256
69406023ffd756775bc0fc11d6a1286f20fafcf6acb1fe4d743136f69e5e16b9

SHA512
57113d82d17f9ca73bd4828ffd285c00efa3d1d049e18e57da130a1455d1eed0c21cbe8505b0237ae1a2ef2152b53427791b90af953d61088f77e6ab5e288804

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
44KB

MD5
e07a9f897d1cab1d5fda9b6bfb95224f

SHA1
9811c1132ef2ddb05baac31ad6bfd8311d5463af

SHA256
2f2da59a197b418372630ab4acfb3c996319e7aa1baa6e4aa88b9ae6f33fb77a

SHA512
ea98e3d11dc5487cdea2eab8c54eb8a10ceb2d41ca0bef37821237e428ca7bfee3207ba60ad0acc834f74cae93781d99a4b9a7a51e3bd0e71314f3385ec8afcb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

Filesize
450KB

MD5
0d84c3d2c6a56a0b8882576c1ba29912

SHA1
764234b379e4622e488657e3f05b63c813ced91b

SHA256
df7e7313ac2920e0306829460332c5c8aba32027a0175ed121c061b9bcd13cf7

SHA512
423925555879bb31c16f5e212fa517f3388b86836f9be2fbd40a802cca81687db628ed1e1cbee05460c6d3451fdd3bf9265f2b4c831558dfa967285fa4a07d04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

Filesize
916KB

MD5
3686f66fa1c3091bb819c66cdc37b1e2

SHA1
32ea0011e66d1268e40b392dfd3b7bcff6b24a1f

SHA256
9a7f777de0114eae3e24627a88a311e2acbc3654d3bff083c6889843a1022e5a

SHA512
e85b07cb3b235c37b496266ca5a831cf07a66429839d299b94f8bd606cc0d24c4e93b5404a1a053062b971493e700433b5304a95c0b42ffd45f29c6ca5f61bc9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003b

Filesize
1.2MB

MD5
51250dabf7df7832640e4a680676cb46

SHA1
74ba41bb17af6e5638171f7a6d9d49e978d8d3b3

SHA256
7fa2bf61405ac573a21334e34bf713dcb5d1fc0c72674e6cebc48d33a4a14d44

SHA512
43f898d7e5752312a79138dcce94c117a20fb6efd9e522fc1ed3cc2d407d13cacf5b6f810c7c1966c4c03217aeb51fce641feb31b26620ff239756132b17f57a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0628440df8760c8b_0

Filesize
366B

MD5
092a68da5e796c2cbc7c87d93d9b974c

SHA1
93dc9d73e6d2bac014bfcb0b252c6d16eaabca73

SHA256
23e25f2a5c4b0d19ece363bf398a444dc171cc3f86a31b143508772476116db9

SHA512
2b0e93c8691007eaf06052e37aabfcdc7abcdcdeffa4f2d8890b4b618d2e7a0abf6cce83e160352661b9fb37a655c205f71ec7dec205f050fae893a12bb99ccc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\31f67a59e91dffa8_0

Filesize
31KB

MD5
7ae0ef02ec6e014ee29212b5307e767f

SHA1
9c6b76954ff6983d1a9ae787e9e73fc152952ead

SHA256
d67bdbb1e79e425ab33bdef7dff0b46c439fe2140e8ae3c545b5e9474e4e5c7b

SHA512
5528be4da2b5e1c2e8812f8c455bd3ed4590842c9188b201d8780abef9e73c011b5a4148dde6a3d11f8dcd3d5f6576c3add4c28aa6620942929963cc7578b21f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\427075385d94c9da_0

Filesize
13KB

MD5
7d95baf3cca03f064f112035c186f5c6

SHA1
5bf1fab001abd6ca531560b60998f65b6e7beb2e

SHA256
7b137c2d3025f1421b42e47ea54d65c0d8b6760174b5d0b8e04c4a873011bb55

SHA512
07c3f6908488efcf1fc33649df63d8a7cb3b9cad3112219e25885fee160b46ddb47ece03e4a203cceb3d9aee261c3491fb4427ac8ad40a21b27f53e3e9c57b47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4bc6bf5847160a1a_0

Filesize
11KB

MD5
cf0772701a687a36c3e8f4e93c34f62e

SHA1
cd5553cfb5ab55a88896fcf9063503f57af7e5fd

SHA256
b9e2b48e075c2665f2049a714a0cde2e46af4339eb6310ac9623473c3c2674ac

SHA512
24320372ce5e7b948e3fca350529fffd89ebb7b46db5e7665a23a1fbb281918cddea8744961b8c94500e877315bfea5f3534c8a31d532f1fecc78116c29e357f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\67d5aaf96cdd429d_0

Filesize
8KB

MD5
d81f4a16f958b144f4fb3e53d003945b

SHA1
43f3011c769b92d38e01deac1d09efdd47987a0b

SHA256
b96197f356b22322a72e6929e487650cad6ce9227726db342dcb4ea534b2ce37

SHA512
c6005b3805853bef009c9123fc48be70586357d70320e1ba356f629f415b5ee48e966bdce91b62246424cadaba027a10855d8f979b3b5a167e57fdc1ac0166a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\79a4e9dbb6f4b80d_0

Filesize
7KB

MD5
d10ed86716e85320597f4611b9f33f00

SHA1
6e57109fd17a21d59ffa80e6e39e289df6e7ef14

SHA256
a3d3fc63c6912fc95f1cb84178cdfe466183966af615a88e4c092c1d9bc9f3b6

SHA512
ea174959bb2f5dd8745345ddfb2b136b246e7d48f10ce87b742f26f6b4fd486280bc4c2872a655689ea92cab92a3e2e1f93c05b9e86931d63e5299e3f598feb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a012144762675e0f_0

Filesize
45KB

MD5
72aeb94922c98b83be7d48ca69bcc876

SHA1
ebf5fa93911e467dfe17bc5f415490c113f40e8e

SHA256
3391fc906308990019376feaddb3ef4a71788c91b50b48631f87e64399076153

SHA512
c895823d3317dfa7f8c7e209c9bf19e8d62ee4d5735eda1ea7a85b8fb58a6e7d7b94465ae9e521982940a7acfab01b9ee8b6d0d69139809590e725864cedea55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a6dc1aea3c672f68_0

Filesize
1KB

MD5
b032aacca964f91cc47866e29f79c644

SHA1
6f5f5097cc0f1bb92247e645ad435ae708e4047c

SHA256
d6b49ebb2cdd98774eaacfd6fbd1f9d3d3c0acf551e9ebf5095dc6913f03eb84

SHA512
284e81a4198258b843a79b78b0e80953253dd7c9f7930f4b9a99c0dd230d8b71179c3fd8afd22c857e5b4e47160e3660f8773e7b90c147d24f08b5dc8ae391ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bc7dfbf24d748549_0

Filesize
11KB

MD5
f711ef73da200e13878cccd6fd48a57f

SHA1
44ab0610110063ccdc8abccd8b30577c6e9921e5

SHA256
53e6ad8532b0a43f7d49f896a6b00d057126cf6beb1d21e1476a56feed2dfcfe

SHA512
9d2e1dc4ee82e12cb72695b6e2975b9176aed0888351ecda76bbc3f5c00a80f8f281dd35b911d4390db15367cf5492c7a94c419200020eeba3e126fe144760eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c4f2da4e4b4dba36_0

Filesize
35KB

MD5
bdd626a28a61452b67fd31df1208ae05

SHA1
6a63de39bee0de7906e47913eee85c4d4184c7c9

SHA256
4fea9fa748758e1242222c1a933236381ee34c0429cda62e9bab6eeb884323ea

SHA512
27705179039fbcb29f7364f856b629458d5b53dc4922e12061ac85a3196170b4fc52b1b7a10583c49e9376b633d707528b3b277150c20a31a4183117558bb4f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\cb307b4160083434_0

Filesize
11KB

MD5
9816e7a07f9134871c1a4f083efa559f

SHA1
ae0eb030aaae57c689fd92d4762b7c84acff55b2

SHA256
7bb22ef0b12140b8d82e12110584c4883344124906527efd74a28f8e98c0ff71

SHA512
b47c01638ea92ce9ff9ba64d88040547155ba538385bd2813d5f6ba4cff4a4edaf513e9ffa9ba4bd8bf7d657edc62fe33c57d1ae435694ba54194173667f20a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d5667bf87cc6b1b8_0

Filesize
1KB

MD5
69835432353b921a5a6cd89be97d8a25

SHA1
a64b52ba1228ba8ce3aee144e6dafd6da2f7b921

SHA256
71735b20cf3e2326a172fbb81cec31778ac592578f8ae07cb359eb04a8d743d5

SHA512
9891df7c05b17110ad19bab6fc6a66c024a04a516cd5b4e29cbf66fe2e2521c79a27971dfd0e00b0d358c80d9f22563fbb6b2ab5fc0305dcab5483f909260b98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d6ee81079c1cbac4_0

Filesize
2KB

MD5
ef41259a10364c8bb4c386b8fb1b0889

SHA1
3e7a8769eda6be26e504f519285596606e6dfeb2

SHA256
4a003dc39266441f544a9e2e90741e2580d4366bd24da3889f7398e7a0395902

SHA512
d005a14255513b779ced8421356c9cd9e59c15018374bdd69f1638a46e6c558151cad1efefc9e8f9d1b1fbadfb8bf3c9327d969e6853a63badc6d4f9e0fdd7b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\fa93bc4cb70a9f55_0

Filesize
95KB

MD5
2cafd72da4de7c6fceb6be626e7d9cdc

SHA1
f03f709ef7b917d4edcbc3848dcf9d9356a33e2d

SHA256
144111a6e2100abcb42135116340848fab3e210c987a77ca156f9a28504f8ce7

SHA512
2802eff607b3dc997aa8821de3c0c291ed824fb210279d9a64ba91be00c1328fc78836bfde4c0fe68c2f7ac8a8e2932485f0f00cc830ab3025fd2f4b1f9b9c95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
3KB

MD5
9f10850ef202b60bdbd016d2be8f598d

SHA1
3d664f426de5dd383c3c3ba55ba28618b5a1027a

SHA256
e9ed22f78e1269a5a49a1991ec0f4d72a68b70d7c6b4e2124232e1c0c34f1f42

SHA512
20987961a59b8c197c6d4c65631a7f3e60f1ddca174277b12d202fdb789758fb5a6370e5c9be53088b909c24e15412c00b42146094b4616c418a9f09f2c16012

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
e005fe48f4ad66a3745293f91aba3d60

SHA1
fb98ebcb8664790a7d2a361ab16bc505931e0023

SHA256
d377147e012492a1bfe58a50393226ffd287c00ecc75597dbc95f2f136347bb1

SHA512
a2080cd643e3cf29c04df51a3310db5a56f9be8ed912f5a9697156ae9f73bc54f97c7cba6f57911fd93b3add584076ee2dbadba2bcb88a389d4910c538501754

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
eb4a8a6d9be2228e8181f73d28f4bf1b

SHA1
673c30d2eefd7b18a5d9cbe5bb7b0aa626bb5ff0

SHA256
140aba707e96abaea9d1d10c83fb7b3801c4f67ba8b8f271ae9cd66c323a2d96

SHA512
8500f89bb073ae21da817b0a8f03aaa4ee8ebf6b85db8f6932684b0e78d54278651dd3e94fb8042e97d4139dede2e1f082bf4c9227abe8d9af78cca21b293c05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
25ea5991eec02629e8bc956648843325

SHA1
3b66a9af657ba3ff56d7fdd0a226feb5383e5c8b

SHA256
b055c103910f617acd99263cb721888efa413695665c778eee02e2146e3e50ef

SHA512
fba12f84d102d8bbfe51453796ac3a2a67b977c937c475415370a0581f8170962e6dd2f942a487822167b7b1da13b677e23cd39f43710540b6fd13e0185ad431

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
223dd97693de747ec09d1a827a35419e

SHA1
cdd67e614f16170596d15beb10571e55d5feb4d2

SHA256
57e64c0bc31632db1bfa405ce76e84d1dc238f47db5eb2c92f5161fc699b9443

SHA512
e618ca9b309757c86d355a3e24e5010caeb6c81a514b3092b7041c939848f087a1eae498979448fb6ded8548e9d7551ce9dc1a0ab4672cfa8b57229cbb8d96c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
6e0b0df8582db1c0b0a217c7174303c9

SHA1
6a03eb9bccd9bf996d811b517b0ae0282cc8273f

SHA256
5050eef711871d37ea7e3ecbb0ccb0478701051a05590ee27a500de1f7a43943

SHA512
c11da8e3f6dc029d0a301f596f9826f1c59a474fc1bca6e83d3f92fcfa4c08ab927ae5a21e91c965eceed40cfe68fbcae7070c9bcb6472ebf0d700b61209d156

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
4a216c26543a7d1e9bb29ac2de5cf718

SHA1
4093c545c11f4936d62e622179f0b1d12240269c

SHA256
7445bb304f09342a8713fe444ba472cca57535afa8848f131a2892f373aa23e9

SHA512
a79632e904ce21287f8eab23763c1d7bc8676ef05caeda7a0c81fb7d993cb08e2a5d85ef64e91a7e4070083ddd0bb717521c2662077943e2f17bd0d6f58229e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
94a2dcde9a59130051c3fab95119578b

SHA1
114c20fce084169c00bb03102a3e33f1fd41960e

SHA256
1bc957e5208f508a46982e508a699a208138900bbc56b843d2cb876c3ec8c312

SHA512
89b0c979a826ba638696d7a8f370f575deae193acd690308ea6de909a361e1307fddc2e90ec1be6bd1d1d37fe857f082d1fbabab17f9513f6d7f898b7f574770

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
4438ac892de1b02c56f736d6b0e946a8

SHA1
904f35e69bed0dc83d38890fc616a363b01df86f

SHA256
a7ea28509a303f52d4d7fd68787fce40414a653941152962b14703d053222f61

SHA512
ffe73e41dc5a5198a0306001cc453feed31db1def8696d5de6d5fceca778d1e31b12a14f0cb36cfff324a510f26c1704a77fb5bebfc8e8d1f854dd4e181aa64d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e18991b686312b2d74e4791040d6e88a

SHA1
f14d5230d7def751007f4a2b7cf74af6414d2e2e

SHA256
07fe7e04ebf351f7233ea2a8444c84abe2a1be47ed843679d2657ff5fb80c675

SHA512
f29b19a0f7cc84ced6448352f95eb7234ad31c2a27095fc5895f4540e6e490d2cd7c99dcb446a84390e19c3202a0a8164b2fc3831d682cb19a5e330d3c60aa5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
38732731ab3353626fdd2eef6b42dda4

SHA1
89aa70cc900bbd512af5f7c9fd3a59a2ccef6d00

SHA256
2e1f0b77f1e855ad90f55f37843f37c7fd63c147c59144530a15df8b6ad3fc4f

SHA512
2eb12f1bdc98197cffd159e073ebd26d30c89d889686366bb9ef1c28dfb8bc30356d903a582afc4d6230c8a67ed448ef796d7bf69a66aeb484e0b6faf4dd8102

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
50fa1d00bd1a76e836436165067314cc

SHA1
d3cf59059ccbc6b602dd3ba8c47f725bb1bb879a

SHA256
738cff7758042211b17a10292ec98dad727f5641e4386f48679ddbbcf6d73e49

SHA512
906ea841ae4616d16d08d9375d33126e6806c90cc9720d8df6c607461432cd69c70f64e8311cb3f056633cf9305478c012445136168af72167b7033f6d944c73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
94521d2430c5531d9f8a18f83500c283

SHA1
1938c20bf8cf914748799d999ae6db5566e5d8f5

SHA256
5ea9429475d2c3c927da5fa14c19acbc858eb26242897c905e8479a2a54f5c82

SHA512
016eedce40da9f94fbe416be2994b1316c7f34bdaec8980d32b2c0cc846fc778fd0dac177c41d34efc62bda15c6d8d4554b2398190d09e8887809ecefd7e1f09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ab4b0a6543502a9d02fb494f77b10f45

SHA1
34e68b410e30c28ceb415f977082abcb2f4ea371

SHA256
7e24d96119c953fedd0524043e1aed9b1ea3921bf2bd85a2955c4c532276b746

SHA512
83e834623eae22efc0b398e350f843af6c09f35b00f6a7028a96734b0b8964d38fdb75970d859c34f383b2b823d422ef095fc9dec6378c3475ed73648d8bec84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d50d57146f8e9c3adf2a9f654ba79083

SHA1
e2e967ed6378a3af761f4203c9dc4a7d968b3991

SHA256
e9a4fd8cc19b8496acf919b39c8a5324b07a65fb7b774ee412391386d35a7cad

SHA512
aa705c6c3da518619f2b3c58644e6a5c296e22731ecc62b4a732590c31d1e08647bc0f01db863227dd97b117e5c2b292395af00b98d230ee514870edd0b0c6e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2efa0126e8983f93f4ce95c8553de984

SHA1
bf92bd3df902561e1c463bac93263fc6aaac4da6

SHA256
abda3cc0864a25163734d1d47ebeb63003ab820de1861e8e4dc8e14c3ce2818b

SHA512
87093572785701b50772f5db50b915ae6400f827f1dcd0e731c0b314f5be543b963d00652798ab093859243675d4f8e5dc5fe0f20f8be3873a5fe797b5e969ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f1796bfe610a2687ff052f2d5778709a

SHA1
1b475fbc28a016f1b708b7164dd7cb60e4476b97

SHA256
327757dc5e302a4c22988e8dcd7e0a12689d8f08c4870d543036a029e43a2edc

SHA512
dac9dbdfb4fd0c9fe441ca45bf052462fd2bdb8bf5423066c96be642332630c25d81820f922d6155b1f83bbf1779cd1b44300628723ca606c6e5553ada9cbde1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1725c50e6836663e165d2028701794d6

SHA1
d5fb9792670de92e444637177591ffab7c8f72bd

SHA256
bb63ea27785750dd7fe8227d2e8cefdf54dafe132b892cd82629c62c38100bf2

SHA512
181db7b6e6dfb45c75dd902d7068aa0b898a1f7783b36cc9136021cdf080a0759999b600fcef0e6d7bacf6083d3b35d9092f730c666a115cb1cdf28f54ac8edc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
096fa5f3e5cce8342801547442541816

SHA1
81cdd51f106193e92dbdf8e444e595d1db277e7b

SHA256
a78327c6f0f14b91d9f293164fae79c87661600be21ad540b2297a0c386d52c2

SHA512
c6d148a1c328ffd42db2323ecf4728a6ad99a514e92d6d4b3e4fd5a8a81c45394025ca9ed45d7907f721c5178c0e3a3adb689a87380e7454af54c576b2a9b7d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0141691162461777ffb4d6b287ffb900

SHA1
749f58dbfec38778917c1bc5597c86eb9395963e

SHA256
147955be568ea4d4501587c8faae1abfec372db0f36110ea6913ac90332f21f2

SHA512
a5c36ec156c550f62d1bc001a7b6226fc55155b4d80df313246a0c7c5ac273ef3e1647dcac361a9ff24c94cad58590caa8670ea3caaf79f7ad2159cb8fbc142a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6fb9c511aa635f18dc96748cf1bdac24

SHA1
338fdbe75897c4051278fb4d445d15ee5b29163d

SHA256
b33340a06bb65154c63f8a31b852b5d7af3c9edf8d4c4a5503bb0c001daff2cd

SHA512
0ed1711ba22a63c96960cc0ad088e9018d9656e02cef48ce8a2d140ba1cd2878005f72c7cab20b9d47f90d2b43b78a03ecf2760117db7152a535988d76240362

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a5efce5ad79df5162ffc0f54b2ef56de

SHA1
821ee252cb821a811efc3684a9ae562aa00e7333

SHA256
b4e9dcdc530b022eeb273f392559f8e4b9016545ad6ca657ec04f534dccb0078

SHA512
fc46f1120d6f7507fb69ebbf550b2f13e8354e3ef761ba76e317e4cd2bbf6ee77f4406c8ec244c000ff8913cd0fe612f66e1d43e885243b6d89667c28292eb11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
993d9b23f91994cc3082c8328c6544b0

SHA1
a6417ea2252eb353771fa1eac42ea976d16a7ee7

SHA256
47fc0f91e69401eb85779905bb099163cfde14493f784ae760d09f70b405eb63

SHA512
ec884e05890bb739dbbd974783bb3766407d390bf6957f5e0bedf44e5b8054743de589865d94d12c8b2f1cb3de2ea500cdf9547fe26975cba424c4e68fc4a881

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4456c85b490d5e5065d0f002cad6cd12

SHA1
a549a195de682bcf05d402a8514008bb18c0f8dc

SHA256
dd07fb644ffa01bd1abb55ae77b8533566819bbc59fe1fbe29a300bdccb979b8

SHA512
3c12b30685edccaac8c220acb897bf148f2fcaf310de373f76b63852662e3f2691d5b235a0ce1876b0726277389ed55ee0a44ff303dfd8fa2dadb1da195b7ee5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
415ae2f7c20e20443ece648ad153856c

SHA1
9bc229f08045e80317d85bd5c001d78b0d8cb5da

SHA256
25e9184b90729f8af2aec41a5b9f220bfbea23f55df4478b6d4cf1d90f96153f

SHA512
bd67175b1adf93e36f0a0bcfd23df4fa19832c9ef93104653c18c63f14ad9f1759f877341a1948263d2281d6977661c7bb3a43e0520c99b6bc1aef98222cbee0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9c8bd04205e9f526f16d5a933d2da43b

SHA1
a895c2297c7cf87884b5057b150da38aa99eb156

SHA256
216fb2475082dcb269a786c1b56fe3d767c61f3d8c2a95598ea34d8a2a0d7699

SHA512
435e546387a1cefc129362cb88f2f807c922876e84a1e3ede4b70fe5594e2c82e7a971e2660d9599a65a2d2e3f70b6ae90fe5b6d03153caa91f588a6681b0e06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6f367722a90ccfaf0b469f78eefbfd78

SHA1
43998e70ba8c38b76f7b89229c354b5f27fea650

SHA256
821b96c9a7aa82aeb751881544572b5c0d4ca3494141d0fab2040a6c8ee22a12

SHA512
237f44b9ce7e743e36bc13ce32a731a20deb1774d2eccb91fee729e0c0d09ea15563b3d7d0ec3a6862a502c950607c131808b8eca0bd7a10fd65d8e5013dd3d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c0d4b06db1c8434165df40a5ea30c5ae

SHA1
4212b11fa1477c3931aeb64f25d21673fd72dad7

SHA256
aa0bc922c736cba32f3c871bf622d58c48c76f4a87d7519082f92022460c8da2

SHA512
a4b9caa3338d72c1ff650a6961bb3de02bd8607340a37f7ed0288acb1c098a33449f1eec6af8e8f75e414a46a510f4bc68acf406886cdc6a2e2d41dc5dc7b637

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6bb95176824bc0e04cf1abfd73066fdb

SHA1
97e66c9d444acdaada5c7ec920c10ed9c685e609

SHA256
0da244f4ad7a74b586ae0640284977bb15580714553fa3a396f0c12c562a216a

SHA512
d7eacf377dd47535e31086648b04ecb04431d8efa0567c693b92ddac334629ca04b9c3df71a70a5e5dec6b14f2fd137fcc8463edee853226f38a209e973c8f40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c60dd5710962717e8f896b929b2a8b07

SHA1
c7c99d2b17fc15ab5f4252992ab61b7d3c2672e3

SHA256
c0c06e20e16a5ad519c8f4d03aea4b42df849e17b8dc7cdc128610c50900dcc9

SHA512
81a233f31b194cb9c556d3d409f3efc7e737fa3f1d33b22186e992ff90b5797c5355a4e7d1c73cd3ba5741bb4a83c4dafd390c4cfd419576b94748ccf450a112

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
dc262c5631d1a466fb4caef1e0d9e343

SHA1
da1260ad5fdef8471c707bd2638833c8181851ea

SHA256
91ebdf45811d62a0b8c3aeda5773a3b7b49418e4604fcc45ed291aebce677562

SHA512
27f77624a98ac595c8495a7794dd8eb927bcc96795592e414f2fe62b4f9339affc03384dcf41dc77d0f710c95aedae2a7ae85da485cae1772b509b138c685ff4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0126fe059a3389e32f4ef2ac9117a460

SHA1
f1ff2f6c79e8786f2efb510076e9816440810810

SHA256
87788a49084929d7b6b58f03a5c75e01d532d6ef57ac972c8ae18324f8090c72

SHA512
24440c9db8e19e5022f40a8dd81152101775449b2736ea787bb9cac6370ef8fae5f4a23671ae0d61fecf78f5926d82d59c3977b88117feeef7ed0a9bdad602c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
422ebad1d100ef834179db3230e6b551

SHA1
36863ba7e264a74b5ef40bc7603250cc5a139e9d

SHA256
1697b8e5a6b3dd585405384f4b4dcc66fc884ed2f11baedc69754bf548eb429a

SHA512
9a2660bd28cdd3b5bd70bde5110cb2d0ac5ff753b8bdc01e9efb9468524238ebe7b678e81b1cb105f92c6601f78688606d221e7e40c77f50c98b13b6713b0921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6544345fee44b4d6d0aaab9a3f78d848

SHA1
707519ca900c95d4430dd9d34ae7b9c016e3ad9a

SHA256
a2a78f4483300184fbef928efb38d3f8b6c902ed0c8a8e39f3abcb61444ba4c7

SHA512
969c81cc240fbbbf7a1738c540da21c89368487b1b4b2f5dea2afa9d5f5474bf61094d5b34fa5bd445f5bcf7939e51365d6a78b2eda6bca0ef4c3260ee23a5fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e2297eb8abd6860a41da8c89ca169704

SHA1
fe34a4c6dfcc695c3d2ec3ba83e98b314ec732a6

SHA256
6eaef5137038eff1e064084670f5fc5010a610d07dac67dc4b7ceb66611d3a84

SHA512
02fc65174aaffbcaeaf2e40fa39c41f6873ed5960178d24d2641885a5000c9c28a92da148828da0b2e3253f610bf8b6c83464c55f5b94bf12f63796758016b67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5d6e70fe2ce6267f1b22a1d55ac81a7d

SHA1
ee7c1f4b6e592d9dadb21a947b404cb226dcc415

SHA256
7d602013d1acf254ac673c9e2c5ae5c48b402d2bc699f1f53cb9a1dea7cf9ecc

SHA512
a8134f9c2b1d6ccc481cdc3f621eb238d3f78019b8863c950626de3d553f09fb460d194a91c5402aad423cb38ccfa667df3c9b81767f2dfdecbea2b62e3d48c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e936d3cd80f3f4af3968eae08f2a6af9

SHA1
1ea54fa74155a6ee49f7caa84c28974ffd842fd3

SHA256
f4c0efc20e7f601af634540c9dad8f604758f4014b41d4b24af3634f5da11a10

SHA512
d060392002f4049563e4c775ad5ac22afbf745f6bfe04fd031f082dfa59f980ebb5267b9773a829a8b5b6bc7cc75fde83c6382ca4de95d561309f1b0f25a6484

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5b463d.TMP

Filesize
1KB

MD5
6b9dd880d7ab6e797de2f5d79716693d

SHA1
e4dfd07b21ba5fc79b6905de9c9031e8a5f9ab6c

SHA256
7857f7bfd5aa36372909756576930cae44dac05941ab01d58d9e1d04a4325632

SHA512
f7879a95672be39abf10beb191fabbe9f05364d901c9550f794dcfd169ef68c342160187dad2dddf7aa4bcbc0bc4aada7dfe2ee09dd31957e83bc3616b6d9b9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a815c39fad703dda2f66d567048c3cc5

SHA1
b4d5c0f39d82c93ac8a487665467ce6bb95a88d5

SHA256
124d89c62eba8846f54df6d4860822051eedcbe701d504a4db3c1d65082778e2

SHA512
942fc35709b59222aceeecb83e04e53f85ad4f69e2e827598409491e24d4721d3a39286d22e84c6695b1eb6462df747c0ba76b613f165ee7935217de95f96697

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e8b2d7f9170e00ea7d8c2bb5ec4ec6ce

SHA1
4034da2855eaee34a4c34ec087b759332e8fd583

SHA256
86a8bedb837e6b36a1912b723be5f9db9dc86b1463776ebbeb77333b8eda5609

SHA512
683ec96e1f97c3043ff6a38fc9efd66472aaf688ea9eca63bf1d9f699064686b7b500f7b96af17bafe6ee3e501268d2d431cbb1aad8beb9b8dd969a5658a541c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4a4116a41d72ea342dcbe320774feaf1

SHA1
1353d731205bdbb2a5bab279c30299a990ccc74b

SHA256
628f6978dbe7e95f6a7f70022d1d94e1c64410d330a5800381d4b0556d67f1b8

SHA512
9a970a1ea8b8fd6686175b5b21bb40f06c4600885e5e73604d0d9017343296ba48de472de608878f7a51ed45e35382f288b402794f7be58074fc12eaa47a3d8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1ef323d8deba758e078afd842fb85c9c

SHA1
a442b51ec4e38ef1529147ec332a8c9c561226ea

SHA256
e278ba13d82caa285f560c95be7ebe9365608f5c63eda579758423a069cc89f9

SHA512
148d9131ff66b4fc8d0a4fd1c6847d19bcdae638b44f59ef8743fe65d6764e91431e0e006ac37c8864ca71ed6aba248a7b456753113a469812a8bddd51c213d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
77649650a3e3cc991ba828496ba1f640

SHA1
a2cfcb333f110f3004063aee7101c7a9976655f8

SHA256
6d1f71a54fc1926ddcc87bb2cfb4a6d7591f4e389ce0b347f76798f415efbe5d

SHA512
4d7978aa0768bee0664e6b5ec09c10152f06cfb249732df578cc78e599998a311751e53a927d81ae864a786d2f7d85f789a26f5123d571bac3ee2a8fa9e0c63f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4798a548e9ac294befc6280f065103f1

SHA1
fb676399c446fd67fe9d8ddb983593efd347c35e

SHA256
b6a451d98672adba7e4c6e4e0e4cc1bf3741641436353c88c71dadc96c151d3f

SHA512
b917b7feb9ea24dfe3d2ffa88aea1e29f4ea320190f0433f243eadd63cc1aae8a800f4ec3ce380eb60904fed5def4e45b03fee68c883d17ac4a3334d6f6b2340

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
7f6a0d62aa8ac076f4c21dc797a04980

SHA1
fa042bb4537211d42e82c5fc97be79167869566a

SHA256
fd97dbbe61958d64e9ec682e5224d431c44b02b2d6de6bd5e3de8074148a1456

SHA512
3acac724cebcaf5c68f8589a8e10fe8f9337de72d152f0bcefc192207b4787b1ec84d1e7b78095f26cd05bd0fa263d5989bc9da2ec975cf943c75cf2c099599c

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.fun

Filesize
8KB

MD5
f22599af9343cac74a6c5412104d748c

SHA1
e2ac4c57fa38f9d99f3d38c2f6582b4334331df5

SHA256
36537e56d60910ab6aa548e64ca4adafdcabde9d60739013993e12ba061dfd65

SHA512
5c8afc025e1d8342d93b7842dc7ef22eca61085857a80a08ba9b3f156ee3b814606bb32bc244bd525a7913e7915bdf3a86771d39577f4a1176ade04dc381c6d4

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\TempState\AILog.txt

Filesize
978B

MD5
9d637bdf20cf52a306853345241484e4

SHA1
ed3ab05ecbc0a67a5e190a50c81f74a07b94151e

SHA256
d1b0d7a10564193ba366268edfefc745b9b5cd8cc54a83f6cc7a0b26077e2922

SHA512
0e80a135a37a0a849d1fe397fca230cea83675b041449b0967221c06a9b184a15c001ea3e116fe297cb28a98e4d5d600eafcf782937834b03dabc9609e29c80b

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\TempState\AILog.txt

Filesize
1KB

MD5
4c72e052c2bda00553d9509c3ff99970

SHA1
8962d754cd0cd541490579fe4e2b9afca01dd505

SHA256
11c0569317a64d0592a562760af174941c685c5a66f100ef4cd365e502ca4e26

SHA512
eeea2d7e86662cadac1d162f7375601d7c1f203c0fe8192e0d7cea0663697950afa697d268f70e404de18d36a03bc7c801a745a2ac73a9336c0e5668d6fd11d2

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\TempState\AILog.txt

Filesize
1KB

MD5
ea3a4565a61a953c6eb21db557cabf85

SHA1
ca7903c31783feea8a063acc0cba3fa7366e7000

SHA256
01588c67fbb054a7f86846c1e7b7a23132a2e08b13c88da968faa4c9608abd2f

SHA512
343dc930dd54649d498fc30a18a14a57aab46df38aca0e78843701e8fa9af0b7deccc732139f01af63c6cc0a5df971f9e9c14e617ccd91e05b083a36bdcaba8f

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\TempState\AILog.txt

Filesize
2KB

MD5
350b19ec4af50995a9d928a9a3f5071f

SHA1
ac08d95c5bbd713eef31c7be8bfff256e813f5c4

SHA256
b75d5fe2762ac3f8c470f79965b6833787c06b11c5ad9a251f2d8ca8a69148e5

SHA512
5e86b49bcbe1d2b57258cb81efa0fc2378d8cf06cc1d1dba8c79f7df0443a1aae46004e600d0d2a5c20b21de301f3fce1f29ba2d8ce3871762c83e6b9b7ff827

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\TempState\AILog.txt

Filesize
2KB

MD5
bc04432a51e7ebef742e77c3f68f40d4

SHA1
074e4c0e8c49ca35a277892c0d7ae92fd62e3083

SHA256
b3b704fb6cfb9c3900a79cb66593fb5443e44d305aee91b027f909d2a41af3ef

SHA512
4695d8c369838af819ade9038cedfe97810180afd8d1cc31fcc93ced4b690545e852fb56a67efc48f32e7814d36cf70d0cd7a98981c9dc7676682c938bb16e47

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\TempState\AILog.txt

Filesize
3KB

MD5
18baf150b09902311ec43a5769846236

SHA1
32d4a71ef597eaa89ec0d25a503aed6a7f1b9da7

SHA256
d4376ce88209896b8a9e8bc349d7b4c661799eba2215fe1045306f9a6b97014b

SHA512
0bbedadf4363af5f1554840c2fa769f940b0128d857b21d9ddb11b19e1da0f73b80f8450b6de0b73a8f3b373035939da30a6df6467f188ae7acbbfa7c0716c2a

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_js3iq2ig.n0b.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
68615c55e603e529aa287dd7ae56ecf6

SHA1
47b47ef908a61e56f78f2c9290d5fb5064ec1965

SHA256
33621b0e76fbce0bc5d5b8271ecb4f10a86c29b1e9026ac4076a01f8c627d224

SHA512
bd31169e229adf20edace9ace414027fb103836ad35eea9e11b59d8c5c081c31fa17385d515eac15abbdca9b8372f6237bffff8ace66f84f184c2175664fa17b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
cf7fe45fe3e26ef7acbc8926c15d44de

SHA1
acc726f2c4d8536afc8f1fb3433364d6c323a8d3

SHA256
c91155debdf8656d7ab0f0e762b965e1897db539e7e349ad93828f60dfd8cd43

SHA512
3dd537f47a3ae49b62ff8c8e1fb6090f5a862fc57a39f426011b6626416d7e5a11e5a1ff0c27e0785e9f1d80c138f10ec9184820a42250520a11f8d56f8a848a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
ebf5e9a3056103dfdc20869b27ab92f6

SHA1
0ef19e4b30f8cb6de5afbd490398a6164540745f

SHA256
941c6f2633ef784180e07fd77c15b28cfef5c9fc63fc1943934a79a2e8d1551b

SHA512
a7b0adda634e54aa460f63ecb26c9c4dfca227f91022951189e0eb949ee477fb6e4ee6f0dd11d49a3675095096a416ae0393572a9d6e597b551f02fe4b1a9a7d

Download Submit
C:\Users\Admin\Downloads\Discord-Gen-Bot-main.zip

Filesize
19KB

MD5
e374ec8028768ec1cab938ac72b97188

SHA1
4428c05e48f534e95678de8c3b622f3ac21012d4

SHA256
9bf9ac6f521d8d860fbc2a6a623a4daf3568d714942c274bfa4a09e64a371ba6

SHA512
d83752ede91c4d654302446ceab93b26482a1f24c43cd5e8bda863be7a3fa5c21406969fb63b6d2841cbd4e7c0f8c784d57779a48b0407c460d840adc28b736c

Download Submit
C:\Users\Admin\Downloads\Discord-Gen-Bot-main.zip:Zone.Identifier

Filesize
163B

MD5
b6dc22ed43a932bf72e26b06549a9c4a

SHA1
c30453827fa33b61357025b10e4858d32e6665e8

SHA256
e36593a883b71c7013de1afbb2427773aee07a1b9d88474078037bcbf19ec645

SHA512
0cab3d02c2e0d41c81e7c50bef815d65b25f5366399bf7cd83893dc443e8ba0c80ac2e3e162eac5a7d22b15c98de82673f62a54a010c7b3a2116ceedfb3ee941

Download Submit
C:\Users\Admin\Downloads\Nexus-MultiTool-Latest-v4.2.zip.crdownload

Filesize
13.9MB

MD5
94e0eac7981d4485b44d3e292323999e

SHA1
229586c3929bad3891fa5d2863c4d42d0fc1ed37

SHA256
5bffb1c89b7544c70de85819e8358b6f30a9057d3f3f0a6ddedae88f7848b2b7

SHA512
d714b229d5a116fa404e3df5d13a4bf7e99119a159cfac44f104e985827f2ab79cfa1815e8048a443459bf21d129d332dcc4badd0b409f6940e684debe58340e

Download Submit
C:\Users\Admin\Downloads\Nexus-MultiTool-Latest-v4.2.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\Ransomware.Jigsaw.zip

Filesize
239KB

MD5
3ad6374a3558149d09d74e6af72344e3

SHA1
e7be9f22578027fc0b6ddb94c09b245ee8ce1620

SHA256
86a391fe7a237f4f17846c53d71e45820411d1a9a6e0c16f22a11ebc491ff9ff

SHA512
21c21b36be200a195bfa648e228c64e52262b06d19d294446b8a544ff1d81f81eb2af74ddbdebc59915168db5dba76d0f0585e83471801d9ee37e59af0620720

Download Submit
C:\Users\Admin\Downloads\Ransomware.Jigsaw.zip:Zone.Identifier

Filesize
55B

MD5
0f98a5550abe0fb880568b1480c96a1c

SHA1
d2ce9f7057b201d31f79f3aee2225d89f36be07d

SHA256
2dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1

SHA512
dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6

Download Submit
C:\Users\Admin\Downloads\Ransomware.Unnamed_0.zip

Filesize
835KB

MD5
abc651b27b067fb13cb11e00d33e5226

SHA1
1869459025fcf845b90912236af43a5d8d0f14dd

SHA256
690339e6d19da0b5c63406d68484a4984736f6c7159235afd9eeb2ae00cafc36

SHA512
4b85ae9001b9d1f11d57b6b2565ab0d468c3b8be469cad231e1203c4f6858af98d8e739b03fb849c2f3ec7b493781e88d32e7b7567c4b61cc1189daeea285bbf

Download Submit
C:\Users\Admin\Downloads\Reliant-master.zip:Zone.Identifier

Filesize
161B

MD5
e12567bfe7a96000456262e7917f4105

SHA1
51e34eabf276a0973e8e2e49bf8c38ce658d957d

SHA256
66db4135d2f0347351cd90d971cdfc40d95abc9762081ebe0219635c5b98202d

SHA512
8b3015852999e2e4f29fb26e0aa5b4d273144b2074a0260fa8192852bd46e9050b17706df87c5ebf1254b1c9157dfee68cf77dfac7cb7142ddfb2aa70032dee8

Download Submit
C:\Users\Admin\Downloads\Reliant.zip:Zone.Identifier

Filesize
616B

MD5
6abd33c8d63445d25e4858c8fad7331d

SHA1
33898b36a67e94f5dbe9a8e2c76ae3ffb495ce3f

SHA256
f9dc43f717f22e50040b8706699b62382fe40222f8e44ff24406e8f5968c5e85

SHA512
c7c9147aac0b915b8557ab9b9573103a54ea19358476b67e84a91a12b99bce6b4be0eaa3b23fadc43a126a113e7390f5537ec0fe9a57afa4d820503c46789150

Download Submit
C:\Users\Admin\Downloads\Shrek-Tools.zip

Filesize
6.4MB

MD5
2520943d7fa3e65f327e9fc1c40863b3

SHA1
b65e59c20ff4cea56a7a20466d8f9b645ae36144

SHA256
cb711d5d9fde75a20cc15b4166d292084be69a41a5a73f5447a53c4ff9bd6f18

SHA512
cd8b05099ca35fdb361539c98f68ac7b30fb72bd459a7a4cede46f9e218e7c8eabe8eb0ff2bf0918f06342891a9421c3d594372c396df230e789ec7f9617391e

Download Submit
C:\Users\Admin\Downloads\Xvirus-Tools-1.7.1.zip.crdownload

Filesize
41KB

MD5
49b8031f045898b246c6efd27842f948

SHA1
7dbe30c4f6f0a1ca4bf9d99fc11b292e7ae62cfc

SHA256
43d4f8e901cf19bad05ecd05fdd411b460b2eabb3ee4bc6e91e70d0b0af8032c

SHA512
1fcbac56b7ce0ac8b7b8973cd4b9f9fa6568f7000d4259a379839423e945c0ac8e2186d9888597906f69e5d0fb6552132dd8ce3fad16c66cca3b5931f75d4785

Download Submit
C:\Users\Admin\Downloads\Xvirus-Tools-1.7.1.zip:Zone.Identifier

Filesize
174B

MD5
c544c538c300ad9d5e633cd122e854a7

SHA1
6752e02e2d96dfdc9d25f94d535984fa200a9f1c

SHA256
dd15d3cf721124a3e8dcf9d4e1f326da171eb888fa77f1a5cb4fa1c88a876f0a

SHA512
a5c6dbdd0403513e7cae1cc6a5b513ad7280fc11d9f0ae8a0e97569c61b7bdd3b173fcdd046c4da7d5bdc44b1f4eb52cb09736865eb4e09e9612801c23f65256

Download Submit
memory/1820-2569-0x0000016CA3970000-0x0000016CA3992000-memory.dmp

Filesize
136KB

Download
memory/1820-2573-0x0000016CA4620000-0x0000016CA4DC6000-memory.dmp

Filesize
7.6MB

Download
memory/3908-3009-0x0000000004E20000-0x0000000004E2C000-memory.dmp

Filesize
48KB

Download
memory/3908-3014-0x0000000005120000-0x00000000051E9000-memory.dmp

Filesize
804KB

Download
memory/3908-3007-0x0000000004EE0000-0x0000000004F72000-memory.dmp

Filesize
584KB

Download
memory/3908-3005-0x0000000004D80000-0x0000000004D8A000-memory.dmp

Filesize
40KB

Download
memory/3908-3015-0x0000000005310000-0x00000000053AC000-memory.dmp

Filesize
624KB

Download
memory/3908-3008-0x00000000054B0000-0x0000000005586000-memory.dmp

Filesize
856KB

Download
memory/3908-2996-0x00000000002E0000-0x00000000003C8000-memory.dmp

Filesize
928KB

Download
memory/4172-3061-0x0000000000400000-0x00000000004C9000-memory.dmp

Filesize
804KB

Download
memory/4172-3018-0x0000000000400000-0x00000000004C9000-memory.dmp

Filesize
804KB

Download
memory/4172-3016-0x0000000000400000-0x00000000004C9000-memory.dmp

Filesize
804KB

Download
memory/4488-3212-0x000000001BF30000-0x000000001BF38000-memory.dmp

Filesize
32KB

Download
memory/4896-3180-0x000000001BBA0000-0x000000001BC3C000-memory.dmp

Filesize
624KB

Download
memory/4896-3179-0x000000001B630000-0x000000001BAFE000-memory.dmp

Filesize
4.8MB

Download
memory/4896-3178-0x0000000000BF0000-0x0000000000C28000-memory.dmp

Filesize
224KB

Download