jigsaw | 60741f2c4ef30ca4dfda69a549cdd20a2edb402b02c4bbe4a8d65e538e52f6b4

Analysis

max time kernel
149s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
29-10-2024 17:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

udasf.exe
Size

5.4MB
MD5

4171108985acf10ed305458034045917
SHA1

696e0d48b0395a328655e4149edea73a0bdd3bbd
SHA256

60741f2c4ef30ca4dfda69a549cdd20a2edb402b02c4bbe4a8d65e538e52f6b4
SHA512

4348fcb4b2835d16deca4668f933349c41e0f56f3f5297331b1e9891ba5fbb04a3953411b11cdbaa2975671c6d0ef719f011931efdd3e7b232301d501313e4f0
SSDEEP

12288:7fu5cCT7yYlWi8kTfMLJTOAZiYSXjyqX:725cKlWi

Score

10^/10

jigsaw discovery persistence ransomware spyware stealer

Malware Config

Signatures

Jigsaw Ransomware
Ransomware family first created in 2016. Named based on wallpaper set after infection in the early versions.
ransomware jigsaw
Jigsaw family
jigsaw
Renames multiple (3741) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

udasf.exe

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	udasf.exe

Executes dropped EXE 1 IoCs

Processes:

drpbx.exe

pid	Process
4432	drpbx.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

udasf.exe

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\firefox.exe = "C:\\Users\\Admin\\AppData\\Roaming\\Frfx\\firefox.exe"	udasf.exe

Drops file in Program Files directory 64 IoCs

Processes:

drpbx.exe

description	ioc	Process
File opened for modification	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Store\Wide310x150Logo.scale-200.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageSplashScreen.scale-400_contrast-black.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\AppIcon.targetsize-72.png	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\ca-es\ui-strings.js.fun	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxAccountsStoreLogo.scale-100.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailAppList.targetsize-32.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\Win10\Classic\Klondike.Wide.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\MapsAppList.targetsize-16_altform-lightunplated.png	drpbx.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\s_filetype_xd.svg	drpbx.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\management-agent.jar	drpbx.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_filter-focus_32.svg	drpbx.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_rename_18.svg	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\BuildInfo.xml	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\StoreLogo.scale-100.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Work\contrast-white\MedTile.scale-100.png	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\pl-pl\ui-strings.js.fun	drpbx.exe
File created	C:\Program Files\7-Zip\Lang\zh-cn.txt.fun	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftEdge.Stable_92.0.902.67_neutral__8wekyb3d8bbwe\AppxManifest.xml	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-100_8wekyb3d8bbwe\AppxManifest.xml	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_neutral_split.scale-100_kzf8qxf38zg5c\Assets\Images\SkypeWideTile.scale-100_contrast-black.png	drpbx.exe
File opened for modification	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color48.jpg	drpbx.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\adobe_spinner.gif	drpbx.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_anonymoususer_18.svg	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.targetsize-256.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\210x173\75.jpg	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\dismiss.contrast-white.png	drpbx.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\sendforcomments.svg	drpbx.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themeless\review_poster.jpg	drpbx.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\cs-cz\ui-strings.js	drpbx.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\ko_get.svg	drpbx.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\themes\dark\dot_2x.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\AppIcon.targetsize-36_contrast-black.png	drpbx.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\da-dk\ui-strings.js	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.contrast-black_targetsize-48.png	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\ru-ru\ui-strings.js.fun	drpbx.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sv.txt	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2018.826.98.0_neutral_split.scale-200_8wekyb3d8bbwe\AppxManifest.xml	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Wide310x150Logo.scale-200.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\jscripts\wefgallerywinrt.js	drpbx.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\zh-cn\ui-strings.js.fun	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\@1x\themes\dark\[email protected]	drpbx.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.scale-100.png	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\sl-si\ui-strings.js.fun	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-48.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.targetsize-30_altform-colorize.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\Programmer.targetsize-20_contrast-black.png	drpbx.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons2x.png	drpbx.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\fr_get.svg	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\InsiderHubMedTile.scale-100_contrast-white.png	drpbx.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.scale-140.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-36_altform-unplated_contrast-black.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailWideTile.scale-200.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Home\contrast-white\LargeTile.scale-200.png	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themeless\redact_poster.jpg.fun	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x64__8wekyb3d8bbwe\Microsoft.Advertising\ormma.js	drpbx.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\es-es\ui-strings.js	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-32_contrast-black.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\LargeTile.scale-100_contrast-black.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\OutlookMailWideTile.scale-200.png	drpbx.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\js\selector.js	drpbx.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sk.txt	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\webviewCore.min.js	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AlarmsAppList.contrast-white_scale-125.png	drpbx.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133746949376692917"	chrome.exe

Modifies registry class 1 IoCs

Processes:

chrome.exe

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-940901362-3608833189-1915618603-1000\{29A9E1AC-D748-4811-A39D-06AFB28E0C33}	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

chrome.exechrome.exe

pid	Process
1728	chrome.exe
1728	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

Processes:

chrome.exe

pid	Process
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exeAUDIODG.EXE

description	pid	Process
Token: SeShutdownPrivilege	1728	chrome.exe
Token: SeCreatePagefilePrivilege	1728	chrome.exe
Token: SeShutdownPrivilege	1728	chrome.exe
Token: SeCreatePagefilePrivilege	1728	chrome.exe
Token: SeShutdownPrivilege	1728	chrome.exe
Token: SeCreatePagefilePrivilege	1728	chrome.exe
Token: SeShutdownPrivilege	1728	chrome.exe
Token: SeCreatePagefilePrivilege	1728	chrome.exe
Token: SeShutdownPrivilege	1728	chrome.exe
Token: SeCreatePagefilePrivilege	1728	chrome.exe
Token: SeShutdownPrivilege	1728	chrome.exe
Token: SeCreatePagefilePrivilege	1728	chrome.exe
Token: SeShutdownPrivilege	1728	chrome.exe
Token: SeCreatePagefilePrivilege	1728	chrome.exe
Token: SeShutdownPrivilege	1728	chrome.exe
Token: SeCreatePagefilePrivilege	1728	chrome.exe
Token: SeShutdownPrivilege	1728	chrome.exe
Token: SeCreatePagefilePrivilege	1728	chrome.exe
Token: SeShutdownPrivilege	1728	chrome.exe
Token: SeCreatePagefilePrivilege	1728	chrome.exe
Token: SeShutdownPrivilege	1728	chrome.exe
Token: SeCreatePagefilePrivilege	1728	chrome.exe
Token: SeShutdownPrivilege	1728	chrome.exe
Token: SeCreatePagefilePrivilege	1728	chrome.exe
Token: SeShutdownPrivilege	1728	chrome.exe
Token: SeCreatePagefilePrivilege	1728	chrome.exe
Token: SeShutdownPrivilege	1728	chrome.exe
Token: SeCreatePagefilePrivilege	1728	chrome.exe
Token: SeShutdownPrivilege	1728	chrome.exe
Token: SeCreatePagefilePrivilege	1728	chrome.exe
Token: SeShutdownPrivilege	1728	chrome.exe
Token: SeCreatePagefilePrivilege	1728	chrome.exe
Token: SeShutdownPrivilege	1728	chrome.exe
Token: SeCreatePagefilePrivilege	1728	chrome.exe
Token: SeShutdownPrivilege	1728	chrome.exe
Token: SeCreatePagefilePrivilege	1728	chrome.exe
Token: SeShutdownPrivilege	1728	chrome.exe
Token: SeCreatePagefilePrivilege	1728	chrome.exe
Token: SeShutdownPrivilege	1728	chrome.exe
Token: SeCreatePagefilePrivilege	1728	chrome.exe
Token: 33	884	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	884	AUDIODG.EXE
Token: SeShutdownPrivilege	1728	chrome.exe
Token: SeCreatePagefilePrivilege	1728	chrome.exe
Token: SeShutdownPrivilege	1728	chrome.exe
Token: SeCreatePagefilePrivilege	1728	chrome.exe
Token: SeShutdownPrivilege	1728	chrome.exe
Token: SeCreatePagefilePrivilege	1728	chrome.exe
Token: SeShutdownPrivilege	1728	chrome.exe
Token: SeCreatePagefilePrivilege	1728	chrome.exe
Token: SeShutdownPrivilege	1728	chrome.exe
Token: SeCreatePagefilePrivilege	1728	chrome.exe
Token: SeShutdownPrivilege	1728	chrome.exe
Token: SeCreatePagefilePrivilege	1728	chrome.exe
Token: SeShutdownPrivilege	1728	chrome.exe
Token: SeCreatePagefilePrivilege	1728	chrome.exe
Token: SeShutdownPrivilege	1728	chrome.exe
Token: SeCreatePagefilePrivilege	1728	chrome.exe
Token: SeShutdownPrivilege	1728	chrome.exe
Token: SeCreatePagefilePrivilege	1728	chrome.exe
Token: SeShutdownPrivilege	1728	chrome.exe
Token: SeCreatePagefilePrivilege	1728	chrome.exe
Token: SeShutdownPrivilege	1728	chrome.exe
Token: SeCreatePagefilePrivilege	1728	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

Processes:

drpbx.exechrome.exe

pid	Process
4432	drpbx.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	Process
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

udasf.exechrome.exe

description	pid	Process	procid_target
PID 4588 wrote to memory of 4432	4588	udasf.exe	87
PID 4588 wrote to memory of 4432	4588	udasf.exe	87
PID 1728 wrote to memory of 2264	1728	chrome.exe	108
PID 1728 wrote to memory of 2264	1728	chrome.exe	108
PID 1728 wrote to memory of 5064	1728	chrome.exe	109
PID 1728 wrote to memory of 5064	1728	chrome.exe	109
PID 1728 wrote to memory of 5064	1728	chrome.exe	109
PID 1728 wrote to memory of 5064	1728	chrome.exe	109
PID 1728 wrote to memory of 5064	1728	chrome.exe	109
PID 1728 wrote to memory of 5064	1728	chrome.exe	109
PID 1728 wrote to memory of 5064	1728	chrome.exe	109
PID 1728 wrote to memory of 5064	1728	chrome.exe	109
PID 1728 wrote to memory of 5064	1728	chrome.exe	109
PID 1728 wrote to memory of 5064	1728	chrome.exe	109
PID 1728 wrote to memory of 5064	1728	chrome.exe	109
PID 1728 wrote to memory of 5064	1728	chrome.exe	109
PID 1728 wrote to memory of 5064	1728	chrome.exe	109
PID 1728 wrote to memory of 5064	1728	chrome.exe	109
PID 1728 wrote to memory of 5064	1728	chrome.exe	109
PID 1728 wrote to memory of 5064	1728	chrome.exe	109
PID 1728 wrote to memory of 5064	1728	chrome.exe	109
PID 1728 wrote to memory of 5064	1728	chrome.exe	109
PID 1728 wrote to memory of 5064	1728	chrome.exe	109
PID 1728 wrote to memory of 5064	1728	chrome.exe	109
PID 1728 wrote to memory of 5064	1728	chrome.exe	109
PID 1728 wrote to memory of 5064	1728	chrome.exe	109
PID 1728 wrote to memory of 5064	1728	chrome.exe	109
PID 1728 wrote to memory of 5064	1728	chrome.exe	109
PID 1728 wrote to memory of 5064	1728	chrome.exe	109
PID 1728 wrote to memory of 5064	1728	chrome.exe	109
PID 1728 wrote to memory of 5064	1728	chrome.exe	109
PID 1728 wrote to memory of 5064	1728	chrome.exe	109
PID 1728 wrote to memory of 5064	1728	chrome.exe	109
PID 1728 wrote to memory of 5064	1728	chrome.exe	109
PID 1728 wrote to memory of 2904	1728	chrome.exe	110
PID 1728 wrote to memory of 2904	1728	chrome.exe	110
PID 1728 wrote to memory of 2724	1728	chrome.exe	111
PID 1728 wrote to memory of 2724	1728	chrome.exe	111
PID 1728 wrote to memory of 2724	1728	chrome.exe	111
PID 1728 wrote to memory of 2724	1728	chrome.exe	111
PID 1728 wrote to memory of 2724	1728	chrome.exe	111
PID 1728 wrote to memory of 2724	1728	chrome.exe	111
PID 1728 wrote to memory of 2724	1728	chrome.exe	111
PID 1728 wrote to memory of 2724	1728	chrome.exe	111
PID 1728 wrote to memory of 2724	1728	chrome.exe	111
PID 1728 wrote to memory of 2724	1728	chrome.exe	111
PID 1728 wrote to memory of 2724	1728	chrome.exe	111
PID 1728 wrote to memory of 2724	1728	chrome.exe	111
PID 1728 wrote to memory of 2724	1728	chrome.exe	111
PID 1728 wrote to memory of 2724	1728	chrome.exe	111
PID 1728 wrote to memory of 2724	1728	chrome.exe	111
PID 1728 wrote to memory of 2724	1728	chrome.exe	111
PID 1728 wrote to memory of 2724	1728	chrome.exe	111
PID 1728 wrote to memory of 2724	1728	chrome.exe	111
PID 1728 wrote to memory of 2724	1728	chrome.exe	111
PID 1728 wrote to memory of 2724	1728	chrome.exe	111
PID 1728 wrote to memory of 2724	1728	chrome.exe	111
PID 1728 wrote to memory of 2724	1728	chrome.exe	111
PID 1728 wrote to memory of 2724	1728	chrome.exe	111
PID 1728 wrote to memory of 2724	1728	chrome.exe	111
PID 1728 wrote to memory of 2724	1728	chrome.exe	111
PID 1728 wrote to memory of 2724	1728	chrome.exe	111
PID 1728 wrote to memory of 2724	1728	chrome.exe	111
PID 1728 wrote to memory of 2724	1728	chrome.exe	111

C:\Users\Admin\AppData\Local\Temp\udasf.exe
"C:\Users\Admin\AppData\Local\Temp\udasf.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:4588
- C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe
  "C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe" C:\Users\Admin\AppData\Local\Temp\udasf.exe
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - Suspicious use of FindShellTrayWindow
  PID:4432

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffd3336cc40,0x7ffd3336cc4c,0x7ffd3336cc58
  2⤵
  PID:2264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2000,i,16185104138797659748,1665039512118030696,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1996 /prefetch:2
  2⤵
  PID:5064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1736,i,16185104138797659748,1665039512118030696,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2044 /prefetch:3
  2⤵
  PID:2904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2264,i,16185104138797659748,1665039512118030696,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2276 /prefetch:8
  2⤵
  PID:2724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3156,i,16185104138797659748,1665039512118030696,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:2476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3228,i,16185104138797659748,1665039512118030696,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:3764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4536,i,16185104138797659748,1665039512118030696,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4600 /prefetch:1
  2⤵
  PID:432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4056,i,16185104138797659748,1665039512118030696,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4744 /prefetch:8
  2⤵
  PID:3440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4780,i,16185104138797659748,1665039512118030696,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4900 /prefetch:8
  2⤵
  PID:3136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5100,i,16185104138797659748,1665039512118030696,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5104 /prefetch:8
  2⤵
  PID:1424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4808,i,16185104138797659748,1665039512118030696,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4796 /prefetch:8
  2⤵
  PID:4616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4900,i,16185104138797659748,1665039512118030696,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4856 /prefetch:1
  2⤵
  PID:3216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4072,i,16185104138797659748,1665039512118030696,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:2112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5380,i,16185104138797659748,1665039512118030696,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5376 /prefetch:1
  2⤵
  PID:1172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5456,i,16185104138797659748,1665039512118030696,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5448 /prefetch:1
  2⤵
  PID:1620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3232,i,16185104138797659748,1665039512118030696,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:4000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=3440,i,16185104138797659748,1665039512118030696,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:1696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4608,i,16185104138797659748,1665039512118030696,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5480 /prefetch:1
  2⤵
  PID:4576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4456,i,16185104138797659748,1665039512118030696,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4188 /prefetch:8
  2⤵
  PID:5100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5716,i,16185104138797659748,1665039512118030696,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5692 /prefetch:8
  2⤵
  - Modifies registry class
  PID:2368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4664,i,16185104138797659748,1665039512118030696,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4468 /prefetch:8
  2⤵
  PID:1068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5232,i,16185104138797659748,1665039512118030696,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5604 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3512

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4616

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:572

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x318 0x2ec
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:884

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_remove_18.svg.fun

Filesize
720B

MD5
75a585c1b60bd6c75d496d3b042738d5

SHA1
02c310d7bf79b32a43acd367d031b6a88c7e95ed

SHA256
5ebbfc6df60e21044486a5df3cb47ccdcd7a4d5f197804555715ffd9bf6c5834

SHA512
663a302e651b9167f4c4e6ae30028307b4d8da0dda3a0e5fd414104951d50419862fc9396c5b39fe5c4b696efd3efbf0b575688983b1d341f3ef38becf500505

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons.png.fun

Filesize
7KB

MD5
72269cd78515bde3812a44fa4c1c028c

SHA1
87cada599a01acf0a43692f07a58f62f5d90d22c

SHA256
7c78b3da50c1135a9e1ecace9aea4ea7ac8622d2a87b952fc917c81010c953f7

SHA512
3834b7a8866e8656bbdbf711fc400956e9b7a14e192758f26ccf31d8f6ab8e34f7b1983c1845dc84e45ff70555e423d54a475f6a668511d3bcbdd1d460eeb4b0

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons_ie8.gif.fun

Filesize
7KB

MD5
eda4add7a17cc3d53920dd85d5987a5f

SHA1
863dcc28a16e16f66f607790807299b4578e6319

SHA256
97f6348eaa48800e603d11fa22c62e10682ad919e7af2b2e59d6bd53937618f2

SHA512
d59fa9648dc7cb76a5163014f91b6d65d33aaa86fc9d9c73bf147943a3254b4c4f77f06b2e95bb8f94246a982ea466eb33dac9573dd62f40953fd23de1c1b498

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons_retina.png.fun

Filesize
15KB

MD5
7dbb12df8a1a7faae12a7df93b48a7aa

SHA1
07800ce598bee0825598ad6f5513e2ba60d56645

SHA256
aecde4eb94a19095495d76ef3189a9abd45bcfd41acbed7705d22b4c7d00aa77

SHA512
96e454ebb4c96573e8edc6822290c22d425f4c7f7adbab35e6dc4b3ce04a5916ae9254c2c312c98299835ecbf3c5aa95da2939b8408ac25fbae44ba87a3795dc

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\new_icons.png.fun

Filesize
8KB

MD5
82a2e835674d50f1a9388aaf1b935002

SHA1
e09d0577da42a15ec1b71a887ff3e48cfbfeff1a

SHA256
904372666ca3c40f92b20317d92ca531678958affbc34591401e338146fe0ecb

SHA512
b10a8e384d0bd088443a5085f5c22a296f6f4d295a053d4526690ba65846e887daec47d01cf18fdf1160db98061a8b7c4040de56e6e604451a821fadccf32698

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\new_icons_retina.png.fun

Filesize
17KB

MD5
150c9a9ed69b12d54ada958fcdbb1d8a

SHA1
804c540a51a8d14c6019d3886ece68f32f1631d5

SHA256
2dee41184747742fbdc527b2023d67fecec1ccdfdf258439a06cd75d4fd33f43

SHA512
70193ee6f0919eb14311f43b5a5da041deacb568db55fc43290ee76e17af902ac468435b37a150630ea3b7871c724073915ae5dcba3c301ac42f2d68dd598e2f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon.png.fun

Filesize
448B

MD5
880833ad1399589728c877f0ebf9dce0

SHA1
0a98c8a78b48c4b1b4165a2c6b612084d9d26dce

SHA256
7a27d891097df183fbf0031e3894bdac0ce77aef15d666ddd9f6a04e9836fb27

SHA512
0ddf247892a72a390437390d535debf6e41d12e51b31eb4f0353b710ec380c5fbc531a48e76935088063a41aca843287d3def9c1cd46be05b8dcb69f5017a464

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_2x.png.fun

Filesize
624B

MD5
409a8070b50ad164eda5691adf5a2345

SHA1
e84e10471f3775d5d706a3b7e361100c9fbfaf74

SHA256
a91790b778026db625c9dedfe1c6d94b884818b33d7977e86b2f9c2f3c500796

SHA512
767a75edd37d29b3433040ce21cda849cd11ba549f27581f7edc6416c433ba7047c56908d40956422393ab0f35ede61617d4bd2aad0bde3d1ebd276584c858c7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover.png.fun

Filesize
400B

MD5
2884524604c89632ebbf595e1d905df9

SHA1
b6053c85110b0364766e18daab579ac048b36545

SHA256
ae2facd997527426fc4def82e0db68be29b44499bfff86a28c36f7c31b177d4f

SHA512
0b506397627823a1768796129c6b37d146821471b89338b5f2d0fd3aea707fd46a8e197ee0e298ddfb3b50eef0a0b064946006346b060f733ef19cbd5d24fc90

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover_2x.png.fun

Filesize
560B

MD5
e092d14d26938d98728ce4698ee49bc3

SHA1
9f8ee037664b4871ec02ed6bba11a5317b9e784a

SHA256
5e8ec278a273be22199884d519a79f748801baa3a45b76e57569fdfffe96e7fb

SHA512
b2fcb5d46339cdf6b5a954f2a083cf913779e57cb6e8699bc5da1fba1c370c41117b7ddefb50075622067eb7b02a20268bc047171bd883bcda4a497c2ec64ea4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon.png.fun

Filesize
400B

MD5
0c680b0b1e428ebc7bff87da2553d512

SHA1
f801dedfc3796d7ec52ee8ba85f26f24bbd2627c

SHA256
9433084e61062d2b709c1390e298ddaf3fb0226656662c04c0b7026a44dee750

SHA512
2d1399a6bf225b048d2b12656e941ad912636acae2dec387f92f33ac80629a1e504bca63580ba73a8ed073788f697274d5eb76ea1b089f0555fd397a8f5cbbff

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png.fun

Filesize
560B

MD5
be26a499465cfbb09a281f34012eada0

SHA1
b8544b9f569724a863e85209f81cd952acdea561

SHA256
9095e9b4759e823e96984981af41b7a9915a5ecaa6be769f89c13484cef9e0f5

SHA512
28196e5de9670e9f63adcf648368bd3ea5926a03e28a13adc2fb69c567fba2f84e4f162637c487acb64eda2e30993f849806f2313820ba693c7e70303542d04f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png.fun

Filesize
400B

MD5
2de4e157bf747db92c978efce8754951

SHA1
c8d31effbb9621aefac55cf3d4ecf8db5e77f53d

SHA256
341976b4fe312824d02512d74770a6df9e1c37123781655532bd9cd97ea65fa9

SHA512
3042a742c38434ae3ee4fe10f7137462cdebad5cae0f9a85fb61063d15a30e1b54ac878b1af65f699c6ca1a9d2c3e58d245e54bdebfadc460cbd060836734e11

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png.fun

Filesize
560B

MD5
ad091690b979144c795c59933373ea3f

SHA1
5d9e481bc96e6f53b6ff148b0da8417f63962ada

SHA256
7805ac9d0e05d560023e5aabed960d842e4f3ec2aa3db45a9cfb541688e2edb1

SHA512
23b4c799a7b25f70962e8dd0ec7286ba7150053cab7c88f5fb1efc1095c2987bd6f3572e7fb3ee4b2238958e52a763de2c84a74615df7a6d3a19a034584fd687

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\example_icons.png.fun

Filesize
688B

MD5
65368c6dd915332ad36d061e55d02d6f

SHA1
fb4bc0862b192ad322fcb8215a33bd06c4077c6b

SHA256
6f9c7ebec5a707de439e3fd2e278fdfa07a39465d56157b70b24f091509bf76f

SHA512
8bb9a7690aeb3c0b9e14e1a6ebc5741536d354cf2324fd74ee0c3e4ef511718f7795039a94c8d2df94b6e6d0fb1762191cb649089d1def12abdf34003f0cdd0f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\example_icons2x.png.fun

Filesize
1KB

MD5
0d35b2591dc256d3575b38c748338021

SHA1
313f42a267f483e16e9dd223202c6679f243f02d

SHA256
1ca0cfc2df0354c8d886285ae5e743d9c7cc030e1afd68ac113c0f2ce43ad5fa

SHA512
f6c58c27bbde7508a866bd0e7fabadb13a4f020378cd8b8cfc0c9fa23f645d811d6cdea04b81afdf30c064c6248152e74b3e6a78ec7a3d1d19037a0db8897d7e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\bg_pattern_RHP.png.fun

Filesize
192B

MD5
b8454390c3402747f7c5e46c69bea782

SHA1
e922c30891ff05939441d839bfe8e71ad9805ec0

SHA256
76f8ed1dd50e50c7d62b804a0d6901a93e5534787d7b38467933d4c12ce98a0d

SHA512
22b26c62473e80d17c1f78df14757ccfb6c7175faa541705edc153c02baa7ab0982b5daabe8dd2c8c9efb92af81f55ccaeeecffe8ed9a0b3c26e89135ca50923

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\bg_patterns_header.png.fun

Filesize
704B

MD5
6e333be79ea4454e2ae4a0649edc420d

SHA1
95a545127e10daea20fd38b29dcc66029bd3b8bc

SHA256
112f72ef2bc57de697b82b731775fba3f518d1ae072120cd11b732bf4a782e36

SHA512
bed5906c7373814acc8a54c1631428a17f0aa69282920447a1575d8db826afd5dab262301dc6da610ff8bb81d24ec6babd3d9fb99fd6945f1aca9cb9c76ec2c9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\illustrations.png.fun

Filesize
8KB

MD5
3ae8789eb89621255cfd5708f5658dea

SHA1
6c3b530412474f62b91fd4393b636012c29217df

SHA256
7c5b1d8469e232a58359ccbcb89e619c81c20e6d2c7579e4292eb9a19849bc5a

SHA512
f6998dbae1a2fa56f962045261a11a50b8e03573d9d4cf39083da3be341cc104e0ecf5908076f03961bcdb1356d05a7450d69940ec3aaab73623a6fe180e7051

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\illustrations_retina.png.fun

Filesize
19KB

MD5
b7c62677ce78fbd3fb9c047665223fea

SHA1
3218c7b6fd8be5e0a8b67d3953d37d5dbd0c71d8

SHA256
aa638be6e1107ed1f14e8430abedd6f6d0a837a31b1b63e6a7741d6d417eddc2

SHA512
9e0cc29835845f2a0260a6989c1b362bac22a8e0c2825bc18f1dde812ce7868503881d2deaf951429a80b5017b6ce31e785ff524883e08d730aa38b36a2fb074

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-gb\ui-strings.js.fun

Filesize
832B

MD5
117d6f863b5406cd4f2ac4ceaa4ba2c6

SHA1
5cac25f217399ea050182d28b08301fd819f2b2e

SHA256
73acdc730d8a9ec8f340c724b4db96fc222bb1eaf836cec69dfe3fab8d6ac362

SHA512
e10883029c1e0fbc64bec9aac0a6957a8499af255e1790843717212077926474e02b2870c5dd04b057c956b97ad4bb1747fe73e731ea61b891f4b38dd80494d7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ui-strings.js.fun

Filesize
1KB

MD5
433755fcc2552446eb1345dd28c924eb

SHA1
23863f5257bdc268015f31ab22434728e5982019

SHA256
d6c290e942ee665d71e288229423a1f1866842988eac01f886910b0ec383aa9b

SHA512
de83b580ce27012a7677e1da867c91e2a42dbc6b5872dcf756ace51c2862801814665ecca997171f2e550e8b9a3de19994d2516a4e5d4d57e16c7b4b823236c0

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ui-strings.js.fun

Filesize
1KB

MD5
781ed8cdd7186821383d43d770d2e357

SHA1
99638b49b4cfec881688b025467df9f6f15371e8

SHA256
a955039cd9e53674395f4b758218e4d59c89e99a0c4d2a909e49f6008b8f5dd4

SHA512
87cb9c4288586df232200f7bbacee3dee04f31c9444902dd369ad5c392d71e9837ebf8b3bb0fcb4a5db8a879cf757e97ce248939e3316c6bf3a3fe7cbe579534

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\bun.png.fun

Filesize
2KB

MD5
51da980061401d9a49494b58225b2753

SHA1
3445ffbf33f012ff638c1435f0834db9858f16d3

SHA256
3fb25ddd378ab756ec9faa56f16b76691cf6d9c7405bb9a09ce542a6f5b94e44

SHA512
ecc5eb2a045ce2508d461b999f16caba6cce55aa0c00b34bd73a33e0458795f93a77caff5026212912684164057be016f51dc57ec83821c2a1f2e27417c47b2c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview.png.fun

Filesize
2KB

MD5
2863e8df6fbbe35b81b590817dd42a04

SHA1
562824deb05e2bfe1b57cd0abd3fc7fbec141b7c

SHA256
7f1238332901b740cde70db622abcfb533fc02f71e93101340073552f4820dad

SHA512
7b2d95465ea66951ea05c341549535a0a939d26dbde365b212e3983e4047fa6912c37d737cb8054c41bb1a7d92586d968a0154c666572a70ebc59a4776897f38

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview2x.png.fun

Filesize
4KB

MD5
79f6f006c95a4eb4141d6cedc7b2ebeb

SHA1
012ca3de08fb304f022f4ea9565ae465f53ab9e8

SHA256
e9847d0839d3cf1039bebdc49820ee7813d70941347ce420990592e5e3bd998e

SHA512
c143a4cf1ccfa98039b73214978722408188535ee4aa3dac08a34760b94bdf6d36ad0ff0de893da5b17fd69c96a6dfb25098ab7fec219fad1a77532113d0353e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small.png.fun

Filesize
304B

MD5
b88e3983f77632fa21f1d11ac7e27a64

SHA1
03a2b008cc3fe914910b0250ed4d49bd6b021393

SHA256
8469b8a64e80d662eec71c50513f6d295ef4a3a9992763dbcac9d81253cef9d5

SHA512
5bf93d4f4250ca96169f3d27d4e648cc5d6e00b7558a3ef32e07edcbae36dadb8008d7ba5f83ac3ed812b72c9d52730e866191b4de7a339df57b5697e00df50d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small2x.png.fun

Filesize
400B

MD5
f77086a1d20bca6ba75b8f2fef2f0247

SHA1
db7c58faaecd10e4b3473b74c1277603a75d6624

SHA256
cf10d2a22b638cf0978cf30ecaf39ecb5bb0e3ad78cd920afa433ad60cc1290d

SHA512
a77a897c0b41f4052cb9546d4cfd6e0856b288b6b8583a86d6c7e79059a05b19cc2593599251581e79107235e9d5cd589c392bf490452be04ff57e944cd19df3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\nub.png.fun

Filesize
1008B

MD5
e03c9cd255f1d8d6c03b52fee7273894

SHA1
d0e9a9e6efd1746bc9ccb4eb8e7701c1cd707e2e

SHA256
22a34c8321384fc7682102e40d082e7812232a9109e4d4e8fa2152fda3f260f6

SHA512
d4bd002197b725316e1f1f2dd0a70ee44a82a53ac0dafa8c6b1166343adc406e147d0c4cca30d65a32aa545f1b327c6b69c0ec1d15330af48a6faa234dc4b5ac

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons.png.fun

Filesize
1KB

MD5
62b1443d82968878c773a1414de23c82

SHA1
192bbf788c31bc7e6fe840c0ea113992a8d8621c

SHA256
4e96529c023168df8dde241a9acdbf4788ea65bc35605e18febff2b2071f1e24

SHA512
75c8604ea65e0cdd9ea74b4802930444dd16a945da1e7f0af4a9a3762259ee9eb41ea96973555d06f4814ee2f6b73ab662c6b314b97876e9628fa5d4536e771c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons2x.png.fun

Filesize
2KB

MD5
bca915870ae4ad0d86fcaba08a10f1fa

SHA1
7531259f5edae780e684a25635292bf4b2bb1aac

SHA256
d153ed6c5ea8c2c2f1839f8dadcc730f61bd8cd86ad732bab002a258dea1d037

SHA512
03f23de6b0ae10e63c41e73308b3844d49379c55d2df75fa1dc00771b26253d832c21081d8289f04260369df996e31273b7c0788cf3b5c78a27ec909f14a283a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\nl-nl\ui-strings.js.fun

Filesize
848B

MD5
14145467d1e7bd96f1ffe21e0ae79199

SHA1
5db5fbd88779a088fd1c4319ff26beb284ad0ff3

SHA256
7a75b8ec8809c460301f30e1960b13c518680792e5c743ce7e9a7f691cfafc38

SHA512
762d499c54c5a25aba4357a50bb4e6b47451babeda84fa62cfbd649f8350bca55204ad002883b9147e78dda3dbabaae8da1dc94b716204226bb53326030772b7

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.fun

Filesize
32KB

MD5
829165ca0fd145de3c2c8051b321734f

SHA1
f5cc3af85ab27c3ea2c2f7cbb8295b28a76a459e

SHA256
a193ee2673e0ba5ebc5ea6e65665b8a28bd7611f06d2b0174ec2076e22d94356

SHA512
7d380cda12b342a770def9d4e9c078c97874f3a30cd9f531355e3744a8fef2308f79878ffeb12ce26953325cb6a17bc7e54237dfdc2ee72b140ec295676adbcb

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\invalid32x32.gif.fun

Filesize
160B

MD5
580ee0344b7da2786da6a433a1e84893

SHA1
60f8c4dd5457e9834f5402cb326b1a2d3ca0ba7e

SHA256
98b6c2ddfefc628d03ceaef9d69688674a6bc32eb707f9ed86bc8c75675c4513

SHA512
356d2cdea3321e894b5b46ad1ea24c0e3c8be8e3c454b5bd300b7340cbb454e71fc89ca09ea0785b373b483e67c2f6f6bb408e489b0de4ff82d5ed69a75613ba

Download Submit
C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe

Filesize
5.4MB

MD5
4171108985acf10ed305458034045917

SHA1
696e0d48b0395a328655e4149edea73a0bdd3bbd

SHA256
60741f2c4ef30ca4dfda69a549cdd20a2edb402b02c4bbe4a8d65e538e52f6b4

SHA512
4348fcb4b2835d16deca4668f933349c41e0f56f3f5297331b1e9891ba5fbb04a3953411b11cdbaa2975671c6d0ef719f011931efdd3e7b232301d501313e4f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
0cbe49c501b96422e1f72227d7f5c947

SHA1
4b0be378d516669ef2b5028a0b867e23f5641808

SHA256
750530732cba446649e872839c11e7b2a44e9fb5e053fc3b444678a5a8b262ac

SHA512
984ea25c89baf0eb1d9f905841bda39813a94e2d1923dfb42d7165f15c589bd7ff864040ec8f3f682f3c57702498efff15a499f7dc077dd722d84b47cf895931

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\559c2b22-2a74-46b0-82e8-e06b8c9ea8e7.tmp

Filesize
649B

MD5
549cdf273f58bab8f02bf50d9222bd69

SHA1
f2634940628f73de554501691f7864632bf8071f

SHA256
0cf3b0494ee70dd6fe04995f4cb38e3a918ce815ba6c67c00f4bb27eaafdebf7

SHA512
1e15a4bea83c0fef69cfbede170a95910565ecf7bfb28c9930fb1653db8070a16487902998088fc396eb64eddb24d56b9bb841e2ade0d0cac7d125f817ecbb5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
33KB

MD5
9c4cd1695073645d002e124cefa0616f

SHA1
d353781da218494103bd0840cd9f815ea2a22ba1

SHA256
77c43363b4ca1c52fe9dd3bac13fdf57cc823f711732ce06d1bac1393587fdf6

SHA512
a9cf980c05cf391c62de03051685b77f6cae1c59ce5534c4f142e54606c7fe925e552c73bc40b3facf512b80a59cc9303b98abacdfeda939cbae7d247eedeb99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
32KB

MD5
cfc9952a7b8ae80c33114d715e8051e8

SHA1
f95aa82bec8ceaef78be52fbeabb2d4dd4fe0cd3

SHA256
b0fdec8b18b9eac103d3ee4f84df4c137892ee904bc9f5d278a0564d68632372

SHA512
cd147895cdc181ab0c2a083df557a7a7613e08aefa9f029923b7ed217f03fe9a3d9b6abdcfc271b4c45865cfdf350f8f9bd9fc60c58ab29feab413d72687cb7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

Filesize
22KB

MD5
778ca3ed38e51e5d4967cd21efbdd007

SHA1
06e62821512a5b73931e237e35501f7722f0dbf4

SHA256
b7e1bfadb8d9c061f17a7234df012df7842ab1aa8fb6f9579fa3f0a3b4a75bc0

SHA512
5f6f02099ca8079305fb7e7f43ae4344d522271fe30379c0854d6a81b7d8adf408a50a4b799b5f52e6ed162ba6ce7fe97e24a2b9719df780e75683d3aa103d09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
888B

MD5
ebd4b7aecc962cefd691d799fddcb582

SHA1
1bb80e6bef4084cf207da02cbe1f2bca584e20ee

SHA256
1c3964e068f896a3f70ed8398f851a98cbdb966923479e88242be5667698e266

SHA512
cd504f542f8f20b5b27bdbfab0a97b51222959f95be18f7b6852f4cf95d9bb6f19286f30194b9cf0931e175c7af6f1dda8fb4c601110f04e74230da72fb77d92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
6c478691026005e137ce9145a6c11a1e

SHA1
290ca8961c1ceb8684dc978673ffd522d3bd7106

SHA256
5c821695b33216798f2112200df34beaeba36c660a78bc87dc2b7053fcca4717

SHA512
8e003364dcf84366531cb3173fe7c6325099af1c6fba899eb5d494cde53c8cb3e864321e250dc882c6e52282789f89f8467c1c3b53d2bd31b152196efb7071b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
f9617801ecbd56fd2b107ade2e41cb5f

SHA1
eca03fbcf357140aa1ee17f152bd552b6ce178aa

SHA256
5ede888d5706a607e5998763346c3c0dc9f1fbd80870895a5efe96c3c4f2386a

SHA512
a7d416dfc8f07b89a06ebb5e635a1d5f81994aabdcb10cfd1502275632d445b57d00cf11a387fdc7e2deddd9a313be9bed6ad374ead199757726a570667a70b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
859B

MD5
47e8bb14a72498a24306cde716e4c83b

SHA1
c39711876fa2605638d7041c02575f13ff2d330b

SHA256
5d1cc8f70a02d0cf6f9e3f5dd0f2987a587dcf12a12a15035896c02c1e51e4e0

SHA512
5f1b2eeb0bf595b086407892696035ed0b35e93830ed4115cbace656fa4a5cee241dfbaf901e4c914758680b9f5eb18f331ad94b23f6370384a234d30ffc2be6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
859B

MD5
e56ec2d6743c2a26a24fb1041cf7bdd9

SHA1
6ca96c7e0f30f08847d5daf5668c5eae52344112

SHA256
7119dc0e90a41da09bd4179864f1580b274c07e3e4d0b9cc90313c3e5c1dcda7

SHA512
cdaac6b49ea2a3a694d242fe946f2b5aa3e7a9ed708dfe393812c8318bed3cf8fb1c0061b05616c7abc9f6a3dbcbfadf79911d562fac0e2e827399ea3bc0fe3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
43d299117f212339e08d26059bc9d924

SHA1
a1027531ff2d59d6688d385e453501f205b02dc7

SHA256
ad2cf1dba2e62ab47edb57ab15a443e998800a5cef8cebf0c0f77e01e5a8ede7

SHA512
a1d751b59c72f0290bd6f4b8d8633f6fe73a0e631b129b1a4401205e417effa5711d370401e786bcab3534b2528b1bcce9fdd8953eb39c93509de752e8eb76d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
df3182555a882a7be4b321d5fd549292

SHA1
939d9ad44524b3ca915a4e64b85376fff7080210

SHA256
71d16492e707df6d2ce7a7a957ccdf4b17316f69a34f2c0d50dba9b36ba489b8

SHA512
66cb4b5305fe5f5583d92726e3cb74277f2973d64fb546868e3d86f202f489d1b1d70cc5004947ddf54711e52c88d39449333f72004df246beda11fb8ae9aef3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1a3218502bf64ee7efab8c517bacafa2

SHA1
c29ef45ce028be4a0cbecd53d982cb2d15aecafd

SHA256
68c23d3f71c281ff65912c908b638f14975b45685b17d15a34e5b5f2a15e041a

SHA512
ff64f4b1fe329e31792d2adae60afa67a269d68dbae3cd073e2f02ac18b9ae0c15f37f7bea64f1327d43244a1618cd18c032c6f8fb19515aa67cfe858c681fe9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9d989f61b4356aeb6ef33e1f1e5b617b

SHA1
21f88b0e73f54fbaaf356521d47493d81d1a4783

SHA256
4e2b18aa16cf4c03410fdd1076109dbbea4643c8afabda07bb7da95f0e8ecea8

SHA512
d1c609b76ab5f76a8c6d0ea21f7da7c60093c6d185ef0965ba0fdeb0ae32b515052e09c3622e34f05bfc4cefb51dfc05bd0a41eb48836a30ce37adde6e552d51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1720334794da4463d1f91d5f83738837

SHA1
e0fd409c5b3b60cbc5d033c0ba322dce7716904d

SHA256
8002160664304ba56a97ebad823225d61cdb8c5bc0f585173efc73344b62a892

SHA512
d283f31c5c3f454e87715b9085367a69836e8cfbf8f4f476b22e12dc7d2a5addbd395cbb56f55559534e6f32bf5167f28cc15c283a5c945a1a1a73be68410cfd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
164fe8636574ec8e19e318787af63e73

SHA1
7194266ff5972da2563c6ac8348bf068be439579

SHA256
8a9eaf5e399ae98aa3b78c0122ea4b498adeb813c8386a9f544aadaebe92c7af

SHA512
b89b7ba9a3de0078b39d1bc628da25be3c10c34a029a5e922af8116385b265ef5ee5aa683439967bc345e8bc69183df98943dfade9dd71c22ada5e121e1ec129

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
95703b810ef0e41aeed62ec976686aa0

SHA1
fdda271478bbfae9d7fe0ef29996469fd4c15ca9

SHA256
7457a85c34ff418007d80941c4660058914b4fc273e8e466cf1f0dec6c14e438

SHA512
81a1ea5b862ac929273c77dc8c08f6d6a7b71d700c380d70daab546cf70932b1fdf0b55f5dbc33b537104f6a539a804e1e44b98a4263995510d994f5a81f38a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b5d3315595586421120b113e6da5092a

SHA1
85df98e397585d4ac11fe627b60933fdef1a7bdd

SHA256
19f3c9c3d47841c6a2d1c6968ee04ba2802b5df33fec3b8fc5e70ef40b0d8dd2

SHA512
3f8fb9af7ca9498905b5ef872e539e251014c3b79cd688485b267cc0d17f8aa39bbfc1e43eb31ac3ce56f75ddf222214a820b409fbc0bcdf98dafd758c8a1652

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4ace80a06a6e5e860dafc084bc765385

SHA1
706cc905b4189d466026190f76fa5e56ba3cab8a

SHA256
0bf9c3b6b6ad9f6b313d8e227d6f55fa459aa3b5d03f3cf60bf5160d6b951754

SHA512
bec4b913e0439aecc3563dca21661e33954625df81c9538c1f85e68108ad7a956e97a61de19d82bf6c602c04a891474372b07cca91ab4649daf9ee68e8cff2a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
52abe7da85a1e051d04b354264cb331c

SHA1
4bb060ae72504ac88e25b9d138037ad9dbb6ad44

SHA256
35c3b4ab0c05e594f91b05f898d452e81f5508be31b29b34c1bcf7a1cedda0c6

SHA512
309af27fe2d4e7422e72a907ee3dfc68066f0d69f27a850115d5f397c86e92939a3b6289da71f5e6730e38f3a7312e56f19a68556a925593a6f64dc97e765295

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\7e7d0b95-789f-454b-93e0-ff9a54dbfdbd\index-dir\the-real-index

Filesize
2KB

MD5
354e7c7116c5d6180eb94675a5bb54b6

SHA1
972e1f3b8a6d3e670a41069add4a19c4c57bf92e

SHA256
c93024e5209f982c57741439f16e7a2f8cda142afe5075d0943c9c6a5d492433

SHA512
9a3dc0752383ff1d28a3f5a5b09b691eddcf163e32cfc4745f20049a32df724d192346a7e8a27782e42accf22ec97bcd16cb16200be9884324b104c95e6fd616

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\7e7d0b95-789f-454b-93e0-ff9a54dbfdbd\index-dir\the-real-index

Filesize
2KB

MD5
d834312a9209d09f96bf68d5a500da30

SHA1
64a5381b36529753626e47e203dd7044c620800b

SHA256
6d965fdff1a1c9b6dd009850931b403b76d6ba5a18c9925ff50406cd0d7dba58

SHA512
829304140566e1680390aa785f99573348b85a62187607388054dd89f861a4e1c149c7cd1cf7bf07220f3e3c14a69c518e62cc5358e60d08802303124b9bc03c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\7e7d0b95-789f-454b-93e0-ff9a54dbfdbd\index-dir\the-real-index~RFe5841a8.TMP

Filesize
48B

MD5
c2365a3da8a43aafea058eda739d5c7a

SHA1
b62478ff8509d00506d84c7a5c874d29d6cfb3fa

SHA256
af6a0780e509edbb6db56d56c7fb4e7ab1dfb285b310e249136ee2b2266ed27f

SHA512
d37bb862421e8ca7204ead60ecf6a0fc03afb476ddad9c54c2d84f45d3fcbdde29d299aa599c70b66aaad4795fe601a51149d1b32bc7d770962a10f42b672113

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\e1cbc049-c4fd-431a-bf96-5640c099d3d7\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\e1cbc049-c4fd-431a-bf96-5640c099d3d7\index-dir\the-real-index

Filesize
624B

MD5
661d5cea8fa665711665056c13c63525

SHA1
9f0eb205aa18a91e85e33820e817a9da22d95df6

SHA256
12cba7294b239f0bedd6ab13abdea940ae23ed6366aa6c89db4541dc3e5fc348

SHA512
1a9fe74842431eca217d02b5c9e543c0ea082241f9e12d8364b67c7f21e9f1eede8564d6a79e2de2fe89240fc0e394d598e3aaac3169eba43055733a8ddd3042

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\e1cbc049-c4fd-431a-bf96-5640c099d3d7\index-dir\the-real-index~RFe58a69b.TMP

Filesize
48B

MD5
7f6d69469d4dda5be71b7148d183222b

SHA1
ce0d5986d3845b705edb6448e956c89fe3f71bb5

SHA256
2f7e4696d2734263901d475351ea64374bccc8e8a831bd9eefbebe7bf9749ded

SHA512
0ed8c765548fee1ba9810f461b981c8d3697941d34f874082b77addb15be0caf0a16138ae0c5228f0fa250f9f77d39349943bdae8107f74b676ba8fd95a5449c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
178B

MD5
8e8101e56ec203582fbfc3d5eea465e9

SHA1
cc1bf89214bd161638758f49a304d7d2dbafc9b6

SHA256
377167ba762a3de0de4fead3d4ebe10795495618428376040d31f703d1350d95

SHA512
36229db54fc74c8a305f588f8850816a1a08f1f03e1f2a59d82929f77bf96b8d3dbc248761817ea391c67565edb18664c95b8688f10a781bb4305dbedd29595c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
187B

MD5
b4e9b02438780cf681e09c011c1f351e

SHA1
9603673e6b4cb2ed5ae952bf497cc61ba12ede4a

SHA256
cabb8730b8e331634aac7f281411b938484c7bfd6bfd1dc3f6c8f20d622ed8b5

SHA512
50a3bedd3da896f3edc7ba7a61ed616813bc453c06f96174fd7746622e06391fd8dc6c332a9455e65dde6b910a77409e1a98bbbd2376a0313a897ec72b6d670a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
16433042e239ded1cdabda7f37d3b202

SHA1
59128aeb43be06c789f1e08f4a7a02319e03202c

SHA256
836ec48b095f234ece41f5f20288c77ff448bba55b987b6a47b01c1ae9b60074

SHA512
6d0587a7f5a2ce145286e110386699769d8c8e0619ce09bab6803a6b0a946d95dde39b73bff8235dad25091d4c7377a13a4da558fff7d48a081605bc49e0bbbf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
7e5a14c366a3a7e28336c215eb0f4528

SHA1
833c4c175ac8fcb21f5da2bbb6683e0c199d9ba0

SHA256
ed011e2374ff5fea2d671ffd625fb7d9f43bb8a8fae6ce8e9cc177d7cd10f708

SHA512
00ec7a4317a71f7955328ec9e3066879a746d1de1568febc86194612cfa9918c85029af306ec17280b2a413b6d4f0ab20d8ca88e74c7cdddadbe754c2c79705d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
114B

MD5
a2396684e2900a56f33c0131178e1016

SHA1
199bbe4e503136be3277303ff01c19d151431aca

SHA256
49e323f5b8a7f4550026d7dd32626b940325b69936cc0dca9b1c3c5eab46e851

SHA512
afe6b782befac4edb8d1146882c328c47a8ec09e78640e3fa25fc59b9b5427719115cee4089ea56fa0ff24bd52ca11a887fe421c74c1397bccb4de360a7c2e96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
183B

MD5
d449fdc6501ae8a9fececf8363f87861

SHA1
3ce25840966ab229cc3dc968e13e993b4a74a106

SHA256
0e54a40d163d1231e2026e301651c5f31b4788d21212247c59fd059fae3a6f85

SHA512
5693217b8ce606949e63bdfac2ff301be60d921c26a3a85b09354586db07ad3d6ca9f7a83fadbc94d2f8545e757319bd34a5cd348d9ec6eda5d19193fd20e5ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe58245c.TMP

Filesize
119B

MD5
9afd2f0b88742526e0a20f865c0df5ff

SHA1
e649c18f4a1953d54694cd8d03baf8b1b0af6614

SHA256
5308dbafd53daa5efcdd293dd0460c2a6a1fec336aa438d24dd7b23c5eb7f931

SHA512
b4d27b997eacab1f33c56fcd4d756b1d424ddd53c35e5c4d1c6602561e7ea6304383f52c117bdcca956085916b4e4663b57c13b951b579755c99a159403fe71c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
5924c86f699f1b5f05f2c93ac3ae27f6

SHA1
f544f568db7a102a53eeac1255f572df41ef3be4

SHA256
6b4493422c3b05699ff6926e2ba023ede0f0c2c55916be4632ce6c21cdf9cd3a

SHA512
760e9dc161e0e8025fd9b17ea83581bddd1112810aaae0ac8e678018186aea6f1bf19bffa9a295a1ecc544a022269e3444ba9eb42f1c43edfd80a4db7dd99588

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons Monochrome\16.png

Filesize
214B

MD5
1b3a4d1adc56ac66cd8b46c98f33e41b

SHA1
de87dc114f12e1865922f89ebc127966b0b9a1b7

SHA256
0fb35eacb91ab06f09431370f330ba290725119417f166facaf5f134499978bd

SHA512
ce89a67b088bae8dcd763f9a9b3655ed90485b24646d93de44533744dfcf947c96571e252d1ad80bdec1530ff2b72b012e8fff7178f1b4e957090f0f4c959e0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons Monochrome\32.png

Filesize
359B

MD5
4505253324cfbb3bbed17d2fc91f7a41

SHA1
c6ac99eec1e46e4b86b23ea8e7a41c7e9155d169

SHA256
76ea743bdb27fe6f00b71d3e1f71312d01f3e1ff250f211a2c8fda6191605932

SHA512
0f08304f5dceecf2a49b220e8fa304661222d425cfddebe63fe3921d2bca1020d77f160b38c2950d0df0fd9b5e537d4f6bf574e173b9b3c909606f9b832cf002

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons Monochrome\48.png

Filesize
607B

MD5
df98a7112b57d044766d36fa44a4d29e

SHA1
7021ca4e622b3fc5790552490aab07c79160f455

SHA256
acc8cc86e4420653809fac7357c50e8c5e76ebd628fa553eaf85d026956820df

SHA512
af7480fbd4a71c06b8102f9bd1668521342961c19af6b1b7f050c1ee140d729ce717b04a53af5fef6d6ddd703f09bc7e580d8ff5f6935f7b44551cf86185b7ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons Monochrome\512.png

Filesize
5KB

MD5
57781876f8d081a6b003c94c09f1c984

SHA1
a03ea0ea43367c4fc47663c5283b1e94612e2341

SHA256
dd4a7b3db614bab4a0fd152f6c39b4fc000eeb2adc9b0cbafac584afe2d47e19

SHA512
c6445d71b42aefd09ac4f64efb4c5d8932fc1915bebefedfdd9d30c3a1235264e49cf90040003e10dc77dcf9c0450f4bd5a4105adc29a2aa83a0e57ddb901f5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons\128.png

Filesize
4KB

MD5
d7366cf3ccaaf6e82f33561097173838

SHA1
86f833ae8f4910e7c1e9b3ccbf25d259b284a199

SHA256
71becd841ad187c0c14ec5a74fc419cfba697d1b4f67e6978c89b5cc4d4d40cd

SHA512
0fc766cc2cdb5944976ca251edb6e4a57e3de605c6d168d348c5a11a39819fd67fc9c6012eeceb36406467b90aa8bf9545638ff019c4fb32766de450d213c95c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons\144.png

Filesize
2KB

MD5
4dce37414ea8e7c637761ebb138cc318

SHA1
5203a75d4a27e5c1c3da521d229b983ec536fc2f

SHA256
596a82c5b295ee81b4d18a21419a811df399fc9fa6734d1c535ed58b3cb3918b

SHA512
e25b822db30bf72289abe2a4a269243942042d0e6443fec938a6ebc3925b3d9aef99dfd1bb280ef44fdf79748a06272af7122ee5bcbe168f52cdb7d91eb2f334

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons\192.png

Filesize
3KB

MD5
edd671eb57a593de65e4b0e42c8372ae

SHA1
1f7a0f21af70dfe1b9f80139031401ba288d1a35

SHA256
18d1e40357dde54ff97cbb79068b3d633d2951457fe2b5a53b19b730ffd1d20c

SHA512
b364e0e2863821fe89f07f690bc12e00c02239c3dfba1cf1aed7b3e7762f3e9610052f6aa76a05d1160e1df2701f5428361c8e18a2ddcb28b290ef92442c6520

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons\256.png

Filesize
9KB

MD5
b61db3b64b0b5f56e8f62d35a987b6b9

SHA1
d7568b38b2d689f849ec99133695be8b38170842

SHA256
97db8108e0852249cf3a6344e658d424ca475f4c6887c8ae2da223d5ae1074dc

SHA512
644abea1367f35f0de838ef1f7a1b6934c79bfa975da5d2a774136a3e8dc7ae2696cde3534e3c8e6c720aac479f461abd49f9a002ab590cd27cfcc36802e6c2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons\32.png

Filesize
1001B

MD5
9b4d2aa85bae2b94477371dba6544b2a

SHA1
4dd2d97aa25b2723a91016ee5b403619e7a4eb99

SHA256
3af45701fd97bc8ae6ae8e9f999d5d8b9d61a9a7914faf6518450f454e884223

SHA512
f6351c370d91a87a2b0abd8da8460e65a8149700beff2e819074004101133e750b1e60ecdf6ead73d1de19f37258e7853084d65c6adfeab8707c480d9caabc93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons\48.png

Filesize
1KB

MD5
41f351c8a382dd78297731ad8c9c3829

SHA1
5e864adf8248a2e08875ae93f122424a14dae895

SHA256
19b8fd6b93fc06b6dfd8e3f6d6faa76e9450a7e99c2947d35885f365551956d7

SHA512
c63cbfd63e40c995f40a3c43e8335d572b4860ac08d438ec3a2b0b6826e3f335e787d3d072b466937b160e9cccc94d9e212ff2e8205c1810aaba3a9e43ef5901

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons\64.png

Filesize
1KB

MD5
46562f2aa0861b75956dbf86feb18b64

SHA1
abe36179c06b82a6509b65f40305ad641836314b

SHA256
9a7c2ce59760fbca2ecb883d744cd2e38a2b04769c6be0c0cc29d21ec5b9cc50

SHA512
33864d8b93797f2bde6175f5505f15b4bd06f76e8ed1d7623b2befc73e7dd866feb6e08704c6ebff02c77f9c533cf472f2cb808e916d480cf200f5cf1689ba70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons\96.png

Filesize
2KB

MD5
2d0e37f02e689daa5ea4eacb73c810bf

SHA1
85f8a2a6e0ec382995eb3d9cdee974805993cf9c

SHA256
d68c12401c3a634200f456c8bf1136818ffdcdcea48205cd85620b2ba4f29808

SHA512
b36eeed646592f9f1fd452864c0abf33f08f60b4c3b8f056ce9d0083139a6d55629898836965ef06c626289e8664cc6cfc00eeaf983b55b7995163e9b715c36b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Shortcuts Menu Icons\0\512.png

Filesize
2KB

MD5
206fd9669027c437a36fbf7d73657db7

SHA1
8dee68de4deac72e86bbb28b8e5a915df3b5f3a5

SHA256
0d17a989f42bc129aca8e755871a7025acb6292ce06ca2437e95bedbc328fa18

SHA512
2c89878ec8466edf1f214d918aefc6a9b3de46d06ffacff4fdb85566560e94068601b1e4377d9d2eabefdc1c7f09eb46b00cf4545e377cc84a69edf8e57e48b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Shortcuts Menu Icons\1\512.png

Filesize
10KB

MD5
529a0ad2f85dff6370e98e206ecb6ef9

SHA1
7a4ff97f02962afeca94f1815168f41ba54b0691

SHA256
31db550eb9c0d9afd316dc85cdfd832510e2c48e7d37d4a610c175667a4599c6

SHA512
d00e2d741a0a6321c92a4aab632f8f3bafd33c0e2875f37868e195ed5e7200a647b4c83358edcef5fc7acbc5c57f70410903f39eac76e23e88a342ac5c9c21cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
7d1aff4d56b6174ac79823f7a5cd8ddc

SHA1
0177d4cf14d645b6c66bbd0106af13c2a3b6d1ce

SHA256
2537789826c9dbf2cc77e870227bc95b93fd816b8fe2e262dcc17c6a9ae4bb2a

SHA512
dc0f9d3a053eef76783cbeae75c92d109012da9cdc661e1da1caf0c94393afd8d3649a2ae88aa33f7149070e34b115625c414f4267821f57e7ac293f52b539d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
2392c48bee1cb8a09448b9f82bc82421

SHA1
522f1147129e811d6dc2ab75130ee847f2dfa16e

SHA256
3211bfc14509e3490f2976387d320ab65145b1fac78ace948d143a78e45a113e

SHA512
545dd25ea6adb376334ca0bcfe8f014fcdb798fb5f32231ff1556cf410c791a434c9ecbd50109e97147e70bbd863c59ff0bb5ee770cc8536ff178b5e9b929cf6

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.fun

Filesize
8KB

MD5
f22599af9343cac74a6c5412104d748c

SHA1
e2ac4c57fa38f9d99f3d38c2f6582b4334331df5

SHA256
36537e56d60910ab6aa548e64ca4adafdcabde9d60739013993e12ba061dfd65

SHA512
5c8afc025e1d8342d93b7842dc7ef22eca61085857a80a08ba9b3f156ee3b814606bb32bc244bd525a7913e7915bdf3a86771d39577f4a1176ade04dc381c6d4

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727662745216155.txt.fun

Filesize
77KB

MD5
84b14c0b386167ead365a9b9e59ea3fb

SHA1
e1208de8f990375457a717e56ab029854d2f884e

SHA256
47831e61dc8d3592aea999494aec6832c8916d5a61e66061fee4a5f2e085adca

SHA512
b82c5f58fa61de7910831d7758833c8ec800e9ce14e684723d8daa88d1a601dfa6a35296ad150489d4a6cae070f1ec702d45e96041c5cbdb751e7e8cf0218d85

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727664176773847.txt.fun

Filesize
48KB

MD5
7e2b71326c97cbb411d0593dfa481681

SHA1
7ef3573dfbae2f60c0ae4403371a8b491be14165

SHA256
8664ead4f29996331eab64768cd21ed56f37d0a1669d78dc8c172f7a6d0770cd

SHA512
63c628c4fea4d572348d083f0bfda8724d3c23c5c9abcf292c76c7e7beea8672a04b5c9e1b1c23370e1ac652c580697a2e0fbd796799df805c7136dd2b7af443

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727670801391576.txt.fun

Filesize
66KB

MD5
b83af47bb28d058a28d51212854a18b3

SHA1
3c69b6d1f8d0bbf3e7e090f78f41595ad766de4e

SHA256
41f5e91acda82bbf5ae94ab86b02aaccf6b39d3af9a0c9d32527fdadb39caf72

SHA512
b17f1317b1c1c0207f4eca9868e8ae99ceb57317a56df7d198ffc140f83ae64615e1462e973be0fd8070b2e9bb3b78d7ac76739480f3c236b53fd60e93463393

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133746949421165773.txt.fun

Filesize
76KB

MD5
98e2eceff79e3e5ce618d3bb34244073

SHA1
790c7ebe406d64ba0b58d5f3419a6ff563785abe

SHA256
62ceca399d8dceb32fe1d4e059aa65519bfba90680dfdeba776980e2d62b65dc

SHA512
669b7f0dd0b7ddc2c32b7484310edf8fddd7f0f7ee129bf404b5ddb92d93ddc83b5a98da41d3be3b4ccc5ce23224f7b2ced0a8609c2f5243011401040e9507be

Download Submit
C:\Users\Admin\AppData\Local\Temp\{8F58757E-A46A-46E5-BAB6-4B382CA52B54} - OProcSessId.dat.fun

Filesize
16B

MD5
8ebcc5ca5ac09a09376801ecdd6f3792

SHA1
81187142b138e0245d5d0bc511f7c46c30df3e14

SHA256
619e246fc0ac11320ff9e322a979948d949494b0c18217f4d794e1b398818880

SHA512
cec50bfc6ad2f57f16da99459f40f2d424c6d5691685fa1053284f46c8c8c8a975d7bcb1f3521c4f3fbdc310cf4714e29404aa23be6021e2e267c97b090dc650

Download Submit
\??\pipe\crashpad_1728_NGJOWVRNTHUPZJKN

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/4432-22-0x00007FFD367F0000-0x00007FFD37191000-memory.dmp

Filesize
9.6MB

Download
memory/4432-24-0x00007FFD367F0000-0x00007FFD37191000-memory.dmp

Filesize
9.6MB

Download
memory/4432-23-0x000000001BD80000-0x000000001BD88000-memory.dmp

Filesize
32KB

Download
memory/4432-21-0x00007FFD367F0000-0x00007FFD37191000-memory.dmp

Filesize
9.6MB

Download
memory/4432-19-0x00007FFD367F0000-0x00007FFD37191000-memory.dmp

Filesize
9.6MB

Download
memory/4588-0-0x00007FFD36AA5000-0x00007FFD36AA6000-memory.dmp

Filesize
4KB

Download
memory/4588-20-0x00007FFD367F0000-0x00007FFD37191000-memory.dmp

Filesize
9.6MB

Download
memory/4588-5-0x000000001B230000-0x000000001B2CC000-memory.dmp

Filesize
624KB

Download
memory/4588-4-0x000000001B7F0000-0x000000001BCBE000-memory.dmp

Filesize
4.8MB

Download
memory/4588-3-0x00007FFD367F0000-0x00007FFD37191000-memory.dmp

Filesize
9.6MB

Download
memory/4588-2-0x0000000000B20000-0x0000000000B58000-memory.dmp

Filesize
224KB

Download
memory/4588-1-0x00007FFD367F0000-0x00007FFD37191000-memory.dmp

Filesize
9.6MB

Download