jigsaw | hxxps://github[.]com/Pyran1/MalwareCollection/tree/master/Ransomware

Analysis

max time kernel
1049s
max time network
1040s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20250217-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250217-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
26/02/2025, 18:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Pyran1/MalwareCollection/tree/master/Ransomware

Score

10^/10

jigsaw discovery persistence ransomware spyware stealer

Malware Config

Signatures

Jigsaw Ransomware
Ransomware family first created in 2016. Named based on wallpaper set after infection in the early versions.
ransomware jigsaw
Jigsaw family
jigsaw
Renames multiple (3577) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-80166876-2127584002-2233670790-1000\Control Panel\International\Geo\Nation	drpbx.exe

Executes dropped EXE 3 IoCs

pid	Process
960	drpbx.exe
764	drpbx.exe
2476	drpbx.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 6 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-80166876-2127584002-2233670790-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\firefox.exe = "C:\\Users\\Admin\\AppData\\Roaming\\Frfx\\firefox.exe"	Ransomware.Jigsaw.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-80166876-2127584002-2233670790-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\firefox.exe = "C:\\Users\\Admin\\AppData\\Roaming\\Frfx\\firefox.exe"	Ransomware.Jigsaw.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-80166876-2127584002-2233670790-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\firefox.exe = "C:\\Users\\Admin\\AppData\\Roaming\\Frfx\\firefox.exe"	Ransomware.Jigsaw.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-80166876-2127584002-2233670790-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\firefox.exe = "C:\\Users\\Admin\\AppData\\Roaming\\Frfx\\firefox.exe"	Ransomware.Jigsaw.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-80166876-2127584002-2233670790-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\firefox.exe = "C:\\Users\\Admin\\AppData\\Roaming\\Frfx\\firefox.exe"	Ransomware.Jigsaw.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-80166876-2127584002-2233670790-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\firefox.exe = "C:\\Users\\Admin\\AppData\\Roaming\\Frfx\\firefox.exe"	drpbx.exe

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File created	C:\Windows\assembly\Desktop.ini	drpbx.exe
File opened for modification	C:\Windows\assembly\Desktop.ini	drpbx.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
64	raw.githubusercontent.com
76	camo.githubusercontent.com
63	raw.githubusercontent.com

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\ja-jp\ui-strings.js.fun	drpbx.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\fi-fi\ui-strings.js	drpbx.exe
File opened for modification	C:\Program Files\7-Zip\Lang\yo.txt	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\ui-strings.js.fun	drpbx.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\en-ae\ui-strings.js	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\en-ae\ui-strings.js.fun	drpbx.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_sv_135x40.svg	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\zh-tw_get.svg.fun	drpbx.exe
File opened for modification	C:\Program Files\Mozilla Firefox\firefox.VisualElementsManifest.xml	drpbx.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Arial.xml.fun	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_folder-down_32.svg.fun	drpbx.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\ipsar.xml	drpbx.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\hu-hu\ui-strings.js	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\themes\dark\check_2x.png.fun	drpbx.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\EdgeUpdate.dat	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_folder-down_32.svg.fun	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_gridview_selected-hover.svg.fun	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\illustrations_retina.png.fun	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\images\help.svg.fun	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ui-strings.js.fun	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\it-it\ui-strings.js.fun	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\eu-es\ui-strings.js.fun	drpbx.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0016-0409-1000-0000000FF1CE.xml.fun	drpbx.exe
File created	C:\Program Files\Microsoft Office\root\rsod\office32mui.msi.16.en-us.tree.dat.fun	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\illustrations.png.fun	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\eu-es\ui-strings.js.fun	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\de-de\ui-strings.js.fun	drpbx.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\fr-fr\ui-strings.js	drpbx.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\ipscsy.xml	drpbx.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\resources.jar	drpbx.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\en_get.svg	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\images\themes\dark\rhp_world_icon.png.fun	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\ca-es\ui-strings.js.fun	drpbx.exe
File opened for modification	C:\Program Files (x86)\Windows NT\TableTextService\TableTextServiceArray.txt	drpbx.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses\c2rpridslicensefiles_auto.xml	drpbx.exe
File created	C:\Program Files\Mozilla Firefox\browser\VisualElements\PrivateBrowsing_150.png.fun	drpbx.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.scale-140.png.fun	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\tr-tr\ui-strings.js.fun	drpbx.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\zh-tw\ui-strings.js	drpbx.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sw.txt	drpbx.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Tw Cen MT-Rockwell.xml.fun	drpbx.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_logo_small.png.fun	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\et_get.svg.fun	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\tool\selector.js.fun	drpbx.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\hwrdeulm.dat	drpbx.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\auxbase.xml	drpbx.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-black_scale-180.png.fun	drpbx.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\organize.svg	drpbx.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\pl-pl\ui-strings.js.fun	drpbx.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\themes\dark\cstm_brand_preview2x.png	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\S_IlluNoSearchResults_180x160.svg.fun	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win-scrollbar\arrow-down.png.fun	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\next-arrow-hover.svg.fun	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\uk-ua\ui-strings.js.fun	drpbx.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_tr_135x40.svg	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\ar-ae\ui-strings.js.fun	drpbx.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\hwrcommonlm.dat	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_invite_24.svg.fun	drpbx.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons_retina.png	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Download_on_the_App_Store_Badge_nb_135x40.svg.fun	drpbx.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\tr-tr\ui-strings.js	drpbx.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_glass_100_f6f6f6_1x400.png.fun	drpbx.exe

Drops file in Windows directory 6 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\assembly	drpbx.exe
File created	C:\Windows\assembly\Desktop.ini	drpbx.exe
File opened for modification	C:\Windows\assembly\Desktop.ini	drpbx.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133850674663942784"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-80166876-2127584002-2233670790-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-80166876-2127584002-2233670790-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 26 IoCs

pid	Process
4360	msedge.exe
4360	msedge.exe
3736	msedge.exe
3736	msedge.exe
3804	identity_helper.exe
3804	identity_helper.exe
3056	msedge.exe
3056	msedge.exe
1196	msedge.exe
1196	msedge.exe
3844	mspaint.exe
3844	mspaint.exe
3744	mspaint.exe
3744	mspaint.exe
3264	msedge.exe
3264	msedge.exe
4672	msedge.exe
4672	msedge.exe
3912	identity_helper.exe
3912	identity_helper.exe
1336	chrome.exe
1336	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe
1940	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 22 IoCs

pid	Process
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
1336	chrome.exe
1336	chrome.exe
1336	chrome.exe
1336	chrome.exe
1336	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1336	chrome.exe
Token: SeCreatePagefilePrivilege	1336	chrome.exe
Token: SeShutdownPrivilege	1336	chrome.exe
Token: SeCreatePagefilePrivilege	1336	chrome.exe
Token: SeShutdownPrivilege	1336	chrome.exe
Token: SeCreatePagefilePrivilege	1336	chrome.exe
Token: SeShutdownPrivilege	1336	chrome.exe
Token: SeCreatePagefilePrivilege	1336	chrome.exe
Token: SeShutdownPrivilege	1336	chrome.exe
Token: SeCreatePagefilePrivilege	1336	chrome.exe
Token: SeShutdownPrivilege	1336	chrome.exe
Token: SeCreatePagefilePrivilege	1336	chrome.exe
Token: SeShutdownPrivilege	1336	chrome.exe
Token: SeCreatePagefilePrivilege	1336	chrome.exe
Token: SeShutdownPrivilege	1336	chrome.exe
Token: SeCreatePagefilePrivilege	1336	chrome.exe
Token: SeShutdownPrivilege	1336	chrome.exe
Token: SeCreatePagefilePrivilege	1336	chrome.exe
Token: SeShutdownPrivilege	1336	chrome.exe
Token: SeCreatePagefilePrivilege	1336	chrome.exe
Token: SeShutdownPrivilege	1336	chrome.exe
Token: SeCreatePagefilePrivilege	1336	chrome.exe
Token: SeShutdownPrivilege	1336	chrome.exe
Token: SeCreatePagefilePrivilege	1336	chrome.exe
Token: SeShutdownPrivilege	1336	chrome.exe
Token: SeCreatePagefilePrivilege	1336	chrome.exe
Token: SeShutdownPrivilege	1336	chrome.exe
Token: SeCreatePagefilePrivilege	1336	chrome.exe
Token: SeShutdownPrivilege	1336	chrome.exe
Token: SeCreatePagefilePrivilege	1336	chrome.exe
Token: SeShutdownPrivilege	1336	chrome.exe
Token: SeCreatePagefilePrivilege	1336	chrome.exe
Token: SeShutdownPrivilege	1336	chrome.exe
Token: SeCreatePagefilePrivilege	1336	chrome.exe
Token: SeShutdownPrivilege	1336	chrome.exe
Token: SeCreatePagefilePrivilege	1336	chrome.exe
Token: SeShutdownPrivilege	1336	chrome.exe
Token: SeCreatePagefilePrivilege	1336	chrome.exe
Token: SeShutdownPrivilege	1336	chrome.exe
Token: SeCreatePagefilePrivilege	1336	chrome.exe
Token: SeShutdownPrivilege	1336	chrome.exe
Token: SeCreatePagefilePrivilege	1336	chrome.exe
Token: SeShutdownPrivilege	1336	chrome.exe
Token: SeCreatePagefilePrivilege	1336	chrome.exe
Token: SeShutdownPrivilege	1336	chrome.exe
Token: SeCreatePagefilePrivilege	1336	chrome.exe
Token: SeShutdownPrivilege	1336	chrome.exe
Token: SeCreatePagefilePrivilege	1336	chrome.exe
Token: SeShutdownPrivilege	1336	chrome.exe
Token: SeCreatePagefilePrivilege	1336	chrome.exe
Token: SeShutdownPrivilege	1336	chrome.exe
Token: SeCreatePagefilePrivilege	1336	chrome.exe
Token: SeShutdownPrivilege	1336	chrome.exe
Token: SeCreatePagefilePrivilege	1336	chrome.exe
Token: SeShutdownPrivilege	1336	chrome.exe
Token: SeCreatePagefilePrivilege	1336	chrome.exe
Token: SeShutdownPrivilege	1336	chrome.exe
Token: SeCreatePagefilePrivilege	1336	chrome.exe
Token: SeShutdownPrivilege	1336	chrome.exe
Token: SeCreatePagefilePrivilege	1336	chrome.exe
Token: SeShutdownPrivilege	1336	chrome.exe
Token: SeCreatePagefilePrivilege	1336	chrome.exe
Token: SeShutdownPrivilege	1336	chrome.exe
Token: SeCreatePagefilePrivilege	1336	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
1336	chrome.exe
1336	chrome.exe
1336	chrome.exe
1336	chrome.exe
1336	chrome.exe
1336	chrome.exe
1336	chrome.exe
1336	chrome.exe
1336	chrome.exe
1336	chrome.exe
1336	chrome.exe
1336	chrome.exe
1336	chrome.exe
1336	chrome.exe
1336	chrome.exe
1336	chrome.exe

Suspicious use of SetWindowsHookEx 9 IoCs

pid	Process
5036	OpenWith.exe
3844	mspaint.exe
3844	mspaint.exe
3844	mspaint.exe
3844	mspaint.exe
3744	mspaint.exe
3744	mspaint.exe
3744	mspaint.exe
3744	mspaint.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3736 wrote to memory of 3188	3736	msedge.exe	84
PID 3736 wrote to memory of 3188	3736	msedge.exe	84
PID 3736 wrote to memory of 4040	3736	msedge.exe	85
PID 3736 wrote to memory of 4040	3736	msedge.exe	85
PID 3736 wrote to memory of 4040	3736	msedge.exe	85
PID 3736 wrote to memory of 4040	3736	msedge.exe	85
PID 3736 wrote to memory of 4040	3736	msedge.exe	85
PID 3736 wrote to memory of 4040	3736	msedge.exe	85
PID 3736 wrote to memory of 4040	3736	msedge.exe	85
PID 3736 wrote to memory of 4040	3736	msedge.exe	85
PID 3736 wrote to memory of 4040	3736	msedge.exe	85
PID 3736 wrote to memory of 4040	3736	msedge.exe	85
PID 3736 wrote to memory of 4040	3736	msedge.exe	85
PID 3736 wrote to memory of 4040	3736	msedge.exe	85
PID 3736 wrote to memory of 4040	3736	msedge.exe	85
PID 3736 wrote to memory of 4040	3736	msedge.exe	85
PID 3736 wrote to memory of 4040	3736	msedge.exe	85
PID 3736 wrote to memory of 4040	3736	msedge.exe	85
PID 3736 wrote to memory of 4040	3736	msedge.exe	85
PID 3736 wrote to memory of 4040	3736	msedge.exe	85
PID 3736 wrote to memory of 4040	3736	msedge.exe	85
PID 3736 wrote to memory of 4040	3736	msedge.exe	85
PID 3736 wrote to memory of 4040	3736	msedge.exe	85
PID 3736 wrote to memory of 4040	3736	msedge.exe	85
PID 3736 wrote to memory of 4040	3736	msedge.exe	85
PID 3736 wrote to memory of 4040	3736	msedge.exe	85
PID 3736 wrote to memory of 4040	3736	msedge.exe	85
PID 3736 wrote to memory of 4040	3736	msedge.exe	85
PID 3736 wrote to memory of 4040	3736	msedge.exe	85
PID 3736 wrote to memory of 4040	3736	msedge.exe	85
PID 3736 wrote to memory of 4040	3736	msedge.exe	85
PID 3736 wrote to memory of 4040	3736	msedge.exe	85
PID 3736 wrote to memory of 4040	3736	msedge.exe	85
PID 3736 wrote to memory of 4040	3736	msedge.exe	85
PID 3736 wrote to memory of 4040	3736	msedge.exe	85
PID 3736 wrote to memory of 4040	3736	msedge.exe	85
PID 3736 wrote to memory of 4040	3736	msedge.exe	85
PID 3736 wrote to memory of 4040	3736	msedge.exe	85
PID 3736 wrote to memory of 4040	3736	msedge.exe	85
PID 3736 wrote to memory of 4040	3736	msedge.exe	85
PID 3736 wrote to memory of 4040	3736	msedge.exe	85
PID 3736 wrote to memory of 4040	3736	msedge.exe	85
PID 3736 wrote to memory of 4360	3736	msedge.exe	86
PID 3736 wrote to memory of 4360	3736	msedge.exe	86
PID 3736 wrote to memory of 1764	3736	msedge.exe	87
PID 3736 wrote to memory of 1764	3736	msedge.exe	87
PID 3736 wrote to memory of 1764	3736	msedge.exe	87
PID 3736 wrote to memory of 1764	3736	msedge.exe	87
PID 3736 wrote to memory of 1764	3736	msedge.exe	87
PID 3736 wrote to memory of 1764	3736	msedge.exe	87
PID 3736 wrote to memory of 1764	3736	msedge.exe	87
PID 3736 wrote to memory of 1764	3736	msedge.exe	87
PID 3736 wrote to memory of 1764	3736	msedge.exe	87
PID 3736 wrote to memory of 1764	3736	msedge.exe	87
PID 3736 wrote to memory of 1764	3736	msedge.exe	87
PID 3736 wrote to memory of 1764	3736	msedge.exe	87
PID 3736 wrote to memory of 1764	3736	msedge.exe	87
PID 3736 wrote to memory of 1764	3736	msedge.exe	87
PID 3736 wrote to memory of 1764	3736	msedge.exe	87
PID 3736 wrote to memory of 1764	3736	msedge.exe	87
PID 3736 wrote to memory of 1764	3736	msedge.exe	87
PID 3736 wrote to memory of 1764	3736	msedge.exe	87
PID 3736 wrote to memory of 1764	3736	msedge.exe	87
PID 3736 wrote to memory of 1764	3736	msedge.exe	87

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/Pyran1/MalwareCollection/tree/master/Ransomware
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffde83446f8,0x7ffde8344708,0x7ffde8344718
  2⤵
  PID:3188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,17039388118533085793,3321963619405452184,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
  2⤵
  PID:4040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,17039388118533085793,3321963619405452184,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,17039388118533085793,3321963619405452184,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2552 /prefetch:8
  2⤵
  PID:1764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17039388118533085793,3321963619405452184,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17039388118533085793,3321963619405452184,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:1676
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,17039388118533085793,3321963619405452184,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5588 /prefetch:8
  2⤵
  PID:444
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,17039388118533085793,3321963619405452184,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5588 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2136,17039388118533085793,3321963619405452184,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5940 /prefetch:8
  2⤵
  PID:4780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17039388118533085793,3321963619405452184,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1
  2⤵
  PID:4292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17039388118533085793,3321963619405452184,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1
  2⤵
  PID:4328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2136,17039388118533085793,3321963619405452184,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6428 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17039388118533085793,3321963619405452184,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1728 /prefetch:1
  2⤵
  PID:2012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2136,17039388118533085793,3321963619405452184,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4860 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17039388118533085793,3321963619405452184,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:3112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17039388118533085793,3321963619405452184,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6156 /prefetch:1
  2⤵
  PID:908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17039388118533085793,3321963619405452184,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
  2⤵
  PID:2252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17039388118533085793,3321963619405452184,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3520 /prefetch:1
  2⤵
  PID:1980

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2272

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3832

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1408

C:\Users\Admin\Downloads\Ransomware.Jigsaw\Ransomware.Jigsaw.exe
"C:\Users\Admin\Downloads\Ransomware.Jigsaw\Ransomware.Jigsaw.exe"
1⤵
- Adds Run key to start application
PID:2316
- C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe
  "C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe" C:\Users\Admin\Downloads\Ransomware.Jigsaw\Ransomware.Jigsaw.exe
  2⤵
  - Executes dropped EXE
  - Drops desktop.ini file(s)
  - Drops file in Program Files directory
  - Drops file in Windows directory
  PID:960

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5036

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Downloads\CompleteGet.dib"
1⤵
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:3844

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
1⤵
PID:4016

C:\Users\Admin\Downloads\Ransomware.Jigsaw\Ransomware.Jigsaw.exe
"C:\Users\Admin\Downloads\Ransomware.Jigsaw\Ransomware.Jigsaw.exe"
1⤵
- Adds Run key to start application
PID:4356

C:\Users\Admin\Downloads\Ransomware.Jigsaw\Ransomware.Jigsaw.exe
"C:\Users\Admin\Downloads\Ransomware.Jigsaw\Ransomware.Jigsaw.exe"
1⤵
- Adds Run key to start application
PID:1160

C:\Users\Admin\Downloads\Ransomware.Jigsaw\Ransomware.Jigsaw.exe
"C:\Users\Admin\Downloads\Ransomware.Jigsaw\Ransomware.Jigsaw.exe"
1⤵
- Adds Run key to start application
PID:2572

C:\Users\Admin\Downloads\Ransomware.Jigsaw\Ransomware.Jigsaw.exe
"C:\Users\Admin\Downloads\Ransomware.Jigsaw\Ransomware.Jigsaw.exe"
1⤵
- Adds Run key to start application
PID:4780

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Desktop\StepClose.emf"
1⤵
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:3744

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\UnregisterDismount.htm
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x144,0x148,0x14c,0x120,0x150,0x7ffde83446f8,0x7ffde8344708,0x7ffde8344718
  2⤵
  PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,17963011605312667641,1106097470769834032,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2220 /prefetch:2
  2⤵
  PID:1708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2184,17963011605312667641,1106097470769834032,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2184,17963011605312667641,1106097470769834032,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
  2⤵
  PID:4176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17963011605312667641,1106097470769834032,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:4392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17963011605312667641,1106097470769834032,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:2424
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,17963011605312667641,1106097470769834032,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5460 /prefetch:8
  2⤵
  PID:3804
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,17963011605312667641,1106097470769834032,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5460 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17963011605312667641,1106097470769834032,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4488 /prefetch:1
  2⤵
  PID:1472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17963011605312667641,1106097470769834032,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
  2⤵
  PID:3540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17963011605312667641,1106097470769834032,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3524 /prefetch:1
  2⤵
  PID:3012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17963011605312667641,1106097470769834032,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3540 /prefetch:1
  2⤵
  PID:1280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17963011605312667641,1106097470769834032,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1
  2⤵
  PID:1132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17963011605312667641,1106097470769834032,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:4392

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1280

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1676

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {c82192ee-6cb5-4bc0-9ef0-fb818773790a} -Embedding
1⤵
PID:2212

C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe
"C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
PID:764
- C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe
  "C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe" C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:2476

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
PID:1336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ffdd51dcc40,0x7ffdd51dcc4c,0x7ffdd51dcc58
  2⤵
  PID:1052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1948,i,9246727329653870778,7846653328526203478,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1944 /prefetch:2
  2⤵
  PID:2896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2104,i,9246727329653870778,7846653328526203478,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2072 /prefetch:3
  2⤵
  PID:4496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2308,i,9246727329653870778,7846653328526203478,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2264 /prefetch:8
  2⤵
  PID:4952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3156,i,9246727329653870778,7846653328526203478,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:3308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3192,i,9246727329653870778,7846653328526203478,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:1940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4544,i,9246727329653870778,7846653328526203478,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4592 /prefetch:1
  2⤵
  PID:1272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4692,i,9246727329653870778,7846653328526203478,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4600 /prefetch:8
  2⤵
  PID:1668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4840,i,9246727329653870778,7846653328526203478,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2340 /prefetch:8
  2⤵
  PID:3096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4888,i,9246727329653870778,7846653328526203478,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4988 /prefetch:8
  2⤵
  PID:984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4564,i,9246727329653870778,7846653328526203478,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4420 /prefetch:1
  2⤵
  PID:4628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4728,i,9246727329653870778,7846653328526203478,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4744 /prefetch:8
  2⤵
  PID:2452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3412,i,9246727329653870778,7846653328526203478,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3200 /prefetch:8
  2⤵
  PID:1820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4948,i,9246727329653870778,7846653328526203478,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4912 /prefetch:8
  2⤵
  PID:4912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3336,i,9246727329653870778,7846653328526203478,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3240 /prefetch:8
  2⤵
  PID:4208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4936,i,9246727329653870778,7846653328526203478,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3332 /prefetch:8
  2⤵
  PID:4392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5128,i,9246727329653870778,7846653328526203478,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5208 /prefetch:2
  2⤵
  PID:3308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3440,i,9246727329653870778,7846653328526203478,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3444 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1940

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4892

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5088

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
1⤵
PID:3416

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_remove_18.svg.fun

Filesize
720B

MD5
75a585c1b60bd6c75d496d3b042738d5

SHA1
02c310d7bf79b32a43acd367d031b6a88c7e95ed

SHA256
5ebbfc6df60e21044486a5df3cb47ccdcd7a4d5f197804555715ffd9bf6c5834

SHA512
663a302e651b9167f4c4e6ae30028307b4d8da0dda3a0e5fd414104951d50419862fc9396c5b39fe5c4b696efd3efbf0b575688983b1d341f3ef38becf500505

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons.png.fun

Filesize
7KB

MD5
72269cd78515bde3812a44fa4c1c028c

SHA1
87cada599a01acf0a43692f07a58f62f5d90d22c

SHA256
7c78b3da50c1135a9e1ecace9aea4ea7ac8622d2a87b952fc917c81010c953f7

SHA512
3834b7a8866e8656bbdbf711fc400956e9b7a14e192758f26ccf31d8f6ab8e34f7b1983c1845dc84e45ff70555e423d54a475f6a668511d3bcbdd1d460eeb4b0

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons_ie8.gif.fun

Filesize
7KB

MD5
eda4add7a17cc3d53920dd85d5987a5f

SHA1
863dcc28a16e16f66f607790807299b4578e6319

SHA256
97f6348eaa48800e603d11fa22c62e10682ad919e7af2b2e59d6bd53937618f2

SHA512
d59fa9648dc7cb76a5163014f91b6d65d33aaa86fc9d9c73bf147943a3254b4c4f77f06b2e95bb8f94246a982ea466eb33dac9573dd62f40953fd23de1c1b498

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons_retina.png.fun

Filesize
15KB

MD5
7dbb12df8a1a7faae12a7df93b48a7aa

SHA1
07800ce598bee0825598ad6f5513e2ba60d56645

SHA256
aecde4eb94a19095495d76ef3189a9abd45bcfd41acbed7705d22b4c7d00aa77

SHA512
96e454ebb4c96573e8edc6822290c22d425f4c7f7adbab35e6dc4b3ce04a5916ae9254c2c312c98299835ecbf3c5aa95da2939b8408ac25fbae44ba87a3795dc

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\new_icons.png.fun

Filesize
8KB

MD5
82a2e835674d50f1a9388aaf1b935002

SHA1
e09d0577da42a15ec1b71a887ff3e48cfbfeff1a

SHA256
904372666ca3c40f92b20317d92ca531678958affbc34591401e338146fe0ecb

SHA512
b10a8e384d0bd088443a5085f5c22a296f6f4d295a053d4526690ba65846e887daec47d01cf18fdf1160db98061a8b7c4040de56e6e604451a821fadccf32698

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\new_icons_retina.png.fun

Filesize
17KB

MD5
150c9a9ed69b12d54ada958fcdbb1d8a

SHA1
804c540a51a8d14c6019d3886ece68f32f1631d5

SHA256
2dee41184747742fbdc527b2023d67fecec1ccdfdf258439a06cd75d4fd33f43

SHA512
70193ee6f0919eb14311f43b5a5da041deacb568db55fc43290ee76e17af902ac468435b37a150630ea3b7871c724073915ae5dcba3c301ac42f2d68dd598e2f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon.png.fun

Filesize
448B

MD5
880833ad1399589728c877f0ebf9dce0

SHA1
0a98c8a78b48c4b1b4165a2c6b612084d9d26dce

SHA256
7a27d891097df183fbf0031e3894bdac0ce77aef15d666ddd9f6a04e9836fb27

SHA512
0ddf247892a72a390437390d535debf6e41d12e51b31eb4f0353b710ec380c5fbc531a48e76935088063a41aca843287d3def9c1cd46be05b8dcb69f5017a464

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_2x.png.fun

Filesize
624B

MD5
409a8070b50ad164eda5691adf5a2345

SHA1
e84e10471f3775d5d706a3b7e361100c9fbfaf74

SHA256
a91790b778026db625c9dedfe1c6d94b884818b33d7977e86b2f9c2f3c500796

SHA512
767a75edd37d29b3433040ce21cda849cd11ba549f27581f7edc6416c433ba7047c56908d40956422393ab0f35ede61617d4bd2aad0bde3d1ebd276584c858c7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover.png.fun

Filesize
400B

MD5
2884524604c89632ebbf595e1d905df9

SHA1
b6053c85110b0364766e18daab579ac048b36545

SHA256
ae2facd997527426fc4def82e0db68be29b44499bfff86a28c36f7c31b177d4f

SHA512
0b506397627823a1768796129c6b37d146821471b89338b5f2d0fd3aea707fd46a8e197ee0e298ddfb3b50eef0a0b064946006346b060f733ef19cbd5d24fc90

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover_2x.png.fun

Filesize
560B

MD5
e092d14d26938d98728ce4698ee49bc3

SHA1
9f8ee037664b4871ec02ed6bba11a5317b9e784a

SHA256
5e8ec278a273be22199884d519a79f748801baa3a45b76e57569fdfffe96e7fb

SHA512
b2fcb5d46339cdf6b5a954f2a083cf913779e57cb6e8699bc5da1fba1c370c41117b7ddefb50075622067eb7b02a20268bc047171bd883bcda4a497c2ec64ea4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon.png.fun

Filesize
400B

MD5
0c680b0b1e428ebc7bff87da2553d512

SHA1
f801dedfc3796d7ec52ee8ba85f26f24bbd2627c

SHA256
9433084e61062d2b709c1390e298ddaf3fb0226656662c04c0b7026a44dee750

SHA512
2d1399a6bf225b048d2b12656e941ad912636acae2dec387f92f33ac80629a1e504bca63580ba73a8ed073788f697274d5eb76ea1b089f0555fd397a8f5cbbff

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png.fun

Filesize
560B

MD5
be26a499465cfbb09a281f34012eada0

SHA1
b8544b9f569724a863e85209f81cd952acdea561

SHA256
9095e9b4759e823e96984981af41b7a9915a5ecaa6be769f89c13484cef9e0f5

SHA512
28196e5de9670e9f63adcf648368bd3ea5926a03e28a13adc2fb69c567fba2f84e4f162637c487acb64eda2e30993f849806f2313820ba693c7e70303542d04f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png.fun

Filesize
400B

MD5
2de4e157bf747db92c978efce8754951

SHA1
c8d31effbb9621aefac55cf3d4ecf8db5e77f53d

SHA256
341976b4fe312824d02512d74770a6df9e1c37123781655532bd9cd97ea65fa9

SHA512
3042a742c38434ae3ee4fe10f7137462cdebad5cae0f9a85fb61063d15a30e1b54ac878b1af65f699c6ca1a9d2c3e58d245e54bdebfadc460cbd060836734e11

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png.fun

Filesize
560B

MD5
ad091690b979144c795c59933373ea3f

SHA1
5d9e481bc96e6f53b6ff148b0da8417f63962ada

SHA256
7805ac9d0e05d560023e5aabed960d842e4f3ec2aa3db45a9cfb541688e2edb1

SHA512
23b4c799a7b25f70962e8dd0ec7286ba7150053cab7c88f5fb1efc1095c2987bd6f3572e7fb3ee4b2238958e52a763de2c84a74615df7a6d3a19a034584fd687

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\example_icons.png.fun

Filesize
688B

MD5
65368c6dd915332ad36d061e55d02d6f

SHA1
fb4bc0862b192ad322fcb8215a33bd06c4077c6b

SHA256
6f9c7ebec5a707de439e3fd2e278fdfa07a39465d56157b70b24f091509bf76f

SHA512
8bb9a7690aeb3c0b9e14e1a6ebc5741536d354cf2324fd74ee0c3e4ef511718f7795039a94c8d2df94b6e6d0fb1762191cb649089d1def12abdf34003f0cdd0f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\example_icons2x.png.fun

Filesize
1KB

MD5
0d35b2591dc256d3575b38c748338021

SHA1
313f42a267f483e16e9dd223202c6679f243f02d

SHA256
1ca0cfc2df0354c8d886285ae5e743d9c7cc030e1afd68ac113c0f2ce43ad5fa

SHA512
f6c58c27bbde7508a866bd0e7fabadb13a4f020378cd8b8cfc0c9fa23f645d811d6cdea04b81afdf30c064c6248152e74b3e6a78ec7a3d1d19037a0db8897d7e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\bg_pattern_RHP.png.fun

Filesize
192B

MD5
b8454390c3402747f7c5e46c69bea782

SHA1
e922c30891ff05939441d839bfe8e71ad9805ec0

SHA256
76f8ed1dd50e50c7d62b804a0d6901a93e5534787d7b38467933d4c12ce98a0d

SHA512
22b26c62473e80d17c1f78df14757ccfb6c7175faa541705edc153c02baa7ab0982b5daabe8dd2c8c9efb92af81f55ccaeeecffe8ed9a0b3c26e89135ca50923

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\bg_patterns_header.png.fun

Filesize
704B

MD5
6e333be79ea4454e2ae4a0649edc420d

SHA1
95a545127e10daea20fd38b29dcc66029bd3b8bc

SHA256
112f72ef2bc57de697b82b731775fba3f518d1ae072120cd11b732bf4a782e36

SHA512
bed5906c7373814acc8a54c1631428a17f0aa69282920447a1575d8db826afd5dab262301dc6da610ff8bb81d24ec6babd3d9fb99fd6945f1aca9cb9c76ec2c9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\illustrations.png.fun

Filesize
8KB

MD5
3ae8789eb89621255cfd5708f5658dea

SHA1
6c3b530412474f62b91fd4393b636012c29217df

SHA256
7c5b1d8469e232a58359ccbcb89e619c81c20e6d2c7579e4292eb9a19849bc5a

SHA512
f6998dbae1a2fa56f962045261a11a50b8e03573d9d4cf39083da3be341cc104e0ecf5908076f03961bcdb1356d05a7450d69940ec3aaab73623a6fe180e7051

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\illustrations_retina.png.fun

Filesize
19KB

MD5
b7c62677ce78fbd3fb9c047665223fea

SHA1
3218c7b6fd8be5e0a8b67d3953d37d5dbd0c71d8

SHA256
aa638be6e1107ed1f14e8430abedd6f6d0a837a31b1b63e6a7741d6d417eddc2

SHA512
9e0cc29835845f2a0260a6989c1b362bac22a8e0c2825bc18f1dde812ce7868503881d2deaf951429a80b5017b6ce31e785ff524883e08d730aa38b36a2fb074

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-gb\ui-strings.js.fun

Filesize
832B

MD5
117d6f863b5406cd4f2ac4ceaa4ba2c6

SHA1
5cac25f217399ea050182d28b08301fd819f2b2e

SHA256
73acdc730d8a9ec8f340c724b4db96fc222bb1eaf836cec69dfe3fab8d6ac362

SHA512
e10883029c1e0fbc64bec9aac0a6957a8499af255e1790843717212077926474e02b2870c5dd04b057c956b97ad4bb1747fe73e731ea61b891f4b38dd80494d7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ui-strings.js.fun

Filesize
1KB

MD5
433755fcc2552446eb1345dd28c924eb

SHA1
23863f5257bdc268015f31ab22434728e5982019

SHA256
d6c290e942ee665d71e288229423a1f1866842988eac01f886910b0ec383aa9b

SHA512
de83b580ce27012a7677e1da867c91e2a42dbc6b5872dcf756ace51c2862801814665ecca997171f2e550e8b9a3de19994d2516a4e5d4d57e16c7b4b823236c0

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ui-strings.js.fun

Filesize
1KB

MD5
781ed8cdd7186821383d43d770d2e357

SHA1
99638b49b4cfec881688b025467df9f6f15371e8

SHA256
a955039cd9e53674395f4b758218e4d59c89e99a0c4d2a909e49f6008b8f5dd4

SHA512
87cb9c4288586df232200f7bbacee3dee04f31c9444902dd369ad5c392d71e9837ebf8b3bb0fcb4a5db8a879cf757e97ce248939e3316c6bf3a3fe7cbe579534

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\bun.png.fun

Filesize
2KB

MD5
51da980061401d9a49494b58225b2753

SHA1
3445ffbf33f012ff638c1435f0834db9858f16d3

SHA256
3fb25ddd378ab756ec9faa56f16b76691cf6d9c7405bb9a09ce542a6f5b94e44

SHA512
ecc5eb2a045ce2508d461b999f16caba6cce55aa0c00b34bd73a33e0458795f93a77caff5026212912684164057be016f51dc57ec83821c2a1f2e27417c47b2c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview.png.fun

Filesize
2KB

MD5
2863e8df6fbbe35b81b590817dd42a04

SHA1
562824deb05e2bfe1b57cd0abd3fc7fbec141b7c

SHA256
7f1238332901b740cde70db622abcfb533fc02f71e93101340073552f4820dad

SHA512
7b2d95465ea66951ea05c341549535a0a939d26dbde365b212e3983e4047fa6912c37d737cb8054c41bb1a7d92586d968a0154c666572a70ebc59a4776897f38

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview2x.png.fun

Filesize
4KB

MD5
79f6f006c95a4eb4141d6cedc7b2ebeb

SHA1
012ca3de08fb304f022f4ea9565ae465f53ab9e8

SHA256
e9847d0839d3cf1039bebdc49820ee7813d70941347ce420990592e5e3bd998e

SHA512
c143a4cf1ccfa98039b73214978722408188535ee4aa3dac08a34760b94bdf6d36ad0ff0de893da5b17fd69c96a6dfb25098ab7fec219fad1a77532113d0353e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small.png.fun

Filesize
304B

MD5
b88e3983f77632fa21f1d11ac7e27a64

SHA1
03a2b008cc3fe914910b0250ed4d49bd6b021393

SHA256
8469b8a64e80d662eec71c50513f6d295ef4a3a9992763dbcac9d81253cef9d5

SHA512
5bf93d4f4250ca96169f3d27d4e648cc5d6e00b7558a3ef32e07edcbae36dadb8008d7ba5f83ac3ed812b72c9d52730e866191b4de7a339df57b5697e00df50d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small2x.png.fun

Filesize
400B

MD5
f77086a1d20bca6ba75b8f2fef2f0247

SHA1
db7c58faaecd10e4b3473b74c1277603a75d6624

SHA256
cf10d2a22b638cf0978cf30ecaf39ecb5bb0e3ad78cd920afa433ad60cc1290d

SHA512
a77a897c0b41f4052cb9546d4cfd6e0856b288b6b8583a86d6c7e79059a05b19cc2593599251581e79107235e9d5cd589c392bf490452be04ff57e944cd19df3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\nub.png.fun

Filesize
1008B

MD5
e03c9cd255f1d8d6c03b52fee7273894

SHA1
d0e9a9e6efd1746bc9ccb4eb8e7701c1cd707e2e

SHA256
22a34c8321384fc7682102e40d082e7812232a9109e4d4e8fa2152fda3f260f6

SHA512
d4bd002197b725316e1f1f2dd0a70ee44a82a53ac0dafa8c6b1166343adc406e147d0c4cca30d65a32aa545f1b327c6b69c0ec1d15330af48a6faa234dc4b5ac

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons.png.fun

Filesize
1KB

MD5
62b1443d82968878c773a1414de23c82

SHA1
192bbf788c31bc7e6fe840c0ea113992a8d8621c

SHA256
4e96529c023168df8dde241a9acdbf4788ea65bc35605e18febff2b2071f1e24

SHA512
75c8604ea65e0cdd9ea74b4802930444dd16a945da1e7f0af4a9a3762259ee9eb41ea96973555d06f4814ee2f6b73ab662c6b314b97876e9628fa5d4536e771c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons2x.png.fun

Filesize
2KB

MD5
bca915870ae4ad0d86fcaba08a10f1fa

SHA1
7531259f5edae780e684a25635292bf4b2bb1aac

SHA256
d153ed6c5ea8c2c2f1839f8dadcc730f61bd8cd86ad732bab002a258dea1d037

SHA512
03f23de6b0ae10e63c41e73308b3844d49379c55d2df75fa1dc00771b26253d832c21081d8289f04260369df996e31273b7c0788cf3b5c78a27ec909f14a283a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\nl-nl\ui-strings.js.fun

Filesize
848B

MD5
14145467d1e7bd96f1ffe21e0ae79199

SHA1
5db5fbd88779a088fd1c4319ff26beb284ad0ff3

SHA256
7a75b8ec8809c460301f30e1960b13c518680792e5c743ce7e9a7f691cfafc38

SHA512
762d499c54c5a25aba4357a50bb4e6b47451babeda84fa62cfbd649f8350bca55204ad002883b9147e78dda3dbabaae8da1dc94b716204226bb53326030772b7

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.fun

Filesize
32KB

MD5
829165ca0fd145de3c2c8051b321734f

SHA1
f5cc3af85ab27c3ea2c2f7cbb8295b28a76a459e

SHA256
a193ee2673e0ba5ebc5ea6e65665b8a28bd7611f06d2b0174ec2076e22d94356

SHA512
7d380cda12b342a770def9d4e9c078c97874f3a30cd9f531355e3744a8fef2308f79878ffeb12ce26953325cb6a17bc7e54237dfdc2ee72b140ec295676adbcb

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\invalid32x32.gif.fun

Filesize
160B

MD5
580ee0344b7da2786da6a433a1e84893

SHA1
60f8c4dd5457e9834f5402cb326b1a2d3ca0ba7e

SHA256
98b6c2ddfefc628d03ceaef9d69688674a6bc32eb707f9ed86bc8c75675c4513

SHA512
356d2cdea3321e894b5b46ad1ea24c0e3c8be8e3c454b5bd300b7340cbb454e71fc89ca09ea0785b373b483e67c2f6f6bb408e489b0de4ff82d5ed69a75613ba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_363582827213C09529A76F35FB615187

Filesize
412B

MD5
67348760d954624d528b345c951ff538

SHA1
746403dcd7b7ba7c5fa9fd2f4b96fa162394ac70

SHA256
ed98a00f969aab8342bde443db17ec0d2cd59613fe90be68f7ff57444d054f48

SHA512
08597fefc30c25a5f56a3fbf1db5fe10198f51c51912b340c91f4639a7817e200a9f645f246dd7a869a93709e7804cc35a67d04be1c22ac370e1357af0300fcf

Download Submit
C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe

Filesize
283KB

MD5
2773e3dc59472296cb0024ba7715a64e

SHA1
27d99fbca067f478bb91cdbcb92f13a828b00859

SHA256
3ae96f73d805e1d3995253db4d910300d8442ea603737a1428b613061e7f61e7

SHA512
6ef530b209f8ec459cca66dbf2c31ec96c5f7d609f17fa3b877d276968032fbc6132ea4a45ed1450fb6c5d730a7c9349bf4481e28befaea6b119ec0ded842262

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
4c1fc5f701e1f8f5e93c3755578e07be

SHA1
da2ea1179295dff487ab5c4deae2c2c825198768

SHA256
a80eeacbf8730e62de771c79abfe545dde5fbddfb2b9b0dee89e4cfd2e3c9974

SHA512
076c041f958f9bfc45622e4c67d36b5e5ac11309ce6ffcbb71041bb9c7bef6a1f463fce8594b74e04a15d88f73e7eebab8724f66af15facb7be7083c150b5e72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
ab57fbd911ec9da01ef243cb8378f0c6

SHA1
49909ebba1d41f1c34970504cf3c3d994490adf0

SHA256
60d3a5d94e371f2790e357f7aa7eb9d6b44c50d59653d82c40026fc54751c24f

SHA512
8e30e3b7972fb53843118f4e52308b1bef4fecc23eb87a1e96d6548b552515f344e2bd4bb6c6e03cb66066196e5611d48a1cecc4dec3e857ba2b6758cb9dc954

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_0\_locales\en_CA\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
f32219005989fb185ef02f3b2cec4657

SHA1
85914f561d9b6b7e3dc9e8f45cc0c6d91e685a40

SHA256
ce6a82f19b4ce161ab1a820ea7f450cbf0c3dea10ad2f6aa4a6cb18377ca202a

SHA512
8aa30170361cdb020cd3880df84fc4aefaf57855b3e6ef71b9d9fc5a07781f71eb6986a36d9b8079726ac1a66fb549ec42806d11640ebbcab9b657219a839732

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
d8813ef7f77bd4a03bdfc3eafb44e15c

SHA1
5515ac3d9113607edeb79ad0dfc38867849650b3

SHA256
4e537d80bd8836d458e21189b4910de2130d5d3ff099071b89852408eaefee92

SHA512
1366548cda3e8f889906b5652d8dd607748c9915dcdf8ed24206d23a377ac41865db7514795c8dd7a256c07e3afaf7b05d248f6098dfd92da4540d35bd20429f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
225245783f79f763b89aa8f9299637f4

SHA1
8f328910aee6e4fb55f3354e933e398ee16174be

SHA256
c9add6ddc2b078022c39786592e77f6b8443b07f5b4799379759728705431c4b

SHA512
bebeef4f4bcfe1815e80dec4675f5bac7ad1736f59b38e7fd0674a6d6f1cfeff442ea28332c94744e93d6a6e2277c48fb174b9be4da7f03c3918aea540358916

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
44b71049b19640da3ac07a81a2d5021c

SHA1
e501c0e5b52356506153ed718e10173f5af07b6f

SHA256
dff60c4edf02ed4b28f47876b9c3b12db7c39a7fca7861d6e2451bb46f60bac3

SHA512
8ac991575a96f771eabc0c4ac3692c184543e0e4fec7c297531f99b7bec4f444c7d9e5bfb033aceda28448d9188640066ebbd3a9d110dce633170dc754ba931c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
443578b5478d5a63823e9d1d16f3da5f

SHA1
cac0542fd3aa81d8c13e7b7884ab02fc5f5cb1f6

SHA256
cf72f94c9f7dec670d3f34fe8795ff786bdcfde0dca2e299682e194f96bb7c33

SHA512
df23bad6fdbc7a1f960b35bfa0f6053b1e5013bf1393fd4688368be9e8e52632056efff2508dca86a7564ec45cfa08dd6529e1a9bdf8da59903d4193d169e555

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bf6b09534d2e57f0f2ccd99d07e37ae1

SHA1
16f66e3dbc9c4e1a1e1b5abb112f05100f66eec2

SHA256
82e2dd7f216b3cd0f9b0d3ced626f3d93320489563bc881d59308873fbadddb9

SHA512
c70887591698aa5524acf32212e2f6f260b30669ed3d853b473240f1b820101e12efea1d67174be46ccd8294979bc424ef7610c1320440018e5aa6e3ca063b72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a65ac1b427923690181f7c7d0394742e

SHA1
4b53b357ed56dbd5f479f6dde0f85de669e2fd0d

SHA256
967a44dc942b8e5fdbc9cbf3cc5ae4c20b8025f248ccaa52a58c27cecc2bd61b

SHA512
16924f75885d28a1a4690b74ed1432e98358091149526c20f76e19b8b374b37974ed6bc316871257b76525de5995d7d5ce1df77cf31b0dd70d327581b8038e77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8be4b407c4d5fcb550b14606e5f2441a

SHA1
2ede506e5f27d155308f20bf01a54c637b0a722e

SHA256
bc821dc38a69744a8347233bc06c9e8b776b395b144c46dee7beca2cfea44766

SHA512
19f8b6cf9a49df1bca385cf6b940d388c867fbc70cfc9899f7d8c36f770a7fad1fa1f915457f1176531809ffcbedd36b83dde2ddbfd4420cf4ab3ece36871243

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f3b5b044f0455a685b4a388f38ee51df

SHA1
2181df53845fc53c01e102618071e6592b53a251

SHA256
c61456c07e5ffe203710d3a4112f1913b6e5fbe670bea189968b9bb24a016cdd

SHA512
adfc7da7f31c37c77502009ea5ff23e31d764c66f5b8b14beb5e05a2da0a0c0e25dd9544ead2b9a9575a4d4b00498dcf33607c95176089ab13fab19ba9e4cebd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
be099e1085052553462d1a0d5921e99f

SHA1
5b0eef0ad384ec6121b955b87306feeffa22dc57

SHA256
6e8960e7e08bd1ef148bafa9dd453614f4288d81f00d08f808993aa9e9f60220

SHA512
acee568da583f6772c65cfa846d1628c0667ad139fd8dcd6e7c951bf751a33ce2093dbdfef22891ac12ece454f3ab6e86495f3dfe053ee172e5993aebff65ea7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
830489f5e1ed6066e8a185782b393cda

SHA1
07a6a5a3a18970ffc2437da72df9788b8b78519d

SHA256
071ca0776b68a5ef3be2718bc8f48af843be594c8bbfdf66cb93262caa3b1ac9

SHA512
87ef0454f474301839a33f2f2db3e4a4abfd7a2953851e509826a438c2854111db178692e83937dbdfc443b1846011c05319beb0ac3cd088cd6f4a120cc7d40d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f5c7187722c1a347624476974edfe6c7

SHA1
f9cf6248add06043c70ffc032c4c8b2cddd8a1f9

SHA256
52c3d007f2175415623737013705a746bd68f1c75f269b66fb6398cb5157f369

SHA512
e89d613b06d441006df012fe74f6e8bfe150c376abc79416cd09a2b982c3296233e85d14efffc3c925899fccbfad6449d2466e5126bcb791dc48ee7db0bf031c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
aa71d227e83c73fff4c0b0fec45da892

SHA1
f6e7706b4b8641d916b08eb30bc520340ffa7009

SHA256
984543535bbef4c69cfee76016e02c9eace8f8fb25c3ad677548f2c17afa8f3c

SHA512
ba10f7a9c8d6f27297d8d6f69edbd8b50acea635b3c84e07da65762e2592d197220b3c203b3cc6e58533077f63d0bae55c143e1cce0c4f6885ff497c5f2bb101

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8b9f654c7fa47e39a3bde44cd30fdc2a

SHA1
b0f4d1f2b6066714bc58e69aa768140be5057cfa

SHA256
815c1a80c60a3394e0f1e85105871c1c0e15c4a19c7221da303bd60951155d40

SHA512
7d7d730705864c642f6144929a93176e1754b1b9e69f5f0d850fae2fdc808d1ba355624554f08ee3c2d8e0cc010ae440091bb7cb814bf94699b4f1b884859abc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
847503facfa22381cdf4f7bfbc20e32c

SHA1
aee0125783a03fb6ff26ff24d8e0ffc9de40230f

SHA256
e384acfdcf08021d37febcf8b268bde54eb2312dcde019a5a82a957c88418e3b

SHA512
83a1d5acf0ee708bc9c28093efbee692d0acd25d531a615b0baae7171bb77b6740b96db335e4a474f5ca976bebd16fb9b5673140b5e77c291fd47b4a7055ffb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
053dc2edc21cb7c80b2bc88f6998178d

SHA1
47295719f7b35fac4473503242add95daa671a43

SHA256
ad61d8c2ff39879f36a6ad45be7292db3cfc46e8073e977f6e4f3acfbe13f81e

SHA512
ba179bae3a1a02782ac3a62349ce3463009f54d708aa00162e0d0796375ced5385ea8c44ebd9fcb3fd5735bf542a785060a703b5fcbdfdb844e3cc1169c9de52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f61191c5708d3849d529a1a525dc041a

SHA1
ae0a0a85ecee50ffecfc53c220f64c4c86046d0a

SHA256
44301fa23ec0cf1dcab3aa9b240a2565e9e6913c7ef893b81cb673a2d996a7e9

SHA512
d9e6f02e8bdb0f49cf0b254b017e22326b9511dc28cd9006cbd81f88263da6c3beff3a7e808d9b30c2a314f7b6524c4ed57df96b6f1b1c66af1274e5fe39d533

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
53da6220b8bbaf6c8651e9bc5cf20077

SHA1
972a2a9714bd30db92a4f07749b1e6463d1d4831

SHA256
858869dddab480428cc676429718ab33e7c0b26711d9847952eeeaa2d0657093

SHA512
d611edac52154ff7d83f9f9d07329cd509a305dabb44ffc0c683af90270ffe434775d9f833f5ea147379c79b4281c39ca2f56be122311daaeeb1bcf038bd6320

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
89cf36bd1d7403ba6c67fe70d7e70811

SHA1
495461a162b6ef5ef643b8fb3bf46c8930ff77df

SHA256
fa17324892beb7a29def30f00130aa3fcba3a7ae668e8dcb483b09c8a6cb3c17

SHA512
0078341a3ea46a7cad0ca025a88a615b0b51df9609db7045fcf0b86bf2b581a61faef481c3c251ec23d069ed9d947c641817b458339a93fc075fc11792502332

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
025069f32823580a9671e922664a3f12

SHA1
2828425f9b0b1c040c5bad237e9cd82411230950

SHA256
0759a8091f59ba9b6589c5ac7fc9a23c2b6a33b8fc815a465f0e36c2c9576379

SHA512
a01a5943a8041c531120f0f77627e3c7410ceb5a4f9309d6f57877fe5b5fb27a01fb02e0c51b9898ba576026e6e973699248269123a8a650a93b7f9a04e1d5dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5d404e4e5d33c0bff3e02f5c4fb9bd3a

SHA1
c48f08869d32c659f1b47a75f9347fc93c631bfe

SHA256
31be772b0fafdcee8af388c132c961cd8e68b1770a6eefff25a49a602de4194d

SHA512
0d831ac8d9d7f34e777cee3f810673bd7273427fa3522b836a8ce91a14dd8f3a23747a4300bf4af95a20753a3fa971e5adb35f9b1888e1bde6419d342ae29491

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
eb00f8437dfd1ed76cc95c5bfac5910d

SHA1
aaa23958e4a1650ff32dac649f036642056554d5

SHA256
c8c63bcdf39bb1adccc7921e8a8dcdbcb541e8329af19794ba34cafcdf963cf2

SHA512
a1da78a5d1c79f8b78b0b8910c98bec30b11d7c058c390f015be950a534751644a5fd63d8b274d86a676c28f74101929545be4fd4906c018a93c93351cc14e29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
847f8d8d9f4720d1ac44f55df79b8eff

SHA1
30e5fcdd11fb9588a7fdcadae32034a2a164f8cc

SHA256
7b52727f209e0e220eabd137c172f06480aa66122753f64ae60e41c1403af015

SHA512
28826513a77045dd1d381fbaf9faa1ef1abcd19dcf62844d6556d1d9cb103872893a041c8e427b24f30452dfd1adfa1eb3d05c9aca268ca68d12f51c57ba66b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
279002086f4f738e6c34ce49094af589

SHA1
3ec7a3b5693927f1d2df42fc5f68306a3472c956

SHA256
d844c14a7f055371210400a929469c934a3fa6544a701373026aa40fbb5947ad

SHA512
d45f4e705ce29324697c44d61d89fa70ba5bc73898c8cee4b00f0ad4c721ff2368f21075f0f10bdb95a14b0d5f99dc78000c61135660c1c484a208ddb0cb30b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
68b406d9e732926f70fcd6b2270a32bb

SHA1
e0875b6b5c2748a1543832ffdda9d7712a0aa800

SHA256
12aac056077212deee5a07d5122ba587615a6e69f57bec5f5dc5c78db41bd564

SHA512
3a345cb54907868b216ccf3f69736fec55574716c7e848fcd5efda14c4fe7793f32be6ef3e824b02e9ecdfb3fc01a621e27caed3b208e2506daea9c48c5757ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
accecf997ca0e32994e72eebcb236de7

SHA1
53db12dc8ee661c9d5483c6fca51e9961000a2aa

SHA256
01f57c4d342b3d6551b7804d61c510a7edbd72ceca516365a1557536b975b1f3

SHA512
7e32dc416a0b4c9691a3603f0af704ed4743dee73e2dab872c8b92fbde7855a32bf139b535d7143ec5dfa6163a83ef4fb748c59602502b20866cfefa31be0cfb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
36730defe2864de9bc3b343ca11013ff

SHA1
a1c39d60202c8834150b7af198e0ade62857445a

SHA256
8d993db8161cdc37f80f9f32e54cc3764182e9c9785511f186366e00a8d7a537

SHA512
8c7df79304f8e6075a6f809212d1c946b0ca60846251dd3f4cc71e1caa4dc666eb06763080f1b1f933bd86f146994aa3617aab517e03035b1ac7fec3c39874bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6c712cc6e7f38604e2b64f42890d94a2

SHA1
65d69b7a2f8dbbad4a74573d539e5489a5d081ee

SHA256
9da257e00b7360775dc343f1626267359d9051b0ecf42280b8f34bfb441cfe0f

SHA512
5a6de9ca474d52def10ffaf4f16279813d2ba7633a4f95d85e32c534036753e49d0421d0b022950835c3e6d13b487af05a68e21b3f8d24647c803de73acd6de0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
12c2857cb9a666bd354e8a57492d3e8f

SHA1
d2b865970626cc7eec0aaf345b38f829cff40122

SHA256
53342ce71c0c1d11cc62d4060c0b0b05d45fda7baeef59c74b3a34b3192ab492

SHA512
91d39e7d95d50054a90bf6de3bd414511e8cb8e0a158a31ae107335164491ffc0587ce7aa6f946c94d2a7b02d3403419d40f6e40b5f43bbeb2f1419b68240201

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
94666bb1b48ce823a86345e6203340a9

SHA1
107df70c9ce7d7b66f7bfc08c3df91bb29c9d8b9

SHA256
1b04541e0b54190f50a285c5fc6ea5ac25ba8096eb950e78c54968566664afb9

SHA512
4cdfdfc18efe55150646dd1dc6ce21e7129648467e6ddc866c908564ee25332ff07678eaa6597e67ae0c868588f8c4aa734cd24a319353f19463bd6a4902ad67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d0f0b0b327e43fb1225c37162900f72b

SHA1
5fffabd02b0569a2778f344c876e94915e3c4074

SHA256
65f830db570d88fea2db3a90919dbb5788b28ee639fe5d8a42f04554bb7a21e3

SHA512
99deb833c29efee85667290973487205574660f38cc8ae9de4b8467f2517d752f5857550458f34e3273ee6a48fd7db9c38615d75edefece1ca5bfb491092d358

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
13KB

MD5
5065c7eb0606e544e961d59e196fedd6

SHA1
6603c923eeaed6373c893d60b36559fa507d8adb

SHA256
b48566935cbd35d38e5e10fbd7952eec93caa940b359e1e873dcd648b66ac5ef

SHA512
4bdaa073f550791481cd56472ee7ab84ddf724d3ecc88e0b8605320f32055ae0e1f6a60f17fef99cfecdfba5d986289a398df60840c7aa7110f73adaaf00c3a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
a42c3f3a5f574cc13478927931a8e7c8

SHA1
ed36836d3059f7e3f04f254044f38a2eb86e523a

SHA256
c0d31fbc315996723d898bfc65c192e7e11ad92f150a0dddfe29774bfdf29e9b

SHA512
28d8320ec7bb889d73fabb8cc50fcf3baf2b27307228f51c7146861eea0e6d281b9b5a0c9cc340fc39a4bb8ff00fa5e933e6cfe50b85374130f2b97ea8e05695

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\bd6602d1-600f-4636-bafa-29761f461d8a.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
244KB

MD5
2975a42b7107454de34618ffd6e3d1ee

SHA1
c991857d2d837d2af0d5b5b99ec05b11453aaad4

SHA256
c20b9195fc863f1cd0867ed1bf7170c988a83233baeb4de43393c78629254024

SHA512
36e629c23078b848ad82eabadbb791263f59b583a4a20c49082f0e5bddea3af3f2db0e3c7106c84c1beb6a7514c41d2742215b753e786d4a9e5db1139dfe4706

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v2.0\UsageLogs\Ransomware.Jigsaw.exe.log

Filesize
430B

MD5
625000a42d165f2ca3320a4f3b4ed133

SHA1
9b1344a4a5af842a6722c257de51bf654c458871

SHA256
407f08a36156ecd7d93317888a463c0390f31ff9cc81b4c23019f0b02bfbafe0

SHA512
5f7f39294d181d7e538c8096c8d54862f4b084cab0f80d62ea6bcd140ca777740a2c059eeca757a624aa4f778648ccb361b3f9eba204154e3f72b1a640dbbbea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e7d9e23515a25cc929fc56ff645761ac

SHA1
ed758fcb45007358d347e518eabf97fc372bac86

SHA256
8e8a3829c64adb5a1e01c3eef118cb0877822e4ed08ce1adfac72f246271fbc8

SHA512
dccf49d17a8432708178340ef1878c0d6688eb6247eb235164cb0b433c6fb6a5a79b22cd7282874cc73dcb7dbac2ff081f5c4bc6578fa5dfaf5a87ec5c644003

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
91ebfad64a7797b0e8c3ec22ea3fc1da

SHA1
3e207a2bbc08b7a4c2e06a2f82d74fcb0a012051

SHA256
9a45eb8d067ed2953531539040dfd0da4e64409e8ab493e64ec2cc9d54d6f010

SHA512
81b63d8c4a0437252b75b581ed76b6859259e62f2e805cdf284993b29a99c9dca0fcb495094ac14a90b6d9e3a136d4d74284cfb63fded30e79f5cdafe3f962fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ea79331886fd1d07f6f82e2cbe9496f2

SHA1
97c604a351def8b321b59b186226bc5641311f54

SHA256
5a70726f12dd8241720b1891291ac1b5c31e608ea9ba247b46ddec95bfe3c3f6

SHA512
e6f0e0f5e13f17fea068c4503630e06cffe2b69828a637ea167956069aaaa4e7a264ec159cc00d0395348716b2346bb8484a125269794c8a09ae5ebf93cc6c2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e8b4183cdc3ad53c029acd49a1e45e84

SHA1
92653246ff0fb4e76708f2e9a815c19950d20f74

SHA256
a8592b0679c50ca6ecf587c5ee1b4137901b2d5b721b633651c7dfb806e0e2dd

SHA512
079808454c7ad8172721b1f7628e7637b88d276a6deb883ffd1387d0e30c21cb60c3f55a58f2e2a4aec0c50aeacfd60ecb5d7da8d9a51b07e0496c2d86925d6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\throttle_store.dat

Filesize
20B

MD5
9e4e94633b73f4a7680240a0ffd6cd2c

SHA1
e68e02453ce22736169a56fdb59043d33668368f

SHA256
41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304

SHA512
193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
21KB

MD5
e42eb6b987a46c895dcb7fa84dd38e61

SHA1
a23c3d5710c227aab14b5c6ae1eb05b0a537b8cd

SHA256
2186cf3fb1356149de2896f8c226cd09ae6de2d8986c738ff0719dd23724fe70

SHA512
6b03b465468a56be7df4b68743de0085b32c8974ff660ee9950158803ad3f8ba4a0d857b5ab629a5c80ec49bd6a337392723a4045fece976783ef72d00ec8008

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
b7f685f305bb4f91680a2f36a890acb0

SHA1
6bf49eef1e14a6c860c7bb025b4e6bf6f2cdeb93

SHA256
22bf6260fb5180332f92b614ed80e384d79e2ffaec10f5151f20d8fd2fe94ba7

SHA512
5cc89e9a3a1ad8395bffabe9e7f4465f7ede9f4c8db8463b58cdced53db6c30d62704c3591ef1ee97e4c151614a835ef6477ae45c1d5ff50f4340397d63947d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
e0f781381ee3c4308e0dc33860e87af3

SHA1
2d2e040404aee7f7a656be2d0b132a0e7a7ed433

SHA256
a269d39612d1a0588d0e5c04d16f4c38e16d5d7c1e34cc976a0f83e852f51e38

SHA512
2999c4d3098120571fa60c8033aa77b5ce7b7fbf0ed77193fea4371e04b0fbc1351e24039bf8a583de08721b88efc77afd94b158b3c69c470c9ffaf174a7300f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
052d4ba2735ec97e59dfe90c5fdbfcf6

SHA1
6e6d139cb5bcf13d09b3e327964e78dd6beb2c82

SHA256
8fbad708a961eec1b2f617ced715b04086d6c230cc427591035739fdc99bf630

SHA512
06e06a6cb55fa5c35a208fffcfaea3252bbdeb24c39d7c90ef6d587c5d9d61ae42fefed295d0e5762656819f4db4379a134a7653ab09f17a6a710e57ee171c0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
6b542f680bf6158fd5d35f55f355444b

SHA1
f68af8470434484ba585983dcf8a6322a6ac6a5a

SHA256
45a72a7680c2fe2439be44b8523b1785674a62fc6a456c71f20eccb7d4c167a0

SHA512
58abea1905b3c6e1c85cb9732865f77f29740401d2fc6a8241e81c1c2aecc3bd291503be0704339ab3e556dda4141a2f450cb88d00657691979ef1ee8de10bb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
20KB

MD5
49355d407140d43eec2f714b361d2807

SHA1
2b8bfd814adc1867eb08242e0e88c4948e69a75c

SHA256
3d4eeaa76760f6dfb707ccff1d31db4e3e30efef3732ac0a646af101fcf24644

SHA512
36a5ae58ee30bc0071ea0d09cb7aa6b1171813a02ffb4f3179175bbc8de595ddf4e7502edfc0a645e5c2fad178f789d61ee412a455710c1c007e2c82cbf00626

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
65d3756d1fb9084d4f59a184e047faea

SHA1
8622050ef5cf4f9233430bd1b04a8035925d4490

SHA256
77a440d598b4a77c44d14aeaa1f5da50c9542edba77d15b0e95575300349f15a

SHA512
0e40925a91b431cdacac725d89977c9ef0ba931d6157a1490187adcdbfe69475c9dbe5a8636f843f7d3afc90522ca768f7b406e144d90b74dadf2669cbc6c20e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
fe4c18d9e3c8b5b8951aa3fc6bdc57d9

SHA1
8b6062ad338496aafb69281b9b20ccc88306405c

SHA256
e01aee33277794508f84aaeff3a6f021fa31f54267a1ec4dd12838f1604e6bb5

SHA512
acf9949fcafa962af1b9a4cfab65c110b913ededaeb974f389e345bcb32b7a2ff503dc638d6699831c912548dc564983561884e11be077e3d89ce2e8d0f33398

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
2KB

MD5
06b703fa60d2cec7358ba34259d14ee5

SHA1
1ce4dac8f5ca4b96ecc1996ff702d0d8bf49d621

SHA256
ca2bbbe829ad0825ce4bd76a6ce9e71ce84890ab7c21732a04837bf4029e97bd

SHA512
913800a4c2f62aeed85e3cea51d61633d023fa30cb3a5b07224935dacada1710c6a1f6fb6fff86aadb6c40bb4f27a583756e3681c2c56da685072c68230040af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

Filesize
28KB

MD5
4f7c6301e3ce7da9101fdf2ae6ce8043

SHA1
47ad0fefd2c6da4609c3c312ade07b69a3beedf3

SHA256
97d2f3cdb598ec32ceae7dc3385f9059a76dc8782ca12b07ed6025cd93c612ac

SHA512
c311a507a7d0290c4fa351477bc7d431b5d54dd5ec421eccf8ad4bafbb0f52de49d4eaa079e0fb35084f2d18dc21ea895b6b9e3d4690b22b4767e074264e5a41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
12KB

MD5
c81ea7d3fa4a44967dc6e706c2d6b960

SHA1
27826239cd40058c5ae6021a274624c6a6898377

SHA256
1784d020388f36c8bcec9229964e1f09aa3b43f49b5c4d3b521a6188684351f2

SHA512
b341b7df614145847646e72d93e9dd927116ab71c8fe332a2b1a90f21a8014ea62c8990df4cf20626b93aec7ea90b4a6c4991faa8b27b6a4848ee66c5918abe1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
a634d0c9ac95d005d511d5bea5bce227

SHA1
427cbd90aa7f59804677c5e49f47a393dbd48048

SHA256
637c58353dde11e8c3e0d06d825461bf9b0b03c2e2841871d843f3a1d346a05f

SHA512
c6c924e37bf203431e777134f4bc6c7996b9f8ff064755d35301c018e1e1c8eb7e12e94cd9a785d49b45df0f7e981a1397e711d0b286bfcca8f46a1d2999555f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
579B

MD5
26aa153f9bdcc4f3ea5c36c066b8f2d9

SHA1
de8ad805fbb2ee1c6387b9aaa883fea656576e25

SHA256
6b891e42a617f6456aafb8808a371ce171907bd9037128c151b9f0b731496152

SHA512
313d24f55d9451d18c96ed71d02c58c1a181c942a4502f87f9eb10eddbc4e2616cc323e070f880c5bc03fffa584e3d8b5645e1c676f801bc64c43237829a9e30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
c3dacfce91aa0fd7840c7d88650253f4

SHA1
beceb7ea94f1cc24a8246dbd4786b51cbe2faa2a

SHA256
102b554bb360d6d7eb83c751000a5c40df27ce14541f58215d5d108855528005

SHA512
d1cdd88d5e765e8a1cf242cc7a165b27c65fe31895f4c36cb90d1563af815aeaa80f64a85aea7044ba2e29131408d11d2aa872efa0f1912b3b806e3bdf3a85d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe584e1b.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e6c3f0a19e39a05428a9ac2594ba8208

SHA1
64595a03f6f39c908e837a2ed152ef316a9afca2

SHA256
d78e75e2a7dc598c87e055c139c2dd1c19d3488ad88b39821894de532ce19490

SHA512
2124762bb2857afc228d360ae2c159516489ef5e097d33486254a823247c0de75771ea4961bf7ae9fa93d6b72669b5ac465a57d96304a2dcf6f42c4a9253b2fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a5c0d38b6967174ef101ff45ca883d88

SHA1
2970ac018cc5413c37e15ad5d9a950ff6749e085

SHA256
21ecf44e6454467fdaf5a9a59cb272dd378d685edc62389dcfa3bc182e9d02ed

SHA512
b7d9366724c290d3c1abc2642b91bfd7ddede1561afc32e1d85153870ba329cef1037669ee856ce1dc9da2d6ae78f580079ab57c27be1af72dbb41d9e08aaac4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b3d63faf5ffba290bf35f267c9ef9b69

SHA1
606f102fd74501a886a98782bdb053baca34da1a

SHA256
f83d2594a070cf696d0bf9d8898ca27cb3c1b60e548cbbe270004f66fe835798

SHA512
25c8ad9efbad54528b9130cb1fa9d1568a82ff340375baa262198d12885bec4f743817606e6fe718e75af0c5ea5b777eec1b8b750ac68ca45d16eddf1ef69d54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
92558c1ae5bef6c11a53f1436862b535

SHA1
706bdd1587d0da544649a72a9b7d39ba834a8b33

SHA256
f60b8ca3bd11b0df4e6aaf99aa06ae3b962f95743f835706f9db0dec5d8f15bd

SHA512
b2f6e6f672f99a0c84add37badd073f24bc32dea6e79e43b2c636a630e5f9d51ae2ff3ee519ea29467b35a71cef681a328c3d04bd92b6561fcdea7db00de6e78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
365b67baf64abde66b64435dcb07d519

SHA1
15bce7444da24522a9bb0805bc86db13d4f7bd05

SHA256
d3d13b7fadeda24433202029f989d430c060f41151240f385635c0de1088e81b

SHA512
023fd5e77e81945ef0454beaa4c247d7092583ff0d1684d4863115dd0e8279ccda6fad96739284b226fbb96fe622e4f43b814c6f53c118207158f1a47a283223

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
95badc60a3ed321d6eda1cd6004bc0f9

SHA1
935fc59ed865fd2bf8b79eddb3427a498670ca57

SHA256
8ef2d24968113d88aaf880cc7bc2636fadde65fa57c6f0a1dc545f207bb13e89

SHA512
065c3dddcf655a72efe00f32db053fa2d1b7d0f5cfb5b4f207619b241d1c47a6129f1556fcca3dc22bc0c7023b96a5655202c0b813c69a1867918f45db8c8a19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
1db387de0ae23b4fce6823515bde326c

SHA1
1393346a1b48627237237b7e534f2ca5f2512ee3

SHA256
0d62d95e1ccb07c42ce654d297b06ba429d8e15e39b4e525262577d7b08bc67a

SHA512
446452a27689633e3bbfb1c357234d4101d2a88541a4cc25d0beb975a739e1a887858e2cffb6918d5f918a2c1e60d73aa4eb293da271b88eff8a5a239f83d3e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
9ee225f1f3555dafed081754daba9f13

SHA1
c7791829c51936d052bc74440d99322c391f95d7

SHA256
e05f4bc658c9783b40c15ae1cc8b0f07b62c43fcedff4f221c959f138ece344a

SHA512
cf6aee7f25bc5bea9db3578cef408d3f3c73ec432377738d626f551461f3771d4e60a34f5eff274a9cbb6b168c6973aa0d7c4cb713b0c6434939431eb0344926

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
1KB

MD5
fb0f405370926f84acc43528417da696

SHA1
1f5e3669f85e2f5ff9428c1815b1862897d1786c

SHA256
d79d6d2b5777a3686da48e9932e58b0fd47c94a9076eb1bc0e6e74b32f91efd0

SHA512
dab4b29303340d05f5f50290ab262ecdd1dfae6cac2b82a37efd7c631eb418fa17a972305ca98594c2fb549e29595dec082cc3f3d5d8f538081f60a338ca8d1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
fe06bd68c158253ce1973cbbd7334200

SHA1
56501b6722c7e0d52809f5fb61db489318c6f0df

SHA256
d658eba6b4a54d9bfa9c9f7c37e2910bbd60be1b177a7fa903a2a28c2e0b1cb9

SHA512
7a48dc9417998e7afe19332f6c91a3ab276234c80751eb3d826ce46c4b27f4ec9ffe9feb8820ab15733a3c5c33c054fb37263eb8553c3bdffcb37a8023a47e08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13385067150831672

Filesize
7KB

MD5
dc54128482f91c2bf449c620d8003cd7

SHA1
a0641a6427056ce11785ce7e94d7df05134c2ad1

SHA256
1ae55870d6908c9e85e7a0381fecb6b65ebe69f04bf57ddd8c47e2ab3ad7dc49

SHA512
8eb8fa9431c3648e9ce88ba02e4fc45748da455346cf55bb3ec37deaed6ff4da193129de4b0bb291defbc60a6d8dc4f35959f1ac5c1be0588809be3162b9ff43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
8c55634ba5ce809fc4b7ba089ce48410

SHA1
fd1077284c76222f780e1e236e43114864487b9e

SHA256
9a564bcae6d5888ebcf28c501d958f73f09b392114166fa9b2218dce325263bd

SHA512
f2d3bd912b57145211a0c18b2519844020bd2ab0dff79e10471e7c3118f07c8147a4a3e530961ab8475caa9f0f7720139229ef808c70444cce1905a835ac452c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
e7117ff299ca66ed3880fb04b4fe0836

SHA1
7360c04c07be3b47f1add34223440cf60222a6b4

SHA256
32eff9b347e57afa1efd7e48f03b9c316a8eda954e8cbccc47a0aebb1f5ca468

SHA512
5f77a9fd191106eab455ebc41ecab8c7499fae855182787f52088c7cabbe40ac055c73737854b200e70037ff4e5831196777898742fcc49f8743360e4d602323

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
cda77f833c709e47b80af401a3163137

SHA1
7e7988e8892980cd3adfcbdd61e0ea5e3bdb39ce

SHA256
ff12b5ac4d0f26ab2f4dafd204d91958f2529b11526f68b5f32c7367046e84a2

SHA512
6c59bc265ebaf9bc0e21130304a9cf16b1702b6628846442573744a827acee7a23bee3521751301f1003584f8f4f86e6af45ff8de211a75018207dbbbf15ded1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
590840ac560f8c8886195fa4bb0f9722

SHA1
1832cc12fff05b8b0d546f66878901ffbf633563

SHA256
5dcbc89101e24ca58380b75e8b28d5d3b9281d16857eb814966a3bb04275b2e3

SHA512
10b680d44f6418b6fcc8d980db578ccc085915e2f38704295591a7ab398bd2c5c4893888a9db59600031c534f016185cba118f7d4b5aedc276c1c10f06bca39e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5dba0999b14d5f7efce8cd49b627c885

SHA1
eef88b6ad4698b6f7e5da1ec9649955ff1bb5ee7

SHA256
5961cd4458b4bef9296d333cc92ceb2676f352014d4dfc3b9bbc484a36d5ca0b

SHA512
3de170a004d5f3169a533fdd24ad5d3c4a1523c608104b1e6281c35f4ecc7cfbac90396947409aeaf6a6c70140b3e9d51a4f28399d8368ebea4fca8dc29e1003

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
cae17f8c737e41018ab0abefa0da6d97

SHA1
9fdeb45d5392e8a82d5e6e7a8b585ead8aeb824c

SHA256
72da1964ce0356de5f16d59835148a73785cf6e0083077f2efc3a26fd50f9399

SHA512
cc728d95ba1e65a33034f748cbf4aa30b82faf7e52ec46cc540dd885b9e960f0fabebde365f1f69463759cf1b33cf047c59286e94a281358a56bfb61ef323e39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c738.TMP

Filesize
874B

MD5
c0d7423ebcfa34f07a465b27fcf612c4

SHA1
472d57effa5b902a971a4d61882aaf8610569ad7

SHA256
60f77eaff26a1c78eea01c917e2203c2090165954d1e9774fa715728203735e4

SHA512
5c49dbd4d43df2c42804ad9acbc6cf6314a531b13d67880209e2e6c3241cfc67e9110bec4afead00f3631e70a341e17461b871ad8857672fc0b21c5c5e25b1e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
ee4424e5d6d1cc0810ca452837b384d6

SHA1
81818cbcd804863e701aefb98a7f0a10de7a00e1

SHA256
352a77265513616983af3dc8a2d92ce850c830fb290741312bd63e95df74ea34

SHA512
f7d004814ffbe04f36e0ec3f018f4b1d210651e8b608f608ccd6b7fe52e94f181d740426e3c614d3c639cb533d087551b93b250100bf4016ea68cdfd3833cc02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Filesize
112KB

MD5
e03fc0ff83fdfa203efc0eb3d2b8ed35

SHA1
c705b1aa42d84b3414fdc5058e0fa0a3dc9e1664

SHA256
08d550d1866b479c6c41ebbda7b453dba198ee8744a52c530ff34458024ee1fe

SHA512
c0840930d7a9cf16e8fbefefd09c564eabfcfb6e9df1f9b906b830e8218a818c3f9721f9ce1fc2a96b2e6ce725baba0dcd5810a9b55d20b3c9d6f4569b9008a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
72KB

MD5
3eca36ca51ec62523d0bb0ef7b862a96

SHA1
349966741206ed0ff12340f31fa6f236cd20bf19

SHA256
93a5b483acfb552d183072c8f2a7afa92f5cf092f853338dc48a07640b979bca

SHA512
c5a7ef018226516f9b21914b0f244740d6bc004a6181dda2d17b6afefde14e6b7058c42b98e3286d4ab1cf3106ae5d74282c23924a57ccfcd79d8cd48068d3fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
5KB

MD5
80e458b02b5378b309b4994612287556

SHA1
96c521f28d13d4dfaa4e6f4177d2554a8671e08d

SHA256
07a89416ecb74281afd98999b7d4b3b88684b6536403bba4a2092896d43cfb67

SHA512
acafed0ebdd995f0e9ec3943a0f7839ac1dc6338d871ee7f4853aa028a6ca17baac26e17f9c17000a35192d58bda50f1d95a60725b5ba3370b580e819f5e0d0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
322B

MD5
f33adf591cce59055143ad25f9358489

SHA1
ff94615d13eebdceeaa9acb8d9f6712e0c32ccd5

SHA256
6ea6227c0bfca80fd50bfd83c0ba5609f1fd3815846e9d976413a6f6b03abfb1

SHA512
8157df29f35970063d021c8b0edab420024b2ace945b2d2c6844f1b7ee306446365ec22cad54a3e9c9e31b482d446bad17502b3b7c928bca253014ccccc5b618

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
565B

MD5
d9aadfdb6439731d42e0f1cb89a3a527

SHA1
994f21606006970e6e40373da790fe14f7e0680c

SHA256
e9fce93507bcc70b9f0fcec0c20b62701c3231744edce092f72c7c78da22d897

SHA512
d53338ac894c9e61062ca14abc81ea36e926b4c0795eac6821bf4591785073304a966381a1eff86fecca9d002ffdf213284bc36931d594e8b9287a12222f8e7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
340B

MD5
bfd7e4c0baac7fc86680c1e6db2d5338

SHA1
168a9b076bac7d3442f64a2bb62bb4467ef9a61f

SHA256
c2f27fb74977c783df6a83d543434adf1fa4f1cfe272b6849f3e7e4317b1549a

SHA512
d79d12df78e6668bcf720e5870fadf17e71f34414f6c9b149a3bc66bf31c52654eb62bc09b0f7abfe14f4ad5f2b264d8906bcfc82ad7871db9c8ca41c553e44d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
c73cfa3f07d231c0a08c8205f93e7dcc

SHA1
2f6a5bd3541ff255319e896443bb231a27d112a7

SHA256
6d262d6c7f1519b55e65627d6f56a4dd5847e809165a395313aee301990c4b34

SHA512
1165aec97fe63ce7c839e2a88ec4aa7038adae7c935c2ac6d29036051c952818cae10aa9c95b3aad00278c0c4fb6ec3a1701ac79716494d8a44addf8d92a1fe5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
8f0e21f26569821c66550ab3bfd2b8cc

SHA1
66d0a9c2b594a5e84d9689794ee0b4ce39de6080

SHA256
caed25cac460f218c649db2a27291b381644c6567e372f1bb93f964483bf87cb

SHA512
6e740c79d205867bf1ef8760089a1c97c24b61ac5ea56f69c2254e115ec2b5347d6c52aaea6bc3920df0d97c055cf3ffd7ead43d4f6bd1228138bead3e4d9adc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
e1fd111c9caa017be08939cbeef514b4

SHA1
7098461bb7d4d213bf670199425cb5d1edbd1e2c

SHA256
b0b868a12d695ef567138fccc22df04974272adededd7b9b6eaa38be951d479c

SHA512
764ca54a4ccacc1b356160e02ffacd1ec923c005f2c331ca9c11b9dd5a180fc154e31bf24c2f12a687e9c3f9b6e33afa3627565cbeeecef79cd60d1858b15f12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001

Filesize
17KB

MD5
6bc4851424575eaf03ebe2efee6073ab

SHA1
2d014fe2feb929d03a46322645a94556ca5c9e96

SHA256
abaded8e235fdf329521806af30a1cc7701eaca3fe2efccb9da760ec6d8e5e4e

SHA512
af3b7d93fa2243475d74d4bd7f918ce2706bf6eca28029b9e49869f5f793e483efaafdfab1fed6306d5fc77a5ed3b27097b27448cd04560bed4df6fa3268ccf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000002

Filesize
17KB

MD5
fc97b88a7ce0b008366cd0260b0321dc

SHA1
4eae02aecb04fa15f0bb62036151fa016e64f7a9

SHA256
6388415a307a208b0a43b817ccd9e5fcdda9b6939ecd20ef4c0eda1aa3a0e49e

SHA512
889a0db0eb5ad4de4279b620783964bfda8edc6b137059d1ec1da9282716fe930f8c4ebfadea7cd5247a997f8d4d2990f7b972a17106de491365e3c2d2138175

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a6cd9c962a63e308ffd53cb492cb58cf

SHA1
c12824291b41671709f0aa02f2a01f09091bb697

SHA256
287a905e06e4ef3bc62c7fef12e344148565ee8a3e5a747637949978003dade0

SHA512
d87fcf4329c3c2d63fe1dd8baf0290114921b9b4447d553b9b10e38ea50de7df7075e6de8da78f09a770d1ad95f979b146eccef5da9b807c412e8dfce175b5a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ad3598ea6653ffd898edd0e4ced1019b

SHA1
0ecbde3239640306a781bf91920896ca66b16d10

SHA256
6e8f9b151759aa8389ad2b00b7902e61c26689f1dba68ff244d72e343ba913cc

SHA512
c5a302b57a9a470495faf72b2126fb26de4699161e33c0e791259331feacd33fcb4f00f1d69f7d31fd5e552a1810cf1ebb25473335f2e415828151c673a42f39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
38d17e564e98904edd21616b4033b3e6

SHA1
a2a0367e4caa2b165efbd376249f992389f5bc3a

SHA256
83ce961617808112ded8a688bff4a5bbef167f983635039fc82b514b28408825

SHA512
a3214818cc4046af8c21cf6ea221151400a2bd235bea67912efe2acb49753a38ddc07cc119451146fa5475ed72a02772b1aa6a25f0f893b053f327dd6fc11c6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
829cd59fca21f197b679df7e8998f44d

SHA1
36ae3859adc03447d4b05ada7fc3a393f4bb6e3b

SHA256
ed710fa91366ce64da9a693e1182f1b469bd026b12f2cd9ef3206a5c9f686486

SHA512
7f730e909bb4f07fc9b550526d0dcc3211068d8d32510a74f9203aebb3c846be9130932d6ec6095f03d874c26242b5177cad2dda6c7b25a74daaa3ffa700d80c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\edgeSettings

Filesize
81B

MD5
f222079e71469c4d129b335b7c91355e

SHA1
0056c3003874efef229a5875742559c8c59887dc

SHA256
e713c1b13a849d759ebaa6256773f4f1d6dfc0c6a4247edaa726e0206ecacb00

SHA512
e5a49275e056b6628709cf6509a5f33f8d1d1e93125eaa6ec1c7f51be589fd3d8ea7a59b9639db586d76a994ad3dc452c7826e4ac0c8c689dd67ff90e33f0b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\edgeSettings_2.0-2f9188b68640dbf72295f9083a21d674a314721ef06f82db281cbcb052ff8ec1

Filesize
126KB

MD5
6698422bea0359f6d385a4d059c47301

SHA1
b1107d1f8cc1ef600531ed87cea1c41b7be474f6

SHA256
2f9188b68640dbf72295f9083a21d674a314721ef06f82db281cbcb052ff8ec1

SHA512
d0cdb3fa21e03f950dbe732832e0939a4c57edc3b82adb7a556ebd3a81d219431a440357654dfea94d415ba00fd7dcbd76f49287d85978d12c224cbfa8c1ad8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

Filesize
4B

MD5
4a99ff69239ea1449ef47272c078f7a2

SHA1
7aa4ba53db87280759118005e404a47166539669

SHA256
8610b9fa9b6f69f1ecdfd1f66d5327078bc2c44af810ebbc63a36f4ae2924423

SHA512
7504ecc0620fe26921dcd69d71b64ca77266b08c2588b6eb60ec3a8c4ea7295959207902b9ab30b80764b61fbcf696f5ecf4ad70aabd0d9d16f5dd3c431aadac

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.fun

Filesize
8KB

MD5
f22599af9343cac74a6c5412104d748c

SHA1
e2ac4c57fa38f9d99f3d38c2f6582b4334331df5

SHA256
36537e56d60910ab6aa548e64ca4adafdcabde9d60739013993e12ba061dfd65

SHA512
5c8afc025e1d8342d93b7842dc7ef22eca61085857a80a08ba9b3f156ee3b814606bb32bc244bd525a7913e7915bdf3a86771d39577f4a1176ade04dc381c6d4

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{859e1497-5d16-4570-8269-b42c82a1b4e4}\0.1.filtertrie.intermediate.txt.fun

Filesize
16B

MD5
1fd532d45d20d5c86da0196e1af3f59a

SHA1
34adcab9d06e04ea6771fa6c9612b445fe261fab

SHA256
dae6420ea1d7dbe55ab9d32b04270a2b7092a9b6645ed4e87ad2c2da5fdd6bae

SHA512
f778cd0256eda2c1d8724a46f82e18ab760221181f75649e49dd32e9a2558bec0e9c52c5306ad17b18ab60395d83c438742103fe9adddf808e40c3d8384ea0b0

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{859e1497-5d16-4570-8269-b42c82a1b4e4}\0.2.filtertrie.intermediate.txt.fun

Filesize
16B

MD5
f405f596786198c6260d9c5c2b057999

SHA1
f8f3345eb5abc30606964a460d8eef43d3304076

SHA256
58e3090edb9316d9141065ac654a08169f2833091e6eb3a53b5a774a61b7e30a

SHA512
a0b3573dae218ade265709a6fdee5f7700c9754eb10747de5af34af340ae95909d0a8902159a735e82eb5d7091f50a7997113661a7ec3fcc2b408fb6c78a4c39

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133842883702141035.txt.fun

Filesize
53KB

MD5
0fea4f637f330c7bdcc27a98724ed9c1

SHA1
ec8bb7145839b6425f317dc4fe17b2d680d51fd6

SHA256
9bbc20bd5952122f2b3d31dda9b8204f135881da095d458effdbf2b7dcd2d616

SHA512
e81c206172a03788e1551a3e9a28c5350caed13aa953dda806c090e0ba24258b41ad42195e2053a277bb98b28785c40ccc2ced806290fa9130b0454c00d1a80b

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133842892112464842.txt.fun

Filesize
73KB

MD5
9cacbbc7cff3712a7cba17aec12467f0

SHA1
0760eb32507326fa3f76a3587d56c593d4eecc02

SHA256
de384a93739e1d9b5c60e88b4f3a5b3e0d8dca49daa6c5e563b5f41e7b7bfe3b

SHA512
cbbb87c1d8845cfc8284b1590450acd4069c2f448ba5e05c675875dc575270a32a802617c60e179ad97bcc96719c7e07c0e1f30826333e02f9758dddd1a9b44c

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133850672638932743.txt.fun

Filesize
83KB

MD5
ddea3b42d96973ae44d6fbe9002b08af

SHA1
21d67b715ac64c8ee394ae1fd36c6f49c2bb6a96

SHA256
dad2578dda0f83bda10605ff798973cad1cf729110d00089e2882f8031b4b6a4

SHA512
d9de083873a18b7ee626a609d9f39cdbb305409b394b2942767f0a81f8af3819f5591e19c0caac6fd48eeb62f66d7a8c3c5ae52800d95d086079cffca69f89f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1336_1896744093\CRX_INSTALL\_locales\en_CA\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Local\Temp\{33086F54-6A8F-45CF-B6C4-837929CDD224} - OProcSessId.dat.fun

Filesize
16B

MD5
8ebcc5ca5ac09a09376801ecdd6f3792

SHA1
81187142b138e0245d5d0bc511f7c46c30df3e14

SHA256
619e246fc0ac11320ff9e322a979948d949494b0c18217f4d794e1b398818880

SHA512
cec50bfc6ad2f57f16da99459f40f2d424c6d5691685fa1053284f46c8c8c8a975d7bcb1f3521c4f3fbdc310cf4714e29404aa23be6021e2e267c97b090dc650

Download Submit
C:\Users\Admin\Downloads\Ransomware.CoronaVirus.zip

Filesize
544KB

MD5
e05146cadbac7e5174c37b624de0a446

SHA1
759662aa81e34e0e9a36bedd2137d96f11e18947

SHA256
d7f8f5e34e13cd7395ac8aa7d3fe83016867e81c8915a059cb3d8568e809a2eb

SHA512
89f74ddc835946450e1ab47f2f204e8a7b60aae5aed20998fba23235f9e791d5e68b9c2b035438235890964bba792c8cd96208f5dca1a0016fa099416536e2da

Download Submit
C:\Users\Admin\Downloads\Ransomware.Jigsaw.zip

Filesize
239KB

MD5
4161238e76dc9ae69c0c96fade43b0bd

SHA1
bf51e618d59253075d33461a353d20018ad177a6

SHA256
bc6c2a22cf086bb9f18e100866c83377a2c8cfb4f3b9cbc0330194d58edde7df

SHA512
2e93a58e3ef51d210ae16e56e745eb60056a86ebfb86b34f15e1d66a86997aa48f6091e4e0829144295cf4ad08f36a0a60c45726ccfaa440fb80217fb18697d7

Download Submit
C:\Windows\Debug\WIA\wiatrace.log

Filesize
4KB

MD5
9b5d71f2655a7ec55a2b69c1029b1890

SHA1
a4f98bd66faf3e77cf4b712af138bff87058d67c

SHA256
639c461488e8a3c4a539df2a6f6f2d817e7e1cf1de7c9749c2d4f7bd725ff035

SHA512
649696e614a1edab9d44f6dac607a683170c7cfcb87a3637642cf95a27ab6541b4b1f7ad9005b923129894d4d0d4a2af70aeafb012197248b7ae8c52c559dca9

Download Submit
memory/960-623-0x00000000017F0000-0x00000000017F8000-memory.dmp

Filesize
32KB

Download
memory/960-4458-0x00000000014E0000-0x0000000001552000-memory.dmp

Filesize
456KB

Download
memory/2316-618-0x0000000001210000-0x0000000001248000-memory.dmp

Filesize
224KB

Download
memory/2316-620-0x000000001C4E0000-0x000000001C57C000-memory.dmp

Filesize
624KB

Download
memory/2316-619-0x000000001C010000-0x000000001C4DE000-memory.dmp

Filesize
4.8MB

Download