jigsaw | 61cd0131cb4bf090c5ee7761566f6f7a778e78b37d220f0506f98632a2663ee8

Resubmissions

26/03/2025, 19:03

250326-xqp21a1thv 10

21/03/2025, 14:56

250321-sbce5s1vcw 10

Analysis

max time kernel
299s
max time network
295s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
26/03/2025, 19:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Chrome32.exe
Size

126KB
MD5

e0d108435c58dc9403588e4dcab68275
SHA1

7a7331423938020550ff3decd2e8b50b3ee5c87a
SHA256

61cd0131cb4bf090c5ee7761566f6f7a778e78b37d220f0506f98632a2663ee8
SHA512

2a5648ced91b75d928b4d71a8580c5bee75a5f27623f8c5071cd23b8cd85eaa8129ddb0aaf0a1fcca05fb1b7868a0fcd9306e9ddf2d3eaaf605c41cc7fde4a9e
SSDEEP

3072:7+gYdgLNp0jPilel4+800N1lknzRxqmhda40U6hrnzRxqmhda40U6hK:6gvunnhdaLlrnnhdaLl

Score

10^/10

jigsaw discovery persistence ransomware spyware stealer

Malware Config

Signatures

Jigsaw Ransomware
Ransomware family first created in 2016. Named based on wallpaper set after infection in the early versions.
ransomware jigsaw
Jigsaw family
jigsaw
Renames multiple (3802) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3218366390-1258052702-4267193707-1000\Control Panel\International\Geo\Nation	Chrome32.exe

Executes dropped EXE 1 IoCs

pid	Process
1376	Chrome32.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3218366390-1258052702-4267193707-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\firefox.exe = "C:\\Users\\Admin\\AppData\\Roaming\\Frfx\\firefox.exe"	Chrome32.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.contrast-black_targetsize-32.png	Chrome32.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarMediumTile.scale-125.png	Chrome32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-white_targetsize-24.png	Chrome32.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Google.scale-250.png	Chrome32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Sticker_MouseEar.png	Chrome32.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\RTL\contrast-black\LargeTile.scale-125.png	Chrome32.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themeless\standards_poster.png.cat	Chrome32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.targetsize-20_altform-lightunplated.png	Chrome32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-16_altform-lightunplated.png	Chrome32.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-white_scale-140.png	Chrome32.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\themes\dark\file_info.png.cat	Chrome32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\MixedRealityPortalAppList.targetsize-36_altform-unplated.png	Chrome32.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Candara.xml.cat	Chrome32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageLargeTile.scale-150_contrast-white.png	Chrome32.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\EmptyShare.scale-100.png	Chrome32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-white\SmallLogo.scale-100_contrast-white.png	Chrome32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\MapsSmallTile.scale-200.png	Chrome32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\sk-sk\ui-strings.js	Chrome32.exe
File opened for modification	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00C1-0409-1000-0000000FF1CE.xml	Chrome32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-16.png	Chrome32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.contrast-black_targetsize-48_altform-unplated.png	Chrome32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\es-es\ui-strings.js	Chrome32.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\images\themes\dark\s_checkbox_unselected_18.svg.cat	Chrome32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\bg_pattern_RHP.png	Chrome32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxGameOverlay_1.46.11001.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\GamesXboxHubSmallTile.scale-100.png	Chrome32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\server_lg.gif	Chrome32.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Collections\contrast-black\SmallTile.scale-125_contrast-black.png	Chrome32.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\s_shared_single_filetype.svg.cat	Chrome32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\de-de\AppStore_icon.svg	Chrome32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-96_altform-unplated.png	Chrome32.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\CardUIBkg.scale-150.HCWhite.png	Chrome32.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\TimerLargeTile.contrast-black_scale-125.png	Chrome32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Images\Welcome_Slide01.jpg	Chrome32.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarSplashLogo.scale-400.png	Chrome32.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\Edge.dat	Chrome32.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_replace_signer_18.svg.cat	Chrome32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\sk-sk\ui-strings.js	Chrome32.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\ExchangeLargeTile.scale-125.png	Chrome32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubLargeTile.scale-200_contrast-white.png	Chrome32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-white_targetsize-64.png	Chrome32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderStoreLogo.contrast-white_scale-100.png	Chrome32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\AppList.scale-100_contrast-black.png	Chrome32.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\invalid32x32.gif.cat	Chrome32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Car\LTR\contrast-white\WideTile.scale-100.png	Chrome32.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations.png.cat	Chrome32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\MotionController_Diagram.jpg	Chrome32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\HoloAssets\HoloLens_HandTracking.png	Chrome32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageAppList.scale-100_contrast-black.png	Chrome32.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\sunmscapi.jar.cat	Chrome32.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\js\nls\ui-strings.js.cat	Chrome32.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\hu-hu\ui-strings.js.cat	Chrome32.exe
File opened for modification	C:\Program Files\Microsoft Office\root\fre\StartMenu_Win8.mp4	Chrome32.exe
File created	C:\Program Files\Microsoft Office\root\rsod\powerpointmui.msi.16.en-us.tree.dat.cat	Chrome32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosWideTile.contrast-white_scale-200.png	Chrome32.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\AccessRuntime_eula.txt	Chrome32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\subscription_intro\auto-renew.png	Chrome32.exe
File created	C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\SupplementalDictionaries\en_US\Added.txt.cat	Chrome32.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\themes\dark\AddressBook.png.cat	Chrome32.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vreg\word.x-none.msi.16.x-none.vreg.dat	Chrome32.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxA-Generic-Dark.scale-200.png	Chrome32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-20_altform-unplated_contrast-high.png	Chrome32.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Templates\1033\ApothecaryLetter.dotx	Chrome32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\PeopleAppAssets\Videos\people_fre_motionAsset_p1.mp4	Chrome32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-48_altform-unplated_contrast-black_devicefamily-colorfulunplated.png	Chrome32.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133874894519218966"	chrome.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2808	vlc.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4880	chrome.exe
4880	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2808	vlc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4664	msedge.exe

Suspicious use of AdjustPrivilegeToken 11 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeManageVolumePrivilege	924	svchost.exe
Token: SeSystemtimePrivilege	2788	SystemSettingsAdminFlows.exe
Token: SeSystemtimePrivilege	2788	SystemSettingsAdminFlows.exe
Token: SeSystemtimePrivilege	3536	SystemSettingsAdminFlows.exe
Token: SeSystemtimePrivilege	3536	SystemSettingsAdminFlows.exe

Suspicious use of FindShellTrayWindow 32 IoCs

pid	Process
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
2808	vlc.exe
2808	vlc.exe
2808	vlc.exe
2808	vlc.exe
1376	Chrome32.exe

Suspicious use of SendNotifyMessage 27 IoCs

pid	Process
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
2808	vlc.exe
2808	vlc.exe
2808	vlc.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2808	vlc.exe
2788	SystemSettingsAdminFlows.exe
3536	SystemSettingsAdminFlows.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4888 wrote to memory of 1376	4888	Chrome32.exe	86
PID 4888 wrote to memory of 1376	4888	Chrome32.exe	86
PID 4880 wrote to memory of 4912	4880	chrome.exe	94
PID 4880 wrote to memory of 4912	4880	chrome.exe	94
PID 4880 wrote to memory of 4128	4880	chrome.exe	95
PID 4880 wrote to memory of 4128	4880	chrome.exe	95
PID 4880 wrote to memory of 4128	4880	chrome.exe	95
PID 4880 wrote to memory of 4128	4880	chrome.exe	95
PID 4880 wrote to memory of 4128	4880	chrome.exe	95
PID 4880 wrote to memory of 4128	4880	chrome.exe	95
PID 4880 wrote to memory of 4128	4880	chrome.exe	95
PID 4880 wrote to memory of 4128	4880	chrome.exe	95
PID 4880 wrote to memory of 4128	4880	chrome.exe	95
PID 4880 wrote to memory of 4128	4880	chrome.exe	95
PID 4880 wrote to memory of 4128	4880	chrome.exe	95
PID 4880 wrote to memory of 4128	4880	chrome.exe	95
PID 4880 wrote to memory of 4128	4880	chrome.exe	95
PID 4880 wrote to memory of 4128	4880	chrome.exe	95
PID 4880 wrote to memory of 4128	4880	chrome.exe	95
PID 4880 wrote to memory of 4128	4880	chrome.exe	95
PID 4880 wrote to memory of 4128	4880	chrome.exe	95
PID 4880 wrote to memory of 4128	4880	chrome.exe	95
PID 4880 wrote to memory of 4128	4880	chrome.exe	95
PID 4880 wrote to memory of 4128	4880	chrome.exe	95
PID 4880 wrote to memory of 4128	4880	chrome.exe	95
PID 4880 wrote to memory of 4128	4880	chrome.exe	95
PID 4880 wrote to memory of 4128	4880	chrome.exe	95
PID 4880 wrote to memory of 4128	4880	chrome.exe	95
PID 4880 wrote to memory of 4128	4880	chrome.exe	95
PID 4880 wrote to memory of 4128	4880	chrome.exe	95
PID 4880 wrote to memory of 4128	4880	chrome.exe	95
PID 4880 wrote to memory of 4128	4880	chrome.exe	95
PID 4880 wrote to memory of 4128	4880	chrome.exe	95
PID 4880 wrote to memory of 4128	4880	chrome.exe	95
PID 4880 wrote to memory of 4468	4880	chrome.exe	96
PID 4880 wrote to memory of 4468	4880	chrome.exe	96
PID 4880 wrote to memory of 3676	4880	chrome.exe	97
PID 4880 wrote to memory of 3676	4880	chrome.exe	97
PID 4880 wrote to memory of 3676	4880	chrome.exe	97
PID 4880 wrote to memory of 3676	4880	chrome.exe	97
PID 4880 wrote to memory of 3676	4880	chrome.exe	97
PID 4880 wrote to memory of 3676	4880	chrome.exe	97
PID 4880 wrote to memory of 3676	4880	chrome.exe	97
PID 4880 wrote to memory of 3676	4880	chrome.exe	97
PID 4880 wrote to memory of 3676	4880	chrome.exe	97
PID 4880 wrote to memory of 3676	4880	chrome.exe	97
PID 4880 wrote to memory of 3676	4880	chrome.exe	97
PID 4880 wrote to memory of 3676	4880	chrome.exe	97
PID 4880 wrote to memory of 3676	4880	chrome.exe	97
PID 4880 wrote to memory of 3676	4880	chrome.exe	97
PID 4880 wrote to memory of 3676	4880	chrome.exe	97
PID 4880 wrote to memory of 3676	4880	chrome.exe	97
PID 4880 wrote to memory of 3676	4880	chrome.exe	97
PID 4880 wrote to memory of 3676	4880	chrome.exe	97
PID 4880 wrote to memory of 3676	4880	chrome.exe	97
PID 4880 wrote to memory of 3676	4880	chrome.exe	97
PID 4880 wrote to memory of 3676	4880	chrome.exe	97
PID 4880 wrote to memory of 3676	4880	chrome.exe	97
PID 4880 wrote to memory of 3676	4880	chrome.exe	97
PID 4880 wrote to memory of 3676	4880	chrome.exe	97
PID 4880 wrote to memory of 3676	4880	chrome.exe	97
PID 4880 wrote to memory of 3676	4880	chrome.exe	97
PID 4880 wrote to memory of 3676	4880	chrome.exe	97
PID 4880 wrote to memory of 3676	4880	chrome.exe	97

C:\Users\Admin\AppData\Local\Temp\Chrome32.exe
"C:\Users\Admin\AppData\Local\Temp\Chrome32.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:4888
- C:\Users\Admin\AppData\Local\Google (x86)\Chrome32.exe
  "C:\Users\Admin\AppData\Local\Google (x86)\Chrome32.exe" C:\Users\Admin\AppData\Local\Temp\Chrome32.exe
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - Suspicious use of FindShellTrayWindow
  PID:1376

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff9d6c3dcf8,0x7ff9d6c3dd04,0x7ff9d6c3dd10
  2⤵
  PID:4912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2036,i,11940565906933845579,16395398566974291774,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2032 /prefetch:2
  2⤵
  PID:4128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1588,i,11940565906933845579,16395398566974291774,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2312 /prefetch:3
  2⤵
  PID:4468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2324,i,11940565906933845579,16395398566974291774,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2552 /prefetch:8
  2⤵
  PID:3676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3116,i,11940565906933845579,16395398566974291774,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:4820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3248,i,11940565906933845579,16395398566974291774,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4420,i,11940565906933845579,16395398566974291774,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4488 /prefetch:2
  2⤵
  PID:3652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4744,i,11940565906933845579,16395398566974291774,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4776 /prefetch:1
  2⤵
  PID:4520

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:2184

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1540

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" cryptext.dll,CryptExtOpenCAT C:\Users\Admin\Desktop\SelectMount.mp4.cat
1⤵
PID:1292

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\UseShow.mpeg2"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2808

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" cryptext.dll,CryptExtOpenCAT C:\Users\Admin\Desktop\GetRequest.xlsx.cat
1⤵
PID:456

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\MeasureUninstall.bat" "
1⤵
PID:1268

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\MeasureUninstall.bat" "
1⤵
PID:4632

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\MeasureUninstall.bat" "
1⤵
PID:2396

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\MeasureUninstall.bat" "
1⤵
PID:1784

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:924

C:\Windows\system32\SystemSettingsAdminFlows.exe
"C:\Windows\system32\SystemSettingsAdminFlows.exe" SetDateTime
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2788

C:\Windows\system32\SystemSettingsAdminFlows.exe
"C:\Windows\system32\SystemSettingsAdminFlows.exe" SetDateTime
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3536

C:\Windows\System32\Upfc.exe
C:\Windows\System32\Upfc.exe /launchtype periodic /cv oa+L6RHFekq/+2PcWqUQDw.0
1⤵
PID:4864

C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe C:\Windows\system32\PcaSvc.dll,PcaPatchSdbTask
1⤵
PID:4756

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault5f40f8fch6acbh48f9h9a3dhdafcceba37b3
1⤵
PID:2360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault5f40f8fch6acbh48f9h9a3dhdafcceba37b3 --edge-skip-compat-layer-relaunch
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  PID:4664
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x238,0x23c,0x240,0x234,0x24c,0x7ff9d51af208,0x7ff9d51af214,0x7ff9d51af220
    3⤵
    PID:4808
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1960,i,18201850746745469008,18433904099274275548,262144 --variations-seed-version --mojo-platform-channel-handle=2244 /prefetch:3
    3⤵
    PID:1596
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2204,i,18201850746745469008,18433904099274275548,262144 --variations-seed-version --mojo-platform-channel-handle=2200 /prefetch:2
    3⤵
    PID:660
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2600,i,18201850746745469008,18433904099274275548,262144 --variations-seed-version --mojo-platform-channel-handle=2732 /prefetch:8
    3⤵
    PID:3996
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3468,i,18201850746745469008,18433904099274275548,262144 --variations-seed-version --mojo-platform-channel-handle=3684 /prefetch:2
    3⤵
    PID:4704

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:3168

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_remove_18.svg.cat

Filesize
720B

MD5
ec7235e2bc493ba535278020af8920e2

SHA1
cd2378d753fb2d42b1116e79fd21922542f769ba

SHA256
7a8ac2b0c15dd1189c86efde7d5c9eb44c0ced9e1df86e43f65f551e69b3ab8d

SHA512
4700053ef6f939bc35fe5764c0fc5ff0b2524fd356fb151e257db918fe43fe140db80610f0a4da41fee67ace964de9d74cd19598bae1ba272090572905f31a1d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons.png.cat

Filesize
7KB

MD5
f378204a16101eb8ad24fe72968effa7

SHA1
863e904f2b801aa79bea1f576c54af771fb4b59d

SHA256
dfc565a6aa9c6ac13b6bb390bec9db960d69e2b8a6d1936c27e4f15db837482e

SHA512
eaaf2d2ba046da2f58495bee6ca53fcc85339425c264d18684b2775ae93e3ebad66d82e381612169c58508e34069028c86a10c55253b046634b9ba03f8785c99

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons_ie8.gif.cat

Filesize
7KB

MD5
b7473ff950f9ac66b85d90f75e05fecf

SHA1
60598312e90640dfea159a6926c367e8471e1abb

SHA256
f0ed3ee9a6ea584d41f79b102620df6e48f1b1c635168d476622c3b84ea45976

SHA512
756b716dbeb75b6aa77d911c6c55ccade55db2a6228aae061345560c7f85f71f61065dfba9a56bf0dfdacce0a52060d3f47f6af349f6217ace690e6dfb669572

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons_retina.png.cat

Filesize
15KB

MD5
2b75e2f38266738fd8d4255748839e43

SHA1
d4d6855f72c5b26218e9c34c9df743587b35cd77

SHA256
f872906fe1706bf76ad169c13eb1f493de3d6375db3b324950537e4852ee1410

SHA512
17b35f398b826ea5f536669b5d444030ae0c5203dd37f4540e18038784749b61db6b06b92610571381b6fc1ff867b510378a9289c155e34db635c172600ebfec

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\new_icons.png.cat

Filesize
8KB

MD5
9aa765733000a28abc08572377ffd986

SHA1
740b69fe710dd9f925b5f367637103c41ba82055

SHA256
0b97963d45989f1db93c9dd15ae08a97a0010768938273d9d3df25ccc920076e

SHA512
19203cabd63a2bb517aec0d8f0cc6661d78a24f2b908216f62a6c3107a76cc120613d6b9eadc74b2bcd9f909b9cd7fe81ac87723e95a69be6deca7c4c62d224d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\new_icons_retina.png.cat

Filesize
17KB

MD5
edcda3b0a629dda6ba26e22693a3c71a

SHA1
f8c0286ac8c00e30695bee11be6d7df7d41e7fff

SHA256
2ff247de7879587e2db1aa725e1d19851aa719ba92599be6aeee73c48723300e

SHA512
4429fd8bb0fd5dd4156d97b858a0048222899e99f3da8484ca00214a0836ac61d6dca428906ab823ba147b0b82aab0b7f54210f3035e5da824e71596f946b457

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon.png.cat

Filesize
448B

MD5
ebcd821e2f56f76ba27323488abaf994

SHA1
5cfbdddaa9e4223f6acfbb78164792f6d4847d2d

SHA256
4279d2a1ffc3b5b26924b2d64a52d0a95f488f6b2387f1c0c41915d6fa0c2cc8

SHA512
adc46a35f3c2906450d7c8bdba26cb9475bbe2f7c688b7513520df78e793eb7f2e69fd377074d7a971e150d5b5ec35788bff8da2a2223edaa660410fc07e8a96

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_2x.png.cat

Filesize
624B

MD5
e9b5e5c8408f0c578efe570c7e86c274

SHA1
d0107226eb2584e641cda486ea993ba995a8935b

SHA256
054085288f2d56d95b4338c6898f0722519755f5a17d3dab613ecf233950b9ac

SHA512
cb5b677fb9c45e8f1c85667780be9f07c042b37f1ccff4685343dce16090d12ebbbd14606146dabb73a1cc41a849e7a879b9c72066d8b3f0fdcd81b342540d21

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover.png.cat

Filesize
400B

MD5
c922565f0cf151f9bf12387b907cd246

SHA1
d13deb6f4afc5fc7a158eb0bd666d461850ce744

SHA256
b360e502e5bb1cea6ceb6eaba8257d76ef5307381274bb0cf2c742009d6301bc

SHA512
a926b267bd917ede056815e230c9c1c400f5c6a32940b345b6f8460b021a242e879672f7ef249ee899a87ed828f1eebba29fdc5d4326e03f85ef0e37ae17f35d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover_2x.png.cat

Filesize
560B

MD5
2977ae8083df9e816906d7033ba72fc3

SHA1
ccafb3f795689e47becc37935edaa6100fc6c96c

SHA256
02b9257e2a1cbb1de7b790d644b05caa7190c436831016fed5f5629e91db9d75

SHA512
1d1c936ab093145793ee5e1e300270c373c4f18799f982eaf105c813eff43a42a337c2bbc5a31cfe814f354fc7862cef7fa965130ce1a0bc78269bcc0878b661

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon.png.cat

Filesize
400B

MD5
fa95ce0967f52d66d262736ba905a3af

SHA1
f5bd38b5515c12598360b1c1031df52fae30d1bb

SHA256
3cc38eaa61745a8d2f3c98021dbe8dba93c272c9a855bf543dec6bba77b80310

SHA512
5e0363bd5d3e47f474d914a726fc22c653ec1b139d7c58f85ff170338159afd91b01b24ac371b350a34a2ca3e6a463359a39564617959de3b3e53fa8a948e889

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png.cat

Filesize
560B

MD5
f225c7deb543fb59c9df05b5c7517bb9

SHA1
bad432d340a00436df173b3f62e1018ea69cf363

SHA256
999a34566464822bfa66c5b94ace878d8dc15749e7f50476fc4ff96ce3dd5e55

SHA512
3f2fb62404dc3109a981f6e1e6529c910257e1975724b9d3515c4688d7227b4bf115b68b14471cfd2404524080e8d91d892d91d65b96b1dd4f7f41a29e91b3d2

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png.cat

Filesize
400B

MD5
cff0ce01611958c34bdd27847eefc88a

SHA1
6d76198d6d186a0f3f89d0b6b378a7a27c1306bf

SHA256
ab5f2ed78598fa839945d5b1548bda5160442ae8c7bf3818e7804b753c8d345d

SHA512
2525ca00eb5e3db803c0ae87a71d2a98728ca2cc156352206bf5de27b4acbb090d5ee27506bbf4eca2d7cda1b73e38adfc063588658cd6ee38faed40f0657776

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png.cat

Filesize
560B

MD5
77b7c1020bdc2da51cff0eee75745a71

SHA1
abd40a3d409aaebfe0fa146842a53cc7ab12918f

SHA256
32c7542527c75932ec982d66936db62bf044405be611efa9cf8fe8aa56c1a6ca

SHA512
ed9bbdcb61fb5ce6027d658a16cc75732f17d5c8a915ce1f6b9ff2bc6e9e8ecdd153aa1330aaae065e8edd8da68c6cf9d359677f71b846c4d6a9a6a3db5a5057

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\example_icons.png.cat

Filesize
688B

MD5
cbc957379cd9196dffbc78622c256c33

SHA1
0d784a9e8ddd0e0fa9a67fe5e0ba4c352d698b00

SHA256
70a0f7efc95858c98c6954a43b9cd44ad0af87dfa77457d90bd887fbbc08ccac

SHA512
33822d276d8bbadc9cc91336d6ef4466ac6bca93211ac0a1bd29281228d6c13d4b440ab7a2c63f206de8196580b741e2cb64bf1b99884fb651fa8bff60e2de20

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\example_icons2x.png.cat

Filesize
1KB

MD5
a3769c555174bc29c55f206d6f7c4503

SHA1
bafcdfe38989f36cab2d9feffd6390685bb4f07f

SHA256
c52a0b4d5ad8333cbdc8bec2ca4f3e8139a4f69ec4f2ff890df45662963c9d13

SHA512
758f4e8a5e78ae2d9cf505db1bddbc6880389e7aeefd39c96f869f41ea350f7b6355f604c3accb33eb124abd496d65b850e967efa449f7865aac83e5fb3c88e9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\bg_pattern_RHP.png.cat

Filesize
192B

MD5
ce4feff927032243a21c94d5286b2293

SHA1
4c527a334bf036eab57486d968d67ae9907200e1

SHA256
2c8972e5b5d95a1329c2e34cad12d921004f27ba2ae62983d51466f293657353

SHA512
bb39467a6acadedf093206bc6f519f91bdb7e2670b56ad9f7bb0e050da431453472d05fcf2d30d705678d301c5bdc697f06512ef2f1a306c3a4f60974cb8c5e7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\bg_patterns_header.png.cat

Filesize
704B

MD5
9722cb94d2cc3742a03f94dc2fc9e16d

SHA1
ce6bb8d233bd27058b212e40469ce350c040f6fb

SHA256
85d9064b146bebfb54c198d48b380391892119d54210cab173d1f60527356c64

SHA512
6e3a51dcad16b823bfacb1bb5055fe2a0e99c7ed2411930cbbaefe19b2768985a193a22fb1ba59d4bc6fb614e3b72e031ceff55cb706ab1f9d5bbfd403177add

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\illustrations.png.cat

Filesize
8KB

MD5
8dbfd9a027b9b2fe81d62782db8da5b3

SHA1
13f5fa00a223b668e4d35acd0d314659cf56cd13

SHA256
c640cb056ee76dfdb10b7199d140718e40c151065c64f702b82e5fc1ab74448e

SHA512
15b7fe2589e2aed5643a35a7f53b347e8cb84b6073053939a179cd8150b85117f623f281a2232c274f080f658548d50d09bf7e7da4c9d30d9432dddde740f961

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\illustrations_retina.png.cat

Filesize
19KB

MD5
5e83d19ce55dd62a9623b7aaa76f7ccc

SHA1
116ca4010e7377286545f89800331c3580378422

SHA256
5ad16decdf2a7bb15ff70f6831b3c5912a5c7933fc93740340edecd678ded2de

SHA512
8d43bb48bab3a16f017c0f976b2297fa4f9e07121a0392b14228c7883ef758f5105653e79259751340924252e35d4c39a756baa0616db8af16c27ac4ec2d6b96

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-gb\ui-strings.js.cat

Filesize
832B

MD5
851e77fc9275c29648b2b1bed55e2a23

SHA1
c29c392ddd58f209f0560c5fb6a737a4ce174a04

SHA256
06d59f5517770b3075793a10a28b06f43c939165c776ab9918a1a93c80aa14f1

SHA512
4cb1f40a3ac7cbb22ce6c4acdf576d5563d83aa3f7f7e6b6984bdb39534a427dc5587d30c4e8a3eacb7757731f7355c3284c5cfa6ee2324118134633f05659b9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ui-strings.js.cat

Filesize
1KB

MD5
2753bbf4bba9752eb45475354723e822

SHA1
a7ca5ad1c6c28005cd04616835a5ecc2e7967d53

SHA256
82417bcba49e4c4e828822da0725c048d68b39699048f5d347cea2e478a2fac6

SHA512
21b5de52738db2e86813b364c82c5c13b1e4879aa0c1077170d3ee685c9559b229f43c188ba47787cbec8847f88d6d5415f75b012f6130afc344a4fd5ab118be

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ui-strings.js.cat

Filesize
1KB

MD5
83d20ec3593221ec20ec2186909f25e0

SHA1
bd2b5ef8ce1fde1c4369dc3f0e664f48079569ba

SHA256
ba1dbef523db186ffc7b4e9e8f695ce9b30fca6e2664c0a9cc851e9bea33bf57

SHA512
ee5ceebf9921240de4f8fd3d748175fcc4f3924d98d6d052faf71086895c55d3400ee849450032b4a84a555b539df9ab59a40f127fef5fae0ebe9d7f0c86d202

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\bun.png.cat

Filesize
2KB

MD5
3f0ff3edefa5251f1131dac64e82d772

SHA1
2ce1c2817309c4427da5efdf853c6dcf8215aa86

SHA256
51c7a9363e097980c48dfebcc006e9df5cdd9adba5db214233dfa9a305829981

SHA512
42543a68d83c4c004d465284cc026d28c7dd7318d02eb5ad47e59594826328739cd23d86028d821f2b0c0c8ed3240f0a27ea1c5e6eef16712f6deb308e69d8ce

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview.png.cat

Filesize
2KB

MD5
32f00e39292fe19e932280b416968078

SHA1
115afd93d246b9a6521b3c1dc8ccf5c72b0d876b

SHA256
735d05fbf7efb48e07a590aa8906c2ff319f998be051860f847bbc8bfe50f37b

SHA512
89435e0a855c401a476555d11862915cc2d929f01d0f173cdb389e609ae3afa09580da3652493cbcf2512342dbca8ca784387876a5b0b7f8e267341aa68246b3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview2x.png.cat

Filesize
4KB

MD5
c8f9e868a1aea2dd9b7397c24e9ba5cf

SHA1
55c36066a37a43201b5f350547a13cacfb5b027f

SHA256
fb058b65b71dbde6c5e36371cdcbfc0080f569adaa8eb867d28f11ddcacb74ab

SHA512
b1be1adfe787bc619e0d848b0c3c689849961ef01f0bb810c6f36555a77d08cfb2a6fa4aba70ed1f061659d2590d59131ff60ace86f62c633020b87cac92dc97

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small.png.cat

Filesize
304B

MD5
a22bcc661cabb372575b17de9066da40

SHA1
c03427283b0a4d741b09a2d3b067c2f1a78c1a1d

SHA256
714141f93db6844076337b7f44211a6062637687b94db2e1b0b1688468d16bc2

SHA512
08fe02e13518c7e4bbef518b4a45aa1d81b8ca66dce48a162454989fb67865e87ec02075277b1a4daaffb32a32eae2550bf10910d1e6581fbae085d84dc116a7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small2x.png.cat

Filesize
400B

MD5
51f0b18bcb60371230c5ad8fc2e65d24

SHA1
381228e70ea39e8a1686370960468ee6dbdf8066

SHA256
c227b20ea1dd73692f0a00a1944c6204de0ad0ed423ecdf3a89a0d183076686b

SHA512
7723e7b5f662b44871f079159727135880b9d9d64fa342a96aa48e36ee8abf10169758ffb10b97f712372d7dee54c65f1ffea6e732ce34b90020a1e659360bcc

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\nub.png.cat

Filesize
1008B

MD5
e210c5f0a0db030cf62a7719436027cd

SHA1
f6b5b917eba1b19354d489ba5c1a244de6a40f53

SHA256
30874e4ca0de1e6d39ec4de5d85c651211cd7b36bb35d4032ff5385f2a477e10

SHA512
6514530cf8be0a8af3c9e3d7d90d1f0836b91dc05ab91bf2d139e2f37402475817975745295a37d196eab5178b17ab84d498a276ada22bac9fa39e974fe9224a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons.png.cat

Filesize
1KB

MD5
6c1af31a65a8aa0af3ac444c1fcd4052

SHA1
9a0981ca2520c2ca9a392afd77351d7ca7bbc3ab

SHA256
ecabac55d1479435ad263a91890cfdcb57aae8a72d7ee803ee09ff21333c46c0

SHA512
4d8b951bf7faf576a43ecd963e30bee74b3386c7a084de775dbec925fa1201ea934319c850f908b216d4743a3738d3871e4edadc49fab4348cbfd5a16e83eca8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons2x.png.cat

Filesize
2KB

MD5
39d4dddbbdb60fe7873ae37a9a0fc749

SHA1
c4c633ebd697566324aea0353951e480b971508a

SHA256
8c34a040f074fbfd45a27096545d13181ec998b38ea19f2be1a3f747ea40ede3

SHA512
be09c0191be607e07becacb7c97c62a8e6e429092f9110c0f32e4118a44da5fe56e5923f9dec73ca988a21666ad2fe73f3f61fa74d1ec0817ae5f46a6e7cf6b5

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\nl-nl\ui-strings.js.cat

Filesize
848B

MD5
1dd97b1aecfcae5e22128ced03113ba0

SHA1
4220f52caa96125f92b54734253a451639ff9c10

SHA256
e0c06e6e72e3cc3d6719676e41e479e21bebc26060f034b16e37781968934e15

SHA512
a00c2cd05c13c5a519fb0d2ef6f4bfae50bfaefe682920a0453f0a0dd5b82422f19611eea271fda39ca49d6bf221ab1bd1f7c9d4d239499ce0df82a85697d6cb

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.cat

Filesize
32KB

MD5
c96abce71f38f82afb9f01f38b94d01b

SHA1
c0f8a357f694d0ffe08faf657b0cdc25ffb67e20

SHA256
1727e9adaf03a7ec2c7e5ff32352fba483fbc5dfa29885b78420ee6f98a0ba61

SHA512
3446fee726bffb90ab18c27fce89f02aca912db2fdb0a576fd7c7289e08dd8f8a73b0470cc0b9b4637595bb45b1e8b9404b5c41850409de8b1bf977326811388

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\invalid32x32.gif.cat

Filesize
160B

MD5
a8258060e35cd08265a3f658e6aa2963

SHA1
a67c6aeb6db7a488c84810feea22a2d6f7be9bc8

SHA256
e847f277e6adf5f94573c0f1b10ac15efd6ca48f34f9be52e9baec6e1f1de04b

SHA512
70ecf38aa25d92ffff7a24ea35c467c95b9a22dfdc99e0705d56527923cda574add21987ab98ae2b8c589e334141d6957a660a3e34a546c764c3e42069f50d45

Download Submit
C:\Users\Admin\AppData\Local\Google (x86)\Chrome32.exe

Filesize
126KB

MD5
e0d108435c58dc9403588e4dcab68275

SHA1
7a7331423938020550ff3decd2e8b50b3ee5c87a

SHA256
61cd0131cb4bf090c5ee7761566f6f7a778e78b37d220f0506f98632a2663ee8

SHA512
2a5648ced91b75d928b4d71a8580c5bee75a5f27623f8c5071cd23b8cd85eaa8129ddb0aaf0a1fcca05fb1b7868a0fcd9306e9ddf2d3eaaf605c41cc7fde4a9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
86eccb4f05e29013d46fff96b84e5e45

SHA1
3f17af7b5b8f101ae6f17612f110d06b6b9b5603

SHA256
d1d885a18d732a8194b977e6122929e1cd08b0cfba7b9fd45bf3f0cea1c9ee7f

SHA512
71b3dc8e93b0689cc4acb97fb1981859b1ae4b7aa121703cf5f2f1e7bf2045b6380313a77ca8ac17015938f0aa2f50e8bae873a3789292ba37a67e0339c66af3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnGraphiteCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
d4a04ac66df4663df29b0fbe381f9149

SHA1
44d6028dfeae64ed37ab3afe147c1bc3437d8cfd

SHA256
3c3f84ee04a37b606b6ca575cc97662084e423ebf91d0dc30b41b45f29719f9f

SHA512
59df83cefcea088e7b3a9760e345019fdb96453769b56f786b817f032d67d6790e6ec3c441d7faa83ac94aff79f14715b177536b33c62428fc8a2fc908fa9b43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
183ae24c1db91be06b9668da8e335d6d

SHA1
f0576881dc3dca14fe156deb29806df0b10a52eb

SHA256
f7bf5105071e19516241dac95269e5bae0075118d52c2f55d39de3bdd741723b

SHA512
f12ce22e7dd9aef55ac739e97f4251b518e697b8878b668e6b7db9aeda204093496b91e0a8df89098ba32e90d1cf7ae4c6bd4f71eb01e5a32bd1d01761cc7ada

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
551bc1ff735768232613b8bcc8036d61

SHA1
8fee79fd77e866cce53ca9275d414b8280a7afa2

SHA256
0015f9d485913e5a0216dc05a7688e2ac7765dd2e35d546e3469dcd5444df1f2

SHA512
425040a9c145ea9fb47933bfd12939ef245d6be2f3b0fc3d6ba5ffaa8b008202303e1dd288fdf6029451e623e0d6783a586b7e18f341fbed2c5e6c3ecf82ec4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
47860d728ae17d458747cceadfbcd70f

SHA1
cf5bcaf50c8445ddd6642894e620adb385a6c766

SHA256
5da031118a8a9c08d96b8e7848fec238c1027834224a1825736b28a2b1c5b9a9

SHA512
c0a5d6de0a6a08fa0f187856e3f6cc8e2fa1d6e723f2f82b11a77ff1ab80d17a99e08ee126b8f1c83f1f05bca7ba9c51b4d653c3c4eed987011e6fe5f21f0616

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57bca9.TMP

Filesize
48B

MD5
14e4cce08daceabc67777d74c63d979d

SHA1
1573e08cf41fe81c6477f932c527c2ce2ec25480

SHA256
b72792eff40fb1e4d104cae130ee6e956174da768109269a9c8bc42bca30f726

SHA512
b9d3be45e94891cd0511cb4c911dbc2b35568aef6edb961315c141902f1e6b212be3cf9585172b3c0b306b69a877cffdfa1ed40589c234c07fb49fe25eb76001

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
80KB

MD5
caeddff91bd9eb4c04c723e4b9fbfd1e

SHA1
7fb67eae7eeec114db92a7a5d9d18c405ae7cb11

SHA256
8311c2d184e2bb7f702d99fca97a1462e9642e4b8515efac39e443835c594726

SHA512
da0aac563e23f3de51cf885a0915d667e8e9e0a0bed17993e3603a89bfa2cc3876cc0f5ea2cfbeedd50ea8b5678af827f3aa6cb28d72e6002dee65be1020058d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
7174c0dab0b776f3707495d51b5fc3a7

SHA1
2064204bffb3f253d37aeed2376a18f061242024

SHA256
5e74a90a3a9f24164e284e72532df1539aeb10790d281e27ab284b28ca9f82e0

SHA512
b9f60941d52ed1828982e552ffec2440be55816305b8794e261242e39fc86f0cda41cdd1a388790e9cd8cdb7eac0d05860ad85f1819b7895317956ae85823f33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v2.0\UsageLogs\Chrome32.exe.log

Filesize
430B

MD5
de04f2e81c0501dee6d2f449fb6f3885

SHA1
761a51e13b7958c5ec2e51de258428eedec0ae51

SHA256
92e5dd3c966959c5a39d98226668f5a2745e16db2ebf034eb5ee5d5f160ed8bb

SHA512
65e64986ec8b0681d72b7ec9590abe4ed443be492a4085dc4d9a6428e8f2e92d9bf46733f95bdf6de8e9efc97f035ab66d4400e83ac75d359dacecd7870161a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
f6feee13e348d111d5adc65ae6fc0a13

SHA1
7e2a0755c8632bf756abdeff5b99c44a34a0d4a3

SHA256
fab8f9aafa2834cfbc48c4ed1bdf7a780b6f90bb63f3456b5a1cbc00d7243eac

SHA512
88666860b41849d75172da8db4cd819cdc726da122603d96262b72dcededff4e419febdfaaab6d11e19dc5c74463681c465507ada3ddb3e619cb7bfa78d31543

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
d5346a16f3ec59d1cd856394984d6845

SHA1
4080392511b484cc52e7224cdde6aa04a768c9ab

SHA256
95c62cf9296a02f203d1fe93117f00998dd777fd8ee156ee08f16f123189dfa2

SHA512
5690b0a48371564ccb052bbe08db33323f4d1eb4200e6af6f02e7a4bdf4dc7d8d78dbe1634a3a7862daad25e20e476890578a4cc9648c8b8102713132b2c402d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\throttle_store.dat

Filesize
20B

MD5
9e4e94633b73f4a7680240a0ffd6cd2c

SHA1
e68e02453ce22736169a56fdb59043d33668368f

SHA256
41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304

SHA512
193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
69KB

MD5
164a788f50529fc93a6077e50675c617

SHA1
c53f6cd0531fd98d6abbd2a9e5fbb4319b221f48

SHA256
b305e470fb9f8b69a8cd53b5a8ffb88538c9f6a9c7c2c194a226e8f6c9b53c17

SHA512
ec7d173b55283f3e59a468a0037921dc4e1bf3fab1c693330b9d8e5826273c917b374c4b802f3234bbb5e5e210d55e52351426867e0eb8c9f6fba1a053cb05d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
61B

MD5
4df4574bfbb7e0b0bc56c2c9b12b6c47

SHA1
81efcbd3e3da8221444a21f45305af6fa4b71907

SHA256
e1b77550222c2451772c958e44026abe518a2c8766862f331765788ddd196377

SHA512
78b14f60f2d80400fe50360cf303a961685396b7697775d078825a29b717081442d357c2039ad0984d4b622976b0314ede8f478cde320daec118da546cb0682a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7c94617fb74a9b34ba2454d5a015d8d8

SHA1
f52955d31b13ca49b593f549c9aa8b51ee7d1c8b

SHA256
e268cb6a5b18838d3475896fa56a0369c358d10ce128ed319afcd355b7ca50dc

SHA512
41451b77be919dde137e75126a94e7c4ec74cf2a7351edf339e6a4faaddc8f040eb3c78687aa049594ac280b15d54c847678409d2f6fc1982b398183d3da819c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
26KB

MD5
db117f946acc26067752c39bdfd95d61

SHA1
093e476c51001ae85088ef06a4a07b95a4e0c795

SHA256
b999c05db19a49686efa491724b4c849cc2eccac501c290c7d15d98b92a6282b

SHA512
0879ee78ac74890615e79c6c2533e6305078a95544a2ba4cdd9c4c2fce402e3e931620fe23d7f90f85eb40026789d0efe72f17fc16d09dfa1555393ca3eab33c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
6KB

MD5
9ebd526508e53464056881004a763a16

SHA1
72e574a90bc800deb8b116ce888432ad7fb8b00e

SHA256
125824ce80eaa1748d836d567de422a52c4ed1e61c8e58a4b630d6cc886055e6

SHA512
3ebb2aa405b29c77293e57141609ebd0ee5adadbc3e26533e2d603150511fa5c42e5e1b418bd96a21a7ede49751f04087658f5d13a2c7ec3c4b208b385327844

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
7KB

MD5
94ec97e1636c0a462bca434297c806a7

SHA1
83050895386b321c914df459870ab3f2864d045a

SHA256
8f79c9d8a812f5b0e66b7ed66b75476bf1acc20e29503130e7397ecbf0b0bd34

SHA512
956a5a17cb349445684c315cf9b73f04afa6620ba9a8fd0dc4ca99899d4a00fe6920823c44560141fc2c03e0a20994dfa280ed9f5d604004732024d80b813540

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
2e57488aa78d3c6c46696f87d86c3f62

SHA1
62654d0de2be4c41c1399f71e03e6d1cc2b4938f

SHA256
5811e20d0dd36289d805e6e5e16307dd12d9de8f522a98f5bf5a302baa17c5a8

SHA512
f60bde05cb769dcaa8d1620550a0a847ced5767fce6854f78391f1e956c37401175c8d3740d94dced49328be1f9e0f2b19ded4d4a40bf2a045360488be5a3654

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
1a7945f5c375fa7de8ff82b9644830ed

SHA1
406cad0eab833187a7d51235c634ee6cd1d6b2c9

SHA256
f0c75346985ba54c8ef16289b75dad21b59ea18c936bd0144be42be6aa575732

SHA512
f2c7ae485d03d06defa37d54d2fad4a18eac061948963ed64bb890e639d1226010e8c830209effd7c1d655c730c2dc3bf51306435a8026666e9bca866f81ad52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\EmieSiteList\container.dat.cat

Filesize
16B

MD5
a2ec71f236b0da26c756b086bd502f09

SHA1
e9dc21e143a2aba3ca9eb634ed291ddf93b32e4b

SHA256
b4805a7f3e187212efacd5c2475bc8a30ce7274f8dae65858537a7f08b866717

SHA512
a1d0f50c760c9bc3ab50053633e2fd3bdca6d0de8f256b48b5c45c8bc20a93a7e2123b09c8ce5de3c9ef013d0f2c3de165d68f7748c89d629122ae6d498e9af3

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.cat

Filesize
8KB

MD5
3940e266c4f59f1d3578d2bbb14fa2ec

SHA1
25fa69154c1906f43807215faec12f2d22d1247f

SHA256
aceb38aa85a1a2cc9703fae0cef2340ef0f5c492a68642452a94a6ccbb99d916

SHA512
4f00faf6e5b919a8e269c6bb29856b51ce145021d44b23cfdc711617566decc7735098537e153eb8bad4200b4d416d1f9afcbee2d9845d9090806f2425416014

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133864073457141366.txt.cat

Filesize
77KB

MD5
b348be8638f1da471283176219e1705b

SHA1
33e895d463cde2d08cae91490732318e782c947d

SHA256
170a65f5c5577e086e558034f258a1b2d004372a2fd04df57f1800772da92471

SHA512
422f08d18b76a78be078de21c18508248d7a46cd3befc34626ec61a727d93bef5431545fec92319187abe405bcb1e55b733b75541aa978eac406cb5192518768

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133864079464713622.txt.cat

Filesize
48KB

MD5
b27953fcf40d0218e4ee0860c6687112

SHA1
b188b2759c2c8d1b4b8ef5584f99d5b13d8fc7ca

SHA256
fb3609ebe5f22fcbe607d328b250376ab5911e61edc0e1dbf5552195cba224f8

SHA512
baa169bb012ac20ab7c35c16441b0e36014dc6f69e43f71b1605145cd94695591234810125efd6335e0f81be63405d994701205b64db07014efee075ca61c779

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133864082163770972.txt.cat

Filesize
65KB

MD5
3071921920ce459957e3c0e8542edab6

SHA1
83678d338f37f936347125abba2a4b29150c454e

SHA256
12f513ac45dd6b688e96fede7454d91fcc17b5af6c037cba68390b27ddbf9fbc

SHA512
d204a191ff7c4c0ff9bb817b955e2aadae82b021a484fc905665540ab2019a59b4e88e63c9d22271ef54d1a61f9d5b9acddb9cd91ba813e4a90743bf65ad91c1

Download Submit
C:\Users\Admin\AppData\Roaming\System32Work\EncryptedFileList.txt

Filesize
432KB

MD5
286c9ae7aafd3d9965ba6d352307e8f3

SHA1
facefa1673a90944e46c083f0e84004e67cf80ce

SHA256
6691b3ff94b8102ceb4565662f2684e4cf86a6eb552315617324088fe060146f

SHA512
3a8677a931944ed94bf97fb9a550c200286972d038161ef5eea0b2b906ee439701f503d781ee52c129fdb49c669255a73dba7ce5a75bfa7184c9c5ddff7fef13

Download Submit
C:\Users\Admin\Desktop\GetRequest.xlsx.cat

Filesize
10KB

MD5
c8c37e886ef51f24261b45592934be0d

SHA1
e5c230d87fb5fea2f9d71d94c321037e1cf41bc3

SHA256
b5e764a6bff5fdedeb0f3b1b24130a4fa0168cac776a9c1ceb2af88d4c4a6d04

SHA512
2a4a6b2753e3a5c18cd33cc54c445a1a9b699f68fa65272bb0d600a91a1a304f54137e283882f22b467044ce360a33da03acdd2d43c38e5719d6092c58f30226

Download Submit
C:\Users\Admin\Desktop\SelectMount.mp4.cat

Filesize
820KB

MD5
ce093c7381f0b266b6eb0d6507324414

SHA1
2033063436057f2b371a9bf3b4965d3dfef6afd9

SHA256
c527291a1e26a829693f485af124e12b850111e1ce028b096ddee66f6b6aebc1

SHA512
8aa790adefe83b589e3fb45f0c169c93189eb0dbea21595da002e6fdee9fe1b4d95d59ab5eee10be95e5d8769ac88cc9814bf27cdc238004d0bad926e21833c5

Download Submit
memory/924-7915-0x0000019995A80000-0x0000019995A81000-memory.dmp

Filesize
4KB

Download
memory/924-7917-0x0000019995AB0000-0x0000019995AB1000-memory.dmp

Filesize
4KB

Download
memory/924-7919-0x0000019995BE0000-0x0000019995BE1000-memory.dmp

Filesize
4KB

Download
memory/924-7918-0x0000019995AD0000-0x0000019995AD1000-memory.dmp

Filesize
4KB

Download
memory/924-7883-0x000001998D640000-0x000001998D650000-memory.dmp

Filesize
64KB

Download
memory/924-7899-0x000001998D740000-0x000001998D750000-memory.dmp

Filesize
64KB

Download
memory/1376-3980-0x00007FF9D9B50000-0x00007FF9DA4F1000-memory.dmp

Filesize
9.6MB

Download
memory/1376-22-0x0000000000B60000-0x0000000000B68000-memory.dmp

Filesize
32KB

Download
memory/1376-3983-0x00007FF9D9B50000-0x00007FF9DA4F1000-memory.dmp

Filesize
9.6MB

Download
memory/1376-23-0x00007FF9D9B50000-0x00007FF9DA4F1000-memory.dmp

Filesize
9.6MB

Download
memory/1376-19-0x00007FF9D9B50000-0x00007FF9DA4F1000-memory.dmp

Filesize
9.6MB

Download
memory/1376-21-0x00007FF9D9B50000-0x00007FF9DA4F1000-memory.dmp

Filesize
9.6MB

Download
memory/2808-563-0x00007FF9D4C80000-0x00007FF9D5D30000-memory.dmp

Filesize
16.7MB

Download
memory/2808-562-0x00007FF9D7C30000-0x00007FF9D7EE6000-memory.dmp

Filesize
2.7MB

Download
memory/2808-561-0x00007FF9E8A60000-0x00007FF9E8A94000-memory.dmp

Filesize
208KB

Download
memory/2808-560-0x00007FF6EAAD0000-0x00007FF6EABC8000-memory.dmp

Filesize
992KB

Download
memory/4888-0-0x00007FF9D9E05000-0x00007FF9D9E06000-memory.dmp

Filesize
4KB

Download
memory/4888-20-0x00007FF9D9B50000-0x00007FF9DA4F1000-memory.dmp

Filesize
9.6MB

Download
memory/4888-13-0x00007FF9D9B50000-0x00007FF9DA4F1000-memory.dmp

Filesize
9.6MB

Download
memory/4888-3-0x000000001B730000-0x000000001B7CC000-memory.dmp

Filesize
624KB

Download
memory/4888-1-0x00007FF9D9B50000-0x00007FF9DA4F1000-memory.dmp

Filesize
9.6MB

Download
memory/4888-2-0x000000001BE00000-0x000000001C2CE000-memory.dmp

Filesize
4.8MB

Download