infinitylock | 8058ae58304d110dfa1ca17154a806ae75de2d142a50eb3e92247736e7b1d8ea

Analysis

max time kernel
503s
max time network
511s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
29-02-2024 15:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Super The Movie Trailer V3.mp4
Size

117.8MB
MD5

7830eb596c36b6d017636363322f75bc
SHA1

176030c622a3dfb3f3a2f198714981014ecae284
SHA256

8058ae58304d110dfa1ca17154a806ae75de2d142a50eb3e92247736e7b1d8ea
SHA512

9d8f8ff3ce9230921cff7aa65cf315b91078a385084e5b2b10338793e0bcaab50463f5d158e066fd34fa6e1288f455011649f926d31d2df966d92f96dfad93fe
SSDEEP

3145728:zr/S87ZsdlRGhc+43/J782vU8zY4MktIEAJ3HX3oXe:zTS878lRsm7tdXAh3ee

Score

10^/10

infinitylock ransomware

Malware Config

Signatures

InfinityLock Ransomware
Also known as InfinityCrypt. Based on the open-source HiddenTear ransomware.
ransomware infinitylock

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

unregmp2.exe

description	ioc	process
File opened (read-only)	\??\E:	unregmp2.exe
File opened (read-only)	\??\G:	unregmp2.exe
File opened (read-only)	\??\I:	unregmp2.exe
File opened (read-only)	\??\P:	unregmp2.exe
File opened (read-only)	\??\R:	unregmp2.exe
File opened (read-only)	\??\B:	unregmp2.exe
File opened (read-only)	\??\N:	unregmp2.exe
File opened (read-only)	\??\U:	unregmp2.exe
File opened (read-only)	\??\W:	unregmp2.exe
File opened (read-only)	\??\Z:	unregmp2.exe
File opened (read-only)	\??\K:	unregmp2.exe
File opened (read-only)	\??\O:	unregmp2.exe
File opened (read-only)	\??\Q:	unregmp2.exe
File opened (read-only)	\??\S:	unregmp2.exe
File opened (read-only)	\??\A:	unregmp2.exe
File opened (read-only)	\??\H:	unregmp2.exe
File opened (read-only)	\??\J:	unregmp2.exe
File opened (read-only)	\??\L:	unregmp2.exe
File opened (read-only)	\??\M:	unregmp2.exe
File opened (read-only)	\??\T:	unregmp2.exe
File opened (read-only)	\??\V:	unregmp2.exe
File opened (read-only)	\??\X:	unregmp2.exe
File opened (read-only)	\??\Y:	unregmp2.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs

Web Service
T1102

Processes:

flow ioc

184 camo.githubusercontent.com

flow	ioc
184	camo.githubusercontent.com

Drops file in Program Files directory 64 IoCs

Processes:

Endermanch@InfinityCrypt.exe

description	ioc	process
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\illustrations_retina.png.67D2B1B89C2585D2EE67B417B476F92EA0D26D9FDAE7330325B07A2B54FBD49F	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\sv-se\ui-strings.js.67D2B1B89C2585D2EE67B417B476F92EA0D26D9FDAE7330325B07A2B54FBD49F	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\da-dk\ui-strings.js.67D2B1B89C2585D2EE67B417B476F92EA0D26D9FDAE7330325B07A2B54FBD49F	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\sv-se\ui-strings.js.67D2B1B89C2585D2EE67B417B476F92EA0D26D9FDAE7330325B07A2B54FBD49F	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\server_issue.gif.67D2B1B89C2585D2EE67B417B476F92EA0D26D9FDAE7330325B07A2B54FBD49F	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\uk-ua\ui-strings.js.67D2B1B89C2585D2EE67B417B476F92EA0D26D9FDAE7330325B07A2B54FBD49F	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\en-gb\ui-strings.js.67D2B1B89C2585D2EE67B417B476F92EA0D26D9FDAE7330325B07A2B54FBD49F	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\sv_get.svg.67D2B1B89C2585D2EE67B417B476F92EA0D26D9FDAE7330325B07A2B54FBD49F	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\root\ui-strings.js.67D2B1B89C2585D2EE67B417B476F92EA0D26D9FDAE7330325B07A2B54FBD49F	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\RHP_icons.png.67D2B1B89C2585D2EE67B417B476F92EA0D26D9FDAE7330325B07A2B54FBD49F	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_listview-hover.svg.67D2B1B89C2585D2EE67B417B476F92EA0D26D9FDAE7330325B07A2B54FBD49F	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\en-gb\ui-strings.js.67D2B1B89C2585D2EE67B417B476F92EA0D26D9FDAE7330325B07A2B54FBD49F	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\ca-es\ui-strings.js.67D2B1B89C2585D2EE67B417B476F92EA0D26D9FDAE7330325B07A2B54FBD49F	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\themes\dark\circle_2x.png.67D2B1B89C2585D2EE67B417B476F92EA0D26D9FDAE7330325B07A2B54FBD49F	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\css\main-selector.css.67D2B1B89C2585D2EE67B417B476F92EA0D26D9FDAE7330325B07A2B54FBD49F	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\ja-jp\ui-strings.js.67D2B1B89C2585D2EE67B417B476F92EA0D26D9FDAE7330325B07A2B54FBD49F	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\de-de\ui-strings.js.67D2B1B89C2585D2EE67B417B476F92EA0D26D9FDAE7330325B07A2B54FBD49F	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\icons.png.67D2B1B89C2585D2EE67B417B476F92EA0D26D9FDAE7330325B07A2B54FBD49F	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\fi-fi\ui-strings.js.67D2B1B89C2585D2EE67B417B476F92EA0D26D9FDAE7330325B07A2B54FBD49F	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\ru-ru\ui-strings.js.67D2B1B89C2585D2EE67B417B476F92EA0D26D9FDAE7330325B07A2B54FBD49F	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.185.17\msedgeupdateres_bn.dll.67D2B1B89C2585D2EE67B417B476F92EA0D26D9FDAE7330325B07A2B54FBD49F	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.185.17\msedgeupdateres_vi.dll.67D2B1B89C2585D2EE67B417B476F92EA0D26D9FDAE7330325B07A2B54FBD49F	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\over-arrow-navigation.svg.67D2B1B89C2585D2EE67B417B476F92EA0D26D9FDAE7330325B07A2B54FBD49F	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\ko-kr\ui-strings.js.67D2B1B89C2585D2EE67B417B476F92EA0D26D9FDAE7330325B07A2B54FBD49F	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\js\nls\ui-strings.js.67D2B1B89C2585D2EE67B417B476F92EA0D26D9FDAE7330325B07A2B54FBD49F	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\zh-cn\ui-strings.js.67D2B1B89C2585D2EE67B417B476F92EA0D26D9FDAE7330325B07A2B54FBD49F	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\hr-hr\ui-strings.js.67D2B1B89C2585D2EE67B417B476F92EA0D26D9FDAE7330325B07A2B54FBD49F	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\MyriadPro-Regular.otf.67D2B1B89C2585D2EE67B417B476F92EA0D26D9FDAE7330325B07A2B54FBD49F	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\en-il\ui-strings.js.67D2B1B89C2585D2EE67B417B476F92EA0D26D9FDAE7330325B07A2B54FBD49F	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\nb-no\ui-strings.js.67D2B1B89C2585D2EE67B417B476F92EA0D26D9FDAE7330325B07A2B54FBD49F	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\acrobat_parcel_generic_32.svg.67D2B1B89C2585D2EE67B417B476F92EA0D26D9FDAE7330325B07A2B54FBD49F	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\libs\jquery.ui.touch-punch\0.2.2\jquery.ui.touch-punch.js.67D2B1B89C2585D2EE67B417B476F92EA0D26D9FDAE7330325B07A2B54FBD49F	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\en-gb\ui-strings.js.67D2B1B89C2585D2EE67B417B476F92EA0D26D9FDAE7330325B07A2B54FBD49F	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Download_on_the_App_Store_Badge_es_135x40.svg.67D2B1B89C2585D2EE67B417B476F92EA0D26D9FDAE7330325B07A2B54FBD49F	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\hu-hu\ui-strings.js.67D2B1B89C2585D2EE67B417B476F92EA0D26D9FDAE7330325B07A2B54FBD49F	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\js\nls\it-it\ui-strings.js.67D2B1B89C2585D2EE67B417B476F92EA0D26D9FDAE7330325B07A2B54FBD49F	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\SaslPrep\SaslPrepProfile_norm_bidi.spp.67D2B1B89C2585D2EE67B417B476F92EA0D26D9FDAE7330325B07A2B54FBD49F	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\themes\dark\Close.png.67D2B1B89C2585D2EE67B417B476F92EA0D26D9FDAE7330325B07A2B54FBD49F	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.185.17\msedgeupdateres_is.dll.67D2B1B89C2585D2EE67B417B476F92EA0D26D9FDAE7330325B07A2B54FBD49F	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Comments.aapp.67D2B1B89C2585D2EE67B417B476F92EA0D26D9FDAE7330325B07A2B54FBD49F	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_checkbox_unselected_18.svg.67D2B1B89C2585D2EE67B417B476F92EA0D26D9FDAE7330325B07A2B54FBD49F	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\s_shared_single_filetype.svg.67D2B1B89C2585D2EE67B417B476F92EA0D26D9FDAE7330325B07A2B54FBD49F	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\sk-sk\ui-strings.js.67D2B1B89C2585D2EE67B417B476F92EA0D26D9FDAE7330325B07A2B54FBD49F	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_2x.png.67D2B1B89C2585D2EE67B417B476F92EA0D26D9FDAE7330325B07A2B54FBD49F	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themeless\accessibility_poster.jpg.67D2B1B89C2585D2EE67B417B476F92EA0D26D9FDAE7330325B07A2B54FBD49F	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Mac\ICELAND.TXT.67D2B1B89C2585D2EE67B417B476F92EA0D26D9FDAE7330325B07A2B54FBD49F	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\de\Microsoft.PowerShell.PackageManagement.resources.dll.67D2B1B89C2585D2EE67B417B476F92EA0D26D9FDAE7330325B07A2B54FBD49F	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\OptimizePDF_R_RHP.aapp.67D2B1B89C2585D2EE67B417B476F92EA0D26D9FDAE7330325B07A2B54FBD49F	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\fi-fi\ui-strings.js.67D2B1B89C2585D2EE67B417B476F92EA0D26D9FDAE7330325B07A2B54FBD49F	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\pl-pl\ui-strings.js.67D2B1B89C2585D2EE67B417B476F92EA0D26D9FDAE7330325B07A2B54FBD49F	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\bg_get.svg.67D2B1B89C2585D2EE67B417B476F92EA0D26D9FDAE7330325B07A2B54FBD49F	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\WelcomeCardRdr.png.67D2B1B89C2585D2EE67B417B476F92EA0D26D9FDAE7330325B07A2B54FBD49F	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ar-ae\ui-strings.js.67D2B1B89C2585D2EE67B417B476F92EA0D26D9FDAE7330325B07A2B54FBD49F	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\en-il\ui-strings.js.67D2B1B89C2585D2EE67B417B476F92EA0D26D9FDAE7330325B07A2B54FBD49F	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\fr-ma\ui-strings.js.67D2B1B89C2585D2EE67B417B476F92EA0D26D9FDAE7330325B07A2B54FBD49F	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\review_shared.gif.67D2B1B89C2585D2EE67B417B476F92EA0D26D9FDAE7330325B07A2B54FBD49F	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_reportabuse-default_18.svg.67D2B1B89C2585D2EE67B417B476F92EA0D26D9FDAE7330325B07A2B54FBD49F	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_filter-disabled_32.svg.67D2B1B89C2585D2EE67B417B476F92EA0D26D9FDAE7330325B07A2B54FBD49F	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\sl-si\ui-strings.js.67D2B1B89C2585D2EE67B417B476F92EA0D26D9FDAE7330325B07A2B54FBD49F	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\plugins\editpdf-selector.js.67D2B1B89C2585D2EE67B417B476F92EA0D26D9FDAE7330325B07A2B54FBD49F	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\check-mark-2x.png.67D2B1B89C2585D2EE67B417B476F92EA0D26D9FDAE7330325B07A2B54FBD49F	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\en\Microsoft.PowerShell.PackageManagement.resources.dll.67D2B1B89C2585D2EE67B417B476F92EA0D26D9FDAE7330325B07A2B54FBD49F	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagement\ja-JP\MSFT_PackageManagement.schema.mfl.67D2B1B89C2585D2EE67B417B476F92EA0D26D9FDAE7330325B07A2B54FBD49F	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_newfolder_18.svg.67D2B1B89C2585D2EE67B417B476F92EA0D26D9FDAE7330325B07A2B54FBD49F	Endermanch@InfinityCrypt.exe

Checks processor information in registry 2 TTPs 10 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

Endermanch@InfinityCrypt.exefirefox.exefirefox.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Endermanch@InfinityCrypt.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Endermanch@InfinityCrypt.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 5 IoCs

Processes:

msedge.exeOpenWith.exeOpenWith.exeOpenWith.exeOpenWith.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-275798769-4264537674-1142822080-1000\{469115AB-B5B4-49A2-BA2D-CCDC6A5E40E1}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exe

pid	process
1096	msedge.exe
1096	msedge.exe
3344	msedge.exe
3344	msedge.exe
3112	identity_helper.exe
3112	identity_helper.exe
4936	msedge.exe
4936	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1080	msedge.exe
1080	msedge.exe
4184	msedge.exe
4184	msedge.exe
4908	msedge.exe
4908	msedge.exe
5168	msedge.exe
5168	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

OpenWith.exe

pid process

1280 OpenWith.exe

pid	process
1280	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 21 IoCs

Processes:

msedge.exe

pid	process
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

Processes:

unregmp2.exeEndermanch@InfinityCrypt.exefirefox.exe

description	pid	process
Token: SeShutdownPrivilege	4176	unregmp2.exe
Token: SeCreatePagefilePrivilege	4176	unregmp2.exe
Token: SeDebugPrivilege	3460	Endermanch@InfinityCrypt.exe
Token: SeDebugPrivilege	6060	firefox.exe
Token: SeDebugPrivilege	6060	firefox.exe
Token: SeDebugPrivilege	6060	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

msedge.exe

pid	process
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe

Suspicious use of SendNotifyMessage 37 IoCs

Processes:

msedge.exefirefox.exe

pid	process
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
6060	firefox.exe
6060	firefox.exe
6060	firefox.exe

Suspicious use of SetWindowsHookEx 54 IoCs

Processes:

OpenWith.exeOpenWith.exeOpenWith.exefirefox.exeOpenWith.exe

pid	process
3532	OpenWith.exe
3532	OpenWith.exe
3532	OpenWith.exe
3532	OpenWith.exe
3532	OpenWith.exe
1280	OpenWith.exe
1280	OpenWith.exe
1280	OpenWith.exe
1280	OpenWith.exe
1280	OpenWith.exe
1280	OpenWith.exe
1280	OpenWith.exe
1280	OpenWith.exe
1280	OpenWith.exe
1280	OpenWith.exe
1280	OpenWith.exe
1280	OpenWith.exe
1280	OpenWith.exe
1280	OpenWith.exe
1280	OpenWith.exe
1280	OpenWith.exe
1280	OpenWith.exe
1280	OpenWith.exe
1280	OpenWith.exe
1280	OpenWith.exe
1280	OpenWith.exe
1280	OpenWith.exe
1280	OpenWith.exe
1280	OpenWith.exe
1280	OpenWith.exe
1280	OpenWith.exe
1280	OpenWith.exe
5980	OpenWith.exe
5980	OpenWith.exe
5980	OpenWith.exe
5980	OpenWith.exe
5980	OpenWith.exe
5980	OpenWith.exe
5980	OpenWith.exe
5980	OpenWith.exe
5980	OpenWith.exe
5980	OpenWith.exe
5980	OpenWith.exe
5980	OpenWith.exe
5980	OpenWith.exe
5980	OpenWith.exe
5980	OpenWith.exe
5980	OpenWith.exe
5980	OpenWith.exe
6060	firefox.exe
6060	firefox.exe
6060	firefox.exe
6060	firefox.exe
5748	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

wmplayer.exeunregmp2.exemsedge.exe

description	pid	process	target process
PID 4084 wrote to memory of 4584	4084	wmplayer.exe	setup_wm.exe
PID 4084 wrote to memory of 4584	4084	wmplayer.exe	setup_wm.exe
PID 4084 wrote to memory of 4584	4084	wmplayer.exe	setup_wm.exe
PID 4084 wrote to memory of 4788	4084	wmplayer.exe	unregmp2.exe
PID 4084 wrote to memory of 4788	4084	wmplayer.exe	unregmp2.exe
PID 4084 wrote to memory of 4788	4084	wmplayer.exe	unregmp2.exe
PID 4788 wrote to memory of 4176	4788	unregmp2.exe	unregmp2.exe
PID 4788 wrote to memory of 4176	4788	unregmp2.exe	unregmp2.exe
PID 3344 wrote to memory of 3788	3344	msedge.exe	msedge.exe
PID 3344 wrote to memory of 3788	3344	msedge.exe	msedge.exe
PID 3344 wrote to memory of 2272	3344	msedge.exe	msedge.exe
PID 3344 wrote to memory of 2272	3344	msedge.exe	msedge.exe
PID 3344 wrote to memory of 2272	3344	msedge.exe	msedge.exe
PID 3344 wrote to memory of 2272	3344	msedge.exe	msedge.exe
PID 3344 wrote to memory of 2272	3344	msedge.exe	msedge.exe
PID 3344 wrote to memory of 2272	3344	msedge.exe	msedge.exe
PID 3344 wrote to memory of 2272	3344	msedge.exe	msedge.exe
PID 3344 wrote to memory of 2272	3344	msedge.exe	msedge.exe
PID 3344 wrote to memory of 2272	3344	msedge.exe	msedge.exe
PID 3344 wrote to memory of 2272	3344	msedge.exe	msedge.exe
PID 3344 wrote to memory of 2272	3344	msedge.exe	msedge.exe
PID 3344 wrote to memory of 2272	3344	msedge.exe	msedge.exe
PID 3344 wrote to memory of 2272	3344	msedge.exe	msedge.exe
PID 3344 wrote to memory of 2272	3344	msedge.exe	msedge.exe
PID 3344 wrote to memory of 2272	3344	msedge.exe	msedge.exe
PID 3344 wrote to memory of 2272	3344	msedge.exe	msedge.exe
PID 3344 wrote to memory of 2272	3344	msedge.exe	msedge.exe
PID 3344 wrote to memory of 2272	3344	msedge.exe	msedge.exe
PID 3344 wrote to memory of 2272	3344	msedge.exe	msedge.exe
PID 3344 wrote to memory of 2272	3344	msedge.exe	msedge.exe
PID 3344 wrote to memory of 2272	3344	msedge.exe	msedge.exe
PID 3344 wrote to memory of 2272	3344	msedge.exe	msedge.exe
PID 3344 wrote to memory of 2272	3344	msedge.exe	msedge.exe
PID 3344 wrote to memory of 2272	3344	msedge.exe	msedge.exe
PID 3344 wrote to memory of 2272	3344	msedge.exe	msedge.exe
PID 3344 wrote to memory of 2272	3344	msedge.exe	msedge.exe
PID 3344 wrote to memory of 2272	3344	msedge.exe	msedge.exe
PID 3344 wrote to memory of 2272	3344	msedge.exe	msedge.exe
PID 3344 wrote to memory of 2272	3344	msedge.exe	msedge.exe
PID 3344 wrote to memory of 2272	3344	msedge.exe	msedge.exe
PID 3344 wrote to memory of 2272	3344	msedge.exe	msedge.exe
PID 3344 wrote to memory of 2272	3344	msedge.exe	msedge.exe
PID 3344 wrote to memory of 2272	3344	msedge.exe	msedge.exe
PID 3344 wrote to memory of 2272	3344	msedge.exe	msedge.exe
PID 3344 wrote to memory of 2272	3344	msedge.exe	msedge.exe
PID 3344 wrote to memory of 2272	3344	msedge.exe	msedge.exe
PID 3344 wrote to memory of 2272	3344	msedge.exe	msedge.exe
PID 3344 wrote to memory of 2272	3344	msedge.exe	msedge.exe
PID 3344 wrote to memory of 2272	3344	msedge.exe	msedge.exe
PID 3344 wrote to memory of 2272	3344	msedge.exe	msedge.exe
PID 3344 wrote to memory of 1096	3344	msedge.exe	msedge.exe
PID 3344 wrote to memory of 1096	3344	msedge.exe	msedge.exe
PID 3344 wrote to memory of 2392	3344	msedge.exe	msedge.exe
PID 3344 wrote to memory of 2392	3344	msedge.exe	msedge.exe
PID 3344 wrote to memory of 2392	3344	msedge.exe	msedge.exe
PID 3344 wrote to memory of 2392	3344	msedge.exe	msedge.exe
PID 3344 wrote to memory of 2392	3344	msedge.exe	msedge.exe
PID 3344 wrote to memory of 2392	3344	msedge.exe	msedge.exe
PID 3344 wrote to memory of 2392	3344	msedge.exe	msedge.exe
PID 3344 wrote to memory of 2392	3344	msedge.exe	msedge.exe
PID 3344 wrote to memory of 2392	3344	msedge.exe	msedge.exe
PID 3344 wrote to memory of 2392	3344	msedge.exe	msedge.exe
PID 3344 wrote to memory of 2392	3344	msedge.exe	msedge.exe
PID 3344 wrote to memory of 2392	3344	msedge.exe	msedge.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Windows Media Player\wmplayer.exe
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\Super The Movie Trailer V3.mp4"
1⤵
- Suspicious use of WriteProcessMemory
PID:4084

C:\Program Files (x86)\Windows Media Player\setup_wm.exe
"C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\Super The Movie Trailer V3.mp4"
2⤵
PID:4584

C:\Windows\SysWOW64\unregmp2.exe
"C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
2⤵
- Suspicious use of WriteProcessMemory
PID:4788

C:\Windows\system32\unregmp2.exe
"C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
3⤵
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
PID:4176

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3344

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff882e546f8,0x7ff882e54708,0x7ff882e54718
2⤵
PID:3788

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,719851188819351283,7218428718566077089,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2568 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1096

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,719851188819351283,7218428718566077089,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
2⤵
PID:2272

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,719851188819351283,7218428718566077089,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:8
2⤵
PID:2392

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,719851188819351283,7218428718566077089,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
2⤵
PID:4272

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,719851188819351283,7218428718566077089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2872 /prefetch:1
2⤵
PID:952

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,719851188819351283,7218428718566077089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4160 /prefetch:1
2⤵
PID:4712

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,719851188819351283,7218428718566077089,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
2⤵
PID:5048

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,719851188819351283,7218428718566077089,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4660 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3112

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,719851188819351283,7218428718566077089,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4660 /prefetch:8
2⤵
PID:3660

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,719851188819351283,7218428718566077089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
2⤵
PID:5116

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,719851188819351283,7218428718566077089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1
2⤵
PID:2248

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2072,719851188819351283,7218428718566077089,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5428 /prefetch:8
2⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:4936

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2072,719851188819351283,7218428718566077089,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3428 /prefetch:8
2⤵
PID:4620

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,719851188819351283,7218428718566077089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
2⤵
PID:3756

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,719851188819351283,7218428718566077089,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2296 /prefetch:1
2⤵
PID:832

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,719851188819351283,7218428718566077089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
2⤵
PID:4400

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,719851188819351283,7218428718566077089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3084 /prefetch:1
2⤵
PID:3884

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,719851188819351283,7218428718566077089,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1924 /prefetch:1
2⤵
PID:2464

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,719851188819351283,7218428718566077089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4604 /prefetch:1
2⤵
PID:3660

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,719851188819351283,7218428718566077089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
2⤵
PID:2936

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,719851188819351283,7218428718566077089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1
2⤵
PID:2248

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,719851188819351283,7218428718566077089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1
2⤵
PID:2784

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,719851188819351283,7218428718566077089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
2⤵
PID:4196

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,719851188819351283,7218428718566077089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1
2⤵
PID:4876

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,719851188819351283,7218428718566077089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:1
2⤵
PID:1132

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,719851188819351283,7218428718566077089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6260 /prefetch:1
2⤵
PID:4720

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,719851188819351283,7218428718566077089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:1
2⤵
PID:968

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2072,719851188819351283,7218428718566077089,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6640 /prefetch:8
2⤵
PID:1988

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,719851188819351283,7218428718566077089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
2⤵
PID:3272

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,719851188819351283,7218428718566077089,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6220 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1920

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2072,719851188819351283,7218428718566077089,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6112 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1080

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4540

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4032

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2764

C:\Users\Admin\AppData\Local\Temp\Temp1_InfinityCrypt.zip\Endermanch@InfinityCrypt.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_InfinityCrypt.zip\Endermanch@InfinityCrypt.exe"
1⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
PID:3460

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3532

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1280

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaulted170f8fh0d0fh49c6hb147h20c4d4590fdc
1⤵
PID:2400

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff882e546f8,0x7ff882e54708,0x7ff882e54718
2⤵
PID:2976

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,3957363042100294770,8494285987384476479,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
2⤵
PID:2340

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,3957363042100294770,8494285987384476479,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
2⤵
PID:2432

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaulteba54a75h11e2h4cc0ha891h73bc898fd5d9
1⤵
PID:1556

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff882e546f8,0x7ff882e54708,0x7ff882e54718
2⤵
PID:1632

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,15569343547719167175,9043422496852948220,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 /prefetch:3
2⤵
PID:2432

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaultd874cb6bh3c72h41afhbb7dh73a53fd2a744
1⤵
PID:4932

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff882e546f8,0x7ff882e54708,0x7ff882e54718
2⤵
PID:2912

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,11264661698136398472,17401572767685865103,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4184

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,11264661698136398472,17401572767685865103,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
2⤵
PID:3640

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaultbab32d97hf3a0h4eabhab6ahe1a322b4f8c8
1⤵
PID:1548

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff882e546f8,0x7ff882e54708,0x7ff882e54718
2⤵
PID:4860

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,13260538820635957983,4676886925017885262,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
2⤵
PID:1800

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,13260538820635957983,4676886925017885262,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4908

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
1⤵
PID:4988

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault301feabdh919ch4f4ah804dhdc776eb90b65
1⤵
PID:2360

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff882e546f8,0x7ff882e54708,0x7ff882e54718
2⤵
PID:3940

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,16056130862161103810,9824843396358749917,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2044 /prefetch:2
2⤵
PID:5160

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,16056130862161103810,9824843396358749917,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5168

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5980

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\MalwareDatabase-master\MalwareDatabase-master\trojans\FakeActivation.zip.67D2B1B89C2585D2EE67B417B476F92EA0D26D9FDAE7330325B07A2B54FBD49F"
2⤵
PID:6044

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\Downloads\MalwareDatabase-master\MalwareDatabase-master\trojans\FakeActivation.zip.67D2B1B89C2585D2EE67B417B476F92EA0D26D9FDAE7330325B07A2B54FBD49F
3⤵
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:6060

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6060.0.1007408472\1895880720" -parentBuildID 20221007134813 -prefsHandle 1908 -prefMapHandle 1900 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {04c7f397-317a-4586-824b-d15908f03d2c} 6060 "\\.\pipe\gecko-crash-server-pipe.6060" 1996 1c34fddab58 gpu
4⤵
PID:1652

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6060.1.1907941635\1593183214" -parentBuildID 20221007134813 -prefsHandle 2408 -prefMapHandle 2404 -prefsLen 21565 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dc650b1b-9373-44cf-b907-cbc64ae499ec} 6060 "\\.\pipe\gecko-crash-server-pipe.6060" 2420 1c34fd0d558 socket
4⤵
- Checks processor information in registry
PID:5336

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6060.2.322164931\1348379782" -childID 1 -isForBrowser -prefsHandle 3148 -prefMapHandle 3144 -prefsLen 21668 -prefMapSize 233444 -jsInitHandle 1384 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {64308117-bae7-49d7-9ab3-72a8d44de7b8} 6060 "\\.\pipe\gecko-crash-server-pipe.6060" 3160 1c353bf0f58 tab
4⤵
PID:5480

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6060.3.1324552861\586830481" -childID 2 -isForBrowser -prefsHandle 3560 -prefMapHandle 3556 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1384 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {38217f9b-0da8-410b-9e50-0ff10e149154} 6060 "\\.\pipe\gecko-crash-server-pipe.6060" 3572 1c3527b1358 tab
4⤵
PID:780

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6060.4.1844477753\1883515050" -childID 3 -isForBrowser -prefsHandle 5136 -prefMapHandle 5124 -prefsLen 26300 -prefMapSize 233444 -jsInitHandle 1384 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {81062cf9-6374-443d-8eab-d3252192fd55} 6060 "\\.\pipe\gecko-crash-server-pipe.6060" 5148 1c355c70158 tab
4⤵
PID:4296

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6060.6.233521590\787955002" -childID 5 -isForBrowser -prefsHandle 5476 -prefMapHandle 5480 -prefsLen 26300 -prefMapSize 233444 -jsInitHandle 1384 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aa1709dd-bcc0-4a4f-a5e7-3ca84321e3ea} 6060 "\\.\pipe\gecko-crash-server-pipe.6060" 5560 1c35754d558 tab
4⤵
PID:5940

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6060.5.727122108\453618100" -childID 4 -isForBrowser -prefsHandle 5284 -prefMapHandle 5288 -prefsLen 26300 -prefMapSize 233444 -jsInitHandle 1384 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {72b04a4b-58d8-4837-baf0-0ad796b4a11b} 6060 "\\.\pipe\gecko-crash-server-pipe.6060" 5276 1c35688b958 tab
4⤵
PID:4536

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5748

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\icudtl.dat.67D2B1B89C2585D2EE67B417B476F92EA0D26D9FDAE7330325B07A2B54FBD49F
Filesize
16B

MD5
aee6f1606fe2459626e004ef53ed31aa

SHA1
3d124bca14298d31192a944bc35fe6e9e7b39eac

SHA256
12562642a75426dd572483b4c230786fe3c58eb2b79be17481c4a4d407966100

SHA512
a2feb757d5bb884113d637e23f43710cf5259a930b3be606cef162c405b50895ee6e09310bebf87cbf41d85bfe13ccd0f0b862574ef0eb642bf8ff73d19ef182

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_remove_18.svg.67D2B1B89C2585D2EE67B417B476F92EA0D26D9FDAE7330325B07A2B54FBD49F
Filesize
720B

MD5
b1ba5504e1dd7e73d6d8f6c7a9fcb395

SHA1
4afac781e00caae8b97cc2a0df23ff1f70b25807

SHA256
f837d115167561cc62cd072ebb1d46ee6c27f449f74bc6ea2ce906f36aeb2f98

SHA512
612e82ca1c5d0b9617a7be13c46509ea988c65e51b8c04649a393111929f4302ebb7ebde5c0d8d89ef4029204093cff605058703c5379f90ff9339856a71cef0

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons.png.67D2B1B89C2585D2EE67B417B476F92EA0D26D9FDAE7330325B07A2B54FBD49F
Filesize
688B

MD5
9ce84629e2ef69c4a7d3616943ade25f

SHA1
88ab3b7b14f6751a570227600a75e01653a36e50

SHA256
61ba13e50c9e2e0b756c8d9a231cbbb826527ddf2ecf8aadf5890b8c88874024

SHA512
dca7c69e5c20563367b3cd13c90c142d0a4b2c8648d2c4032cffbc37344c4f94a873cc98742ffc9795815ad27dc43c5943ccefb1ec0401139f449b8ac814a060

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons2x.png.67D2B1B89C2585D2EE67B417B476F92EA0D26D9FDAE7330325B07A2B54FBD49F
Filesize
1KB

MD5
b9d08fe0a6bddf79c70f5c3538c97f09

SHA1
62e95a93e3b4b321a43e7626fa57122181b71f1b

SHA256
a11cf1c8e763f5ce279c8a5a6f80c423c20ef293ca6bf5fed8e18e9e3a10c128

SHA512
309137bb5724c4cb322d43a7a7f9a273ad181a66022cf5df17027b896a1d81f049ba692d3ee4ec51b95cf74bb7b10641a654e776971e09b3a790df1645c44fec

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon.png.67D2B1B89C2585D2EE67B417B476F92EA0D26D9FDAE7330325B07A2B54FBD49F
Filesize
448B

MD5
a01f96f931c14a843562d3d9ce0ebb4c

SHA1
52d66eca6b9c99692385d973926ba137392d60f4

SHA256
e2f3650adfe371b315f227d95bf0fa9cf4dee971200d1de02e274f67ca012e69

SHA512
80abf07cbeb0255f21a5010e94bd3a1e306ac3d080768446677d2f9ce795a4d7918fabc2f925590075f2475db2e85332d140241dc8e709f3af4fbee0b3723b89

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_2x.png.67D2B1B89C2585D2EE67B417B476F92EA0D26D9FDAE7330325B07A2B54FBD49F
Filesize
624B

MD5
563f7b23a3c944e7ef00fc34864a1a08

SHA1
8b00cc34708bcf3f2635168f0776aab1b06fa8f5

SHA256
f664c8e1c223c6be4bc58d32c99fa080a1504818f74971c1ce9517cee8115491

SHA512
1111b1b33d33db464016e52591b15ae35a1c88a3376a3992729000c1c3eaf9b056c2b5cb3f38b0da158eba95320d6a0153e5ea2b4354e350763cdcf777864a2a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover.png.67D2B1B89C2585D2EE67B417B476F92EA0D26D9FDAE7330325B07A2B54FBD49F
Filesize
400B

MD5
5c4e437c4a562cc459959e6fefd6ab25

SHA1
014051bae9143f6a74c9906dfe22f95bc371cbac

SHA256
fbe1e07ff169161a6aa45f4ebbf78cf4b1dd7fcb7af011aaa5f62c51ea468ece

SHA512
1e92ba1c5b76f0f3bd8618b60a1de93bd5fdaebcad4689e129a49645edee6f7b6106c33347e9b5e961558f88941201f2a2829470dc3af6e1bdf6c6d364d641bd

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover_2x.png.67D2B1B89C2585D2EE67B417B476F92EA0D26D9FDAE7330325B07A2B54FBD49F
Filesize
560B

MD5
317a51502a172293ad4946944cbfec5c

SHA1
94643f2f61ac9949b70c76ecf0f432a39a03d5c9

SHA256
263067ce45e40905b1cacd812b6fa7906c59c0319c090921f92d8645654043fa

SHA512
dd34e8ea0b4fdd91a9bf8d40b43e1675348a02a2dc399727cbe19274b4275a39f4d01da37d2e052e4d2edea4ae968fb487f78875f23aaff1681e246787d16b17

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon.png.67D2B1B89C2585D2EE67B417B476F92EA0D26D9FDAE7330325B07A2B54FBD49F
Filesize
400B

MD5
5449ad278cc2079c9724b1e32394f1a9

SHA1
8a656d7170aa542bdc75944341f1e4d635b7e0a0

SHA256
c28cabdbfec5106afc281b0366686daeadf72fae48193382fc9b6195f4867631

SHA512
75050ec7fe72dc2b2d9b341e498c26725a914bb2bafbe1346c815fbfc48288c0f5e1cd5a73013123df9cf4e0d9f461d77ded4d108ffa2f827b2c4a7623089370

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png.67D2B1B89C2585D2EE67B417B476F92EA0D26D9FDAE7330325B07A2B54FBD49F
Filesize
560B

MD5
ba129ef8ebd06c2d7fbbe69a42beb2c3

SHA1
51821e042e8566213fae82ccc18af9cba523717c

SHA256
b835929101e21dd70de16d3f0e9a46271811c43abc9c698abbf1ab97ec39d9c1

SHA512
9b5f905e0af8d74b06bb2ebc01b3dc92cbcf9a7ca190d96d236e09a2728f1eb1ed49c3fed158cc50bf04a299f8b5d9a18631d9c968e67337d29978183d3ebf3c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png.67D2B1B89C2585D2EE67B417B476F92EA0D26D9FDAE7330325B07A2B54FBD49F
Filesize
400B

MD5
2ddb4cbae9ef61f16a453e2914177cd1

SHA1
1309cb4d7879ffca3d9d82d57ea93f90fb417623

SHA256
faff533faaffa992fd67d14171c0a45d84a4cde4f9d28b13018d98333221a3f8

SHA512
cd4fc4700e4a7a112ecc6419879c06b500fbae26666ca794856d30f6b14ecdea21f4d6d9173811f10dde8ec9d94661e63edb17f1c92885be28dfd3643b631b74

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png.67D2B1B89C2585D2EE67B417B476F92EA0D26D9FDAE7330325B07A2B54FBD49F
Filesize
560B

MD5
3cd74295ed6c981b51366b365e948c41

SHA1
080c718641ca45e75afcf61e72a288d821afac55

SHA256
756d242a76a8f8bdc8233e37492f687366e3d913f5fa484e51de364aaa395250

SHA512
418d85787b95f66abb6d2088442aaf458b8dd1d153b388c3e99f7597efc52ef578146c041c3ccc82a123be426da06b68280d0f1682be279f8590ac09af1a662b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons.png.67D2B1B89C2585D2EE67B417B476F92EA0D26D9FDAE7330325B07A2B54FBD49F
Filesize
7KB

MD5
d59f32363618a9eff2d17e8f7735bbab

SHA1
cd043433cca663200bef63e566fd6bbe359e4d6d

SHA256
c87ca5a1f73d164e5363f9f20ff0c7b6990a5f775ac83a607e9b6cfff8225eb4

SHA512
6ba68acb85e78457075e98d047bfb6340f45a62b63b1cd62ed8ea3ff8d79870f93f64bf26becc6dd3b06bcdae5d95c1959a727c94a4395d0b7f02b6138807c7e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_ie8.gif.67D2B1B89C2585D2EE67B417B476F92EA0D26D9FDAE7330325B07A2B54FBD49F
Filesize
7KB

MD5
93bc4ac1b2a7449cbc560241c653e157

SHA1
aee537d387401203f30ddb76c1a1a1892e9e8188

SHA256
da86d79967d6d68a0c1cc5899e54a28dca2584f0ba1702f70e102fa1c172dd30

SHA512
37ed739a0cf529993e43d6966ae8ce72a4a484cfdc425af6996a0b2245555ed3cc86585c4246cd3e6f873dd7038781c11bc7fd3f1c54531a67be9558df345407

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_retina.png.67D2B1B89C2585D2EE67B417B476F92EA0D26D9FDAE7330325B07A2B54FBD49F
Filesize
15KB

MD5
e03c0388a4f0984da55487fad8b2b2e0

SHA1
fcf7e221cd23d21d7b23f77e33b68ce8c15be3ac

SHA256
3149a04b081f98b89fadd08292b090035255cf55c5fd6e362c4e173926dbf1ac

SHA512
150ab9edab3f8fb0d0010134b3338720da7e714e254f4c1fe5a025468a539392020f4d7a1748b8b0b6e0513c206d17f3aa296ab8f2954313e348e9ea9fb3551f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons.png.67D2B1B89C2585D2EE67B417B476F92EA0D26D9FDAE7330325B07A2B54FBD49F
Filesize
8KB

MD5
7ada3c232511c4277c334e8985a5e358

SHA1
101ce949b48655a1bbb98e1ca2a3a3b4ab47d79f

SHA256
76069fc1e1d27ba3ce0018d997329cfb65583dcb92893c22fb2adcf9bd06eb30

SHA512
24203ab908f9716c87e63d56583572574e6a26f3f8e61726a49818125293656fd8d821bbb8e3f93a2d731c37b311091006e9b13a5ef9328ab3314ee04d14e84d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons_retina.png.67D2B1B89C2585D2EE67B417B476F92EA0D26D9FDAE7330325B07A2B54FBD49F
Filesize
17KB

MD5
f022ee9b0cc368ff7afa73b4fc155d8d

SHA1
a892963a4021cd0ba66a23bb4305804f6eee2127

SHA256
5ee57e208227da8a8665f947b8e7306c34730d63929743cc97ae718e3bd3fd4a

SHA512
582f35f06749784b8eb26bacd11727fc6a50b94031b431989edb0d35acfb361983f9874ffcccbdc2263caa3011319a2b618a529131ae0e67fe7c502dc24178c9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_pattern_RHP.png.67D2B1B89C2585D2EE67B417B476F92EA0D26D9FDAE7330325B07A2B54FBD49F
Filesize
192B

MD5
fda2ee9b0b97a07cca678272f258d28d

SHA1
37c44daa777cbb4918ebea01235492a32fd2469a

SHA256
96f8dddfd63777e46bff4adc157033db169bd94801080dcf018bc59f063f4ffa

SHA512
1ff0126d7112bc2e8939d0273fc933009ad2cc11c4fdd4d5705781be0586bf2a81fbb7fae097fd20100de8e26c2cce1d00868a2f7cf5ba64eb8b6332d487eaff

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_patterns_header.png.67D2B1B89C2585D2EE67B417B476F92EA0D26D9FDAE7330325B07A2B54FBD49F
Filesize
704B

MD5
15d524b619dab6d8a38d6783b37de00e

SHA1
2b6dfbc4a842501700e2cf79a7424184d7d87abb

SHA256
b5ddde32aaf56ae1b4f4af01ecacfaf8650b535fe15009317852357f185909d5

SHA512
0cf91e96868e8cb3d71edb2ef74ae5f7dec56e4328daaa4c5b9eec0c3714c31c128b86dbf3e3b7490d84f3da9a7fca72d4f5ca29292551d4a7ce8d6ab3c4de68

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations.png.67D2B1B89C2585D2EE67B417B476F92EA0D26D9FDAE7330325B07A2B54FBD49F
Filesize
8KB

MD5
d78c5ae90f0b134028e67854551b0c15

SHA1
392814a8a485c7d15232f53c6707b50b221d0a26

SHA256
6abf7cf7505dc20be9d1b478467012b22554702eb7a7d3c8e536b166e59dbd00

SHA512
5f4a26ec2aa380e96f0b86b8cec5c0043236c02c7f5481448250ec8071029653aa3bfac3e5dc3d572b9a6dad7e5ecf9f1c61ee7d62ae931dddd9d09c94e9fd73

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations_retina.png.67D2B1B89C2585D2EE67B417B476F92EA0D26D9FDAE7330325B07A2B54FBD49F
Filesize
19KB

MD5
dbe79f82e9c97f657ccd55938a201e09

SHA1
9e5c17aa169d9f9f09e4361a0025c1e13e555a0a

SHA256
3c07b1c37c804d583a4f1ea852b9c862b609665abdea76fa1d0008485e993ded

SHA512
e5a16928b3fa9bb40df50ba15595832d40948438125a5a13c2572d8a7f5aec389712978563b83c92bf4577d1ff185490b32bf09e40f36c410fceadd814ef45da

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-gb\ui-strings.js.67D2B1B89C2585D2EE67B417B476F92EA0D26D9FDAE7330325B07A2B54FBD49F
Filesize
832B

MD5
6f7c319645c866ce8c769f12e2db1ebb

SHA1
131416b7deea62229fad4c074e19d1c0377c8fc1

SHA256
79cb81c280232a8a30561a5ed0253a8541a741bd981d768f702999179ecd7b56

SHA512
d4ea17f7601303ad87d80665016adf82f5e4417d4f30176fb5bb8a91b2304415cf695a0d473b0b9c1e2239727da5f23f001bce8844196303a514eed817e177be

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ui-strings.js.67D2B1B89C2585D2EE67B417B476F92EA0D26D9FDAE7330325B07A2B54FBD49F
Filesize
1KB

MD5
12bae0504522408304096d2561dbd0b7

SHA1
31b7339004ed873531eec17d10639c56197d32e8

SHA256
ce052d9aa4ffb359a7735ed66ee3806cc75c2be00953694d62b27cbe6bd5543b

SHA512
5f7bc5b111f5cf335d8754fd365bcee272ef266cb6bbe9b30c5b76adea2839c5074329686a9fb577cac28c816429506b703268beb51a325a8a4adbb084ca5da9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ui-strings.js.67D2B1B89C2585D2EE67B417B476F92EA0D26D9FDAE7330325B07A2B54FBD49F
Filesize
1KB

MD5
33aad71b59881a3dbb08b55c148cfeb0

SHA1
83c82d572861b1cf01aaae2e49d0a6b66809abf3

SHA256
66f06a0ac19d91b02933770b81a271eb8a222f2c59e60e9f50339cfc4c6645f1

SHA512
3697fafefc5a7e1651d9ffd43a8fcf660037b0a8db0914314bf72e3c8e72c6afedc6b632e4c5c6ff993afff08e695bc08c86a749643b916a8cdd1684141b1eb7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\css\main.css.67D2B1B89C2585D2EE67B417B476F92EA0D26D9FDAE7330325B07A2B54FBD49F
Filesize
816B

MD5
da4fdd75cc8c39a8e0d4e7bafc016279

SHA1
48396895e7e5378f7014b601ddbb8b49ed87e5fa

SHA256
26aceb473aa096db866003db700b17b593ba55963e86c3543eee9c8de97b4ac5

SHA512
811f2efbe76cc3386f259841f65068ccde3a28dfcf05cc323cfb43b859152982613cd6c0b2386a087eb829f2eed37fa44b11984862860c515c88a2b37e4de97b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\bun.png.67D2B1B89C2585D2EE67B417B476F92EA0D26D9FDAE7330325B07A2B54FBD49F
Filesize
2KB

MD5
4b6a4d8924eb0a0e538b6191e9c3ca36

SHA1
f778e2eecd8a923ad0a0d8fb96b05180112b7c19

SHA256
0c21a9a0fa54b33fd4ee9c1ed434a880cbad232d7c5d5b7eea91545f3aa89ff2

SHA512
8a2d2d683fcf890dfe2923f6fbed1bdc7098e5afd0b60cbb5739e8f40e784cd7a772fd1ef1c3dcbfc376a48d5450880e3c51ca164992a49570688a9bd76d2bf2

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview.png.67D2B1B89C2585D2EE67B417B476F92EA0D26D9FDAE7330325B07A2B54FBD49F
Filesize
2KB

MD5
e1dc98321777f7429f046e30cc4e38c5

SHA1
2605def0261d08b90e266a846f1a9f0cc258b31a

SHA256
f54665523238f4752f98dfbd27d5db9e6d3b7c80c7649d90053281c2a78abaf9

SHA512
7d361298be85a478ded410a338cc72534eed2b7ff020a4e761d8247a1d241e7cac1b1dcff7c7876b938ddc33ef223a2c40f2332387bb408b0a3d2f0c9e2042a3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview2x.png.67D2B1B89C2585D2EE67B417B476F92EA0D26D9FDAE7330325B07A2B54FBD49F
Filesize
4KB

MD5
fb5bb59aceeb81204bc579d2261cae31

SHA1
9997943b19734601637cee3b5414ddc929012319

SHA256
7f41a80b95f5e34586337af5bf18ea619f063ea4f3235ea98f547da5634ef9ee

SHA512
b098ccd43e25fd1a89ced6f754f32ff810a8cfb6fcc31055fa0e4668a170974fa862eca11dce7fb39d0bb5db10fdebbcf7e8314968267aa60d0605975edbc9cb

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small.png.67D2B1B89C2585D2EE67B417B476F92EA0D26D9FDAE7330325B07A2B54FBD49F
Filesize
304B

MD5
1412387943946e2c0883c33036d7810f

SHA1
743b6c50bb344b6f8ff46813aee632eeb3507158

SHA256
67b648ba099cf67a27bd4046fdf19838a8eda533f2a803734e0f09822503291e

SHA512
b6e2bdaaae9c6c5e108bdc53430093ada3428def2127542e104c9ec378774d346771d18d8a5adcc1fa12efb0579d08249a11cd8f9c3c4515bd19de31bfbf6a9a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small2x.png.67D2B1B89C2585D2EE67B417B476F92EA0D26D9FDAE7330325B07A2B54FBD49F
Filesize
400B

MD5
93ed39d33649ec84ba0d5b3c850fb8b0

SHA1
f55bee7354713890c708e57f06de9153d1264969

SHA256
545410f5d2d8534b73ed414ae595689b005ed47cef8dfe095704b10a7c6b1641

SHA512
95ccfe7469db3b5fced42fe7d56413f56c880c37c863db929ad3c5300133d5347026cabbce0904287c37eb09d408eab6a95dd3b4911e152832d8f572328284e4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\nub.png.67D2B1B89C2585D2EE67B417B476F92EA0D26D9FDAE7330325B07A2B54FBD49F
Filesize
1008B

MD5
3d6e3cabdd3bfcf82b4b8b3123e6d954

SHA1
a2c0147251cba1b8eafc482b4efddd26ab42fb6c

SHA256
b0d0065e5533196dce569ed11a9bc9c7a1bd4c9f6751d07271f03f9e365643fd

SHA512
b46b0f9b6dd94934e93471a6e631bd96d7c5baa2a8ca47bb3bb9ec1ca4050af500e1be58af92475bdf42f3d7a7b7eb5088fae2aa3d369a7eff5d84542fe54936

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons.png.67D2B1B89C2585D2EE67B417B476F92EA0D26D9FDAE7330325B07A2B54FBD49F
Filesize
1KB

MD5
9b9d50a330da8618c80ff93c4c539ce2

SHA1
607efb8f0de20232972093100f5143c3a5e189d9

SHA256
e00c241dddccd0845c6f3cc630142afad4ab291c486d89524d6e24884480bc3f

SHA512
497176f4faf1905f8cfaf003ff05258f271ef755e4abb69f7d876444dc20f9f5f07a5fe2121bd3781c0df92646060d1a7a16a8c1925eabd853b6d89199e47698

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons2x.png.67D2B1B89C2585D2EE67B417B476F92EA0D26D9FDAE7330325B07A2B54FBD49F
Filesize
2KB

MD5
65726666b6b4f9352668588c3ff8276c

SHA1
cb4e3b83ce3213c074423ea1599379e14fe226bd

SHA256
9bb952f17950f3f6b129e48477b48d64e00379d9617deb1eec90b56fd3b9a438

SHA512
1dfebd9c2d67cc363587b1118e3db0902c256abe6f5a7c7cd05a2c77e829afa05f8f4d5e613a630e9bc949c0370e7b3b170ac190e446b769791e33b2d6ffce26

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\nl-nl\ui-strings.js.67D2B1B89C2585D2EE67B417B476F92EA0D26D9FDAE7330325B07A2B54FBD49F
Filesize
848B

MD5
d4180cd334acfc704a6f5f5fd8abde0c

SHA1
a88b74f2f4982ba68ca1994d2fae76a7c58ab303

SHA256
4d7b0e32bf957264779dacec1437db8da1923a9ceaf02cb069503c98409da17f

SHA512
5c12e9ba4be02f7860c033c6e63d81415de27accae009fedfd51cfe47c878dbf81caa9139857b756db45b0d13c154a51637302fc22d0bf9131dfd849684e8436

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
1eb86108cb8f5a956fdf48efbd5d06fe

SHA1
7b2b299f753798e4891df2d9cbf30f94b39ef924

SHA256
1b53367e0041d54af89e7dd59733231f5da1393c551ed2b943c89166c0baca40

SHA512
e2a661437688a4a01a6eb3b2bd7979ecf96b806f5a487d39354a7f0d44cb693a3b1c2cf6b1247b04e4106cc816105e982569572042bdddb3cd5bec23b4fce29d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
050e5e43397c8c9b85e9c863229d37cb

SHA1
0003f5862a9e0187442404f92bc7d6e0fbd83ec2

SHA256
77e3b1fa5dad25ec5d9f0f91bb51fde3c683484f647288c190720a971ddae5fa

SHA512
2a160d2715a1d47e657b0c0853787a24c48e720e69330c86bcc5a782f9f2fcab042f100d48866c5e79a92e93d448a161799adaea6a159316edcaa4e01fa4b258

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
4c51d0df112b07b05ed823a0d3e259b9

SHA1
a4bfcdbd103eba333540f8b039707c1a858b1a3c

SHA256
eb76a5739bab72e894e96c1cea6be3d2d05d3edf3dcdbe5f19412d8c3299f885

SHA512
4edce1f3a5a598fe6337b2c575ddbb36b2d73d2b572342889d085d3739fd486c9852329b03a47e3e153ecfa390595945562cb4d1386a32e1465fb4d9e6ef3cd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
4a5c9eb2fadb18616d168cd2d1336e40

SHA1
4341f5d841654fa94f972aa294eff50c29029ce9

SHA256
4479cc75fa027cbb771e56e63473a468e5d3cc90ac5dc3e280ab3e246c11a90d

SHA512
4ac4d29fc61be483dcc4a725dc5ef6bc28d746494d9e47a6e82efc1a7c1326b8a450f2f3958f81d841a3645c14507c2682ea0003e7e5041060fcc6ae94def5bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
e3cbc1f485c9b3c4f9adbaf743a0235a

SHA1
1cbcfd48aaf550c1688a64029d53a0cfbf482ed0

SHA256
44202d29d21aab91061c582fd911d7c596a0ee8f30553f59b12f5dec60eba530

SHA512
d6ec59813d418ac32aeda4111a4ac8f6588f2fcd7bec1a720bae82a5abfc4c6409c0f3d44f911240d39933e81e85b11f3657541b1f7ce8069103d9a0b2ceb201

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
85a5235b6fba0c28ef4b8f4fb3755c44

SHA1
8f7bde96902eee206427ec6fc72473ff0895d1a1

SHA256
3cf921fba87565bc715891b5e4523afb1954bcfe4e7ecf4a6b432eee1c36edf9

SHA512
e03e592a7282304e7d0266dddb295a310bb52925a85b7e28543f0a592182cd3c1367269516b2ece03566eea5382a24ce38948cd1cccb27a80015f3f500ff5fc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
f35bb0615bb9816f562b83304e456294

SHA1
1049e2bd3e1bbb4cea572467d7c4a96648659cb4

SHA256
05e80abd624454e5b860a08f40ddf33d672c3fed319aac180b7de5754bc07b71

SHA512
db9100f3e324e74a9c58c7d9f50c25eaa4c6c4553c93bab9b80c6f7bef777db04111ebcd679f94015203b240fe9f4f371cae0d4290ec891a4173c746ff4b11c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
Filesize
69KB

MD5
a127a49f49671771565e01d883a5e4fa

SHA1
09ec098e238b34c09406628c6bee1b81472fc003

SHA256
3f208f049ffaf4a7ed808bf0ff759ce7986c177f476b380d0076fd1f5482fca6

SHA512
61b54222e54e7ab8743a2d6ca3c36768a7b2cf22d5689a3309dee9974b1f804533720ea9de2d3beab44853d565a94f1bc0e60b9382997abcf03945219f98d734

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004
Filesize
30KB

MD5
0d0d42172fe45369cbb246196b79799f

SHA1
0054d004db3b65edd13da401fde1fe0b7264b540

SHA256
3ab3ea837a85fb0cfb9a4b2927c80f23311c1b9f2d1c8515561a442c79cae047

SHA512
e0ed410abe2b75f5f7e7639f5294ab62ebd4db96342d4b45cf3abf6abc59bff45f89bdabc8a2280db99e5d5400b3f62624607d12f3c0c130965630ef4abc8784

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
Filesize
84KB

MD5
74e33b4b54f4d1f3da06ab47c5936a13

SHA1
6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c

SHA256
535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287

SHA512
79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
Filesize
1.1MB

MD5
f07899b2fa8398870c2dcb5d7fe44fc5

SHA1
6efd418ec9d45e731cf848b75b52cfb6124e773b

SHA256
732fe8afbf4fda320d34ed9bb0d4d4f5525879ed87784870face53eb50ffbaeb

SHA512
0b30a0d01277d2f3abcb85f3fc16be3b07fd826e9cb523b73fd9e45bc5cacab03e6f0486ce84cdeab01adb70810d6891d87dae036e525959a4e97114588a900f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015
Filesize
23KB

MD5
b3dd0ecff8ab6f6cc0b2c0352f43c31d

SHA1
2036d722ead19bc895f28680c0f5ac19fa31f511

SHA256
43cfdb2f2cfbd3e29b5b6884f3bab069241f38cbf810e27849358d5db2491f52

SHA512
69be67463a15fa7d70b2670684730e7a9c4d419bda4282b2115f9682160a579e4d534f42b960676839c94310d043639ec46cca13c5c8d8b2647ff58633fefdb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
66b20fe1fef01f57f841371190ebee38

SHA1
d6c325235e3359051cb3bd205d20cd9b10001e8c

SHA256
19241bf1f2d3d2df14c2eaa3ea940a7e9bbc860b4515a1baa9a340f560c51bb0

SHA512
78293e956d22edd6aeddb02888216eb1c2e63ca111e3145e6f4418c2aae04b625ac79d44066fb3c384c00ef073845d58b5db3fe2dc7a31f0f6774e23b6756ed9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
4KB

MD5
28ab4a372c712105548b3de5deec6198

SHA1
8a66b9e84e773d9be07e07e286588b69fe9cfed8

SHA256
107f777feb33d46bf8d964212c9bc73144203c3d291e73c5481b4510e3d9f29f

SHA512
a5bb96e198c6dda2f57abc0957d292242d1a3dbf5805dcd76c6af39d037ebe37d912c3486a8d6e62d2998234aa481c1429c649a916389b5dc1b2150c23352b07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
3KB

MD5
0bc2d7e09eddc861857f0dd5d45b1e7b

SHA1
602a7e3a3dcfdf632f58cd801923e7112add76e9

SHA256
2b98ef910e42de9178ba7b7c2ad4de0ba8ae2bd1af4885934386d360e6aa7f49

SHA512
9278733bbe6f574e9ba8028e2c7238798ff806ea4f02d054ce00416026cc3c8f496e2a0bbc308a53af6747af8ccdacf7e7269e49c7f6169b087c34e70425fc41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
2KB

MD5
7805ec9247d14111e96d8f04f7cbe905

SHA1
54efe73e59253b45f72e20125b0a2fc5715e5b82

SHA256
c7da6d8c6fa42bc331f53dd9b8e5695457a420f76369c7cc4154aa9fddeae6e6

SHA512
3d3e5030d4ed46e3fb00aab323db91af3efead10da826ce42216201c4066267f95f96e0a787caf7a57c5b36e142cba17135023fabcf9ceb0143ba035ab8e7ffb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
2a3c96190b607a6e7836b8cf07ec497f

SHA1
4cd27eeb9c6c509fbdb0fc259e0a4a9f7076cc44

SHA256
fecf6cfb2014f717d38233aa993d1a16aaf0ee64f3f90d203c0764cc376d737a

SHA512
1a39f10ec2be46607e3ae766179e3e295065a7a3ca4fc80550b93c389ba03e31a9b0a2856cc4a7909a546f20f0b4702b5bc13230f4a90d0d6e3911205c26eb95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
c041ea2ab3ef6e07d6ec203e5886285c

SHA1
9674d7f6df7f3a336b27629743c7d5ebe6bad74d

SHA256
58a37df0f9784c076aef7a79dbff84c81c859d3caa77a855ae29b486a718db9b

SHA512
0fd1e64379d4403915a3c856868b73ab213c96a578cf2240d6ec87dccb18bd37a29d15d25cc6c2a0dd2f50159970f8035ab78f74f0a2552c25d380acb6004c0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
377deedecc38fcc4af6c1e64c1fac537

SHA1
f6bdcfd48e412a7734333757d56b45f225595e9d

SHA256
2106a6cfb8bf057a511e07cd40094be921dfd7cf41deb7d28072363a179a4da5

SHA512
9d2f97ffc47c96656e3b3e02979c34dedab0fcfaded80772464e8097b3da84ff855502fa59f02813483894233149c2e04ae3c3af6a1614310e535d37ea336741

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
3b8de7d62f774b4d414e98b69c4da65c

SHA1
85b064615111932d82f2f130052f81446092b567

SHA256
de6f24a4c837a24bdbcea90b5c2f717028cf114f25ec80f6006c28f418dffd41

SHA512
75f4364f153733e68e07ab97d707c38652395ca5d1e32a180fa571a212c18ae5a1d57cfa658d0fb77633a797a89dbe7e2c9dffa736557de8f1b3a7d1c07e744b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
435cbd8fbb79ffb231e7249152d4f45c

SHA1
4bb35a9e6e7c404b73925f529b9d67ca502e6c67

SHA256
1e399ac78c27b4e9c3a9f021d34130db2a5c993481badcea8276b061ae87b633

SHA512
b8524c9b4f025637c184d332423e3afb3107ff3847cdb80dbe299e9893962af46ab80fa989ba3d4c829cb5cb0c3527f69611c9828bfbed215c7767cbb4a61e52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
80405e239d8b4f89aaafb15fe4addf33

SHA1
4acc3af4bc644d8930324f8a9f8cbb8e0428c5a5

SHA256
fc848e51c5f48b6393a62039a46035dd3f813dd13eac29422bb3d75c79d6a86e

SHA512
f24f87dc12f3952140f7e342948cefd4893ea37dcc6b0083f10d7e51b2575b633b18cdfb45cd0953c2d1bce9a16a49fe95438902d789fff006032554329b807a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
3KB

MD5
a0fb0af678baf9f249f85e4e25d60ae6

SHA1
eeda3580383451ae4b61426ff4c6c38da342362c

SHA256
94cd45210abb84572c7894af03f871cecbd863424f3c08ddf66b404511d0f796

SHA512
0e25719d9a265f43498620a09318e0cf311317abc7a6d196cc4dde302a0f0fa3110e7c764a68b35e88373f7650a0de04b8fb802b923fb5c31ce9dbdb78028417

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
3KB

MD5
eb8c465e8e28c1babff2e2ec56e73afc

SHA1
0c51851c23ac6fb9b20037d54b7749260a743446

SHA256
286c06f50dc863e773c9adcbddac217f937280d042c2e5bb08106791242bc15e

SHA512
d575d68613d6f3f9767230fef7458f2ecc7ba3c8bc8a70579b5bc43a5e4157b4c36e017296f4d6c476a99d9f2097398050971ae9ec79aa1258f3562615d80506

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
84993ed13e4ecf461fe7267935f14d43

SHA1
3c85dd21ec428359a7ba1cc8667279645c3ea933

SHA256
70e1184a32770aa6dac0a04f78a4eb7d22b751cc69549622f8af8583f388c8b2

SHA512
3a568139a6aab237373dabd4cff8bd28e688730a40c1a00240cbf1f95a3fdbb4cdf38510341426e51ba719d062d4afff8552b9bb4b2d6f98a71e056f6b5edb6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
1cf5a0ebcd65e95827ea2ce3015e3ab8

SHA1
6b15b4509ebfbed3818fd6ee76f185892b243e2a

SHA256
9f980a8d0cbf825a9cdbde1c34d705938548249262aa60a50cef1b6c3ea3bd6f

SHA512
9d42286bc24b20691c39f8c86baeadc5a74efd6d23e2e19ff17189e965b4b16bb8f57fe398207c545d6602011d247ff6b0a8e8aab36a9624b0af71e1a5c0709f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe585a31.TMP
Filesize
536B

MD5
9b700d6cbc0e2d7d66d723150a975c37

SHA1
1ec3e1b14a86f85af882ec3db9def5be80e69786

SHA256
db077b11a93890dc3764ffb6287b5cb79f15e8c172ba86e3c8a2a3ff65a6d218

SHA512
96223a81ca23287d094cdf58da3e6cd57a11a182ee9cc3ffce4d1f5229dc7de625b0014d769418326a6ad4f3f51d121751c3b5c7ccc36b5bbfadb15d281eecd2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
202f9128056e73faae2e648abb45538c

SHA1
23a41db90fb215663a700a179d46fafa58597239

SHA256
72d1304724ab6c8003147dd212da04e88105dac6661ebffeca9b70471eb741e4

SHA512
c302010365c2472d594809e0cc989c19f1e0ab01ec90d1d86836df305fb3e50f8aaa7bba17c56a8d21764a60e9be6b96d4e309cb1f9b72fa39e12c85f2aad8e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
2433d9f02d2b190d2a6cc8dd10e053b3

SHA1
b8ae44a602f4754a8b759b7dcbc578b1b0d975e4

SHA256
162672d1342a7b3347410730aa30a31374f46e99e6c6db80b7aa783801846d06

SHA512
4e8c716b20a6e5ee6a86d5e707252b22c831ce0a2b5b04d492ed15d5a1d6a9c4263a71861d5808ca28218af61eeac7e5596fc92cdf45e7a732d8a0e8a455acf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
b8459e2d21bdafece33293ca8513fa07

SHA1
a88347c8de322f44d2baa0a5f6320710ab331b47

SHA256
b2e0b1c40bc03676bb38c119c1d0c3658635f4bdfff3d9da31df26fd9fd8fefd

SHA512
4c393983604aba25d2f25a1028d48b6d133bc3e867f23eba64564a6ee9c4ba243809c8b274e060a5495c692e6585c20a1dcb5d5be443850451892fcce939d90a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
98532bf2e27955abb253ac88d64cb9cd

SHA1
fab215bb631d46cb47564ba712b232385f29b7d8

SHA256
29e4fa02114b4f8cc68998cfcd7956a7c5006adab0ca8a21356041b583d57b68

SHA512
ad2c6f0fe22306a13c645a738c9c0afd7bd3ccbebea38e83c37d9bb4ba0fcf05885232a4003e4c735f22f7143b16c46394d81d209452374ca098753be61f5f24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
8b82813d69dc66583b967e642ffe2d42

SHA1
68149d1fc9c78eb6f2bb9c04fc06d6faba78e4fb

SHA256
43e8f791a5c909907921ab9476b1c88d9948bf6b2c51c3de83719f916312ad55

SHA512
62fef985db5cf96cf5e784a4db1e3e8cd2be3639be3468bc0b3b99be92041526fcc860e8b4b48afa1ab8fd3b421ebf6a21c59d51c286b448e4b8987e06b39157

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
4d438fccc4585dbb7f07259d1ef5d529

SHA1
b6a2f3a24af3b0809af5e7523d52ec77ed05d5e5

SHA256
ce4e842deab743a034b1f0b0738948013ba0ce62c3a6a582de7fd68de0e68204

SHA512
71e4e2cab1c1b0f405856eb7b5a92e190c97d15509efb968855d5b8da9eb44e089f39436e375a1c691d8649edfad8945b3257939f9e27f37d6634801a34b0ff5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
6c0ddea7eb1c946ded6e48dc97da8a1f

SHA1
09e2a630d29b0f8e75e9c2128aa0e6e3bc47acaf

SHA256
f9c64123216223ac1ce5bb7b621b5d4d4c71748ccaef3d71b5e28632da25e820

SHA512
cb4844ff6ac272714818b85b4f77824495f3fd948b6ed88531b0bbf9adefb57b0b2bf801a368249589f5d50cce63e73c38fd5b55d628314c864c3750111027f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
cc2e806677568b4a2ac31e4d55ee6a4b

SHA1
9065349a0ba810d00dfe4aebd5082bb157b19528

SHA256
31d40e8c0104e3acf9751354bbf594575b8a784100f9daef82515b1e372a93cb

SHA512
d812b221ee0115fdd7a4f65e70524adf951d87ec160f67a91f915b90223a23b17985547e11c6c10d5feceaf737ffcfbfffe42df5f94001911730fc6c9c68941e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
Filesize
256KB

MD5
29bd18035ac3468ed8ee41ba90d66f22

SHA1
36e76825c5aff3f599ec16a85b14ee487595a69d

SHA256
eca587e1d30a5a9c65a7f3d69272ebc2890a0ec954d1ee4ad7d5ac45bd95ddc8

SHA512
b1b8a231de045c227d430c9edd5996b882153fd848fc319ba2dfbfc7aa309bce8a3551889f735f6de6d6fdfc09a1ffad4dcb4fd7ff2d4017eeb2c97f7a83f7d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML
Filesize
9KB

MD5
7050d5ae8acfbe560fa11073fef8185d

SHA1
5bc38e77ff06785fe0aec5a345c4ccd15752560e

SHA256
cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

SHA512
a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

Download Submit
C:\Users\Admin\AppData\Local\Temp\wmsetup.log
Filesize
1KB

MD5
25ab806bd4fe61d08cd54550665d212d

SHA1
dd3dcc0635234fece2122a35a96aee5cddb4d5ed

SHA256
790ce4bfb14b258aaf431b84f29b903ba56314eca4ee491afb0123e7ef7a697c

SHA512
65f0be9c5a6d8a7b847006bf101d73f4d226e9728f1dcf5c3434f63c87923746cfaabc92c8daa261a5cf82c60dafd5b78e0f2abfd8c548136232bf320a340b4d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\datareporting\glean\db\data.safe.bin
Filesize
2KB

MD5
be8ad4d63b8087b88a4d6baec0692650

SHA1
685cfbcb804f5667c3301ca52ed519b2105dfd7b

SHA256
b47552e57c9e6790ab1201702b6eff6864631848ff63349aebf25e33a4b7e7c2

SHA512
92db9ac4ff79e82b51864338cd6e4fb156d56d838cae841ecd183b3f622116a0316ff4ce41b2eb14007db50bdbd7702b8890b9b43fcb8acf19713b7abd7c3b01

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\datareporting\glean\pending_pings\0e456dff-d706-4aec-bacd-2cc7a352b8c2
Filesize
746B

MD5
1d2d823673fbfbb1e4411ad74392acad

SHA1
9ecd74936aa67ec7a7818833809d7e62b3f888d0

SHA256
2076d2c5ae62a91d4c15e4d769ccb30bc4fea89a197f2faceb96a5b4afb93e30

SHA512
b19b8fd434440ccc6ba530e5d6fef04483a87cc636760103756e77735fb44fc0748224d217736dc6d45b10bcd51bfe26dabe1a8f4518deb0be61e772c750cd88

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\datareporting\glean\pending_pings\231379a7-6ee5-41b5-b8bb-f4323d895bb3
Filesize
11KB

MD5
5da1070221292c31c505311f6994ccc4

SHA1
c7d8c2080a19f7da6ab7cf266d88c2fbf4612aec

SHA256
c15ec38708bcebf004cab1775511ee921f9a818bfe0e346a20e4750401a1a6eb

SHA512
40dc146a38fda8510b8e46000f54589d4e3e27032534afac80f3c06efee9c3cc98f32061ca9aef4f11cdd36dc0cf46cb7634d644f6200dcd3364ab35d0a70151

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\prefs-1.js
Filesize
6KB

MD5
282832597c2a6861de8e3598233f7b51

SHA1
ca4e3dd896e535350885baa929cc3c4c663cd6b9

SHA256
566e714a4a55d52b246bdab6012158e3215d3d92fa1a724d873a32a1c3580043

SHA512
4ae135ee664e9a3bf341247adf680c2a2eea6cd19d3415236601f08a6069fbaee3e8ef74cbe224605a121a0941c542a82ecbc86db81b144fbd4fd644229ef989

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\prefs.js
Filesize
6KB

MD5
83e372a97f43383d683ee6d70004db6f

SHA1
dd726f58136da571234ac81561c17e84ed5d8d8f

SHA256
6058a6759354b94976df1db1dd6f7773914e00e1e5f3782c71b0b004ab9f53e3

SHA512
d489c7ebdc581030cf2d3719e4965a2b43dd039efae110f392542b7f39dee0e3678672b084193c1450fff65577c48089dee823e1659e6ee7acb0314ae111c8af

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\prefs.js
Filesize
6KB

MD5
2b030eb2a04d7fe112cced35b88090d2

SHA1
a295fdb3e809b5b226dd5dc94d8304048832fad7

SHA256
33b4f1232b53db47c8d0510bfda2e5c74277fea95730f92ce27f92e49e5425d0

SHA512
d2b1a18ef9883ebb04dba930cd722f2fadf5a9e80d607e5af247bf55e8bcf0445908376b55a6134b2d36375cab4e67b5f5bc199d32b7891939b23e27295cc286

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\sessionstore.jsonlz4
Filesize
631B

MD5
3af7cb686997c9f81795d922e7b13b25

SHA1
6a0accec10c6a09ed72226f1f5f7f6b7b3b4a259

SHA256
a5e06cb4fd6795fbfb8e01d7045a4890bf987ee05e5947126c0f0695bfa83f16

SHA512
d704434bad662192ef6a30ec76fe521019cd5d516d7b613648fd735f5ae7ecabcf8bc6a0e0ddba471a204d3a9d6e88f8bb05bc647ac4bc040e91b0af2ed93270

Download Submit
C:\Users\Admin\Downloads\MalwareDatabase-master.zip
Filesize
10.1MB

MD5
ef04597cf104da41f58165e3f36b5f74

SHA1
f2e543c86b524d9c4dbb8a8e02ab1e113dde083c

SHA256
22fda03a09b555dd80a313335d7466e94c5b7785ef2f51a47388e9a559fc69ab

SHA512
92501d1353710829e9ca5a1b80fdbaae7d7e16eeae9571dfcc1b6c10e9fa7e30e5551a8eca9d95acd3ef62e62525218639786e0f4b1dea3875c9f140eccab120

Download Submit
C:\Users\Admin\Downloads\MalwareDatabase-master\MalwareDatabase-master\trojans\FakeActivation.zip.67D2B1B89C2585D2EE67B417B476F92EA0D26D9FDAE7330325B07A2B54FBD49F
Filesize
275KB

MD5
2123e0ae8b9b32b5d25bb1f8484be9a4

SHA1
0245446c7cc82e1f2f097b3e182b3eac13624426

SHA256
ecf59af2ffd9ce6fd4a160c8a0c6f7b9ad5e11ab8585b74c2273f96c69b2a312

SHA512
a5839ca075b866c68157cfc10e1c3613b4203eca4568466c072b2f95e2339974b7d39160e12e9d22123387a892cab3d96551e5c501cf80aeaa80d9510defbb56

Download Submit
\??\pipe\LOCAL\crashpad_3344_NOEXYMEBAEOPFUXF
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/3460-4150-0x00000000048C0000-0x00000000048D0000-memory.dmp

Filesize
64KB

Download
memory/3460-874-0x0000000004A60000-0x0000000004AF2000-memory.dmp

Filesize
584KB

Download
memory/3460-875-0x00000000048C0000-0x00000000048D0000-memory.dmp

Filesize
64KB

Download
memory/3460-877-0x0000000004C00000-0x0000000004C56000-memory.dmp

Filesize
344KB

Download
memory/3460-876-0x00000000049D0000-0x00000000049DA000-memory.dmp

Filesize
40KB

Download
memory/3460-873-0x0000000005010000-0x00000000055B4000-memory.dmp

Filesize
5.6MB

Download
memory/3460-872-0x0000000004900000-0x000000000499C000-memory.dmp

Filesize
624KB

Download
memory/3460-870-0x0000000000040000-0x000000000007C000-memory.dmp

Filesize
240KB

Download
memory/3460-871-0x0000000075130000-0x00000000758E0000-memory.dmp

Filesize
7.7MB

Download
memory/3460-3994-0x00000000048C0000-0x00000000048D0000-memory.dmp

Filesize
64KB

Download
memory/3460-4149-0x00000000048C0000-0x00000000048D0000-memory.dmp

Filesize
64KB

Download
memory/3460-4148-0x0000000005C30000-0x0000000005C96000-memory.dmp

Filesize
408KB

Download
memory/3460-3925-0x0000000075130000-0x00000000758E0000-memory.dmp

Filesize
7.7MB

Download