cryptolocker | hxxps://github[.]com/topics/virus?l=vbscript

Analysis

max time kernel
623s
max time network
624s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
07-03-2024 13:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/topics/virus?l=vbscript

Score

10^/10

cryptolocker infinitylock njrat evasion macro macro_on_action persistence ransomware spyware stealer trojan

Malware Config

Signatures

CryptoLocker
Ransomware family with multiple variants.
ransomware cryptolocker
InfinityLock Ransomware
Also known as InfinityCrypt. Based on the open-source HiddenTear ransomware.
ransomware infinitylock
njRAT/Bladabindi
Widely used RAT written in .NET.
trojan njrat
Downloads MZ/PE file

Modifies Windows Firewall 2 TTPs 1 IoCs

evasion

Windows Service

T1543.003

Disable or Modify System Firewall

T1562.004

pid	Process
2444	netsh.exe

Office macro that triggers on suspicious action 1 IoCs

Office document macro which triggers in special circumstances - often malicious.

macro macro_on_action

resource	yara_rule
behavioral1/files/0x000d0000000235f0-4091.dat	office_macro_on_action

Drops startup file 7 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4c6cde1c.exe.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	InfinityCrypt.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\b9584a316aeb9ca9b31edd4db18381f5.exe	NJRat.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\b9584a316aeb9ca9b31edd4db18381f5.exe	NJRat.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\b9584a316aeb9ca9b31edd4db18381f5.exe\:SmartScreen:$DATA	NJRat.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4c6cde1c.exe	explorer.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4c6cde1c.exe.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	InfinityCrypt.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4c6cde1c.exe.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	InfinityCrypt.exe

Executes dropped EXE 15 IoCs

pid	Process
4720	CryptoLocker.exe
3380	{34184A33-0407-212E-3320-09040709E2C2}.exe
5448	{34184A33-0407-212E-3320-09040709E2C2}.exe
208	CryptoWall (2).exe
4572	InfinityCrypt.exe
388	InfinityCrypt.exe
5732	InfinityCrypt.exe
1020	Babylon12_Setup.exe
5468	setup.exe
1624	NJRat.exe
6000	NJRat.exe
3860	NJRat.exe
2324	NJRat.exe
4716	NJRat.exe
5632	NJRat.exe

Loads dropped DLL 3 IoCs

pid	Process
5468	setup.exe
6072	rundll32.exe
5468	setup.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 7 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\CryptoLocker = "C:\\Users\\Admin\\AppData\\Roaming\\{34184A33-0407-212E-3320-09040709E2C2}.exe"	{34184A33-0407-212E-3320-09040709E2C2}.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\4c6cde1 = "C:\\4c6cde1c\\4c6cde1c.exe"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\*c6cde1 = "C:\\4c6cde1c\\4c6cde1c.exe"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\4c6cde1c = "C:\\Users\\Admin\\AppData\\Roaming\\4c6cde1c.exe"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\*c6cde1c = "C:\\Users\\Admin\\AppData\\Roaming\\4c6cde1c.exe"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\b9584a316aeb9ca9b31edd4db18381f5 = "\"C:\\Users\\Admin\\Downloads\\NJRat.exe\" .."	NJRat.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\b9584a316aeb9ca9b31edd4db18381f5 = "\"C:\\Users\\Admin\\Downloads\\NJRat.exe\" .."	NJRat.exe

Checks whether UAC is enabled 1 TTPs 2 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	setup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	rundll32.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
188	raw.githubusercontent.com
189	raw.githubusercontent.com

Looks up external IP address via web service 5 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
265	ip-addr.es
267	ip-addr.es
383	ip-addr.es
577	ip-addr.es
697	ip-addr.es

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.185.17\msedgeupdateres_quz.dll.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\ko-kr\ui-strings.js.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\goopdateres_sk.dll.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Javascripts\JSByteCodeWin.bin.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.185.17\MicrosoftEdgeUpdate.exe.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.185.17\msedgeupdateres_hr.dll.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\ui-strings.js.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\uk-ua\ui-strings.js.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\css\main-selector.css.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\css\main.css.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\ActionsPane3.xsd.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\Close2x.png.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\S_IlluDCFilesEmpty_180x180.svg.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.185.17\msedgeupdateres_te.dll.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\js\nls\ui-strings.js.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\edit-pdf-2x.png.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\zh-hk_get.svg.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\close.svg.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\libEGL.dll.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_checkbox_unselected_18.svg.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\tr-tr\ui-strings.js.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\nb-no\ui-strings.js.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\sl-si\ui-strings.js.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\improved-office-to-pdf-2x.png.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\sk-sk\ui-strings.js.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\ja-jp\ui-strings.js.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\download.svg.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_filter-default_32.svg.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\hr-hr\ui-strings.js.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\pl-pl\ui-strings.js.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\en_GB\en_GB.aff.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\S_IlluError_136x136.svg.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.185.17\msedgeupdateres_ms.dll.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\hu-hu\ui-strings.js.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\ko-kr\ui-strings.js.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\css\main.css.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\da-dk\ui-strings.js.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOInstallerUI.dll.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\106.0.5249.119\chrome_installer.exe.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\comment.svg.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\hr-hr\ui-strings.js.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\uk-ua\ui-strings.js.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Windows Defender\ja-JP\EppManifest.dll.mui.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\fullscreen-exit-hover.svg.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Mac\CROATIAN.TXT.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_checkbox_unselected_18.svg.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_gridview.svg.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.185.17\msedgeupdateres_gl.dll.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\fi-fi\ui-strings.js.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\hr-hr\ui-strings.js.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\tr.gif.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_share_18.svg.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.185.17\msedgeupdateres_ro.dll.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.185.17\msedgeupdateres_ta.dll.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\ja-jp\ui-strings.js.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\rhp_world_icon.png.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\sv-se\ui-strings.js.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\plugin.js.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\hu-hu\ui-strings.js.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\en-ae\ui-strings.js.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\pt_get.svg.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\eu-es\ui-strings.js.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\cef_100_percent.pak.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_unshare_18.svg.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	InfinityCrypt.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 9 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	InfinityCrypt.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	InfinityCrypt.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	InfinityCrypt.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	InfinityCrypt.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	InfinityCrypt.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	InfinityCrypt.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer settings 1 TTPs 31 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80b03d109470da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90b942109470da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\""	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\Software\Microsoft\Internet Explorer\IESettingSync	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c0da766f7a4aa440a3269a9745c8e181000000000200000000001066000000010000200000001bfe84f0bdfeb8273390b73bf1b8b510af9140b4b1d79b0816cbfb3fd2b3538e000000000e800000000200002000000060b75f0fe8698512d2791e90bb6fc1ddfb601ab095722d65772ae17c80ad51cf20000000f148fe60a3e561cba468d444e5d3fc082858cf71f3c94cfc1801c04b6546438840000000f580d3d0ac9399952489e38ad4f88b4b9e043b05884c20352e0e30f64aa07ee9edd450373287678f85d0e12af0d89aa717d1afc33a8ac3d40fe15e6fe61ebff1	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{3970B58F-DC87-11EE-ABF1-628714877227} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c0da766f7a4aa440a3269a9745c8e18100000000020000000000106600000001000020000000867e8b1cdbc4be010cc8b5d4cdb174e31faab72b8f63828cbca41b5dd2e24e43000000000e800000000200002000000042b8a08f5608547cfa93d12296456a32dea35350fafff546d39b09355d0ec9a420000000aec3a251d74e5f0637b0203272164704ec1c398e8b60289242a1c670d046eb6440000000118894890b47a1a0a7d3ac6c4bbbc13fa6d25b16cb607826594f06c461fa1e891a75f33bb4084a2cce64c5c453dfddd7d33e5fede6b1c5cc356bb3cdad0780c4	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\SOFTWARE\Microsoft\Internet Explorer\IECookies = "\|affilID=\|trkInfo=\|visitorID="	rundll32.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\Local Settings	msedge.exe

NTFS ADS 9 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 46867.crdownload:SmartScreen	msedge.exe
File created	C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe\:SmartScreen:$DATA	CryptoLocker.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 910282.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 94578.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 169960.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 745767.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 848941.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 539325.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 515751.crdownload:SmartScreen	msedge.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
5984	NOTEPAD.EXE

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
2476	WINWORD.EXE
2476	WINWORD.EXE

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1976	msedge.exe
1976	msedge.exe
4600	msedge.exe
4600	msedge.exe
2764	identity_helper.exe
2764	identity_helper.exe
4140	msedge.exe
4140	msedge.exe
4340	msedge.exe
4340	msedge.exe
4340	msedge.exe
4340	msedge.exe
388	msedge.exe
388	msedge.exe
3820	msedge.exe
3820	msedge.exe
3636	msedge.exe
3636	msedge.exe
5468	setup.exe
5468	setup.exe
5468	setup.exe
5468	setup.exe
5468	setup.exe
5468	setup.exe
4628	msedge.exe
4628	msedge.exe
3328	msedge.exe
3328	msedge.exe
1624	NJRat.exe
1624	NJRat.exe
1624	NJRat.exe
1624	NJRat.exe
1624	NJRat.exe
1624	NJRat.exe
1624	NJRat.exe
1624	NJRat.exe
1624	NJRat.exe
1624	NJRat.exe
1624	NJRat.exe
1624	NJRat.exe
1624	NJRat.exe
1624	NJRat.exe
1624	NJRat.exe
1624	NJRat.exe
1624	NJRat.exe
1624	NJRat.exe
1624	NJRat.exe
1624	NJRat.exe
1624	NJRat.exe
1624	NJRat.exe
1624	NJRat.exe
1624	NJRat.exe
1624	NJRat.exe
1624	NJRat.exe
1624	NJRat.exe
1624	NJRat.exe
1624	NJRat.exe
1624	NJRat.exe
1624	NJRat.exe
1624	NJRat.exe
1624	NJRat.exe
1624	NJRat.exe
1624	NJRat.exe
1624	NJRat.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2936	OpenWith.exe

Suspicious behavior: MapViewOfSection 2 IoCs

pid	Process
208	CryptoWall (2).exe
5156	explorer.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 24 IoCs

pid	Process
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe

Suspicious use of AdjustPrivilegeToken 41 IoCs

description	pid	Process
Token: SeDebugPrivilege	388	InfinityCrypt.exe
Token: SeDebugPrivilege	5732	InfinityCrypt.exe
Token: SeDebugPrivilege	4572	InfinityCrypt.exe
Token: SeDebugPrivilege	1624	NJRat.exe
Token: SeDebugPrivilege	6000	NJRat.exe
Token: SeDebugPrivilege	3860	NJRat.exe
Token: SeDebugPrivilege	2324	NJRat.exe
Token: 33	1624	NJRat.exe
Token: SeIncBasePriorityPrivilege	1624	NJRat.exe
Token: SeDebugPrivilege	4716	NJRat.exe
Token: 33	1624	NJRat.exe
Token: SeIncBasePriorityPrivilege	1624	NJRat.exe
Token: SeDebugPrivilege	5632	NJRat.exe
Token: 33	1624	NJRat.exe
Token: SeIncBasePriorityPrivilege	1624	NJRat.exe
Token: 33	1624	NJRat.exe
Token: SeIncBasePriorityPrivilege	1624	NJRat.exe
Token: 33	1624	NJRat.exe
Token: SeIncBasePriorityPrivilege	1624	NJRat.exe
Token: 33	1624	NJRat.exe
Token: SeIncBasePriorityPrivilege	1624	NJRat.exe
Token: 33	1624	NJRat.exe
Token: SeIncBasePriorityPrivilege	1624	NJRat.exe
Token: 33	1624	NJRat.exe
Token: SeIncBasePriorityPrivilege	1624	NJRat.exe
Token: 33	1624	NJRat.exe
Token: SeIncBasePriorityPrivilege	1624	NJRat.exe
Token: 33	1624	NJRat.exe
Token: SeIncBasePriorityPrivilege	1624	NJRat.exe
Token: 33	1624	NJRat.exe
Token: SeIncBasePriorityPrivilege	1624	NJRat.exe
Token: 33	1624	NJRat.exe
Token: SeIncBasePriorityPrivilege	1624	NJRat.exe
Token: 33	1624	NJRat.exe
Token: SeIncBasePriorityPrivilege	1624	NJRat.exe
Token: 33	1624	NJRat.exe
Token: SeIncBasePriorityPrivilege	1624	NJRat.exe
Token: 33	1624	NJRat.exe
Token: SeIncBasePriorityPrivilege	1624	NJRat.exe
Token: 33	1624	NJRat.exe
Token: SeIncBasePriorityPrivilege	1624	NJRat.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4348	iexplore.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe

Suspicious use of SendNotifyMessage 40 IoCs

pid	Process
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe

Suspicious use of SetWindowsHookEx 45 IoCs

pid	Process
4348	iexplore.exe
4348	iexplore.exe
412	IEXPLORE.EXE
412	IEXPLORE.EXE
412	IEXPLORE.EXE
2936	OpenWith.exe
2936	OpenWith.exe
2936	OpenWith.exe
2936	OpenWith.exe
2936	OpenWith.exe
2936	OpenWith.exe
2936	OpenWith.exe
2936	OpenWith.exe
2936	OpenWith.exe
2936	OpenWith.exe
2936	OpenWith.exe
5568	OpenWith.exe
5568	OpenWith.exe
5568	OpenWith.exe
5568	OpenWith.exe
5568	OpenWith.exe
5568	OpenWith.exe
5568	OpenWith.exe
5568	OpenWith.exe
5568	OpenWith.exe
5568	OpenWith.exe
5568	OpenWith.exe
5568	OpenWith.exe
5568	OpenWith.exe
5568	OpenWith.exe
5568	OpenWith.exe
5568	OpenWith.exe
5568	OpenWith.exe
5568	OpenWith.exe
5568	OpenWith.exe
1020	Babylon12_Setup.exe
5468	setup.exe
5468	setup.exe
5468	setup.exe
5468	setup.exe
5468	setup.exe
2476	WINWORD.EXE
2476	WINWORD.EXE
2476	WINWORD.EXE
2476	WINWORD.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4600 wrote to memory of 4908	4600	msedge.exe	89
PID 4600 wrote to memory of 4908	4600	msedge.exe	89
PID 4600 wrote to memory of 932	4600	msedge.exe	90
PID 4600 wrote to memory of 932	4600	msedge.exe	90
PID 4600 wrote to memory of 932	4600	msedge.exe	90
PID 4600 wrote to memory of 932	4600	msedge.exe	90
PID 4600 wrote to memory of 932	4600	msedge.exe	90
PID 4600 wrote to memory of 932	4600	msedge.exe	90
PID 4600 wrote to memory of 932	4600	msedge.exe	90
PID 4600 wrote to memory of 932	4600	msedge.exe	90
PID 4600 wrote to memory of 932	4600	msedge.exe	90
PID 4600 wrote to memory of 932	4600	msedge.exe	90
PID 4600 wrote to memory of 932	4600	msedge.exe	90
PID 4600 wrote to memory of 932	4600	msedge.exe	90
PID 4600 wrote to memory of 932	4600	msedge.exe	90
PID 4600 wrote to memory of 932	4600	msedge.exe	90
PID 4600 wrote to memory of 932	4600	msedge.exe	90
PID 4600 wrote to memory of 932	4600	msedge.exe	90
PID 4600 wrote to memory of 932	4600	msedge.exe	90
PID 4600 wrote to memory of 932	4600	msedge.exe	90
PID 4600 wrote to memory of 932	4600	msedge.exe	90
PID 4600 wrote to memory of 932	4600	msedge.exe	90
PID 4600 wrote to memory of 932	4600	msedge.exe	90
PID 4600 wrote to memory of 932	4600	msedge.exe	90
PID 4600 wrote to memory of 932	4600	msedge.exe	90
PID 4600 wrote to memory of 932	4600	msedge.exe	90
PID 4600 wrote to memory of 932	4600	msedge.exe	90
PID 4600 wrote to memory of 932	4600	msedge.exe	90
PID 4600 wrote to memory of 932	4600	msedge.exe	90
PID 4600 wrote to memory of 932	4600	msedge.exe	90
PID 4600 wrote to memory of 932	4600	msedge.exe	90
PID 4600 wrote to memory of 932	4600	msedge.exe	90
PID 4600 wrote to memory of 932	4600	msedge.exe	90
PID 4600 wrote to memory of 932	4600	msedge.exe	90
PID 4600 wrote to memory of 932	4600	msedge.exe	90
PID 4600 wrote to memory of 932	4600	msedge.exe	90
PID 4600 wrote to memory of 932	4600	msedge.exe	90
PID 4600 wrote to memory of 932	4600	msedge.exe	90
PID 4600 wrote to memory of 932	4600	msedge.exe	90
PID 4600 wrote to memory of 932	4600	msedge.exe	90
PID 4600 wrote to memory of 932	4600	msedge.exe	90
PID 4600 wrote to memory of 932	4600	msedge.exe	90
PID 4600 wrote to memory of 1976	4600	msedge.exe	91
PID 4600 wrote to memory of 1976	4600	msedge.exe	91
PID 4600 wrote to memory of 3708	4600	msedge.exe	92
PID 4600 wrote to memory of 3708	4600	msedge.exe	92
PID 4600 wrote to memory of 3708	4600	msedge.exe	92
PID 4600 wrote to memory of 3708	4600	msedge.exe	92
PID 4600 wrote to memory of 3708	4600	msedge.exe	92
PID 4600 wrote to memory of 3708	4600	msedge.exe	92
PID 4600 wrote to memory of 3708	4600	msedge.exe	92
PID 4600 wrote to memory of 3708	4600	msedge.exe	92
PID 4600 wrote to memory of 3708	4600	msedge.exe	92
PID 4600 wrote to memory of 3708	4600	msedge.exe	92
PID 4600 wrote to memory of 3708	4600	msedge.exe	92
PID 4600 wrote to memory of 3708	4600	msedge.exe	92
PID 4600 wrote to memory of 3708	4600	msedge.exe	92
PID 4600 wrote to memory of 3708	4600	msedge.exe	92
PID 4600 wrote to memory of 3708	4600	msedge.exe	92
PID 4600 wrote to memory of 3708	4600	msedge.exe	92
PID 4600 wrote to memory of 3708	4600	msedge.exe	92
PID 4600 wrote to memory of 3708	4600	msedge.exe	92
PID 4600 wrote to memory of 3708	4600	msedge.exe	92
PID 4600 wrote to memory of 3708	4600	msedge.exe	92

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/topics/virus?l=vbscript
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffa93e46f8,0x7fffa93e4708,0x7fffa93e4718
  2⤵
  PID:4908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,4477434129437979057,5185137438897137797,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2232 /prefetch:2
  2⤵
  PID:932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2220,4477434129437979057,5185137438897137797,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2220,4477434129437979057,5185137438897137797,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:8
  2⤵
  PID:3708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,4477434129437979057,5185137438897137797,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:4060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,4477434129437979057,5185137438897137797,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:748
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,4477434129437979057,5185137438897137797,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5468 /prefetch:8
  2⤵
  PID:3932
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,4477434129437979057,5185137438897137797,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5468 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,4477434129437979057,5185137438897137797,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
  2⤵
  PID:5600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,4477434129437979057,5185137438897137797,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
  2⤵
  PID:5608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,4477434129437979057,5185137438897137797,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4016 /prefetch:1
  2⤵
  PID:5880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,4477434129437979057,5185137438897137797,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
  2⤵
  PID:5888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2220,4477434129437979057,5185137438897137797,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6084 /prefetch:8
  2⤵
  PID:5756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,4477434129437979057,5185137438897137797,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:1
  2⤵
  PID:1604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2220,4477434129437979057,5185137438897137797,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6260 /prefetch:8
  2⤵
  PID:5684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2220,4477434129437979057,5185137438897137797,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5764 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,4477434129437979057,5185137438897137797,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3856 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,4477434129437979057,5185137438897137797,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
  2⤵
  PID:3324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,4477434129437979057,5185137438897137797,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:3116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2220,4477434129437979057,5185137438897137797,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3340 /prefetch:8
  2⤵
  PID:5760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,4477434129437979057,5185137438897137797,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1812 /prefetch:1
  2⤵
  PID:5700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2220,4477434129437979057,5185137438897137797,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4120 /prefetch:8
  2⤵
  PID:960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,4477434129437979057,5185137438897137797,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
  2⤵
  PID:180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2220,4477434129437979057,5185137438897137797,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5976 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,4477434129437979057,5185137438897137797,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
  2⤵
  PID:4472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2220,4477434129437979057,5185137438897137797,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6260 /prefetch:8
  2⤵
  PID:960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,4477434129437979057,5185137438897137797,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
  2⤵
  PID:2164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,4477434129437979057,5185137438897137797,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6308 /prefetch:1
  2⤵
  PID:2880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2220,4477434129437979057,5185137438897137797,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4656 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3820
- C:\Users\Admin\Downloads\InfinityCrypt.exe
  "C:\Users\Admin\Downloads\InfinityCrypt.exe"
  2⤵
  - Drops startup file
  - Executes dropped EXE
  - Drops file in Program Files directory
  - Checks processor information in registry
  - Suspicious use of AdjustPrivilegeToken
  PID:4572
- C:\Users\Admin\Downloads\InfinityCrypt.exe
  "C:\Users\Admin\Downloads\InfinityCrypt.exe"
  2⤵
  - Drops startup file
  - Executes dropped EXE
  - Drops file in Program Files directory
  - Checks processor information in registry
  - Suspicious use of AdjustPrivilegeToken
  PID:388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,4477434129437979057,5185137438897137797,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1
  2⤵
  PID:2656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,4477434129437979057,5185137438897137797,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3840 /prefetch:1
  2⤵
  PID:3572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,4477434129437979057,5185137438897137797,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
  2⤵
  PID:5636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,4477434129437979057,5185137438897137797,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1
  2⤵
  PID:5344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,4477434129437979057,5185137438897137797,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6452 /prefetch:1
  2⤵
  PID:4276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,4477434129437979057,5185137438897137797,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7012 /prefetch:1
  2⤵
  PID:3860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,4477434129437979057,5185137438897137797,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7148 /prefetch:1
  2⤵
  PID:5232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2220,4477434129437979057,5185137438897137797,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5316 /prefetch:8
  2⤵
  PID:4204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2220,4477434129437979057,5185137438897137797,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3372 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,4477434129437979057,5185137438897137797,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1
  2⤵
  PID:2204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2220,4477434129437979057,5185137438897137797,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5888 /prefetch:8
  2⤵
  PID:5876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2220,4477434129437979057,5185137438897137797,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5972 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,4477434129437979057,5185137438897137797,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1980 /prefetch:1
  2⤵
  PID:4720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2220,4477434129437979057,5185137438897137797,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5872 /prefetch:8
  2⤵
  PID:1600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2220,4477434129437979057,5185137438897137797,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3416 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3328
- C:\Users\Admin\Downloads\NJRat.exe
  "C:\Users\Admin\Downloads\NJRat.exe"
  2⤵
  - Drops startup file
  - Executes dropped EXE
  - Adds Run key to start application
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1624
- - C:\Windows\SysWOW64\netsh.exe
    netsh firewall add allowedprogram "C:\Users\Admin\Downloads\NJRat.exe" "NJRat.exe" ENABLE
    3⤵
    - Modifies Windows Firewall
    PID:2444
- C:\Users\Admin\Downloads\NJRat.exe
  "C:\Users\Admin\Downloads\NJRat.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:6000
- C:\Users\Admin\Downloads\NJRat.exe
  "C:\Users\Admin\Downloads\NJRat.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:3860
- C:\Users\Admin\Downloads\NJRat.exe
  "C:\Users\Admin\Downloads\NJRat.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:2324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,4477434129437979057,5185137438897137797,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6636 /prefetch:1
  2⤵
  PID:348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2220,4477434129437979057,5185137438897137797,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3416 /prefetch:8
  2⤵
  PID:2144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2220,4477434129437979057,5185137438897137797,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7088 /prefetch:8
  2⤵
  PID:5768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2220,4477434129437979057,5185137438897137797,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6676 /prefetch:8
  2⤵
  PID:5584
- C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
  "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Downloads\NetWire.doc" /o ""
  2⤵
  - Checks processor information in registry
  - Enumerates system info in registry
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious use of SetWindowsHookEx
  PID:2476
- C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
  "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Downloads\NetWire.doc" /o ""
  2⤵
  PID:5644
- C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
  "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Downloads\NetWire.doc" /o ""
  2⤵
  PID:5760

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3460

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5112

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:6112

C:\Users\Admin\Downloads\CryptoLocker.exe
"C:\Users\Admin\Downloads\CryptoLocker.exe"
1⤵
- Executes dropped EXE
- NTFS ADS
PID:4720
- C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe
  "C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe" "/rC:\Users\Admin\Downloads\CryptoLocker.exe"
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  PID:3380
- - C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe
    "C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe" /w0000021C
    3⤵
    - Executes dropped EXE
    PID:5448

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -nohome
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:4348
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4348 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:412

C:\Users\Admin\Downloads\CryptoWall (2).exe
"C:\Users\Admin\Downloads\CryptoWall (2).exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: MapViewOfSection
PID:208
- C:\Windows\SysWOW64\explorer.exe
  "C:\Windows\syswow64\explorer.exe"
  2⤵
  - Drops startup file
  - Adds Run key to start application
  - Suspicious behavior: MapViewOfSection
  PID:5156
- - C:\Windows\SysWOW64\svchost.exe
    -k netsvcs
    3⤵
    PID:4544

C:\Users\Admin\Downloads\InfinityCrypt.exe
"C:\Users\Admin\Downloads\InfinityCrypt.exe"
1⤵
- Drops startup file
- Executes dropped EXE
- Drops file in Program Files directory
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
PID:5732

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2936

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5568
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\FormatUnblock.ttc.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4
  2⤵
  - Opens file in notepad (likely ransom note)
  PID:5984

C:\Users\Admin\Downloads\Babylon12_Setup.exe
"C:\Users\Admin\Downloads\Babylon12_Setup.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1020
- C:\Users\Admin\AppData\Local\Temp\{81B950A6-BAB0-7891-9F67-1D08A447C675}\setup.exe
  "C:\Users\Admin\AppData\Local\Temp\{81B950A6-BAB0-7891-9F67-1D08A447C675}\setup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks whether UAC is enabled
  - Modifies Internet Explorer settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:5468
- - C:\Windows\SysWOW64\rundll32.exe
    "C:\Windows\SysWOW64\rundll32.exe" C:\Users\Admin\AppData\Local\Temp\{81B95~1\IECOOK~1.DLL,UpdateProtectedModeCookieCache affilID|http://babylon-software.com
    3⤵
    - Loads dropped DLL
    - Checks whether UAC is enabled
    - Modifies Internet Explorer settings
    PID:6072

C:\Users\Admin\Downloads\NJRat.exe
"C:\Users\Admin\Downloads\NJRat.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4716

C:\Users\Admin\Downloads\NJRat.exe
"C:\Users\Admin\Downloads\NJRat.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:5632

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Downloads\NetWire.doc" /o ""
1⤵
PID:880

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Downloads\NetWire.doc" /o ""
1⤵
PID:5196

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\icudtl.dat.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4

Filesize
16B

MD5
51ff75e202d97814de0f07dcad40f876

SHA1
f6454d26e2f1c5aaa1adede6008a074ba2cdfbed

SHA256
f97e5a4f3e6b055908a3b0ce9f17b451b57f1302f306a6a5093b7ab63204246f

SHA512
a695dc4de4619b51b46e957938e77d6a4c2dada3b5050e408ceb900681df3f740714abc0c19f69ff572aabd4488aca20c04986cef9b47b701f813d0075131ffa

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_remove_18.svg.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4

Filesize
720B

MD5
4c1150f581ad5b7914f2d0c5f7c9f714

SHA1
cf1e03d6a20f1b9fc01cb3823bb7a9d412b68f72

SHA256
423fb096ad75df0dce7d985becd60d9da209af6ae0d790876c166c7cfce94974

SHA512
e3724c6367a6e76f269dbf9e946306aad601772091261d6f30c0b61391bdf201f6deea68f5b37d63ae581325c2e583bfb0bd8510fa74fd2992c2834148114ba5

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons.png.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4

Filesize
688B

MD5
76d13f7f1cf029279f281f6dda058d64

SHA1
0a468020adb4a62105382d6143968d05d19fd808

SHA256
7ff4f809bacda073cdc08d9de9765b2de289d9ea1b797ad29b260bb31415857c

SHA512
6359557d1e44890f1fced3204af4e243f5d2b89d1c43e2fa0a5b319b5117f51af15c284a375d6423eff0a2eed6bc046ce6c2b17f48a12644de689ce7773c9707

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons2x.png.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4

Filesize
1KB

MD5
0f164f1ca94abad2f53e697c6cb5a363

SHA1
3c730679371516b09d2b2f298185841fd2adf7e7

SHA256
15dd9da870b08e0f30c379919f1aa28bd76b7533b7c52288b8ec8382b6c13275

SHA512
1e8dfdbfa677564c2bb2b9fc1d24d807e24bf6a61b52c66182690f63c86f3f8afe7c3aae66c37f5fff8f9cdf0111da5b06e276fea7217941908f4f47e6587c58

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon.png.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4

Filesize
448B

MD5
0f86ecb8c91eeeb17bd14d768a05e647

SHA1
e9f87846e56eadee3e42c89b4d4da09affcd1c1d

SHA256
61fcf184a218fa6a26e16c50592257991d2c42544d7c5fe3c4a4768c9d3770f0

SHA512
71bd5ec605933eb7072cde773d22aa5f2ac48d684dcdd22bf5a797e9a1f511b2818685f2bbb37c6e9196ec4e3e0572090ffdad3c95261a61a018353e85773815

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_2x.png.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4

Filesize
624B

MD5
581aa36366fd74c16fd2cc4e61aa5d4c

SHA1
102a6369c9a1a7a66d6b5e84cb7d8c2441897c52

SHA256
5536a5cce7955ac0d2760a2cad04a21bf755128a477ce9cc4dbf88102c90e21d

SHA512
0fde0d1264f41b8eacc3c5b6d766a016ac63f95ccdf9dae8eecba4d0a8e6b4e193473980e8b3ea180b642a34d28186b2d0aa1e7b7acaeda34d208dade34e7e6e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover.png.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4

Filesize
400B

MD5
0688a13d0c352d328d8e490f2debfd8f

SHA1
66552a88ac45abb37b9977b9aad870d1cbc03d26

SHA256
463a2090d909a9cd555438093122a6bfc4693de3ac64949a39255dd6ee216df5

SHA512
beca45eea734092f0c4bc8abda452718d6f7f73caab172b7af3d762d095eb99e218ec8f96209473ce26ac0c88b40a438bc1c210bf7c92c592a48807e243f0dd9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover_2x.png.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4

Filesize
560B

MD5
616031bfe0e58c5819b3c072f6ebff79

SHA1
452264e8b9e1c873c83cb6337400f561e0140b10

SHA256
2300182ef74b8af61eb15203cd67ffd167ef2f8ce6aa09838faee2ebf3ad835b

SHA512
390f57e9603bf479bb2b59cc56fef6bedce468fdb66c0e62909853f5615297649ebc05b48a2e19663289d0201ae67d30fe6cadfb311bb598770b43c4c41a1bb1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon.png.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4

Filesize
400B

MD5
07a4cf8bb553fb4d25a7a666c15e6a07

SHA1
86e31575b2922ca1fd33b6a4a7f8208924b7ae41

SHA256
87589fbd4964b2bdffc509b6ee29d8b18265dadd6d854239ae4bbade2a70f2f4

SHA512
c10e72097a2ebffe5f6548ad4766265aaf004ba57b724136dfee840ee0fc90cde82302d74d6f806409030f755abd5ab1775f95543156b654f3ac1a32983c846e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4

Filesize
560B

MD5
f43d788d5b3614ae51b8e47f67957050

SHA1
5125ec0eb4efe5bcd8514074d99b87fbec1d2659

SHA256
4fb6b8d50e354c5c23e9fa8abeb1f7b77bf7ad02443081446bbac3f9222aa830

SHA512
45610505c805bdd2f6a607b951a18728601d73fffe4ed27fbd9d331727265f236b76679d70e7107277d847a3439d73f99e7658d1f2bc61da2978f63d7fc2fde1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4

Filesize
400B

MD5
1c692372e3725ad9f041325aa4154f31

SHA1
f0dbe891953d942a4de517269eb3f77950a36854

SHA256
d42cf3962800d5b5e32d1aac0f8bc00802a815bce12fcf345a59722c1b34278f

SHA512
5261050b4bbcab6c866e9ab2f26d46138871662ab4f9b9bb19b9b144692b064175cdb19b8e85720e3dacf8f333a9992228be83a3d911ce50cac1541ed6d76188

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4

Filesize
560B

MD5
cd27e6771cb3f308db09efee477e765a

SHA1
3d78063bed96bab97795a3da57a9b3cf7a2a6101

SHA256
ee40d4c1c5b3bc1938ec1694c5f2bc45f8ee21da14390b4e5d49421de737c279

SHA512
957797515c6b2e87f3051868ed8133ff20b641548de029f017bea9ee52ceb474ddcffedcea002160165428cb325bd1e36527b0e6d6f970122b3863559a92172b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons.png.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4

Filesize
7KB

MD5
d699d22a25cac1ae771ccc29766d0455

SHA1
6956fc666a4588bce21ba368af7288cdb2bf937e

SHA256
3fe68526c4ec790789f76f80b5235ce80078a9b62ad0c3348744520aafd1aa37

SHA512
7b22460d5102d453743e981bf6fae0616bb4a65ce194198134f0859096980b79d261207e3e5267df035888241a60ea85b8b9a4d186d99f5d848089622c16ae3d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_ie8.gif.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4

Filesize
7KB

MD5
e3448b6e38b4ed42f30ded0df527961d

SHA1
386697a83eefa3b031e9780747a0b609b6c70bb2

SHA256
1c1a40fb2743b6d612521923d8e23d2258ffc855e7cd6ed4c816807128c95eb4

SHA512
fe2d49d73777095f0f26dae270bfe5fd95c7bacfbc867d5d946245c4d59aa1c5f4a2074abb47149be952f9eb6d1eb8115381d2db3b16678987b3673e93428a36

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_retina.png.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4

Filesize
15KB

MD5
994406af134246e35b1b9b5c6cfc9d2b

SHA1
5b409015cd00f3b9564d828a874ed0456a9da398

SHA256
329ab764e55f07cca42fa134242c91bb5160d8c1f42f28ee97f3ec1bf0b2dccf

SHA512
8d0d523dab939e9deb08924ccd25ad6ffed67d6fef27e591d9e5d3e18cc04ae48d4d0989e50c3efcf503bc9e8ef9ceedc8a02b01aee8c1a0984cdd97d1cd3a8d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons.png.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4

Filesize
8KB

MD5
035848d6fb40898dd78aae2c93fc952e

SHA1
141c92907dd459eb9fba3fbf5df2231993895759

SHA256
ae803c7d05767422b3d7cbfd696f1af06c37a4e0e41c2c43ac7f10153ed0646e

SHA512
2cfb9260da1029940adf85d8eccc29315a9f6de740a8fa0ba8dbeaaf322c4c9eec543d70ce7e3db5038997dee8a1f90ed076858ce7ab643148c50a3c63fe9d46

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons_retina.png.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4

Filesize
17KB

MD5
e6afca860784fd17cdfff7e3be365e17

SHA1
3adfb0cadebd04c4bd2aef33059f348a43a8b508

SHA256
e79feb4d7df28cb135ab66c627ae9ec4515f4a2f6910ce8e6ead10d6cce825cb

SHA512
3b61d658a124f861991c1ec6d02d05bb3848eef10a6352ff6970a583422d1829cab07083205b4f330d7c34e1e9ec428cc5abdc69ed4cbff2ee021f787e98fc01

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_pattern_RHP.png.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4

Filesize
192B

MD5
729a9750a47a77375853379729e1714b

SHA1
794c5b5ec9c7bdcc26fb8edce9c394dde960d288

SHA256
da5f91ee360ce95a5f9247755e233721a1248ee73135f416545cfd11fe4dadc4

SHA512
0d49d965e6431dd1dd07f316cf156f823deb00a0c9e3bea4fd41b2b844edca7868ccb35ac4dad89cde2d31c53a9a862b17bf879f1e82c5a1709cb1a9864d0094

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_patterns_header.png.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4

Filesize
704B

MD5
ba4758ae8a1697398d09b8acbecb4607

SHA1
f096826edead61e9a33e22c6520ae1a978474df5

SHA256
8db26f5dc016cdfcc9da419d6d6340244ed228e36450e8690131cc3c562cd301

SHA512
a7a22b61aa898d425df107b69ed3e2f15bc6c438773403ac487346dd18c8536cf3a6c393eb46453781fe47c9990fa93c5e7e3e769b4afcf1311a3c450cda8455

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations.png.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4

Filesize
8KB

MD5
9856c0128d60e30f70f15210fc553749

SHA1
e31a689bd33327ddb4a52c8b6e7072b093bf3d8a

SHA256
936bd5cb8349950fc1467c6075162f8af1d979869304e24e64bd638abdaf1e5e

SHA512
0c977276085af0783142d2b573a08bb1646c9403a1503c39d37b03442b75e28f9766470fe7587fdd80721f72f26322a912128fd6a87a66758b19614052a3b980

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations_retina.png.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4

Filesize
19KB

MD5
d7a322d2de311655f97cc54f376b2366

SHA1
f58df536d8f67bdb94f62b0094948bfeff2e036d

SHA256
71939e34249894af53b48efa3513cd8def2301f38b218dd1013a8f89a68b478b

SHA512
f043e646ce1268c6738895c04fddba47f232b45c981cd2f1a180b5a329a8e1c501ec5f0e20ddc87643efd9a646e99158a3c57a349b32c99aefb732c58d66764c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-gb\ui-strings.js.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4

Filesize
832B

MD5
3843293ce82a8c95cdc8a4d313bbbfa5

SHA1
e039f10584d3fb2f4bce62a825ff9902ed2e23fa

SHA256
d770c15344e72a8f4717c5f91d1f735f2db27ba8bb98973ef25ca0ea8c35df58

SHA512
90e1d42fb85d4c082d8196fdd4998a3da474090b2bbb8ddf92f79e3ad09ecda647f7266e47b871606a08da2c32fc52adfcce6802f50f08f2db3768e0541372b2

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\ro-ro\ui-strings.js.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4

Filesize
944B

MD5
a4c89849932eb67a2d26c73ebb0c221b

SHA1
4a8eeb47d15bc6acb8b1e97542e019177e90bc5c

SHA256
6d9e906c25ff15b12a5a46da333e2cac316a051eb76a283bdb47bc445d5f1c50

SHA512
8743aeda9f01fb641a6cf8984a8d15961f0c3a38b34a1afe69c953c546ae35cce9a00ca8e4f1c8f0ab359ebbd16c71d39a81d89b006990dae7e7714d48d8187d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\sl-si\ui-strings.js.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4

Filesize
928B

MD5
2e186df42460b7c543951f8f99d2281e

SHA1
d1f2ffb83a30d94332a15724265d341918f82ecc

SHA256
53ac30fbdf71fc8df20aa2d034972b4de65c9c5992ec33a0296735f06ce49ddd

SHA512
ad00494af46e35bd3dcf43227c399d354ab56b825dade883e38c01ece700f195e02f5c9282967bfbefe7afeb8cd92773862cb97896d0b5a46b40cc744e628c2a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\da-dk\ui-strings.js.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4

Filesize
864B

MD5
ac078f35fc3396686a88ff4fcf8da65a

SHA1
9330f3ed32593a5ab1b3b3e7abf6c097743aa512

SHA256
05eb32e399dd6743d5751790876c780142b2e51e0118356ff2a08b9aa6430ad9

SHA512
2fe6f9fea336fa560552549ef4a4d80823eb03389ad354d5d6c8f6420abc2b8a6931825f02e84dca15ff5444898d885a5bb6699137231983e781c1aa7a2332c9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\sv-se\ui-strings.js.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4

Filesize
9KB

MD5
cb344ae7618a03bdd7ceffcc2cffc1e5

SHA1
a95d03e353bae8be0332e876df89e22037cb3e2b

SHA256
7db2dbe234cc447ee0d25b1025f50f5425dbda78e9293e1354fd3d4340902b03

SHA512
381a62743368488afd4d46880c0be3eb3af1ad68d9ed8440b400f28a76ecb39236a33a3770c7e91377785ea3b92cac40db81b3b53bf5d03f52156f04ff6665b0

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\ui-strings.js.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4

Filesize
1KB

MD5
64121b23f58d00f8cb3f0ce25221299e

SHA1
9771d2a29dd9f96403bacaa31ee4215f9a611907

SHA256
7aa715926b4e5ea644b59c41904ccf052e8391ff6e4a7994aff4155b97c05d1f

SHA512
5d0f6344b90fbd7d83dea44448aaa6f84fda3f36dd4a68f104062c95c43e4b8ed77a51ffb9e2cf9edc86b8ee81081a5ea6fea1eea4d046b04a9d4e929a7bf024

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\js\nls\it-it\ui-strings.js.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4

Filesize
832B

MD5
e8d16726f0e827f07fe413d6146bf7c4

SHA1
59ba9b217ba0eb22583b63d2dffb622249996ea9

SHA256
e197f0b5e1193b6164e4319ecd630cdd237ed8e15a34099b7532042b5ed38133

SHA512
563a96a589e22e86f76272733a084c4844ca2ceeff316a012165fbc636204073eb600496f771b53886f13a970d9c2fbe723bbae5a47744ad530a5bfe4b0dbfca

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4

Filesize
32KB

MD5
0461bbba2a4a85d28acd1abe329bcdeb

SHA1
5ac6b280d357e763d43d8501324b62b9b63bff23

SHA256
ce5ae6e359b0c2609b0176b467eab392e2616ac1c96ea3b249339be6286d31a9

SHA512
fdc0c4adccf24d2e9682c92641dca9f627200133d980336f6b148615fd7d3ebc7f103b759bf316ba34d0e5580576ec6c82f6bcda4c5f49587af33595c82c507d

Download Submit
C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\dao360.dll.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4

Filesize
596KB

MD5
9a9c30551d86443f3f16aac7288867a6

SHA1
fcec2c9136293d4b965dbd07ef0d978d288b77c1

SHA256
80479e11c15aeedddee61530937adb04c0a7d24f83c5122b12f5d76678a973e7

SHA512
17a2bfe19f688f642086c999b7afe6a670f2379014391277bc230f194c0acd52a7465564bb833bed66c88146af0063eb1c2eff42095504ce93b15e29f2e5dc5d

Download Submit
C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\dao360.dll.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4

Filesize
596KB

MD5
1bfd322fe049d92423f67cf43d7066e4

SHA1
e61d34a86d25ec9c7657d8706b5dee0900d4cad6

SHA256
0968533fe5461a8b8363708d14b6a4bd9f4b5d5d7b8ae7d98c31268974ca2521

SHA512
266ed42f75d35662bdca1cbe214f9d8384dc6cc61106df2d356e0708d3b950caec18cfa3bf6c433341911162510208f13a737b160147bb77073e64aa28f509e9

Download Submit
C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\dao360.dll.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4

Filesize
596KB

MD5
f65691129c6ed0d90618ddca51bb7467

SHA1
f20b0a77441d7da8269d3e8ac0ac15d6a6182d82

SHA256
ec5f02837fe83e332ff8d5aace021c084bea98caf9924708bfceeba8aed948b3

SHA512
be24f3f206caa92495f5b96bc3fb16ce004ab7e0fbd2641b8a00def1ce01177de55bf1cb5eb1e28ef44d82d6b56f821b327b1d2aa83c72eb6254e86467857f50

Download Submit
C:\Program Files (x86)\Common Files\Microsoft Shared\Filters\tifffilt.dll.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4

Filesize
172KB

MD5
2229e67fe56a85c009da1db5ab9fee01

SHA1
d4d90075acbd006379423c342d276e262639da41

SHA256
3852402fded170f4b0f5456e913cf75f262663d8cb37c0107b1ddab928ccf126

SHA512
e03db8ab72f9788f34944563fa9bacf1ee4cc6a016229e596f1815cb5b9773067d36673986232e6c0913f57eb5d8c5d4d9d6c5232adf1bb70a90307264b0512c

Download Submit
C:\Program Files (x86)\Common Files\Microsoft Shared\Filters\tifffilt.dll.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4

Filesize
172KB

MD5
d5a1e3551c62f45bb4b48030cfa6e3d2

SHA1
fac8ce12d52035c3e1ac1abb9f61af858925bb31

SHA256
d5d4dca89017a14d941d0707bfa37886f1e6f0108fb27670bed38920138270e9

SHA512
0bfc4ab8e77731eae56955b590537be51aaaf3f581e02c35d08c47368892b372afbbbb31de5a5cbf67993c7af9394513ad4e612eed4768ea5c6009c0f1808d4a

Download Submit
C:\Program Files (x86)\Common Files\Microsoft Shared\Filters\tifffilt.dll.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4

Filesize
172KB

MD5
32c9fb75b13307c7e0fbca758d9984f6

SHA1
c3a5622c4ea4a0a953c2b21cf6838da9837e7cd4

SHA256
9bda2733e5ebe21189a54b8bf407f0d22c799e24c1f83ed92d7039d17001ec61

SHA512
495ef44203542befc51be19e16d364984f51c949ee6cb7269b736a9683e2e9acd5e240f891e9cf5bea3efa6725d89a1fa5141a6ad69447649fbd7b807e09468a

Download Submit
C:\Program Files (x86)\Common Files\Microsoft Shared\MSInfo\msinfo32.exe.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4

Filesize
330KB

MD5
2e8f2d52faafd7b7d5c510c70c723c87

SHA1
933038a80fbd92472ec1782ff5a55b9fd8508769

SHA256
87aae17b203c6a5ffe169a500d8ae22c4df292f50aba5d0e19559dd4a8815901

SHA512
e0952945b58aabf5d7b735903712068aabdd27fd02bfb15c4d0afdefef16fa3f27de064aaf24c3978b47cc15b748309388f944bf88d610d9e0e8def2b248ef25

Download Submit
C:\Program Files (x86)\Common Files\Microsoft Shared\MSInfo\msinfo32.exe.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4

Filesize
330KB

MD5
5be511764d672115837af63ab3d73a1a

SHA1
a20832d232ce7a864e2a1213b66a7d38383a3694

SHA256
0f42ed7e247845ce0d1ee2ffdffe563a59116971b3e405325e14cbe6c8c9b046

SHA512
2ba430c5bc509c67b6e089616e543cef504e173032be7cc1e6f81bfcd92d522bfa9975653f701f2f66b8081529f5f0a4db6d1c45434d3d159b60c941a25358fe

Download Submit
C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4

Filesize
801KB

MD5
f4361f6bc90e122a0df5525fd79a8baa

SHA1
ed39bd952cf79e94ef79c7c04c7970a94e443dc8

SHA256
f343303ec59dcea6ad3cb52f95c8a40a444539ea65d780516659c0687661766a

SHA512
fbd34dd8ce7a84f7aec5add950fc3ed1285c673996217e89a582dc55826a4439ee21aa3544fd2b3405734027c29f63828d3600c374c6f9d1dd9a7658f5688cd0

Download Submit
C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4

Filesize
801KB

MD5
43c457e99dc6536341472b4d2da292d1

SHA1
7fa92d83ed8455ef246efda0366f4c9d564bbfe5

SHA256
db2fef148534747d9319c18f92ad58e6ab700139502a5c18854502ecb768a67d

SHA512
fbe46e7e55cf0ef1063cae9dfaba2887332cb6fd8474bdf40cbc17e78327d3495beea0c46763ea705ce2cd203c35fb9d309c0e968e47f8aeb2ac16313a94b9f6

Download Submit
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\InkDiv.dll.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4

Filesize
297KB

MD5
3384520328513f3fd89c3dc7b41e528e

SHA1
f8fc31b68c119f8041e6ebedc102ebf958cd7f42

SHA256
98e2fb91ab99b4c50411648f60bdb23102374d362e1972d44d092f9d1acceeba

SHA512
2f3883c68ada6c181ec3a7d15e704ff82d60d63866a6da1fe3ae8d503fa52e26e8e0c3c4efc1370c3ad7ec568111840d41e0e973de2f941fd0a9385f7a82f558

Download Submit
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\InkDiv.dll.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4

Filesize
64KB

MD5
82909be11a1f249818e6760e85f57dba

SHA1
b5772cd4b3d0e95b4890356bb2a02398f0476780

SHA256
1ba575e3ef0b129996f47adb5b5bc9fbacc47c684a353f8b4ae1d94d7b54feef

SHA512
304b793ff2a1035314dda318b4b8c9f9c6fb1d97079e55774f48a6bc6b67b5ee2b7fc436a06bbdabaaf8b1f55d6b47dc9dbad1c2d67a5862063a52c72b40473a

Download Submit
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\InkDiv.dll.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4

Filesize
297KB

MD5
7356b2969d3fea2a0952d1cdde0e24dd

SHA1
85c4a558cf24d73402f06626d76220b940381dd1

SHA256
c8cfd79e9ddf27c9349336b7603f1ca18cd781329b354d787e268db9efd5ca26

SHA512
6cf7c9c406df0b7ee6091bd796a8a5a396014712876e8542e50a599146352e134c2bf0885ad4bd1e2c051d10915d17de5d4cc158592e909e532d75cc220dc90a

Download Submit
C:\Program Files (x86)\Common Files\System\wab32.dll.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4

Filesize
726KB

MD5
c273b5e09f8284475d2c181204bc9df2

SHA1
522b22584bf1623048f5d79fe62f9647305628af

SHA256
58f46cf7fe1c239e02ba3211a3ce9fd5520a7add0471eb4f6d51032cfef109ab

SHA512
4b0b4082a442dd19f2ccad67886398819068e8146a640c765a88d14886cfd66d6e2b140e3eddc8fdd9a42b8be4b5d8b9d22fa17b88f67598d26a3a61ff6e3728

Download Submit
C:\Program Files (x86)\Common Files\System\wab32.dll.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4

Filesize
726KB

MD5
99c94cb7327fdf257d2a062cbf5c8608

SHA1
80ef754190a5e7f748757aa23cb6c4a541020cf0

SHA256
c8c894a7fa26792320da21096e1a6b88929dea9afbd15c96aa8d9f86c3fea84a

SHA512
a2e86270915e8f18066896e418f875ba915902e9882c6eda029328113f5ca0db1bc8720b47c82133749883545c3520a001bc622eab40b2008a85a7f90031d16b

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit\Reference Documentation.url.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4

Filesize
208B

MD5
d5f0506b7775476a8d6217cf90c1b44f

SHA1
579cc7162efbfafb330087a9479a08b4e9626e2b

SHA256
096d6050472a6fc2e8306cf1e08a604987285a75d2a5917b528a689f5e6bc061

SHA512
13156b6a61122511e064c5795246b10237abddb7163046f10d651d0bd6315a8c895460a86a8c431e5a3223cf1a58f678cb61cdb9fbbf859b47dec2ef8343708e

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.url.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4

Filesize
192B

MD5
e2e46e62af025ef8c7e642e1126765cf

SHA1
f3536b740ffb02743cb4de7f2e18be22582ce2b6

SHA256
5861327b686b688cec6e4d30450845ce4c531a073b283e6d1f6f0e50970a8bce

SHA512
9dad6267137305eedf8367bada6ccbc0f5f8b524fc1d72682e7727959d1e26398970d8c9749e69411396f3fdc92a08493714eee909bf88d19c3ac4578bcd870c

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4

Filesize
176B

MD5
af8680ff94e9f03dbdd23e2d6af8619b

SHA1
0ee61dc9ba57d504f95224dee764de69741f3fbc

SHA256
d8222aa2d83fe2b19fd0f0b04c16e8ef013b25da977291c5db35a152ac67b042

SHA512
c2537d99d82cb492dc55ca92a54b2db13120cdae06c5b103f11f21213c58a48b16a9e81fd8734cf662ae652da3537853fe5fcbf1e735525ae3511fe1901299a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cbec32729772aa6c576e97df4fef48f5

SHA1
6ec173d5313f27ba1e46ad66c7bbe7c0a9767dba

SHA256
d34331aa91a21e127bbe68f55c4c1898c429d9d43545c3253d317ffb105aa24e

SHA512
425b3638fed70da3bc16bba8b9878de528aca98669203f39473b931f487a614d3f66073b8c3d9bc2211e152b4bbdeceb2777001467954eec491f862912f3c7a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
279e783b0129b64a8529800a88fbf1ee

SHA1
204c62ec8cef8467e5729cad52adae293178744f

SHA256
3619c3b82a8cbdce37bfd88b66d4fdfcd728a1112b05eb26998bea527d187932

SHA512
32730d9124dd28c196bd4abcfd6a283a04553f3f6b050c057264bc883783d30d6602781137762e66e1f90847724d0e994bddf6e729de11a809f263f139023d3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
c51f30eb7f5d9575b77dbadfc69ba7a5

SHA1
54d0022cc9fe1295fea1e9757dbfd58c685eabd6

SHA256
d90fadc5bc0a9635a472e49933d1c3b108eaabedd3c751b57fff776f4fb19645

SHA512
96542bc42d1878a6c8119ece87109b0272333e48a6a1d199cf5c353d8c224f5b4041895ee93fc83bb6806db271e7015d0bcd627bec1e8f319cd77e17ff7f454f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
64a6906c3e5aa546ebd7ece10c2019e0

SHA1
242c8aa525fac23ebf671cc6ef166e305a789880

SHA256
b34181ca62b75561b0c5ab2abfda13554ced90319fae768ec607438a10f91fea

SHA512
072de775f850838196a0a2d922deb4ebe8af0539c5bffd7d77a5932666dcb58417b12a0b8065205e89f0ed7f749f917249394a7eeab1665d7e758a0042b78fa9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
2f9d4c486ec6c2cf11dc618c23952e34

SHA1
7d8d28b9a4ee3e4ee5014953f32d666505b56f15

SHA256
b71efdeb10e9fb8df50e3de5b8255d32142b2263e3a9f179a0233965ab055950

SHA512
aae023ab3e90044759336ec894614f72619404839b7e5aa687a6a884f5117ef200911cfca5798ce50c49f4e5221a0e186589b1ed62bf67c7277bae7112ce67bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
453db1a3a88f9454a5b39155aeaf2e0b

SHA1
782d9a77bf743db12720343b862085bbfcf68169

SHA256
40704f74a465e117d0ac9460bc39752ed7f2157e1a4804986400b8edc0f9e877

SHA512
170f95a5d9f6f6fbfc33c2ea7284167400bee780ba5279188c5a11a62f83753aa001e0f8a427ca1ca86c921411828ea4d60a9fc8764a040557d13c58204afa7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
a17cee4af98923dc793448812cb0c36a

SHA1
b007dda8106c6d289b31abf86cbb54cc47ea8938

SHA256
ea44de0b6651be181a004501739c73dc357956876d67f8e453f2b1a41314d5a0

SHA512
e3ba553c536dae5d7583175c33f0954768a50d6eba59a6bea2e26a55fb3e86d7b61e1dc2b28f46e5a79be52d79af61a8ac6d6bc5b39a7b28122a9ab652d3ccc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
593B

MD5
fcc18f5745b460b13b017873c4f41f1b

SHA1
88b6b0b633b2d99058f2be9e3cdfdcdfb9b68078

SHA256
96cf871df4d4cc34e8e5da4fbfc4451c976484c4c3e33056521f51c2cce6ddd0

SHA512
c1ae4fef1ed0894ebc4495f9f724dbfc0b98bb36c4f8df0605b242e421d4b3061867643f010dcbb1a2bb579f8dd0e4647128c13b5eb97f478828314e04504fe7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
676B

MD5
85393e61c8439304df1e3a37c4884910

SHA1
296fc45ab21a4f036e8c100e9cb5b61641bcdbaf

SHA256
d3458f8614f88aadd9015e315e9c3deff022ae435f2443612c8ef58475928cfa

SHA512
6c69769a4a2f9adc5919b9d4ef8c9c5e2b6632e002fee630ec04d7615303b547c0483e69702c664a34cc500ff5afc315e411e5e6a79328ff5322901175f0b175

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9238543b24d95dd7d10adf6493444402

SHA1
4183513364f970ef147ae66965b8733efde552df

SHA256
4685fedfc305aff10da7114d369233f113c75430af47e5afe30fff4f062274c6

SHA512
b1d7ceac4f99ea6821548f46be8f68730b6c96b2f20a0780ff6a32c88d3a9519798e12361c9b298a9ccbfa4d9a3a87e5c077a27937086607193887b5d4f5292e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
adce45fc3753edf7f14e1292271fa8d6

SHA1
5192029ff8aaa47e9c23e87025b99950efb6b812

SHA256
83fb420981f1908886ab81cb2f6809ae3435ec228370c57b413b112571ae09e4

SHA512
24d54a4705d42b36ada724fc037c779b59cbd480b63b03ec5c2e17a5f0036f32718e4c45dc31711f3016b26eff14da794a8b7eb3b9d2e1f40d7fc77f580c03db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fedf69270e9ae8c9e004a1a1c49e0658

SHA1
4086f4edfc33af8e972e3c6e7e15790c78fc03c7

SHA256
5441a0be52a176f9a9eb0c5ea136b6b548818561531dfe53f4bdc3e6ac9f14ba

SHA512
14ac2aebca4587b42685ea2def427319e9f8dae8ba424b7e8f32a1a95f3606f4ee4231d3e0628936830ffa7e1ac96f16737b07f3204fc749d64672b2a6d4ff0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
16bea232cf8daa69637a1f4c226da5a9

SHA1
ab1b7716e53ee45df5800f23447bc155872d4c1d

SHA256
1225b4a02ac8eae4e51c1b007639286843647a474ba965c66c5aae4e1b4ddf5c

SHA512
f27cf1a193be8cb191ed39d614e76db53d5480898a35475167a48c68597600dc219502091691fc53bc98e841bed071e4c04773b24d9cf453b09ddfb06b4bdfaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8f2325d2f5daba7593205e60b3cabd19

SHA1
84d55327c66a1c39aa80e5b7b840d3e8da0e6531

SHA256
f04627d56360cef01aca6b0ce7b5a6f3f76eedba678e979c0bb94fa30c6876e2

SHA512
55fedf6df4358043860eb8fb3e09a6aef797e5c7377e2fb8b66eb1b82024a0fc35b225f1478af485fe8867c1faf48f1361fb7e2b55050460ed5832954e9bf5d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b2799e5b644259f7d40a07f0a402a871

SHA1
160236fb81ac19dc4fc2208d9f561db49cf312e8

SHA256
425a05f0dc1473ea1fdada51564b717f8d7d55ff9e229daaa90683ab64279382

SHA512
b8911145f5c335fee7560d055a042a4b7e3074c0e52c4676422c9d67baea71ccdfd0716a6381cb11d039d128a78570f92a31c2b82799dc5cbe409ebdf78307ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0d2dfc63cc5b384237b41f72ea2071cd

SHA1
158ec4da35e169dc43e4c7dc8a133666f963009b

SHA256
ff198fc1d56862f73eacc4973ec4455a49cb17715063dc9dd4ad983709f74cef

SHA512
d273fd8c16e61bffab49705302d9e72e24b82eb23a7315cd277b3f0618361d20c0173644bff5b74ee9980369b96cc058f3ca3fae494b02acfefd11046bfe6aa6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
18a249047d8387c32474218f1ba5f539

SHA1
3e83edd1a9a8a9c7e33ab9c122074c47fadb8f60

SHA256
92283c852e1250292b03510326dbb6566a11ad921c7cc4de1e9b94b08b4951b6

SHA512
a0b8577f62d71978814d5c84b8fef275c8c6ddb93772887b82415a1287c37a7c997e5ddd5734e532094bb45ff653dc8f8485b4a18b3d72e7a56f8503d18e0550

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
a409c65e067255a342f4fb19df512907

SHA1
c51579c4f59505680fd9a350d533390647e69c1d

SHA256
1f2eaee3426a505914c43777c4caa830fe940635bffb3b21482fd9e8af052ec4

SHA512
01861a073f40e9faf7120850722c8d43c6f79d1581c409c2bcb189a79255a5de9e33bf5884922756af38cccab0d8672e7684878144b0a4695d967744edc0a8dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0ff49dbd539bb216259a9ddd1d675182

SHA1
3ea5c1952790fe423d1bf0da13873cda67d3ed0e

SHA256
99f21a4d93f236598013fbf6c7b77308c02c9e4c6007721b758079e6dc024f86

SHA512
596065ed05c137dba7200b9d817cf251c4358b371cd5e7613916a7c08c718ca4bff85e43472b90f6421e6621fe2496060f59f79d11340fb0e9c6597e3bd70d29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e571a539257d526195bb61f829f3de12

SHA1
11e9c1422671a0e62d0cdb2eaf816678c9fce488

SHA256
175c090dc00cfe164f33ca978a3b2c680a2ef432255a70169d5f6f16e8503183

SHA512
8195e5560bfda61b1536d1f8cc4efd146ec881a0a11044f74c81d7d03894348440c6ca08e91cd1e3ccbf2427d1c7a70efcf33995d5c3b4f35ace020c0b59c8d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
423b2589605b80211c27a22a45dfef96

SHA1
7d655424a57835650b6ceac2af2689827f5a1db7

SHA256
01599938a5e3ffa2db0a8e2cd1828c7fb9531fa8ab79aeb223255ef4e029e372

SHA512
5f13dd7884bb128d81fae674ca0037c5ff29ebec3b8c44e6140922bf97dc5ef2dc8542580223664d39adee9557c8c3456d835a566a159007187c02804663d09c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
53d7abefd4343bbe281ad2bfb25d40af

SHA1
8776232383b4b8f23015909afc0d81730d86a6d5

SHA256
03c232ebd5b5f2d39141f79e4c3fcea6669f70091c3040a040368311554303f6

SHA512
95a2484887130f325fbee63f015d71169dd8fb01cd562fb222ad02712be31edcd72f88bc3bda32835aaa9333f93fe30f7e8ea351c6fb2dbfc19c0a6000bd50b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
6b05c359962a9bafd9410ba6858ecca1

SHA1
70dff67ca6f97ee7b3836b090768da2f1e2a80c1

SHA256
6163a4d67a0c45c2dc4780b73140b22186d23eb110886219261d48de3c6e8cd8

SHA512
92bff4647caa4e2dbcbbd0fe36d7238a5dd3ddfd1a60fbdb4efbeac1c9a575e1e58a17baf0fa8382e7f6a9fb3f5f06bfd5e1adc586defec903796997cd7c78a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
42b12e36b1ef53651da8a2395de7c400

SHA1
e86cd67086255d3213974d91f42eb6e22e99f4ad

SHA256
841fa88d7e6e201d28df882d99a8083dad10c9badcfac5b799c309a7c2958882

SHA512
8ac4f04dba666626ddd42587dfc9450b9f3f42da6a7e1c0069f930e013ce7cfc28a90a11e00c02f553fac6860ba969516599f17e93025044dc3bcf1fe43043a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
71089801a387618bc17685ce7d9e2f15

SHA1
c7ed72f0a0d137193566da243dbcd61495f4df03

SHA256
73704226aaa92007fd008330bb9c9b2cef70f186d5f3aecb952d2fa8683e7efe

SHA512
733a47760d1a425b133da355d09031c3dba19ce1bd547eedd90a7c4092aec9a1ae060d4496fce29da137ff646800abe9d0e5601ea391c2768d429096e37bd48f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
1e9caa0d7ab80a43e997537f26802b4a

SHA1
cc54dceca1ee9ed418ae0227a734ccf75d52e335

SHA256
6600ef932017175dd019b6d93df3a49ba96796b208287c36d6e7c9ec72c17f5e

SHA512
f19cf5b7260272cc399c5c97c53ca70e1f89c07c58460fbc7dbaea75507d60ff2ca4c08083141a25122bda2ad98f37dff6ad2d7132d464870f5e2ba52c7a74f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
2cf502aba9a649e89e4c47c6e22dad06

SHA1
8928c154a132a871140dc7f94942ee480b95f518

SHA256
86bcff6d346d48186a640169c4b34ca8a8463e612b3957963238467581d25866

SHA512
1400339ee678dbf383c3335d9e5b79a2518cc68eb536ac9dfd6bf8c378d9746acc81a1f254af8e61163626126a26398075d10b4e60ce39b6f0a2a25d895d0c1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
8eac80815208a3d8c84dee94d58d1df6

SHA1
b628b5e1851d2ab99919d517984cc77b89894294

SHA256
1bd12241b24ac01d02e02f1528dc4c7b23760a48103edad265c738f4f6f7b288

SHA512
c6015beda7ff7571b01c874e973175c1d0db025da58eb7516148e9a3355eb820f1203904994ac82136f542a02dea07200e26b691408e2b404e627b7e306bd456

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
613159248135365e973acdf87a76e8a9

SHA1
334f6b422700f00a17285f6548636edd104505dc

SHA256
3a743920a05cba1da9e22c32f962782b738583c1fd2d3048fd4542c89dca71d1

SHA512
cea4a819442e6e1795d3b95045494a890c63a1b9feeecabb4593640a5b31b1c00c0d00228cc76695c1a1bd9f7619587e53a53d63ab96e1803665bea877b1312a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
1ff4eeb7eb58bb5617c5d7db8e4bf85b

SHA1
28f2cfaf1b7046650cc35d995a61f0ebc9a0458d

SHA256
c21fe4820e1e7d11628c2f6cbf7237f253ed3576c77518718c4225958d87747a

SHA512
99b2ccf4562bd48d699e294cc107624f4cb6b71dec0cc8cbabad2602660160d5151e360f6b76cc116ceaf9a687a14dfe25b028480033f7bb567979257590b828

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d37a2db1975b210aefaea7443c24cd37

SHA1
cb38af528cf3afcd2f7c6e4ebad1bc04f7c8fe24

SHA256
727b2a574a817d5455504f47b6f50e05b1878f94fb6ece4258526b348bef379a

SHA512
348a9f9d176153cdf4a28be039ec67e8ce95211fc899b63ba490a61954edc53ea8dc420261aed2e6b35c9a30453fb56988d6e8d054a8932b0ddfbf678b41f19d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
d31e0bb21ed45fed5614a0a5ea19a6c2

SHA1
8ccb15076ea34fa9f7bea3e455e3ef163db1a5ba

SHA256
e5b38cf8ef65cbea190f445fd28d9267062e2124c4004eea5e09421f03a75b6c

SHA512
b9abadfadcd26eeeb93d5abc5927b0d943d2d5f9a9ebddfb729d62d44b7d0191837fd2962f60c0b2c7d4968af7d64fc5d492203161f52687ab73c4d8ab8b92bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
bea34342e7566b34e7ea7d65d96dd7a2

SHA1
720a74c67e98bcab6e252aa307887d2d17fb64f9

SHA256
902ad5f80dd42a2d36a632bb2c60431a3593f377bd5044d71868cc650d696811

SHA512
1d95d718f581e9bdd1831f73dfeeb1c0dfd46b9bfb311675423cd5bf93fbbb95e0c19fd089eaa9398f6d7f88cee7d7b28e6a14e6b2f5fa00aacd41c7c38e5d13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5786b4.TMP

Filesize
706B

MD5
67092137365cce9af278af9ef1ea3035

SHA1
0d232bcd9d7960fdab933fcc39e2cd00d92a86c8

SHA256
b280c4be9fc80fb1f11dbf4da997611d22df896a8c542dac78287bcaec67e262

SHA512
aef1d414ab532979fcd14c52d03cc61b341b5dd6aab9e577f5219e25d98fc2f7c43d4a1f6e0cf7497a84c5f11832d0add2c49d38155f0a8cf9d984768a4477cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\blob_storage\4c98c478-712e-4aff-b2bd-d16b8610bb21\2

Filesize
2.3MB

MD5
e272dcc7a1abf47e7b3295438edead86

SHA1
4baa51fcd81fc490a703a0b708aa629ded22e8a8

SHA256
2eaa2805123cfbce4bc3480000446dd718d9ec505e0d8a53befbf2d4a1853ca3

SHA512
f9bdb629e0dffdb25f425ed06c89103d15680a6c8bcb5ed6136b3c93b43a561d8d0f0459bbce54cbd2db3b15514fdb90fa5d5f0b0fb423984e731360a6381f95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
e96c0ea2c7fd89d748643eed3bf0be65

SHA1
fe8184ab617b2901648c020d18d87eebdc723fac

SHA256
5844987195feb1c5d526b68c71d0d3a9a9384e5241525f85bae6374aa0b53d26

SHA512
a8b1e25e41ec9b162ee8e57b68d53405adf7a00250290084d74bed566ab716c144c85a18c5004ea097f8dea4b63659e6668f4ee80e2f2fdf4f4836bc76318bb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
70faa726477dcce54ba7cb88b48b5daa

SHA1
c698a99540a00a5bbcfd6c7b8a0fce7d01c358de

SHA256
e4fe6efb18e53b07d0603c220efaece7a3d66c01938978c16c5d24bf72db5679

SHA512
cba55bdeead4ba8f85a85d71234186477e232cf7ea497c14e294c6218c8c00f7ed7390a8e920a89038f1659822a0f82fd449eab2c8eb994a7baefd3844dbec77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
0e2836bbf3d48d18a39309743b17d7f1

SHA1
4710d670ecd6f4ff4a574fc624f11239e827c254

SHA256
99e78944e865ed758da6cb39bd21ba4b6fafca0945dd672bc532ad87f9e54c55

SHA512
805386fa8b16d5bc541210153f0e0a9c97e7a24cda575e4e892bf0b35909b70799629b0bd5aacf128add418891cf1bdea6ad7e3a864439e8f42fb8a49f4e027d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
a93178b222acbd1deb0503c171c56861

SHA1
1a4798eb9f19a7e17aedbb656fa49b996444e60b

SHA256
45d07be0d44d655eaad5e4f7b654ddd50d1309b816b08f1d7664e5051ea9bfc9

SHA512
f49ae745f5f98bc567f819527459b353c270fbbc9c0e61332a1bcae46997c4692f398ef191867484219f15951788acc92b3bd04bad1199161b6dcf75a3e4da19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
530df403b11faf5097e13d03965d95d0

SHA1
854b65298f78efe22e9105cae044002fd5f9a289

SHA256
27d75c186195d9d2c0c2cc3fe14331d9dfe35d2cd8f3883b57e98fdd86a0300b

SHA512
6817958f4f5ca698700b1af308e929dea6a3e8c661b01d6f1da34b079863c2c60c99b685d27db1a803b1a24ac8fc3e1f57e6a95e06b1aa59003e9781a378c990

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
20f9aa8a34e7866ad5b064f7aca9fcb2

SHA1
d3e9993cd26b1e1118aa7d2048f0e490e95282a9

SHA256
ef6f3d6a66061cccab1b8e655807f86146cf50db72c2dca633529a77edfc7e25

SHA512
4cfad3b92170b67868094653b43245011ef18d0249bc77e0610bbbac55457af7d669a232b99282098219d13b0fafdbfccaa31317e3c12268841f100a3baf9e3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
28780072824389730e4265f39a4e95ac

SHA1
7c89bd588a9bd24fa1fb4a90010ab9402d78f87e

SHA256
e8988e34149f47daa604eea2969848d01d5cae0e04ca3529ddb3dd31a61492b0

SHA512
8547891c19573d1c68f05a3c168b826321d76c24974fcb3ffedd21d8b9fdd0672c6e75cd6df1d24c3c941b1ca761b488af15628f4286c8b0b84581c847d3308a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
9b632b1b1c81976068db0b1b01a6bda3

SHA1
3aa851ff1811ae159465010efd98420d15a90931

SHA256
6446b1721f5e81f2df22f4eb40b4cb153ff7dc2438aec487b48df0dede48db35

SHA512
a26a3087fd7b21e9c66d150cf135b58700f9715d5236a3dcb8344ef2d88c6c79e57173f4b73786c88317da033db651b61aac84417e6e2197b5b105db564de0f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
a97e592ff201e7788802315901861ec8

SHA1
61ca3a1b61a6e799f91966d4e9cf436b637c082f

SHA256
36d62afabf48a4ab905677c7ac34ef2badb392f774050f59af23fa13a7d911e7

SHA512
007ff3f5bc1dcff6d533c9b48489b1d973480af663acbd7577ced56270781dee85af8c49314efe3ceda328d06f43039cf9317218a65d60e1d50d729cfe54c600

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
6d03f2383c9226e8ffb532f7a98b426b

SHA1
f41086912e2a9fdfe2b6859de01d724aa6684cc1

SHA256
82bb091dad0f5a797c9c93ba97ca480f214ac02fb72de7024a6b31555007886c

SHA512
fd29e8ae594fc5b283116e4b5fd5298edcc63091c975c8ce06bd1f5bf56e1c0441848e97a8cfa325ccdf833d0439cf1d0ac21e6bc22cb8e51021d8053c632d20

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

Filesize
247B

MD5
f4e880918127b7a44df85f4f68d4003f

SHA1
80f0fd6750f03aaa2bec1418d58ca779167da8ac

SHA256
46615c0d77c7ee1ea13e3870f057ff2dd41ff6a434709001f110d44706d84405

SHA512
69c91f4abf0947455bbbd672c7bd272651478fe574e6dcf6040da1847d0ef064755d8509cc2c3eb3235903db3dc52a88fd6c0be7ec236a8092758100a29ce059

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4c6cde1c.exe.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4

Filesize
132KB

MD5
022fb358f51648d11c1f273711a47ecf

SHA1
6a41561418fac768bcea6772c7854624dd5570cc

SHA256
f9eb4c87e0e9238c60fa490da35bc405ef3d83b05ba2594a8c78779959598c93

SHA512
d89490365f4f0a6d31f21868f09b313e061e70cd7a42482b29f8dbc1a1bde7ada0222a976f901d69e074e7461d2dd091422dc840b047da021fe30168c1049afb

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 169960.crdownload

Filesize
132KB

MD5
919034c8efb9678f96b47a20fa6199f2

SHA1
747070c74d0400cffeb28fbea17b64297f14cfbd

SHA256
e036d68b8f8b7afc6c8b6252876e1e290f11a26d4ad18ac6f310662845b2c734

SHA512
745a81c50bbfd62234edb9788c83a22e0588c5d25c00881901923a02d7096c71ef5f0cd5b73f92ad974e5174de064b0c5ea8044509039aab14b2aed83735a7c4

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 46867.crdownload

Filesize
338KB

MD5
04fb36199787f2e3e2135611a38321eb

SHA1
65559245709fe98052eb284577f1fd61c01ad20d

SHA256
d765e722e295969c0a5c2d90f549db8b89ab617900bf4698db41c7cdad993bb9

SHA512
533d6603f6e2a77bd1b2c6591a135c4717753d53317c1be06e43774e896d9543bcd0ea6904a0688aa84b2d8424641d68994b1e7dc4aa46d66c36feecb6145444

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 515751.crdownload

Filesize
5KB

MD5
fe537a3346590c04d81d357e3c4be6e8

SHA1
b1285f1d8618292e17e490857d1bdf0a79104837

SHA256
bbc572cced7c94d63a7208f4aba4ed20d1350bef153b099035a86c95c8d96d4a

SHA512
50a5c1ad99ee9f3a540cb30e87ebfdf7561f0a0ee35b3d06c394fa2bad06ca6088a04848ddcb25f449b3c98b89a91d1ba5859f1ed6737119b606968be250c8ce

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 539325.crdownload

Filesize
670KB

MD5
5cc9e44078f5a9740fa7692c8252a25a

SHA1
ad2256d2cf6d13e8aef26089bafa70c480c73623

SHA256
3ba30ffbb1a0059f5d0c2de7b38a33ba05031404d8cd8c970e50861e4c892475

SHA512
e024c97ca1273cd0660d128aad5ba44aa020701f50b9b6fd391576c652967876a7ea5cb18a84ef3a6b95a376d0cfe1d3c2119d9afd32d34378235ee369b002fa

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 848941.crdownload

Filesize
211KB

MD5
b805db8f6a84475ef76b795b0d1ed6ae

SHA1
7711cb4873e58b7adcf2a2b047b090e78d10c75b

SHA256
f5d002bfe80b48386a6c99c41528931b7f5df736cd34094463c3f85dde0180bf

SHA512
62a2c329b43d186c4c602c5f63efc8d2657aa956f21184334263e4f6d0204d7c31f86bda6e85e65e3b99b891c1630d805b70997731c174f6081ecc367ccf9416

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 910282.crdownload:SmartScreen

Filesize
7B

MD5
4047530ecbc0170039e76fe1657bdb01

SHA1
32db7d5e662ebccdd1d71de285f907e3a1c68ac5

SHA256
82254025d1b98d60044d3aeb7c56eed7c61c07c3e30534d6e05dab9d6c326750

SHA512
8f002af3f4ed2b3dfb4ed8273318d160152da50ee4842c9f5d9915f50a3e643952494699c4258e6af993dc6e1695d0dc3db6d23f4d93c26b0bc6a20f4b4f336e

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 94578.crdownload

Filesize
31KB

MD5
29a37b6532a7acefa7580b826f23f6dd

SHA1
a0f4f3a1c5e159b6e2dadaa6615c5e4eb762479f

SHA256
7a84dd83f4f00cf0723b76a6a56587bdce6d57bd8024cc9c55565a442806cf69

SHA512
a54e2b097ffdaa51d49339bd7d15d6e8770b02603e3c864a13e5945322e28eb2eebc32680c6ddddbad1d9a3001aa02e944b6cef86d4a260db7e4b50f67ac9818

Download Submit
C:\Users\Admin\Downloads\cb45ba08-14cd-4aff-b393-b1cfbac6c014.tmp

Filesize
7.3MB

MD5
6b23cce75ff84aaa6216e90b6ce6a5f3

SHA1
e6cc0ef23044de9b1f96b67699c55232aea67f7d

SHA256
9105005851fbf7a7d757109cf697237c0766e6948c7d88089ac6cf25fe1e9b15

SHA512
4d0705644ade8e8a215cc3190717850d88f4d532ac875e504cb59b7e5c6dd3ffae69ea946e2208e2286e2f7168709850b7b6e3b6d0572de40cfe442d96bba125

Download Submit
memory/388-715-0x0000000005140000-0x000000000514A000-memory.dmp

Filesize
40KB

Download
memory/388-716-0x0000000005480000-0x00000000054D6000-memory.dmp

Filesize
344KB

Download
memory/388-698-0x0000000000860000-0x000000000089C000-memory.dmp

Filesize
240KB

Download
memory/388-3554-0x0000000005470000-0x0000000005480000-memory.dmp

Filesize
64KB

Download
memory/388-3556-0x00000000724B0000-0x0000000072C60000-memory.dmp

Filesize
7.7MB

Download
memory/388-3551-0x00000000724B0000-0x0000000072C60000-memory.dmp

Filesize
7.7MB

Download
memory/388-709-0x00000000051A0000-0x000000000523C000-memory.dmp

Filesize
624KB

Download
memory/388-710-0x00000000724B0000-0x0000000072C60000-memory.dmp

Filesize
7.7MB

Download
memory/388-3548-0x0000000005470000-0x0000000005480000-memory.dmp

Filesize
64KB

Download
memory/388-3529-0x00000000066A0000-0x0000000006706000-memory.dmp

Filesize
408KB

Download
memory/388-711-0x00000000057F0000-0x0000000005D94000-memory.dmp

Filesize
5.6MB

Download
memory/388-713-0x0000000005470000-0x0000000005480000-memory.dmp

Filesize
64KB

Download
memory/1624-4046-0x00000000726A0000-0x0000000072C51000-memory.dmp

Filesize
5.7MB

Download
memory/1624-4007-0x0000000001060000-0x0000000001070000-memory.dmp

Filesize
64KB

Download
memory/1624-4045-0x0000000001060000-0x0000000001070000-memory.dmp

Filesize
64KB

Download
memory/1624-4043-0x00000000726A0000-0x0000000072C51000-memory.dmp

Filesize
5.7MB

Download
memory/1624-4008-0x00000000726A0000-0x0000000072C51000-memory.dmp

Filesize
5.7MB

Download
memory/1624-4006-0x00000000726A0000-0x0000000072C51000-memory.dmp

Filesize
5.7MB

Download
memory/2324-4030-0x00000000726A0000-0x0000000072C51000-memory.dmp

Filesize
5.7MB

Download
memory/2324-4015-0x00000000726A0000-0x0000000072C51000-memory.dmp

Filesize
5.7MB

Download
memory/2324-4014-0x00000000726A0000-0x0000000072C51000-memory.dmp

Filesize
5.7MB

Download
memory/2476-4135-0x00007FFFB7CB0000-0x00007FFFB7EA5000-memory.dmp

Filesize
2.0MB

Download
memory/2476-4137-0x00007FFFB7CB0000-0x00007FFFB7EA5000-memory.dmp

Filesize
2.0MB

Download
memory/2476-4145-0x00007FFFB7CB0000-0x00007FFFB7EA5000-memory.dmp

Filesize
2.0MB

Download
memory/2476-4144-0x00007FFF759C0000-0x00007FFF759D0000-memory.dmp

Filesize
64KB

Download
memory/2476-4142-0x00007FFFB7CB0000-0x00007FFFB7EA5000-memory.dmp

Filesize
2.0MB

Download
memory/2476-4141-0x00007FFFB7CB0000-0x00007FFFB7EA5000-memory.dmp

Filesize
2.0MB

Download
memory/2476-4139-0x00007FFFB7CB0000-0x00007FFFB7EA5000-memory.dmp

Filesize
2.0MB

Download
memory/2476-4138-0x00007FFF759C0000-0x00007FFF759D0000-memory.dmp

Filesize
64KB

Download
memory/2476-4133-0x00007FFFB7CB0000-0x00007FFFB7EA5000-memory.dmp

Filesize
2.0MB

Download
memory/2476-4131-0x00007FFFB7CB0000-0x00007FFFB7EA5000-memory.dmp

Filesize
2.0MB

Download
memory/2476-4130-0x00007FFFB7CB0000-0x00007FFFB7EA5000-memory.dmp

Filesize
2.0MB

Download
memory/2476-4128-0x00007FFFB7CB0000-0x00007FFFB7EA5000-memory.dmp

Filesize
2.0MB

Download
memory/2476-4127-0x00007FFF77D30000-0x00007FFF77D40000-memory.dmp

Filesize
64KB

Download
memory/2476-4125-0x00007FFFB7CB0000-0x00007FFFB7EA5000-memory.dmp

Filesize
2.0MB

Download
memory/2476-4117-0x00007FFF77D30000-0x00007FFF77D40000-memory.dmp

Filesize
64KB

Download
memory/2476-4116-0x00007FFFB7CB0000-0x00007FFFB7EA5000-memory.dmp

Filesize
2.0MB

Download
memory/2476-4115-0x00007FFF77D30000-0x00007FFF77D40000-memory.dmp

Filesize
64KB

Download
memory/2476-4114-0x00007FFFB7CB0000-0x00007FFFB7EA5000-memory.dmp

Filesize
2.0MB

Download
memory/2476-4113-0x00007FFF77D30000-0x00007FFF77D40000-memory.dmp

Filesize
64KB

Download
memory/2476-4112-0x00007FFF77D30000-0x00007FFF77D40000-memory.dmp

Filesize
64KB

Download
memory/3860-4011-0x00000000726A0000-0x0000000072C51000-memory.dmp

Filesize
5.7MB

Download
memory/3860-4012-0x0000000001290000-0x00000000012A0000-memory.dmp

Filesize
64KB

Download
memory/3860-4013-0x00000000726A0000-0x0000000072C51000-memory.dmp

Filesize
5.7MB

Download
memory/3860-4029-0x00000000726A0000-0x0000000072C51000-memory.dmp

Filesize
5.7MB

Download
memory/4544-595-0x0000000000FA0000-0x0000000000FC5000-memory.dmp

Filesize
148KB

Download
memory/4544-640-0x0000000000FA0000-0x0000000000FC5000-memory.dmp

Filesize
148KB

Download
memory/4544-596-0x0000000000FA0000-0x0000000000FC5000-memory.dmp

Filesize
148KB

Download
memory/4572-3553-0x00000000724B0000-0x0000000072C60000-memory.dmp

Filesize
7.7MB

Download
memory/4572-708-0x00000000724B0000-0x0000000072C60000-memory.dmp

Filesize
7.7MB

Download
memory/4572-714-0x0000000005660000-0x0000000005670000-memory.dmp

Filesize
64KB

Download
memory/4572-3550-0x00000000724B0000-0x0000000072C60000-memory.dmp

Filesize
7.7MB

Download
memory/4572-712-0x0000000005680000-0x0000000005712000-memory.dmp

Filesize
584KB

Download
memory/4716-4044-0x00000000726A0000-0x0000000072C51000-memory.dmp

Filesize
5.7MB

Download
memory/4716-4042-0x00000000726A0000-0x0000000072C51000-memory.dmp

Filesize
5.7MB

Download
memory/4716-4041-0x00000000015C0000-0x00000000015D0000-memory.dmp

Filesize
64KB

Download
memory/4716-4040-0x00000000726A0000-0x0000000072C51000-memory.dmp

Filesize
5.7MB

Download
memory/5156-590-0x00000000004A0000-0x00000000004C5000-memory.dmp

Filesize
148KB

Download
memory/5156-591-0x00000000004A0000-0x00000000004C5000-memory.dmp

Filesize
148KB

Download
memory/5468-3865-0x0000000060900000-0x0000000060970000-memory.dmp

Filesize
448KB

Download
memory/5632-4049-0x00000000726A0000-0x0000000072C51000-memory.dmp

Filesize
5.7MB

Download
memory/5632-4047-0x00000000726A0000-0x0000000072C51000-memory.dmp

Filesize
5.7MB

Download
memory/5632-4048-0x0000000000FE0000-0x0000000000FF0000-memory.dmp

Filesize
64KB

Download
memory/5632-4050-0x00000000726A0000-0x0000000072C51000-memory.dmp

Filesize
5.7MB

Download
memory/5644-4149-0x00007FFF77D30000-0x00007FFF77D40000-memory.dmp

Filesize
64KB

Download
memory/5644-4152-0x00007FFF77D30000-0x00007FFF77D40000-memory.dmp

Filesize
64KB

Download
memory/5644-4147-0x00007FFF77D30000-0x00007FFF77D40000-memory.dmp

Filesize
64KB

Download
memory/5644-4146-0x00007FFFB7CB0000-0x00007FFFB7EA5000-memory.dmp

Filesize
2.0MB

Download
memory/5644-4150-0x00007FFF77D30000-0x00007FFF77D40000-memory.dmp

Filesize
64KB

Download
memory/5644-4148-0x00007FFFB7CB0000-0x00007FFFB7EA5000-memory.dmp

Filesize
2.0MB

Download
memory/5644-4151-0x00007FFFB7CB0000-0x00007FFFB7EA5000-memory.dmp

Filesize
2.0MB

Download
memory/5732-3549-0x0000000004D90000-0x0000000004DA0000-memory.dmp

Filesize
64KB

Download
memory/5732-2854-0x00000000724B0000-0x0000000072C60000-memory.dmp

Filesize
7.7MB

Download
memory/5732-3555-0x00000000724B0000-0x0000000072C60000-memory.dmp

Filesize
7.7MB

Download
memory/5732-2888-0x0000000004D90000-0x0000000004DA0000-memory.dmp

Filesize
64KB

Download
memory/6000-4017-0x00000000726A0000-0x0000000072C51000-memory.dmp

Filesize
5.7MB

Download
memory/6000-4009-0x00000000726A0000-0x0000000072C51000-memory.dmp

Filesize
5.7MB

Download
memory/6000-4010-0x00000000726A0000-0x0000000072C51000-memory.dmp

Filesize
5.7MB

Download