Analysis Overview
SHA256
4641af6a0071e11e13ad3b1cd950e01300542c2b9efb6ae92ffecedde974a4a6
Threat Level: Likely malicious
The file butterflyondesktop.exe was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Drops file in Drivers directory
UPX packed file
Executes dropped EXE
Legitimate hosting services abused for malware hosting/C2
Drops file in Program Files directory
Unsigned PE
Suspicious use of SetWindowsHookEx
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies data under HKEY_USERS
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Checks processor information in registry
NTFS ADS
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Enumerates system info in registry
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 10:39
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 10:39
Reported
2024-06-03 10:42
Platform
win11-20240508-en
Max time kernel
149s
Max time network
151s
Command Line
Signatures
Downloads MZ/PE file
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\drivers\spoclsv.exe | C:\Users\Admin\Downloads\Gnil.exe | N/A |
| File created | C:\Windows\SysWOW64\drivers\spoclsv.exe | C:\Users\Admin\Downloads\Gnil.exe | N/A |
| File created | C:\Windows\SysWOW64\drivers\spoclsv.exe:Zone.Identifier:$DATA | C:\Users\Admin\Downloads\Gnil.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-QNTH5.tmp\butterflyondesktop.tmp | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Gnil.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\drivers\spoclsv.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\WinNuke.98.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\BlueScreen.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\SupplementalDictionaries\en_US\Added.txt.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\ENU\StandardBusiness.pdf.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\en-il\ui-strings.js.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\css\main-selector.css.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account-select\css\main.css.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\DigSig.api.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\cloud_icon.png.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\compare.png.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\eu-es\ui-strings.js.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\en-US.pak.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\en-gb\ui-strings.js.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\s_shared_multi_filetype.svg.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\ro-ro\ui-strings.js.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB.txt.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_folder-down_32.svg.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\icons_ie8.gif.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\themes\dark\s_close.png.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\Trust Protection Lists\Sigma\Other.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\VisualElements\LogoCanary.png.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.143.57\msedgeupdateres_cy.dll.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\themes\dark\x_2x.png.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Onix32.dll.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\s_shared_single_filetype.svg.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_editpdf_18.svg.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\tt.pak.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\ca-es\ui-strings.js.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\fr-fr\ui-strings.js.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\css\main-selector.css.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\bg_get.svg.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\themes\dark\files_icons.png.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\fr_get.svg.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\Locales\sk.pak.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.143.57\msedgeupdateres_kk.dll.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\fi-fi\ui-strings.js.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\nl-nl\ui-strings.js.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\s_close_h.png.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\win\CP1257.TXT.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\CollectSignatures.aapp.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_ellipses_selected-hover.svg.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\da-dk\AppStore_icon.svg.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\ResiliencyLinks\Trust Protection Lists\Sigma\Analytics.DATA.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\ro-ro\ui-strings.js.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\css\main.css.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\da-dk\ui-strings.js.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\tr-tr\ui-strings.js.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\vstoee100.tlb.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\ResiliencyLinks\Locales\da.pak.DATA.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Trust Protection Lists\Sigma\Analytics.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ExtendScript.dll.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_filter-default_32.svg.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\faf_icons_retina.png.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\rhp\exportpdf-rna-tool-view.js.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\root\ui-strings.js.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\fr-ma\ui-strings.js.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\theme-2x.png.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\ResiliencyLinks\Locales\lt.pak.DATA.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\zh-tw\ui-strings.js.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\images\themes\dark\digsig_icons.png.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\dd_arrow_small2x.png.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\Locales\da.pak.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\fr_get.svg.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Google\Update\1.3.36.151\goopdateres_ca.dll.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\ResiliencyLinks\Locales\ca-Es-VALENCIA.pak.DATA.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.143.57\msedgeupdateres_lo.dll.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133618847894882140" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\InfinityCrypt.exe:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\BlueScreen.exe:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Gnil.exe:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\MadMan.exe:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\WinNuke.98.exe:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Gnil.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Gnil.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Gnil.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Gnil.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Gnil.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Gnil.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\drivers\spoclsv.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\drivers\spoclsv.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\butterflyondesktop.exe
"C:\Users\Admin\AppData\Local\Temp\butterflyondesktop.exe"
C:\Users\Admin\AppData\Local\Temp\is-QNTH5.tmp\butterflyondesktop.tmp
"C:\Users\Admin\AppData\Local\Temp\is-QNTH5.tmp\butterflyondesktop.tmp" /SL5="$3017A,2719719,54272,C:\Users\Admin\AppData\Local\Temp\butterflyondesktop.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd9efaab58,0x7ffd9efaab68,0x7ffd9efaab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1660 --field-trial-handle=1816,i,420036255267941828,9166104515753665034,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1816,i,420036255267941828,9166104515753665034,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2204 --field-trial-handle=1816,i,420036255267941828,9166104515753665034,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3080 --field-trial-handle=1816,i,420036255267941828,9166104515753665034,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3112 --field-trial-handle=1816,i,420036255267941828,9166104515753665034,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4172 --field-trial-handle=1816,i,420036255267941828,9166104515753665034,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4332 --field-trial-handle=1816,i,420036255267941828,9166104515753665034,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4508 --field-trial-handle=1816,i,420036255267941828,9166104515753665034,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4604 --field-trial-handle=1816,i,420036255267941828,9166104515753665034,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4612 --field-trial-handle=1816,i,420036255267941828,9166104515753665034,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4764 --field-trial-handle=1816,i,420036255267941828,9166104515753665034,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x250,0x254,0x258,0x22c,0x25c,0x7ff70aeaae48,0x7ff70aeaae58,0x7ff70aeaae68
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4012 --field-trial-handle=1816,i,420036255267941828,9166104515753665034,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4540 --field-trial-handle=1816,i,420036255267941828,9166104515753665034,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4352 --field-trial-handle=1816,i,420036255267941828,9166104515753665034,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3108 --field-trial-handle=1816,i,420036255267941828,9166104515753665034,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3348 --field-trial-handle=1816,i,420036255267941828,9166104515753665034,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5072 --field-trial-handle=1816,i,420036255267941828,9166104515753665034,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3388 --field-trial-handle=1816,i,420036255267941828,9166104515753665034,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3348 --field-trial-handle=1816,i,420036255267941828,9166104515753665034,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3108 --field-trial-handle=1816,i,420036255267941828,9166104515753665034,131072 /prefetch:8
C:\Users\Admin\Downloads\Gnil.exe
"C:\Users\Admin\Downloads\Gnil.exe"
C:\Windows\SysWOW64\drivers\spoclsv.exe
C:\Windows\system32\drivers\spoclsv.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3308 --field-trial-handle=1816,i,420036255267941828,9166104515753665034,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4756 --field-trial-handle=1816,i,420036255267941828,9166104515753665034,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5288 --field-trial-handle=1816,i,420036255267941828,9166104515753665034,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4716 --field-trial-handle=1816,i,420036255267941828,9166104515753665034,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5112 --field-trial-handle=1816,i,420036255267941828,9166104515753665034,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5076 --field-trial-handle=1816,i,420036255267941828,9166104515753665034,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2796 --field-trial-handle=1816,i,420036255267941828,9166104515753665034,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1524 --field-trial-handle=1816,i,420036255267941828,9166104515753665034,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5324 --field-trial-handle=1816,i,420036255267941828,9166104515753665034,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3296 --field-trial-handle=1816,i,420036255267941828,9166104515753665034,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3264 --field-trial-handle=1816,i,420036255267941828,9166104515753665034,131072 /prefetch:8
C:\Users\Admin\Downloads\WinNuke.98.exe
"C:\Users\Admin\Downloads\WinNuke.98.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2716 --field-trial-handle=1816,i,420036255267941828,9166104515753665034,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5504 --field-trial-handle=1816,i,420036255267941828,9166104515753665034,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5504 --field-trial-handle=1816,i,420036255267941828,9166104515753665034,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2756 --field-trial-handle=1816,i,420036255267941828,9166104515753665034,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4876 --field-trial-handle=1816,i,420036255267941828,9166104515753665034,131072 /prefetch:8
C:\Users\Admin\Downloads\InfinityCrypt.exe
"C:\Users\Admin\Downloads\InfinityCrypt.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2744 --field-trial-handle=1816,i,420036255267941828,9166104515753665034,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5424 --field-trial-handle=1816,i,420036255267941828,9166104515753665034,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5456 --field-trial-handle=1816,i,420036255267941828,9166104515753665034,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4216 --field-trial-handle=1816,i,420036255267941828,9166104515753665034,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5232 --field-trial-handle=1816,i,420036255267941828,9166104515753665034,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1280 --field-trial-handle=1816,i,420036255267941828,9166104515753665034,131072 /prefetch:8
C:\Users\Admin\Downloads\BlueScreen.exe
"C:\Users\Admin\Downloads\BlueScreen.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 91.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | tcp |
| GB | 142.250.187.206:443 | clients2.google.com | udp |
| GB | 142.250.187.206:443 | clients2.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 20.26.156.215:80 | github.com | tcp |
| GB | 20.26.156.215:80 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 185.199.109.133:443 | user-images.githubusercontent.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| GB | 142.250.187.202:443 | content-autofill.googleapis.com | tcp |
| US | 140.82.113.21:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 142.250.187.202:443 | content-autofill.googleapis.com | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| GB | 142.250.178.14:443 | google.com | tcp |
| GB | 142.250.178.14:443 | google.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
Files
memory/4852-0-0x0000000000400000-0x0000000000414000-memory.dmp
memory/4852-3-0x0000000000401000-0x000000000040B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-QNTH5.tmp\butterflyondesktop.tmp
| MD5 | c765336f0dcf4efdcc2101eed67cd30c |
| SHA1 | fa0279f59738c5aa3b6b20106e109ccd77f895a7 |
| SHA256 | c5177fdc6031728e10141745cd69edbc91c92d14411a2dec6e8e8caa4f74ab28 |
| SHA512 | 06a67ac37c20897967e2cad453793a6ef1c7804d4c578404f845daa88c859b15b0acb51642e6ad23ca6ba6549b02d5f6c98b1fa402004bdbf9d646abab7ec891 |
memory/4524-7-0x0000000000400000-0x00000000004BC000-memory.dmp
memory/4524-8-0x0000000000400000-0x00000000004BC000-memory.dmp
memory/4852-9-0x0000000000400000-0x0000000000414000-memory.dmp
\??\pipe\crashpad_2812_ZUAXMEKASXXXWOMG
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 6dae3dfb5de3f9112603b4e0a31982cc |
| SHA1 | 9b556a658cbd18b83aaef7eb80be75b637723ef0 |
| SHA256 | 9422b8b82577b852316ba9a2aa857f3ee3fd206275b8b92c130423977b7dcda9 |
| SHA512 | 9d5421db9103ba753c3c430032adcb3189305fe2941aeb2fbbe5d23559b12a325429d010617b88f91128ec36e7d52da3d45ddbfa153810894dc8743daf0c6e78 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a8ac62d039cb9236e639fc261d319bb4 |
| SHA1 | ceaaea0d05262b8363f3dcd9deec4e5396de0ad4 |
| SHA256 | 91dbe30bdd62ba56acb42f920e37106fafece97584f13da194691d32fc2ab9c8 |
| SHA512 | 6e091197fe9e6408a332334780a62242d78207018b3c21bdc54e154f3d95e350b9bfa5511d475bdae6ff6f8745fd11236fca7c9748ba2650182e2bd1edceb24f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 1eebb15019cc725c870fd65a46e24638 |
| SHA1 | 2ef17c58042d599ba3cbd04d73d79efeefcd36cc |
| SHA256 | fb1ddf230bde104c1bb811b3aefcd43773633c3fb3c1cb1eb759eb3af147f0c5 |
| SHA512 | bfcaa6bbfc7d7a7edd6878fc28318b571f710a0692bc96e0d51f23e90818edcd797db969c9620a257596541f61f1b417bed562744d2af01fd9e9652493fefd05 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\34c1ebb0-a618-4f62-a995-a23528da00a0.tmp
| MD5 | d8de39b924243316284bc6f04f1ce9e4 |
| SHA1 | 7ef8c9684d56647d9fe3e5bd50bd8c3cfe2dbe1e |
| SHA256 | 47cad4bf0692123e0e247eea295bf4bf335d10393f26284e2c638bc80a10f79a |
| SHA512 | 56119cf1beb1038e64986d7b6588bc587e900bcdf19709848873dbae2c60c137fae7de817ad882a3d0c08b05ab4124bd00e3ae5c422eed48e0f4c8985454c2fe |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 87d2b19463da3271ae0296da221c54d4 |
| SHA1 | 34fb596ed5a7500d984050fdb5428c1de9f80531 |
| SHA256 | 729ab7998092cea163759073dc8cf70298b7ec1e707bfb471f03391c76aae6db |
| SHA512 | 8c149e4caed2632dc769d92cf2b3d6eb0d21555d399b925c0d8cf0444329bf9aadbaff52c7c36f2733fd340a3642ce7356c65c4c88e3388ce2ecf9b01ea39e70 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 0dffb57f54c153bfc41105526a543fe4 |
| SHA1 | e9e661ee2c1c9fe2fc98758a9309b5cefffe2fba |
| SHA256 | ab069b55967cf1641a367611d97cce6a532bea32db59f23b2360bc91897c7eec |
| SHA512 | 8f40e368d5388eba2a6454755a09fdd959144055226fd9f315179e7de0385f86ad965440bce1ae96d7e08b9ff4fe3b1b9017fbe8860b9f133b5e6b65023966e8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0b2803c2a90af5d7cddebe12544dec9c |
| SHA1 | cc31aae07dd60b5b0cf093cea912ef112ddc6782 |
| SHA256 | 8762e61743c0e6ad911102c78cb89803fe35a37e4f080c570d855786d7217a59 |
| SHA512 | c0a3c59325a765cef8c229d1aac471a9d2665ffaa4adb57b16a62b2ca03545969cf88212fa8ee23fd6896ed89e25a4ea0980f495d09ea9143b5d503bfec77822 |
C:\Users\Admin\Downloads\Gnil.exe
| MD5 | 37e887b7a048ddb9013c8d2a26d5b740 |
| SHA1 | 713b4678c05a76dbd22e6f8d738c9ef655e70226 |
| SHA256 | 24c0638ff7571c7f4df5bcddd50bc478195823e934481fa3ee96eb1d1c4b4a1b |
| SHA512 | 99f74eb00c6f6d1cbecb4d88e1056222e236cb85cf2a421243b63cd481939d3c4693e08edde743722d3320c27573fbcc99bf749ff72b857831e4b6667374b8af |
C:\Users\Admin\Downloads\Gnil.exe:Zone.Identifier
| MD5 | 0f98a5550abe0fb880568b1480c96a1c |
| SHA1 | d2ce9f7057b201d31f79f3aee2225d89f36be07d |
| SHA256 | 2dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1 |
| SHA512 | dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | fd2e61316149baf345427239fa11de77 |
| SHA1 | 5fa5a317b560ed9a18613b12facfb54db9555126 |
| SHA256 | 721bee2baf953bbb2cab75f7f04a64616924ec16bb08ed331e6bd5ae10cd2c58 |
| SHA512 | b9168d62fc4122c2c6209112478eaa702e6bbcb0d211582af807bc51c0c04319f4672994c4a9ad356cfda3754163e66a27f533c213e58263808852482009e13d |
memory/2436-456-0x0000000000400000-0x0000000000444000-memory.dmp
memory/2436-463-0x0000000000400000-0x0000000000444000-memory.dmp
memory/1504-462-0x0000000000400000-0x0000000000444000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a51d1648bf9bb5c700a4447c041c046d |
| SHA1 | 048c41ddd42c006cf63672acfad34d08c1b1341a |
| SHA256 | 968892e250e00fb4658417b77afc43558d5bcd68356dad602107a4b3e1802c0e |
| SHA512 | 1188aed2f6780432d850f37b3e665a1e3af936466942e303ebfe91aa2dbaafa45ea6d83c83d3b0206ccf03153ba9df699a344c6ce23170e7fde04186b69bb245 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | af21fe2003b3855f3075a4e01d0ed61e |
| SHA1 | 525bd35078d10deef86407a2097e101d0ed10926 |
| SHA256 | a5e3102f9c43d5b385d9f4a827bab76ba8e2a113d482bde53bf58595812ade22 |
| SHA512 | 0e1c2b415c250277a2c79f21252803ddb81f73bb209ec13f1b9a778ad7fe8991da9170f3342ebe84223931841cbf2f0d2b747d5afb8e159266cccd81418ac00f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58433e.TMP
| MD5 | 7deae598c146b2a5a6db80e80e7cf10d |
| SHA1 | f62a6add46969277c9aa7055b1cd7266cbaadde6 |
| SHA256 | 3bdcbe53d7ff996fb4613a05715e18afb03927b19d6e4952d529f4dc1a3e8e3c |
| SHA512 | 7f111fec02974404ee3efde424c242bafe56f90f4d67a628d773edc5886f528e5aac4caf508480b2f35733659d01598ae03812472797668d0a180f9d91b7f137 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 71a4aaea5100bae42a8b3ac2568a2ea3 |
| SHA1 | a7257a4051af7c57fc6901e8a0582b29dc04fe5b |
| SHA256 | dc6dd1281a9820812cd7bb5dc4fe72e1cbc38732ff69447a2a1a768b4f20f71c |
| SHA512 | 4f418ffc79e853abe41c658062d4a817f084d9018fc907b0bbe17d715d3d6429436db49481b92b244d7d78aa692b8fe50631a40bea15c9e587694476cb1373cd |
C:\Users\Admin\Downloads\MadMan.exe
| MD5 | a56d479405b23976f162f3a4a74e48aa |
| SHA1 | f4f433b3f56315e1d469148bdfd835469526262f |
| SHA256 | 17d81134a5957fb758b9d69a90b033477a991c8b0f107d9864dc790ca37e6a23 |
| SHA512 | f5594cde50ca5235f7759c9350d4054d7a61b5e61a197dffc04eb8cdef368572e99d212dd406ad296484b5f0f880bdc5ec9e155781101d15083c1564738a900a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 6218b04c66cb085d435df3bfff89b3e5 |
| SHA1 | bc5568f61aea329c05948a9e4b55d2d193e219d3 |
| SHA256 | f95369df27f198f0028c4d52030cc83e1b4e8ceb6c920b96626b6d5de6745024 |
| SHA512 | b6398c84c399b4b93bcd62bd1e651c4c7b73f827a4eb3e7794609a2109ac78941836a743d1cca2d475bb7fc949b168d95c3915d88d417cb2770abbb6cc01a3c8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2d62388ac27ed50ceb94ddc40f031291 |
| SHA1 | a837d7dc130d249b8b91ecb62067dab9986e8c2a |
| SHA256 | 0f9a023bb404dcfa890f73efd4a1c8b7f69d5eb100e302fa33e5a76fd4d585fd |
| SHA512 | c8134299677b5a91fdf24a94f249cf3f9f8c0dcd545579269d043539d2d0089d00ebd53b43ea56ef3c431c7e1bce0ce5ff8c0d936e2408ed8602f2377bd330bb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | eaf1117cbb04bf671cb89c05bf56b370 |
| SHA1 | edd751dcebebc7edeeff96c6cd7e6807c07c21fb |
| SHA256 | 446c15116959e140ddef1c06763c9b199e943d9c1876a7adaa5d4de975619b6a |
| SHA512 | e8f472f99d2e5409e754f6de28812eff35fa99329da5b06a74a49bce38690361d99d1e854000a6c8939c3584148f903ee441ca49d5d237e90f455ae53abf58fa |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | a51293c0d3c2a545afda042f23ee9664 |
| SHA1 | ac1d956352672291a38a3cd4e9487a480935c4e5 |
| SHA256 | 6a1e9c63641c7b7cf7887a9814536baab2aa9b532ed154b10514be086c9d44f3 |
| SHA512 | 4640cf5875a8a81699b2db80978ce7a3014d8fd72d7c3d30cd0ab92800ad8533fd60d7ced6a4bc06454db4a3c4bfbc4ec9bea66b3ccb5bac08c9ede8d4f33450 |
C:\Users\Admin\Downloads\WinNuke.98.exe
| MD5 | eb9324121994e5e41f1738b5af8944b1 |
| SHA1 | aa63c521b64602fa9c3a73dadd412fdaf181b690 |
| SHA256 | 2f1f93ede80502d153e301baf9b7f68e7c7a9344cfa90cfae396aac17e81ce5a |
| SHA512 | 7f7a702ddec8d94cb2177b4736d94ec53e575be3dd2d610410cb3154ba9ad2936c98e0e72ed7ab5ebbcbe0329be0d9b20a3bcd84670a6d1c8d7e0a9a3056edd2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 3ce93a546f81065245365269e18f6799 |
| SHA1 | 1da547545afc7d0a3c1baa0ea4911b51fa59f8c3 |
| SHA256 | 67ea2c75f86fddf70be4b1a006eca5aa21ca4d922dd9edea43fc8b129d1db354 |
| SHA512 | 34275818490db6b7c8b10a8398e3157cd41f00ed146051735461a8c6c058f65c45e6078c324e2116cb26285fbea9cf008a48889fc4fad48b4a2b95d6aacfd38b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 20e2d2c62fa0d828b3356e3b6fcfd8ad |
| SHA1 | 4f2b88af858201c72d95e0bfe7c3d12bd7d9b23a |
| SHA256 | 98a568bbb183f003bf8062cf08d5355e5b78343ae1b7d0a69c8392633eb6a711 |
| SHA512 | f19cd29e1f53d35c0ba3402e2234c80f4ecfa2ddd0ad1e986d64a172da4aa4c111a07d9b9aa5d47950c8a85e3eb4c430fcec1b2138849343c9b10228520bba97 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | e593d4ee60a3510c8a14dcb45794791b |
| SHA1 | c363669eed3d5ef38bffd44b5c8ec26299237d7d |
| SHA256 | ac62cc38e2e86ba2859a0042eee133f0e86bbca484b621921699e75a6b93c229 |
| SHA512 | c28923dc11341f57fa6802a187dee5341c84b46fc0bd6a2fd28e6509af739788eeb80b0e0beebbca7fabed48c005b3d4eb783931bd31bebe79dd6f9f4f1fcb9d |
C:\Users\Admin\Downloads\InfinityCrypt.exe
| MD5 | b805db8f6a84475ef76b795b0d1ed6ae |
| SHA1 | 7711cb4873e58b7adcf2a2b047b090e78d10c75b |
| SHA256 | f5d002bfe80b48386a6c99c41528931b7f5df736cd34094463c3f85dde0180bf |
| SHA512 | 62a2c329b43d186c4c602c5f63efc8d2657aa956f21184334263e4f6d0204d7c31f86bda6e85e65e3b99b891c1630d805b70997731c174f6081ecc367ccf9416 |
memory/4544-617-0x0000000000170000-0x00000000001AC000-memory.dmp
memory/4544-618-0x0000000004AE0000-0x0000000004B7C000-memory.dmp
memory/4544-619-0x00000000051B0000-0x0000000005756000-memory.dmp
memory/4544-620-0x0000000004CA0000-0x0000000004D32000-memory.dmp
memory/4544-621-0x0000000004BA0000-0x0000000004BAA000-memory.dmp
memory/4544-622-0x0000000004E30000-0x0000000004E86000-memory.dmp
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E
| MD5 | fc3cee1e91951166308ffe87cb92bf04 |
| SHA1 | 95bbe7caa21deef892c0a6cc27c4bfd5e57ad330 |
| SHA256 | b5b1a1e5a4122be081a88c569aaa30e1f4dee5e99865c036788c43ba8544cc50 |
| SHA512 | 296e1a2465f8a74b533624360bdbbe684cf40258148b04b8f5c3e8e7d966434bfcec717e333a84c863a926aa429540374d05b740fcc7060dcb9d8d74ebd48093 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\icudtl.dat.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E
| MD5 | 1cc2b950b8d76ea8f63579f46c6f0bd8 |
| SHA1 | bb654198a440479a1c154b21aa6a63859042e278 |
| SHA256 | 1f3761403e0a6ad3879b251dc99d08d1a2c42dc4f24ee82e1316ef28a753edb5 |
| SHA512 | 933c4e81aa9e50973cd540e27665c63325d189448282ec41cfb545e55559c31834f970ee67ed4a5349ab13f41e9948cc4f50609a2f2d709e818c056c73e3f01b |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_remove_18.svg.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E
| MD5 | 4aa6424b3c8c0e40facc000ee6c5cd23 |
| SHA1 | 61ce539414aedeb98159060eefaf270413dffa93 |
| SHA256 | 9584c44681990c28e761323e9f6044f4457995147a2e5f2f7c26373ec8fb46a6 |
| SHA512 | 13255baa5f170ef44fa1ebf29b8c04462fac8143885c2acffec4cf4cf33e2609d492927ad0c417e232d12257e305d65913e6d00d1c9b45ac82df3f1bd1547420 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | fc1d48c1b23d9024fe1427f75f0bab3f |
| SHA1 | 626a45543f710b1cd97444b02ac0ac0ed22c1ef9 |
| SHA256 | 790bf430990af0d9f8f3f5cc921cf158967311999ee799f8471f79677405f399 |
| SHA512 | 60bc4beb9f0eb1b964cb16a68c4049ca955e97ece7b0053d0fe9ef93d95ca6f240e832c26ff3c223bdcc1a8ee8a6ad5261f81b6407b09b5a5af5a80dff4296fd |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons.png.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E
| MD5 | 1380d90b90db9e6c8763bb27853d302b |
| SHA1 | b5ae5d977b84358b8adb8d39e72fccaf50359767 |
| SHA256 | 11d9f4e4a62e3d9e9f006b4c6e27d1d55efd713bca7417263e6cf0da9df2dc4e |
| SHA512 | 555b64c4ea98aa094236136f5899f8677744f95de40cea58a36ee860beb0c031dc47747c0e547c366a5ba7d9f73b60fa18b62c608a484faa0f990527c661bef1 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons2x.png.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E
| MD5 | 879ae635ff885e0cbe70f071ba96912c |
| SHA1 | 7bbc8dae471c4debaadf4fd43b3a73b3989d2a8a |
| SHA256 | 856debfed34eddab9a033f45b15c0603b52316100595c1afbee38c98d10ea1fb |
| SHA512 | ea760212037c73201372584b42d84d3676f2b24ce6e17c38dd6389aa29f5656f2d6ebdc3aeeefebdcaa82fb7da94045969cfb6d3f1301082738c5dde84e09da9 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon.png.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E
| MD5 | 60c37b4f99558b8977e91cd154b547d2 |
| SHA1 | a2f9808b789c23a3b2cbcb139a2fe61dd380f72c |
| SHA256 | fa0af793889a5f3e432c6ea78c45d8d18dee112bdac1d46d56ad6cafd45560ab |
| SHA512 | 0b060acb4916d24a89375506c5b9513097b6f5136ab1cd9922460ee76ede99357e87d89c40ec5ed66a0edf730ecbf2f43c1f3894b05499d8306cf87ec7caa087 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_2x.png.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E
| MD5 | 37eeaa3f99e95b0d4fbf823e786bff9c |
| SHA1 | 9426199a2f7949e84e1b729ad024f7f01d697b5f |
| SHA256 | 643374a723f67e0a6fd047ca3d2e5d3bdf2f6b24bb29e247e60e4113fb676be3 |
| SHA512 | 22e7a9ca9698c1f8bf17e6f4f1f2d375cb70a30a59c2053fa5c2409a796e6b170de40fb5951d12288688b803ad69e5635626353327c12817c201b47ac2e6e774 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover.png.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E
| MD5 | 6400b04914444713730916c0fba497b4 |
| SHA1 | 0d62126c5918778ac3031691116105e40919477a |
| SHA256 | 29488068c4e9a0933eac757724d782ab30ab05208ebabd15170d7a1724e7c73d |
| SHA512 | 9c788bb75defee4ec48f9fc32ecedb0180d37538aa42a410ed617590c9c97248407d7249a41c809285f5fece8b8841e9bdc2fcadf06d1b813cc93df5007778df |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover_2x.png.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E
| MD5 | 25c7b559e5bfc278b889e466d0db546e |
| SHA1 | 633689bd4d4941ac6a4ee889c935c4036ca1617b |
| SHA256 | 7e550ff479e1af258ee18cb1450a88b1624a58fc3210d132e1039166bd2b4678 |
| SHA512 | a0a55ecc82cb18443c4ad88e798c3666a60d58946d4c9fcb8e650a52322241fede01adbaad6683d869ecb1a2a25b040919db3de0531129df39ee4aeb5a6f8319 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E
| MD5 | 5f5f8ef38929747d106be32e19dbab68 |
| SHA1 | 5b21015f3681be78371387132f68660d0a3a1d3f |
| SHA256 | 1732671f0999042ff9ed67ae471a6914dad9c80b6fb31a1a82bd03d475d6d270 |
| SHA512 | a354c624b4e08e68b2048af3f95c261ff6ef2ef7f1408578267ade2736aff7869be59f866c14b475191e06a8671a59639ad223b43a4d215d592013d75a3410b2 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E
| MD5 | 30f5072f83ca96d405ff96fb682e9512 |
| SHA1 | 2d923c7fdd14f8d4bb8fc559c90dad2eb09b3812 |
| SHA256 | 09b9b216402959bcf12d9c3c6994a57e157f100f5b1e4eb807e979371938764a |
| SHA512 | f44a32933b70833359bdef4aa34acfd4974f11292215053dfc874fd54c1c298ea2014535e958b1c42f54694218c4a998b3f788c915f59cd680c21a2b25932fe3 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E
| MD5 | 05f53ccfcff65238e5c320ed7244749b |
| SHA1 | 0ceefc5700ebf2ccfe9032e8937c4fd9b4c80d63 |
| SHA256 | 85b50d474b5a65b8f745eef6a0b3002b86c02b29541ecf1e3d850d2cc980cd75 |
| SHA512 | 63758cf782c8d34ed3b0da997650a236c1a73c28c9ff35eb562414f5bb4412eeb9113f8501c58a49a96bd6d0389b92de8773948fb51f2d27821869ac2b26ccfa |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon.png.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E
| MD5 | 616fb6774d6ec7bef9dce5ce81995967 |
| SHA1 | a5fefd23cd9c117109c12750ab6730955df93959 |
| SHA256 | 1517eb55a0e464f389177d2e0dfc3026b64c9c1d48529ac8a6bae3810f649228 |
| SHA512 | 64f99bc2a315507176014918e29a701ed1fefe6ab9313d41625373a012fc1082c5c6116ae6f96959dc302809187da935d49ad15435155c62df2e3a019a7818c5 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons.png.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E
| MD5 | 36a0d5561685a7611ce93d95a7586833 |
| SHA1 | d6ed9455d16a716a8ddbeb8ababf7f55260a4cb7 |
| SHA256 | f45239ca18a16108dc21a05b7dc57728a2e6e548dac0b51e3171b072a6e52b52 |
| SHA512 | 6f07ad33fd26d114449a638ecd788dee4abd08bc98b8070fa3033350e74a1be4e9ef17656443534bcc7110780d50ba9fba3098ad3ee34bd648e40191aca3289d |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_ie8.gif.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E
| MD5 | 5551610eca004d1c62dc14493af8dc84 |
| SHA1 | 40f837a1caa8edb28887f58aa7c484dc661576e3 |
| SHA256 | c396131068fdb56b2e6cb5ecebcff5890ce89043563fd0d72bd4e26555ea7e24 |
| SHA512 | cb39cfef49d15e2e8d180f08344fc8867097c581ae16cc4a62d63fd5d0cbf7f4a41357ca27f779c8c33ae821e77557debe150938ff68ffadebd52580478fe4ef |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_retina.png.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E
| MD5 | 6b863cf5da682a02af92d9884c903041 |
| SHA1 | da1cf37304124af536b586c88647a0a520619402 |
| SHA256 | 40b9f0b5e2369c6b276a54222d37c354afbab771016e7b7cbc88f7b2ddd96c1d |
| SHA512 | 84a37cfdd9820ade4782ee31033ffadaf6226df7f5b3600f818492bcadaf61c45e9a2fb871efde692e2bd0bb86cd593fc6b3cc88e7c2d84be23c93ecc4cbf28c |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons.png.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E
| MD5 | 74c7b4634a658b8fdb11a538366074a2 |
| SHA1 | fe33839efe7a03141b39046c80a062653b12369b |
| SHA256 | cd1f30bd44575b7ba43761246281f82307e39d68b0688d454a6ba02c5d38db91 |
| SHA512 | 5a8f237b32bf71c79a8fcf575b73de461ab95097881dc08470c574491a25e30716d2f8e791da16335af114fbd1280736c58ee57a810126df0d06354603c08b10 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons_retina.png.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E
| MD5 | 5860ef656cb1fc673244d207c8687457 |
| SHA1 | 6538634140541b31dcf67de746df79919a292aa7 |
| SHA256 | 92155467a1f0a037a8d22db01cb16854e4e623eef631a9943128be27e61145af |
| SHA512 | 9c0ae6915fb0976283d764e791d5a6fc61ec229ea9d67c8423e8c0704dc7fc2e5dcaaf14d330243206e3b8ffc98878e0bdb943e25c65480934dbbddf99cf42de |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_patterns_header.png.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E
| MD5 | c906e656937681ab97b2e14f1e404f3b |
| SHA1 | 74c5f14d78366b21447e7d50f9609f51e1cd93c2 |
| SHA256 | 7febfada5c3aba01c0103acc236fc798aa2773f11a68c7d39e43c43d2d014472 |
| SHA512 | 27dcbc7b2d599c3bed91cd05427cb09f233f279ea1a2c90bac34b0a6449a5d00a256a370b23931a347f1ba9f98f6811c11b83ef9c126ca60923f52aa276aa5a8 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_pattern_RHP.png.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E
| MD5 | f566eae5fedaa784f13be603b2d18855 |
| SHA1 | b3b902fd4d37bc07ab26c77e157f1fb78f55ae0c |
| SHA256 | 4dc450759d38ceb7d86a70146a11a15b367344e7497e01293e571ec74e28b302 |
| SHA512 | a4156a6a4c4a229c7fc0700f31081659ca84530dbef32bd689f21ae644caf059f795f32ef5841c89ac28e362b3d028e02d6eac1b3437afd65d9115af0ddf7465 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations.png.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E
| MD5 | 1904bf2061f6d95c7efcde7b611b2ed5 |
| SHA1 | 73fd65c4d714b30c1ef907d2ca764609e90d3b30 |
| SHA256 | 15ab9545db1979ade77f2304b28404e3d110724a4131e7c3a2d312b868856242 |
| SHA512 | 8913133202dc569f5d7c7d8da9a9821dad7e818c21810c7779893fed9ba6160db6155fb52e62bdb654752d54ca8857719c818fbae33736b990bb21386e3e2505 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations_retina.png.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E
| MD5 | 55bb3fc69a0789b6fb2ffdc2288231ed |
| SHA1 | d932e8a9c8d8682e3b65d9613837189364d6cd97 |
| SHA256 | 3e980fd99dbbf3b14a40d70618e67c4caa1b7734ce91ce2f17dcc8a79430625d |
| SHA512 | 4d49d02ee60b931635a3a48e28460b34f06041924215448bd2e322d241d0fd0e467dd64a58271b971218b2a0fc99bcf55b0bb1d2aed0e81512c2ea0e3657f354 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-gb\ui-strings.js.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E
| MD5 | 97c1d02169bb79692e5333e95734468d |
| SHA1 | b54d9996659ffe6952e96d721b1597cd5dc9a67b |
| SHA256 | 7f46e8755542d14bf4b7826b21c7f112228691f1ec0ba9a31a6a071a88a8da75 |
| SHA512 | 70f0a217195890c62aa27d059e383a759fc328673523fcaf1f0f7f4083c72e75e345aa777529b404164f50f87ee3cbaa33037b0cc08de2644590867b965272bc |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ui-strings.js.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E
| MD5 | d1ede067687d7ff11373ed4ea1191508 |
| SHA1 | cfce6a30429f0e887b9ab261ed97186bfdd7b701 |
| SHA256 | bcc6d2942e33627ad258135fd3e7b5bfd069efd2825a76a01452607b8a71a9fb |
| SHA512 | 1ae00845509e355de15ca1b16a77aabdcac5b7c3d28e1a1c50a56e6c29225a3b5f972b78dda3429f96a0e1ffded1099e3897989b3959be2de5ecdad8520f44d0 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ui-strings.js.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E
| MD5 | 21260554fc8048fa3daab0bdaa1b8641 |
| SHA1 | af296df6112ba49bb5d63501a68cc7608d100867 |
| SHA256 | 0426a63cd7266f1d110a66429267355e74053e15eaa01c67d943f0a0ccb3a972 |
| SHA512 | a128da6051eeb73e0930101ffc5701ee077ba5431c4c2481eca15772aab4ffbbd369991666aa62cb98fadacecec423846b409b6b2ef70c903284ccc31b56e301 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\css\main.css.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E
| MD5 | a5e54f391b36085a9950074a51424279 |
| SHA1 | cf481eab7025cd45e186af2388fa8d8260b39311 |
| SHA256 | 7dcea4e28530f77a2af5d6731501f6af01e28a9f2c04b128decbf1549d8f0844 |
| SHA512 | fef14c51bade1350514644c91b01b98cd7daae6f27ec0924151219d7e85f74bf7963dadc4b2aae252b90fdc86098cc61685da7a9f524ea9086ea4a698505ad9e |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons2x.png.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E
| MD5 | 6164d6815a3864bad0b246e38261b993 |
| SHA1 | afa4fb0d0cb5d118a9cdb13509f28b46428bfdee |
| SHA256 | 665fb6232d552056e41b2b5a7c8de313d18898e2befd8bb22849127cd5141198 |
| SHA512 | 224cdd79949ce8f0aef81f6d9ecf9cc1f7be54f44e75e2827bf6a6290656ac2f9215387c35728684099044243b8b9df3206ec7d74257196a846697b0b3ad96a5 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview.png.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E
| MD5 | ca890ed90309c9bca1375d7bb83fd8d0 |
| SHA1 | 3c89efb3ea3fc297c43bf285eba8b162d7306138 |
| SHA256 | a167e1480bfd152f193ba7ed385f93282f87dc25371b390a72aee9f6212d07eb |
| SHA512 | ec13c311a1196d866e3c630a5798e34bc4995208eb3fdb518f5c028aa80a159cdd88b57334c3e2562a33eaa787b0b736c9fe3c660002a59cbb835e2c8a713b9f |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons.png.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E
| MD5 | c5b1b5f626175d2a87b27bfb9bbaeea1 |
| SHA1 | 075a08279c0b2f81419014ea4f461638f7375ba8 |
| SHA256 | 123fd2cdf05200a38454af9ea725511d301b754b6496b505e2f753ae91b92725 |
| SHA512 | a943a859ebdbfa24a1173c45b8e17d8718c497155b4cbea24240d352c9be59d63c44bc11079217660e70b94bc3ca445eaaa3bf9963eba7370ed415c683b89f9d |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\nub.png.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E
| MD5 | cdb2576df1a136ff88720a2bb34b8d2a |
| SHA1 | 08d399e87caf5ce6f809805197866a47c105588b |
| SHA256 | 14986be2243bab0b47b0d31f88c3f55323ccac96af770d42648b4279882ba1e4 |
| SHA512 | 8e6dfb69abae2bd856837e6a192ef3326e5cf45b35a5eb5b6dc3138d301815cd76a80b27f4a12b2a66fa22572d719845232c119d623219e33a5fb74ca698d378 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small2x.png.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E
| MD5 | 9334063829ed553b01566258a253978e |
| SHA1 | 04b9f0ad7aa43a6b6aae1e49f656fbeb4c29372e |
| SHA256 | bed7f4bd57fbb3b662844d6369c0e73058a57ea4a6b2002bccd94926b4a28d37 |
| SHA512 | 943177617dd51ea27d9f5143575cf312ac8662aa017e695ddd4ad9975d722fc1addfc09591636e2fc2808d50cf7b6ded588566c24f45406f36380b281e680fa4 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small.png.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E
| MD5 | 6792684554d8558bb5eff151aec20433 |
| SHA1 | 4ed742af0bc2095fc9437345d3cdbc953362f607 |
| SHA256 | cc589fd655d3e9f77afe33c8b0d70a51f512edd4f92d5096a0ccd4edc34b6227 |
| SHA512 | 6b79f0b49dd3d2cf9baabe351131bd1fcf47077cee9852285e7f6f8526a4ff7162cb8d00848a4078204e0d6d9a4ef31958b9c196c7223714c8b3b7e273a60d9a |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview2x.png.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E
| MD5 | 32e35c765fc4c87a07a8bae0e23a928a |
| SHA1 | 3b44f9cc9ac8079349f3ec3deb5f16c83e2593c6 |
| SHA256 | 9edbe41400d350f3af2a09e6fe55cad674841732d4d24c6b34cc2bd25fd5b09b |
| SHA512 | 67be0833792a09da9342eb4fd717ea0cb13313ce62212890c2d4b1d98b2b793607937e0736823a45818c92814a74f948ef79e2f0bf4e11972ae5ebd46fcb3d04 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\bun.png.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E
| MD5 | e46a6a7857f51a71d1fd0dd2182c9dce |
| SHA1 | 39814807234b986e726821b89a2a93dd3bdd3c22 |
| SHA256 | 9213a62eeb6f807d0cc695048273e525b952c0d33f4bdf3ea50096c89593f20e |
| SHA512 | d367082abf5d02eadfd3b4cd22c50ec76b24af05d1be8271143e2a6facf2deaf0b42a5f9cf91c6f8df274384b5c43f59bbdc63353dfb2de2f865f0db233fcbd6 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\nl-nl\ui-strings.js.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E
| MD5 | 29e3f55ddfacd28c84e110b012b52056 |
| SHA1 | 863400c7d567c1b5e32784d54cfe73d64ac26bb2 |
| SHA256 | 19075a1f01149313a3f3b121e5e179cf80a9364b5960bc8e9bbf7082de06753c |
| SHA512 | 4c59cb7542d356b1d30a217e3d048500897cc1214df663c8cb46d23170f11fb92754a41c8c08f86ac5580580012ae8e702a9acc06572931ba0954ae7bb081ab1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | c05a674eff586dee021975d17e5eece7 |
| SHA1 | 32ef897e3776a3ec26ae08834363d0e54fcd5385 |
| SHA256 | 80f08754813b0d1a0629143b6806837aa8fb9b45db1666e6eec9b0defbd14685 |
| SHA512 | d6e57a5a314c09510a1a9580a70b7e32d93bd73eb08b8b11b04ef30c1a1d482f9f474b697ba0f1fa7cd804305ebb671f4807f24b49ac1a8fb6d39b27c33bf13f |
C:\Users\Admin\Downloads\BlueScreen.exe
| MD5 | b01ee228c4a61a5c06b01160790f9f7c |
| SHA1 | e7cc238b6767401f6e3018d3f0acfe6d207450f8 |
| SHA256 | 14e6ac84d824c0cf6ea8ebb5b3be10f8893449474096e59ff0fd878d49d0c160 |
| SHA512 | c849231c19590e61fbf15847af5062f817247f2bcd476700f1e1fa52dcafa5f0417cc01906b44c890be8cef9347e3c8f6b1594d750b1cebdd6a71256fed79140 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 64b8eb611bf05a5f73f5de8a53e727c0 |
| SHA1 | 7eee59c61768c8604163338e399cafea9d2ca41a |
| SHA256 | b699a89e1f9139d3ae9f0a977d582b70c230b614046476215be2582c2175aa5f |
| SHA512 | 6d91d53fb40f89caa7c91410e4aaf516e0fde933a194b249cfe3773bd4efcd7041ec29ff94d84663b112d4f214f6060154794e922bca31f0a86fdc6b5b4909ec |
C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\notification_helper.exe.manifest.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E
| MD5 | ba6c570195c2f5cb72a38aed5f44bf52 |
| SHA1 | cea635ac741031579022132f246600e3eeccb625 |
| SHA256 | bc046d49bba0461b5f3823848a937d7b231e8169f8f356a13c008d32db1fe4b5 |
| SHA512 | 499fb16d56391046fe3354634767e93afd557839246642839afb343066c3df9a15aa93fa96884226a4d7da86748d2aa071f737b3c436ad8f69b399aa3836768a |
memory/1508-3782-0x0000000000400000-0x0000000000409000-memory.dmp
C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\identity_proxy\identity_helper.Sparse.Internal.msix.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E
| MD5 | cee0c141a3ff4539eda531a7b1d51897 |
| SHA1 | c632988bcf8f92a0e0740282f746c94ba9d3dcc5 |
| SHA256 | 7217b69069859383e1f2e701a72f06582068dd52daec8eec191aa7e9d22b1565 |
| SHA512 | 9d43bfc330935eb3d42fd51f22792a3a214b7a32bac50bef0a27c79fb945e79b1424a63df90a45c4a59dc66b6371ff47eccdc39a547925fbd85144935b718d35 |
memory/1508-3927-0x0000000000400000-0x0000000000409000-memory.dmp
C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\ResiliencyLinks\Trust Protection Lists\Mu\Other.DATA.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E
| MD5 | 33da0c4fab4477cca386458775587ada |
| SHA1 | 32fdd1c399854db26094a25a106a29a492196915 |
| SHA256 | 480620fe67707995f735457d86877db67286cf8e56206bc2f5bfec078c302a0f |
| SHA512 | 165086ad67b7be822d2f2ccf709074ecf75997829488dfc9fa53e8aca5538273c1bf07306eed21e32480dd502fe6984bf93efbbe7969852f45ef680320764f5b |
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\Edge.dat.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E
| MD5 | e4709299d74e6e4adb0dcc9dc29ab9ea |
| SHA1 | 68501fdfef7f830b727dd52ea411db6905b38599 |
| SHA256 | f92554af5505847e79e7a558a24c02fcd7fd4f80247c2c2ddcfc8bba8607d3e7 |
| SHA512 | 458a3149109b66b8f2e098e8cb10d9827c9f8e247235f407843be084a705194f5884e33e3de12e4d47a7fa65211c819d44f0da2d77ad4e5ccd323ee4ad709d1c |
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\EdgeWebView.dat.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E
| MD5 | c555988209b14a907f915e2792fd79a8 |
| SHA1 | 43f17ced2d019030193cbc07bc0d7926e8544039 |
| SHA256 | 77f6632e055fcf11bb78e79cbeaeac09aed7a6c3f1db80ac77368970f02caae4 |
| SHA512 | c97e050fc44a308ee1503768aaf23578e0cbb2ef3189b7918772efd2567dbb3d88f3f82bc20a494d049a47c9504fc957d5f6b21e9d3df921c1d395166ecd668f |
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\icudtl.dat.D7ED0464A46885F48B6C0B5241A3E58121D0FA57465EBC0EE967E84DA84D943E
| MD5 | cc1baf4d12755b9c79b4c59fecb4b207 |
| SHA1 | 60707c26fd5dac4b69c2293e841f6853af5bb27e |
| SHA256 | d6ce26f49f41e5e3ca368c7d9237dc932fb297b24fc8a3a73ce2416741a270df |
| SHA512 | 2c58c9bd3568475921c4ae41a5186e7a19caf80a711f83ed58326841004aae3d1cab515a4547c8ac4b3275806d3d8a09b1b75bb355361c66fe2813dc797efbf5 |