infinitylock | hxxp://g[.]co

Analysis

max time kernel
226s
max time network
203s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
18-07-2024 17:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://g.co

Score

10^/10

infinitylock ransomware

Malware Config

Signatures

InfinityLock Ransomware
Also known as InfinityCrypt. Based on the open-source HiddenTear ransomware.
ransomware infinitylock

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
93	camo.githubusercontent.com
118	raw.githubusercontent.com
119	raw.githubusercontent.com

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\ca-es\ui-strings.js.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\da-dk\ui-strings.js.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\circle.cur.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\cs-cz\AppStore_icon.svg.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\bun.png.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\msedgeupdateres_ca-Es-VALENCIA.dll.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_listview-hover.svg.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\fi-fi\ui-strings.js.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\files_icons2x.png.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_filterselected-dark-disabled_32.svg.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\de-de\ui-strings.js.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\zh-cn\AppStore_icon.svg.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\ar-ae\ui-strings.js.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Mac\CROATIAN.TXT.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\msedgeupdateres_bn-IN.dll.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagement\fr-FR\MSFT_PackageManagement.schema.mfl.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Updater.api.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\vi_get.svg.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\ko-kr\ui-strings.js.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\S_IlluEmptyFolder_160.svg.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\uk-ua\ui-strings.js.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover.png.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\scanAppLogo.png.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\msedgeupdateres_te.dll.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\reflow.api.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\icucnv58.dll.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ScCore.dll.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\COPYING.LGPLv2.1.txt.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\cs-cz\ui-strings.js.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\ru-ru\ui-strings.js.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\en-ae\ui-strings.js.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_US\List.txt.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\js\plugins\rhp\pages-app-selector.js.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\assets\Sample Files\Bus Schedule.pdf.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\nb-no\ui-strings.js.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\ko-kr\ui-strings.js.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\en-gb\ui-strings.js.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\rhp\convertpdf-rna-selector.js.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_listview-hover.svg.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\fr-ma\ui-strings.js.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\en-ae\ui-strings.js.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\zh-tw\ui-strings.js.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_folder-disabled_32.svg.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\sk-sk\ui-strings.js.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\nl-nl\ui-strings.js.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ar-ae\ui-strings.js.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\fr-ma\ui-strings.js.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AGM.dll.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\hr-hr\ui-strings.js.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagement\MSFT_PackageManagement.psm1.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\en-il\ui-strings.js.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\back-arrow-disabled.svg.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\japanese_over.png.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\large_trefoil.png.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\cs-cz\ui-strings.js.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\fr-fr\ui-strings.js.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\fi-fi\ui-strings.js.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\email_initiator.gif.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\en-ae\ui-strings.js.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\rhp_world_icon_hover_2x.png.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\zh-cn\ui-strings.js.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	[email protected]
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	[email protected]

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 5 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings	taskmgr.exe
Key created	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3419463127-3903270268-2580331543-1000\{DCB35206-2F8C-4CE4-8AE4-0D0133376B5B}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings	msedge.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
2808	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4628	msedge.exe
4628	msedge.exe
376	msedge.exe
376	msedge.exe
4380	identity_helper.exe
4380	identity_helper.exe
1216	msedge.exe
1216	msedge.exe
2852	msedge.exe
2852	msedge.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
3212	OpenWith.exe
4708	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeDebugPrivilege	5168	[email protected]
Token: SeDebugPrivilege	4708	taskmgr.exe
Token: SeSystemProfilePrivilege	4708	taskmgr.exe
Token: SeCreateGlobalPrivilege	4708	taskmgr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe

Suspicious use of SetWindowsHookEx 24 IoCs

pid	Process
3212	OpenWith.exe
3212	OpenWith.exe
3212	OpenWith.exe
3212	OpenWith.exe
3212	OpenWith.exe
3212	OpenWith.exe
3212	OpenWith.exe
3212	OpenWith.exe
3212	OpenWith.exe
3212	OpenWith.exe
3212	OpenWith.exe
3212	OpenWith.exe
3212	OpenWith.exe
3212	OpenWith.exe
3212	OpenWith.exe
3212	OpenWith.exe
3212	OpenWith.exe
3212	OpenWith.exe
3212	OpenWith.exe
5424	OpenWith.exe
5424	OpenWith.exe
5424	OpenWith.exe
5424	OpenWith.exe
5424	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 376 wrote to memory of 2400	376	msedge.exe	86
PID 376 wrote to memory of 2400	376	msedge.exe	86
PID 376 wrote to memory of 2556	376	msedge.exe	87
PID 376 wrote to memory of 2556	376	msedge.exe	87
PID 376 wrote to memory of 2556	376	msedge.exe	87
PID 376 wrote to memory of 2556	376	msedge.exe	87
PID 376 wrote to memory of 2556	376	msedge.exe	87
PID 376 wrote to memory of 2556	376	msedge.exe	87
PID 376 wrote to memory of 2556	376	msedge.exe	87
PID 376 wrote to memory of 2556	376	msedge.exe	87
PID 376 wrote to memory of 2556	376	msedge.exe	87
PID 376 wrote to memory of 2556	376	msedge.exe	87
PID 376 wrote to memory of 2556	376	msedge.exe	87
PID 376 wrote to memory of 2556	376	msedge.exe	87
PID 376 wrote to memory of 2556	376	msedge.exe	87
PID 376 wrote to memory of 2556	376	msedge.exe	87
PID 376 wrote to memory of 2556	376	msedge.exe	87
PID 376 wrote to memory of 2556	376	msedge.exe	87
PID 376 wrote to memory of 2556	376	msedge.exe	87
PID 376 wrote to memory of 2556	376	msedge.exe	87
PID 376 wrote to memory of 2556	376	msedge.exe	87
PID 376 wrote to memory of 2556	376	msedge.exe	87
PID 376 wrote to memory of 2556	376	msedge.exe	87
PID 376 wrote to memory of 2556	376	msedge.exe	87
PID 376 wrote to memory of 2556	376	msedge.exe	87
PID 376 wrote to memory of 2556	376	msedge.exe	87
PID 376 wrote to memory of 2556	376	msedge.exe	87
PID 376 wrote to memory of 2556	376	msedge.exe	87
PID 376 wrote to memory of 2556	376	msedge.exe	87
PID 376 wrote to memory of 2556	376	msedge.exe	87
PID 376 wrote to memory of 2556	376	msedge.exe	87
PID 376 wrote to memory of 2556	376	msedge.exe	87
PID 376 wrote to memory of 2556	376	msedge.exe	87
PID 376 wrote to memory of 2556	376	msedge.exe	87
PID 376 wrote to memory of 2556	376	msedge.exe	87
PID 376 wrote to memory of 2556	376	msedge.exe	87
PID 376 wrote to memory of 2556	376	msedge.exe	87
PID 376 wrote to memory of 2556	376	msedge.exe	87
PID 376 wrote to memory of 2556	376	msedge.exe	87
PID 376 wrote to memory of 2556	376	msedge.exe	87
PID 376 wrote to memory of 2556	376	msedge.exe	87
PID 376 wrote to memory of 2556	376	msedge.exe	87
PID 376 wrote to memory of 4628	376	msedge.exe	88
PID 376 wrote to memory of 4628	376	msedge.exe	88
PID 376 wrote to memory of 3788	376	msedge.exe	89
PID 376 wrote to memory of 3788	376	msedge.exe	89
PID 376 wrote to memory of 3788	376	msedge.exe	89
PID 376 wrote to memory of 3788	376	msedge.exe	89
PID 376 wrote to memory of 3788	376	msedge.exe	89
PID 376 wrote to memory of 3788	376	msedge.exe	89
PID 376 wrote to memory of 3788	376	msedge.exe	89
PID 376 wrote to memory of 3788	376	msedge.exe	89
PID 376 wrote to memory of 3788	376	msedge.exe	89
PID 376 wrote to memory of 3788	376	msedge.exe	89
PID 376 wrote to memory of 3788	376	msedge.exe	89
PID 376 wrote to memory of 3788	376	msedge.exe	89
PID 376 wrote to memory of 3788	376	msedge.exe	89
PID 376 wrote to memory of 3788	376	msedge.exe	89
PID 376 wrote to memory of 3788	376	msedge.exe	89
PID 376 wrote to memory of 3788	376	msedge.exe	89
PID 376 wrote to memory of 3788	376	msedge.exe	89
PID 376 wrote to memory of 3788	376	msedge.exe	89
PID 376 wrote to memory of 3788	376	msedge.exe	89
PID 376 wrote to memory of 3788	376	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://g.co
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8e75546f8,0x7ff8e7554708,0x7ff8e7554718
  2⤵
  PID:2400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,2652638018464764134,1686710806927313332,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
  2⤵
  PID:2556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,2652638018464764134,1686710806927313332,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,2652638018464764134,1686710806927313332,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2668 /prefetch:8
  2⤵
  PID:3788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,2652638018464764134,1686710806927313332,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:1244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,2652638018464764134,1686710806927313332,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,2652638018464764134,1686710806927313332,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1
  2⤵
  PID:368
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,2652638018464764134,1686710806927313332,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3464 /prefetch:8
  2⤵
  PID:516
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,2652638018464764134,1686710806927313332,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3464 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,2652638018464764134,1686710806927313332,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3556 /prefetch:1
  2⤵
  PID:868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,2652638018464764134,1686710806927313332,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3492 /prefetch:1
  2⤵
  PID:4604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,2652638018464764134,1686710806927313332,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3736 /prefetch:1
  2⤵
  PID:348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,2652638018464764134,1686710806927313332,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
  2⤵
  PID:2788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2068,2652638018464764134,1686710806927313332,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5144 /prefetch:8
  2⤵
  PID:2404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2068,2652638018464764134,1686710806927313332,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3520 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2068,2652638018464764134,1686710806927313332,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5888 /prefetch:8
  2⤵
  PID:444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,2652638018464764134,1686710806927313332,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
  2⤵
  PID:4600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2068,2652638018464764134,1686710806927313332,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3904 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,2652638018464764134,1686710806927313332,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1720 /prefetch:1
  2⤵
  PID:3820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,2652638018464764134,1686710806927313332,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3048 /prefetch:1
  2⤵
  PID:3796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,2652638018464764134,1686710806927313332,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
  2⤵
  PID:1140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,2652638018464764134,1686710806927313332,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
  2⤵
  PID:4204

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2196

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3976

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:404

C:\Users\Admin\AppData\Local\Temp\Temp1_InfinityCrypt.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp1_InfinityCrypt.zip\[email protected]"
1⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
PID:5168

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4708

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3212
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\UninstallGet.ppsx.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A
  2⤵
  - Opens file in notepad (likely ransom note)
  PID:2808

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5424

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\icudtl.dat.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A

Filesize
16B

MD5
c318d8c551fa2ada1eff9b032f51a18d

SHA1
8969275eddcb94b716b812a3100a8c2bce7ecf34

SHA256
f02ef74829fbeae811ee5c04f463675f35fcebf7a113fd1ebf0d5db2491feac0

SHA512
000e13cd06ab3cef3d287be4b47294a2bbd7c508883de68745ba20dad18cedde9b8da9c50397eea3a6c8e77d800a758758f67b81512d37b82e0923795628e3d8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_remove_18.svg.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A

Filesize
720B

MD5
2129ba541d0f8c72ff6eea4ada1d0704

SHA1
1152d59d1e44a65b75a748beea3ebe855a898368

SHA256
941a3d2ef2a3cb8dd4eb551326499f15ae1ac555b495194133433545673777b4

SHA512
6a570775315268b88956b4f5ea8a6850679b28825440339ae1e6325c2ec968b5d73b55913b1c4edff8fbc905cd839e91ee24933b64733d17dc31c261f79be620

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons.png.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A

Filesize
688B

MD5
922f77f78f89a5186f8775e090247fa4

SHA1
b57721bd9fea362690aaa89237f8698a94a06b4e

SHA256
4a23d9940800e713fcdf569c8b8f589883cda1bdf294d2e5f0622ba553953e10

SHA512
9686c164d4224de482c97b736be65210ffa82a3289f26da9199531c1c807727bc5e0590d0a7dff29ffbc7332924e9bcde90a5387d6a5f898f5b5c50c5a9ab26a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons2x.png.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A

Filesize
1KB

MD5
b4c61a74ff165583464650c82629f070

SHA1
937a514e24f58516dd74ab586186501c1b709bda

SHA256
7021f81d9a17ff83b2551e23eab6640fdc677ba7f64d8226d0618f3f35ec8a0b

SHA512
81475ebb2bcc256ace969a400b549eddec892c9a2b9a27854eaff377c7049e1a0faac071a45846065955784224a4bfc34aa93e7ef0ec1d73ea65e4523ae3d680

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon.png.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A

Filesize
448B

MD5
d8b0f66cede49862eaea8bdbadf166de

SHA1
400ed61250adaa53433308a4424d902f81efb186

SHA256
cd3a2f507e90bc389640a0a56758ed384d6c6635c713e14ecf0b001e0949f7f5

SHA512
9f8d79c11b58d8f9bc12ec5cf28ff1a6a1a8e3a01f520a85b8177915b033db31bdf914c0473d41dd49f5ce1aa311039c87b8d180fe4d68aaad95d97b8eb567ca

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_2x.png.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A

Filesize
624B

MD5
73da12a24e93056bcfaa945588398db7

SHA1
69e14c2036a39a98f7da7fbc97c5d20614156ac1

SHA256
9b6bb29e62efa0a334a17aa9f989e9b6d0a2a2d10717c59025fc229e52eba55a

SHA512
b5eb985a4835907e8f905e6df501531f0814a5604a3352739b5a9d3ccd3c29e11da28ea60990cc15cb162f3d8e37248850af962f773b3eb4625723243d17a0d4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover.png.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A

Filesize
400B

MD5
f60b23c68a91f7a3d0e48223e50c48a3

SHA1
4ba2638f90c9e1203e7d1f6e6e050c11bbfc8bcf

SHA256
b5b644e1088b8563d538828a77228a673b732abf81d2710afd6559817f1e3330

SHA512
ed1b99de52459876a06f86b05ffe88a8a161571df42d6622a818e19547fcb810c7515f66ea9d61f4f3c525b1c676715121ae6bb9473dc14155616dec8e10b073

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover_2x.png.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A

Filesize
560B

MD5
3fe1b5e96791384bfb33b0d1b34fffbe

SHA1
6a2925a624cc6a7265d145357dde31ce91d309b3

SHA256
a8ec8e1fc313f612f8d51575eb5722f467702cfb92f7b8753bf1aaa078885c33

SHA512
a82ac7c3e9ee54d6f66967b68ed92df0af6d8933ebad51b4a89184e16170440f482425847970dd7fce3cacca097212ea5f0b4712d80a555159db7676926e5273

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon.png.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A

Filesize
400B

MD5
62c0398c6f04d738ee743d3d72f4dfed

SHA1
10c7294be893fb8c012b2e2ee5ffa1ad3d117827

SHA256
a6be7100b990ddc4485780d5811b4076679a22e39862c96bb7fd2fbabeab7afa

SHA512
cf6685ecde867c27f95bb4c1ec4a82899e46e8860fcac95167087ea6dec8508efb854ed47dbf8b57bde5b85f1cc129d30bb0f9057e12faaa37703daf16e3b22d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A

Filesize
560B

MD5
3d95f139e1144114efb4d2cd08425d5d

SHA1
2cb10b440460d75699f39ef1389f8a8d4dd6c066

SHA256
6ef7bfa33299a746e139a5a4bd7a453b6be5fe27baaf27596358118920d2879b

SHA512
b7f9d20fd942b1e03851498acde32561460e473db4fa86f4527a6204399875a0d1eb1e6281a7ec5d59c659854b2bdbfc33039e8437339300d098730a701234bc

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A

Filesize
400B

MD5
ec7e407bbc4161199d7c1d2a2d250026

SHA1
e3cf22074cedbe778a59aff18c27e2d3b816ac94

SHA256
85376bb0bdd15ee258c9e20e5f0c96c5e80c985f3a2cd605f28f2120a8fa15cc

SHA512
0330d0bf4aa4a8e2dc9ab4a34ba818cb17fd451eb6dbce8f596152c885437d9fea7cbd151a0d769de64624422d71755e7ee71a1fae94307b45279a4630acc025

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A

Filesize
560B

MD5
dac6f2a40412e4a8033162158a89583d

SHA1
41f4ba84f90a515b975a36ce8b9058daf70db7be

SHA256
053117241f9f43c06d03cab0241fd63457fc2c47ce73b44555ff9fd5947b3f43

SHA512
6e98eb9cfa810f8395247fb620f59d7f907f6a7595a0ba0a1925f251da5f1fd1f8c1ad1c423c2c1aa4f51d8460425e57459ab5ae70ab928f9d8f8e7e3b9077e5

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons.png.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A

Filesize
7KB

MD5
2d4bdd12f25ba0b12b70076c2db0d32d

SHA1
67ee0c8e63349a91936ef46d45a049bbd7da54ff

SHA256
9e6fb21990969d58ceac694ffd246148eb50945cf3ccae663f9a9d38a867b5d9

SHA512
232e3106d69efed011d144ee129df319d5ccdb49f7d1f607d8f10a8d16cc1b684982c630c44ad65fc113424f304ea83bfd6533153547e12094352eecc1138129

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_ie8.gif.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A

Filesize
7KB

MD5
cae95cf730896a69cd67fdbe90fff14c

SHA1
c62803208d17db783d9ceacf8665c2c86696d78e

SHA256
776625a0756a0989ce17e869237f66c6eac8b64a36e13a51b83908490ac8e036

SHA512
19b147d65fb65153317e5f66b67ea185bd2da0abeecd3c37b31b86f62cbd8dcae0e2279cf18e42fa714c75701caac87ff8cc0e39875c42d8ee20c661c90501e4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_retina.png.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A

Filesize
15KB

MD5
8c0b8ec51c156e887f99bbbdc384c2d7

SHA1
207786138172a855ceecaacca413937b8b159a3d

SHA256
0d1551c9af71cb8cc4debe1e943f2ffdc16772ec5ea4a5fbcd646436c33c29aa

SHA512
fe61d185b2729e5d3671894c49e25d3ae307a3509eeace10bb974a82481220070faf84286367cb0a26145ec7a40ade9306defbbb32720ab3ea860b76093fec5a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons.png.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A

Filesize
8KB

MD5
c016c4235e096f0ca7c7062045f3015c

SHA1
dc9d5be8cb538a70df9cf178734550916614118f

SHA256
24fc3c8d40be495cf095b1da35419cbd82f1d341efeee8849540042fa0e74700

SHA512
3497d6658c54536eaac8978c52363e2c667b5cfbc19ce68f70046c9b573f530ded1c326cf471f1ac050bfdd58b6804ad4f400234d531ca4d4a6db8414db77956

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons_retina.png.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A

Filesize
17KB

MD5
68717679879de793ef35b3c6f14bdc8c

SHA1
1f037b7216e06151f1f47ebf31e0b2306cc7fb1c

SHA256
e858d95391e61513fc9f21f089d28c6a8c3d4cb0499a6a3704675777c9f1c934

SHA512
8d0bae89c5ef79a9b290e23624858d1b04d05946ac98a9ae271afb056866806b706938f65b6373e1a565ffce065217ccbcb83737d86251d822640d98fb054043

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_pattern_RHP.png.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A

Filesize
192B

MD5
4bafff21a0915a85f910ef914b06c372

SHA1
2ff28ffef4be8f7cb780609ee1179d730d6bda49

SHA256
a61942866368d655ba2be8712c4605d77cada2b6e455c06366ec178e4408e574

SHA512
0d225a1a974731597e7de132ccd691bf4bf3f559512b8ee495709ef2e929a6a7c16640cf05f76090f3ffa54450524bf720534d9f0434fd3621a1dc5d47cd3e3d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_patterns_header.png.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A

Filesize
704B

MD5
8709d4b1c8ebca4ba8e12608fc6425fa

SHA1
9f4783cf2863a9f48a5330d206efa0c01a80898f

SHA256
ff57bd7e21540bc8780f697275983181623327ae2ea6bb48fd16ca24ecf30383

SHA512
ab7a3cbc7312445664a20cce5a9ec07027e9d682852a85b8cd01393d7d3fb9076dc750efd0e283bd55be2d8858bf8b293395c04603fe5d090ab98b9c0468e04a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations.png.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A

Filesize
8KB

MD5
26a5776e2023a7c4e0099f37e2fb85fc

SHA1
a4974f469428106259def510037fa057dc6af56b

SHA256
59d881e829558117999544b27e337f19c631ef690196d90caf386ff48d0bed06

SHA512
78e9007ca0fc6b762364d7602dde6389909db5bcb02406addc148c77c05ddd6cefaeea7f4146d6bab8e6da638304f23a37308ac2f9312517d4af7644638d97c9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations_retina.png.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A

Filesize
19KB

MD5
9249d856100ca8c2ae0c942102b4e4a0

SHA1
13be1097b283c533f4a5f8f528450947a49616a3

SHA256
6e0989692247e64dcca8e70f9bcc3dfe76f18a24e0611ad30f7be2993898ea20

SHA512
417a8e4c16b1f3c4d84d9580a9ca50ad68feb95b6cbc9dc9874e2adfa721746b90e8ebc8a4d3760aaa35592d693b0f6d2909cd4d98ac2a6719dcd5ef1f9bb2a6

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-gb\ui-strings.js.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A

Filesize
832B

MD5
6b9f0881c0c4fca2581a1d3e0231e7b1

SHA1
b54f5399ac1f38424f6c509a0cb2e9c712cf7e8c

SHA256
91d7b4bd8a33b6ce3371dc456a47c0843cd72b92b91db991149df180996d4f32

SHA512
844ce6b73b5cc242f26466262c717e094ff2fd9ad1ca43c561ebd6fc1806ee62414bdbaef24b0178b047586b08c63ecbc05c0ff230b6e58223dc6e1efd162bb5

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ui-strings.js.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A

Filesize
1KB

MD5
aa38fee53cfc51b06c126a0aa33a3901

SHA1
8daefe6ab293c7853dbdd3717bf29ac7da0ff2cf

SHA256
f483a71da8715f93a6765e268129ca133dfa4584180e345605069e56b0e4dbd1

SHA512
5cc9edf991f5c365c675513ed27087960894faa6561046ae7e013e71ecb6f1fdccbae2a1b4e15a76f488a8c25aa6653c14551f0f0de57218dc3210c3d799115d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ui-strings.js.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A

Filesize
1KB

MD5
3338cc938a925cfc157413afc53029a3

SHA1
4afbebbf909eecf7b8894059e370b7477cfdd958

SHA256
e6e175cbb983f38fd70863c6caa9fb73e9f9eb924ff8fb4a0a3bed82073562b2

SHA512
7289d7e5469e3d4775a3864f9d96f2dbe4ea78507371bf3d895d5e16306da270aff4762277b0f05f0d6713fe232a8e113dcbe7d90f59f5cb6631fe1e4a89eb23

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\css\main.css.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A

Filesize
816B

MD5
dea358f6d902342b4c5e5cdf837c152a

SHA1
c807c783ee66ef85ca5770d84f5e756e3a3a56d8

SHA256
6d069b1af9c80954baf2b547fd6d44361c60557bf8393c9ed3d45d726a80b98c

SHA512
8dcaba9779b1a8d2877c1de73761811660c73701d68be0902a575f74b110a575fba4fe4a5a55f3840faf9ec70b6fc8afb058d86af296294cbb960fce40b2be37

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\bun.png.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A

Filesize
2KB

MD5
51c021f2f31bf67078f27fed5103a87e

SHA1
75362c96c50c304d063b0ef1e83d4243b981454d

SHA256
cb15b3f56f24048e4c9ea059590de9c36413ae3ac5f2b24d1877176bf7f22093

SHA512
1535015fe318323ffd31cc584145aac3c9d906d6b7b349d17ead0849c26c114224b885400364f115a31653a8e2cb47729d6cebb9efb9ab58cebf23bc1521a53c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview.png.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A

Filesize
2KB

MD5
21623b58f46cba3ac7e599a84344b888

SHA1
372e9b447ede916a150bff697ed89ea7d2e0914a

SHA256
a12ad86abd2ba68c19680304a557dad4de074d092bf4df4e8f216396be66168d

SHA512
747cf130cc5c8dcaac9ff5be16b4c6aa1c94ff1add36ca3a54ce722c8f6c8c1a9bec6213a8587a7071ef6320241376434a92e38c3b78faa696c9b795bdb4bdfd

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview2x.png.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A

Filesize
4KB

MD5
ad81d5aaf3a04404a62585772065a471

SHA1
adfd55d383acd3cfb0c5a26291ead6dc85c1c5ea

SHA256
6fd13284721d9bc4cf920b4b06448c5b78a35f596970f4fcf8313a5a224bb78a

SHA512
c0bd9f20ba2e7fe59da1e33a01c2e783437e91fcdac622085721169bc4f8bab38fc9bd84904925db126ff15d068b9e15ac7e9648e7d7535a2ef4d63df7db7682

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small.png.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A

Filesize
304B

MD5
a433ff61694f8aabf1afacdefa132526

SHA1
6bb376a7a9660ba9e80dd7e263124bb2cc6d195b

SHA256
1de69263c78a008e9c2ddfaa2a6c732c7bbe71a149f847ee89651b3294fb89d3

SHA512
58e6a7cd4532182f037ab94858fb9bbc33b4dd2ad90a1db333762d3c16730369c3b596e70798ec5c3dbe886aaff389f2d8ce6d571608e6e581e0afd640c7a4e3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small2x.png.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A

Filesize
400B

MD5
2a8116c5fea3483e226f7fbfa6845d80

SHA1
00fb1a1edf025939c8d74fcfbd0f21862e813a26

SHA256
004b70340829ca237137270c197ba60a0a89686a88927123bc2705ace3804dd6

SHA512
4438bf0c77e2e282b772e6aa6b976d1dc743d955262ec8545bfb66740cfac5dc23c0a1fcdf37ef595e2e2b3e8b5afb6b2c8e45ca618858a0cd03134ddd80a658

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\nub.png.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A

Filesize
1008B

MD5
8e80d3865132f2c59d18a68745267765

SHA1
551561f585c01d2f997e7e830983a9b103567af8

SHA256
e921e47a0a2588150a35d36e59ee3720c8ef0eca0159b4b30159fda6360f1980

SHA512
6f0fae906a4a9e724d4c505c24800e16aabad89d3158a35368b8848a5432833047b7858561fb7b5e1b7c043c4608fe9021647fdd8f3aa2ace167401a8d3ce11a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons.png.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A

Filesize
1KB

MD5
830c311a1535ecfdd7ad7c95e5374b78

SHA1
4859b44739a0aad084834d9c24431c715f55339b

SHA256
7a94a274584960910ba6ccc003589fce71d50ea143769a06dafe313c973bf9bb

SHA512
df5b286e897da5c34bc2554f69bb4c62262f8d1395633840678f556ec315dcc0166b542738c71b86fc6e3baa631916c168b4404fbfd034779db00c1b3f87a98f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons2x.png.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A

Filesize
2KB

MD5
7646b307cfe48d3761e3cbf007a7a312

SHA1
1975fba0b92317038d6eba9bcc16818b4ee57871

SHA256
decb55bf6776a161fe49315e9fd7d710b42a6811421f418336e208173b9f2c38

SHA512
26e2e3c115493214523ea8feff52cd53c551e580de4b0d2cc2326da544a0594852b35314995b50fb47eaae176811c6b3bc3b95a6dbcfd372f85145b1d9a8cf55

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\nl-nl\ui-strings.js.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A

Filesize
848B

MD5
0ac8cb99226cc4392d526e53f9c84832

SHA1
607917389a1825c6b28345f20fdaa0a00069f5d9

SHA256
887aefa61f46cbc660bb56800540a66ea0025f78b3abc5287983bf6bc23c27fd

SHA512
c3e18e3736c9551f1beb328db49d98c15c5297fa443fb2f9a86bd7fd79af4e1dcd92ede8630562a8f96161b330b1043c3b9fc72efd90647bcfef2959d4fde255

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A

Filesize
32KB

MD5
051b1db747b372899a22ef62c9d73a00

SHA1
478af9f59af40c61646067bb46c1b70a32cd3209

SHA256
bded80fc8990e348f5cd1ea35e16c6e396980f37656c243d774a2680e276542d

SHA512
587b787c83b17b3522503c523b5dd1f9dedae3a652a0abd9a6d2adacfa38e0d07786ee6738d08a597702e8e9237d9f6921074f13b5b04dad46397961ebda274f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1f9d180c0bcf71b48e7bc8302f85c28f

SHA1
ade94a8e51c446383dc0a45edf5aad5fa20edf3c

SHA256
a17d56c41d524453a78e3f06e0d0b0081e79d090a4b75d0b693ddbc39f6f7fdc

SHA512
282863df0e51288049587886ed37ad1cf5b6bfeed86454ea3b9f2bb7f0a1c591f3540c62712ebfcd6f1095e1977446dd5b13b904bb52b6d5c910a1efc208c785

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
60ead4145eb78b972baf6c6270ae6d72

SHA1
e71f4507bea5b518d9ee9fb2d523c5a11adea842

SHA256
b9e99e7387a915275e8fe4ac0b0c0cd330b4632814d5c9c446beb2755f1309a7

SHA512
8cdbafd2783048f5f54f22e13f6ef890936d5b986b0bb3fa86d2420a5bfecf7bedc56f46e6d5f126eae79f492315843c134c441084b912296e269f384a73ccde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
d1cb6de0dc2abaa2fa8ae2081d245237

SHA1
59568ae4aa2ba4f54807b8be87a4ac0435033e8f

SHA256
cbaa0f763ee58f60c860817d1f0d6ed14e1fc6ac81551ff2668931ec44b0c356

SHA512
6c0d0b949bfc79886cf76ce217c192b58addb9f515938da785c451fa0c085a888735eb4b5e8a653fef5913433339e6d9497b6bc956b8f2671edf229f43baff50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
d0acc9fa667a0a9f440cc9bbf02de4e9

SHA1
0b67b2a45ceef91e9811480bfcebda35a890fc19

SHA256
82d5f8649866312ed6ecfd5b33ff9964032ab2bde746be31bcfbbfd3a0dab6f9

SHA512
c0fd6628aea97389c8463bdcee51334918375e2fc31bba889967fa144b363a74869c7d8364cb78ed50f607cbf0d7ff04adf58bf213892451f258dc2a177edaad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c0d61537458afe354200776620c99cb4

SHA1
4211582a31a5e37e2dc07fde1c7e85d11aa35cf4

SHA256
322088f7eb46b71a9e6f85400967591c53289e25854fa8eccd6e12a74c8529d7

SHA512
a9ab1f77e9a61e1f4ce52796430a01d3b906ae6d4548ee8c132d88225a4aab9e108d5307124367c1605a81931a6e5c5afdb9172ee0ee031d7d2ca6da1ceefe9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
5a8afe6bdea020e3e3545da3b15bf567

SHA1
f00880b4913bbb4b13e900798bb2aae90b1cb79e

SHA256
13c31d53e25ac533ada91500546ab0f7f0e79007e885dc0c72d65954933a3dd6

SHA512
887fa1ff01044c48507c099ad52bc7637f62e8af7a69be719a4b6e0bfa055664735123bb3db930998719af3428a634aaad859c33ff6f5e988d3912898e2e7c08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
53cc10e4fb01ced55eb59ac9ce70e4a7

SHA1
925a9d3a7c967126ea3a93d1141197993193db65

SHA256
ca82857f44b532f7155f88a94e8124d84481423e8c2d0c97bf01ef5ca9c84c8c

SHA512
bd0cacc4ef46c38662ff4c8f63d948631c859716f5c1064d27665cef772e176023db4bd74684e2870fd90e9505d2bcb6925b7aaeadb50d5d37cd843723182f1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3a742bc9e5febccc1c5344cea2d11a18

SHA1
978e437cd365ca5b4f664cd08a051ea714196a4a

SHA256
d1aca25db5ce6cabf01c96bae74926bd46c4fb182f9aab234bd403f6e3b88019

SHA512
22d0a4df97c05b5c087cca09e30895bdd2f9210707970fab923d38c846d90f098ee77386985bb0a7e9b0025e751b0831368c100ed6dc5030dadadb05cd81fca7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2c57e370c5ee314dcc5ccc25a9c19221

SHA1
1d1a3dcf81e7954afe7001bac25a5fbc0a964474

SHA256
f4f81fa61640f8aee3098f512dc5ba0a2c8e3f67fdb6b52c2a3da5e8f7f91273

SHA512
6ec44fdd81f638b161fbb941e919aefea08f7f2898271744982b1c7343ef9959d398abefcc1a6c260b6de3baf0d1c1dcc1cb8a4cff3f8563736b3fb6ee269810

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
24379d2193d2238dc4a45aaca0234f13

SHA1
39cd5203ab9f1e7b1bf6b26e0cd1f7ddb655f5c2

SHA256
1e34ee2a257d400c03fafa78e6c81c43dacb89d58c6cee4be5cd060db43cccea

SHA512
b11e8488822c97eec281f93386f2c638f4239513f994e7ef8fa9483237b1cb0f60562a6db0e5409a06c8bbff9d4026287590bde06539dfe4c9e108b2b28c68b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
16ff640cb451467267da08524dc0f982

SHA1
3bcf37e22e352ed095b04c85a19b2f6f93c8a37c

SHA256
536bf2509de2b31943b20c992d445e835497fb87803ff356c2030f65936f85be

SHA512
4e4e38efabb752d29a919c29ad0a2a081b15dea0f929ce9b6daf82028903b554d31f1cd05208e38e38b9169c6ad3395f99cfdf044eae4d29c58a47fedb70a5cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58530d.TMP

Filesize
1KB

MD5
2f0c8833be17d180ceac6a94301c1828

SHA1
9d25178aa741f29e4433d6c0c02350173d4792ea

SHA256
d1893706ba6957ccee8b3547b12f16802c78cffbe526961253d2f2e9b62f8501

SHA512
a130afd5767447079cb3c8bcb12b3382ebe0ad0b72fde697eccecffa00f2921cbd491e641e1f9b66c23d5549785907de11905f167a54dab23bd0e9cf492386fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
bec09326d88be3b3375dc8ad5a295f19

SHA1
518e131b669b3ab26d6a214792b5c896621b3042

SHA256
19da85c28313abc59e365b28cc0bfa5db6b86fc918520281ca00d6a3c39227b1

SHA512
1b6b94077feae4621959b1fcad61efd0489d0d05a0080e750db88906fd55164ca1bf3ea1ecc9ff1b16bfcd2ba25cd9ab52c0d9671a8771426834512b87316d2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6b035132e5636bc17c8f2f523e3d6f34

SHA1
490a2d114c21f20fd2f3ccff3a7c245e22269a27

SHA256
4b465fa96aa216cf6f5bff8f318143f3fd553ffe451aebbaf46394db257858b2

SHA512
0dfc69dbf1b8ab434bd04b7f2d25c196df1537cf24a6852ae92dbab1fac61f3d9047a6967d8ac9d9a3c2faa9df677659f1a24cd95f23787f0bdbadb73ee262d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
bd1c67527cd224b1250b3e2ca68ccb12

SHA1
a4bdda30268418c6a3591c0c17c0ec64e4bad7cc

SHA256
6e800a7d3d1f328ae3d26fe1e67dd6321f3931b4cfa30d8eeb34bd4df6d6c58a

SHA512
5d30ae371a0a4b459581dc534acb85ff2c6947ba9a9dd7b91ec9cd41f263ea507052e6919ee6959acb241b50657545c4bf42b81f1104c966cbed04ff55d3369c

Download Submit
C:\Users\Admin\Desktop\UninstallGet.ppsx.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A

Filesize
512KB

MD5
d2b7a35cd8ada553218017f7672d8bee

SHA1
c6117cb9e1ae2ff1b167866b557099b85839f21e

SHA256
d9e91c63a6faecbcc117dfb24783801439136494c07be00f1cb7f94848b0bf9e

SHA512
18c75f0ea3f68a01b9a6dd2dcca094977074027c1dd1d2c181ad0fff7d03b1942ee78aebe2acae207ffb80ee4919839a325c19c2e0bbc5d3b7d9afcb4f789f60

Download Submit
C:\Users\Admin\Downloads\InfinityCrypt.zip

Filesize
33KB

MD5
5569bfe4f06724dd750c2a4690b79ba0

SHA1
05414c7d5dacf43370ab451d28d4ac27bdcabf22

SHA256
cfa4daab47e6eb546323d4c976261aefba3947b4cce1a655dde9d9d6d725b527

SHA512
775bd600625dc5d293cfebb208d7dc9b506b08dd0da22124a7a69fb435756c2a309cbd3d813fc78543fd9bae7e9b286a5bd83a956859c05f5656daa96fcc2165

Download Submit
memory/4708-3585-0x0000023415EA0000-0x0000023415EA1000-memory.dmp

Filesize
4KB

Download
memory/4708-3591-0x0000023415EA0000-0x0000023415EA1000-memory.dmp

Filesize
4KB

Download
memory/4708-3589-0x0000023415EA0000-0x0000023415EA1000-memory.dmp

Filesize
4KB

Download
memory/4708-3590-0x0000023415EA0000-0x0000023415EA1000-memory.dmp

Filesize
4KB

Download
memory/4708-3592-0x0000023415EA0000-0x0000023415EA1000-memory.dmp

Filesize
4KB

Download
memory/4708-3593-0x0000023415EA0000-0x0000023415EA1000-memory.dmp

Filesize
4KB

Download
memory/4708-3583-0x0000023415EA0000-0x0000023415EA1000-memory.dmp

Filesize
4KB

Download
memory/4708-3584-0x0000023415EA0000-0x0000023415EA1000-memory.dmp

Filesize
4KB

Download
memory/4708-3594-0x0000023415EA0000-0x0000023415EA1000-memory.dmp

Filesize
4KB

Download
memory/4708-3595-0x0000023415EA0000-0x0000023415EA1000-memory.dmp

Filesize
4KB

Download
memory/5168-389-0x0000000005750000-0x00000000057EC000-memory.dmp

Filesize
624KB

Download
memory/5168-3581-0x0000000006AC0000-0x0000000006B26000-memory.dmp

Filesize
408KB

Download
memory/5168-390-0x0000000005DA0000-0x0000000006344000-memory.dmp

Filesize
5.6MB

Download
memory/5168-392-0x0000000005850000-0x000000000585A000-memory.dmp

Filesize
40KB

Download
memory/5168-391-0x0000000005890000-0x0000000005922000-memory.dmp

Filesize
584KB

Download
memory/5168-393-0x0000000005A80000-0x0000000005AD6000-memory.dmp

Filesize
344KB

Download
memory/5168-388-0x0000000000D70000-0x0000000000DAC000-memory.dmp

Filesize
240KB

Download