Malware Analysis Report

2024-11-15 08:47

Sample ID 241110-dmhc7sxpet
Target https://www.google.com/search?q=cool+pcviruses&sca_esv=ebb47a98c5227d4f&rlz=1C1RXQR_enCA1085CA1085&sxsrf=ADLYWIL1jJ6tEozOXVwK-t4j3efTK2g6Cw%3A1731208009235&ei=SSMwZ72GDsrV5NoP_L_Y8AI&ved=0ahUKEwj9zrCz5NCJAxXKKlkFHfwfFi4Q4dUDCA8&uact=5&oq=cool+pcviruses&gs_lp=Egxnd3Mtd2l6LXNlcnAiDmNvb2wgcGN2aXJ1c2VzMggQABiABBiiBDIIEAAYgAQYogQyCBAAGIAEGKIESOUXUJkUWLUVcAJ4AZABAJgBXqABtgGqAQEyuAEDyAEA-AEBmAICoAK8AcICBxAAGIAEGA3CAgoQABiABBjHAxgNwgIIEAAYBRgNGB7CAggQABgIGA0YHsICChAAGAgYDRgeGA-YAwCIBgGSBwEyoAe5CQ&sclient=gws-wiz-serp#fpr=r
Tags
infinitylock discovery ransomware
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://www.google.com/search?q=cool+pcviruses&sca_esv=ebb47a98c5227d4f&rlz=1C1RXQR_enCA1085CA1085&sxsrf=ADLYWIL1jJ6tEozOXVwK-t4j3efTK2g6Cw%3A1731208009235&ei=SSMwZ72GDsrV5NoP_L_Y8AI&ved=0ahUKEwj9zrCz5NCJAxXKKlkFHfwfFi4Q4dUDCA8&uact=5&oq=cool+pcviruses&gs_lp=Egxnd3Mtd2l6LXNlcnAiDmNvb2wgcGN2aXJ1c2VzMggQABiABBiiBDIIEAAYgAQYogQyCBAAGIAEGKIESOUXUJkUWLUVcAJ4AZABAJgBXqABtgGqAQEyuAEDyAEA-AEBmAICoAK8AcICBxAAGIAEGA3CAgoQABiABBjHAxgNwgIIEAAYBRgNGB7CAggQABgIGA0YHsICChAAGAgYDRgeGA-YAwCIBgGSBwEyoAe5CQ&sclient=gws-wiz-serp#fpr=r was found to be: Known bad.

Malicious Activity Summary

infinitylock discovery ransomware

InfinityLock Ransomware

Infinitylock family

Downloads MZ/PE file

Loads dropped DLL

Executes dropped EXE

Enumerates connected drives

Legitimate hosting services abused for malware hosting/C2

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Browser Information Discovery

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

Checks processor information in registry

Suspicious behavior: EnumeratesProcesses

Enumerates system info in registry

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Suspicious use of SendNotifyMessage

NTFS ADS

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-10 03:07

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-10 03:07

Reported

2024-11-10 03:10

Platform

win10v2004-20241007-en

Max time kernel

200s

Max time network

203s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.google.com/search?q=cool+pcviruses&sca_esv=ebb47a98c5227d4f&rlz=1C1RXQR_enCA1085CA1085&sxsrf=ADLYWIL1jJ6tEozOXVwK-t4j3efTK2g6Cw%3A1731208009235&ei=SSMwZ72GDsrV5NoP_L_Y8AI&ved=0ahUKEwj9zrCz5NCJAxXKKlkFHfwfFi4Q4dUDCA8&uact=5&oq=cool+pcviruses&gs_lp=Egxnd3Mtd2l6LXNlcnAiDmNvb2wgcGN2aXJ1c2VzMggQABiABBiiBDIIEAAYgAQYogQyCBAAGIAEGKIESOUXUJkUWLUVcAJ4AZABAJgBXqABtgGqAQEyuAEDyAEA-AEBmAICoAK8AcICBxAAGIAEGA3CAgoQABiABBjHAxgNwgIIEAAYBRgNGB7CAggQABgIGA0YHsICChAAGAgYDRgeGA-YAwCIBgGSBwEyoAe5CQ&sclient=gws-wiz-serp#fpr=r

Signatures

InfinityLock Ransomware

ransomware infinitylock

Infinitylock family

infinitylock

Downloads MZ/PE file

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\System32\msiexec.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\rename.svg.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_listview_selected.svg.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\pt-br\ui-strings.js.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\fr-ma\ui-strings.js.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\css\main.css.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\js\nls\da-dk\ui-strings.js.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\msedgeupdateres_ka.dll.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\icons_retina.png.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\nl-nl\ui-strings.js.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\AppStore_icon.svg.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\it_get.svg.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\msedgeupdateres_el.dll.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_folder-disabled_32.svg.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_listview-hover.svg.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\plugins\rhp\editpdf-selector.js.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\el_get.svg.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\cstm_brand_preview2x.png.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\msedgeupdateres_ug.dll.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\fi-fi\ui-strings.js.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\fr-fr\ui-strings.js.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\ro-ro\ui-strings.js.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\fr-fr\PlayStore_icon.svg.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\pt-br\ui-strings.js.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\bg_patterns_header.png.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_link_18.svg.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\da-dk\ui-strings.js.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\en-gb\ui-strings.js.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\da-dk\ui-strings.js.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\themes\dark\new_icons_retina.png.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\root\ui-strings.js.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\main-cef-win.css.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\@1x\themes\dark\A12_delete@1x.png.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\illustrations_retina.png.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\lv_get.svg.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\ru-ru\ui-strings.js.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\msedgeupdateres_cy.dll.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Review_RHP.aapp.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\drvSOFT.x3d.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\illustrations.png.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\sk-sk\ui-strings.js.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\da-dk\ui-strings.js.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Edit_R_Exp_RHP.aapp.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win8-scrollbar\themes\dark\arrow-up.gif.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\images\themes\dark\rhp_world_icon_2x.png.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\da-dk\ui-strings.js.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\SearchEmail.png.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.371\goopdateres_no.dll.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\eu-es\ui-strings.js.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\sv-se\ui-strings.js.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\en-gb\ui-strings.js.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\it-it\ui-strings.js.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\hr-hr\ui-strings.js.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\images\themeless\S_ThumbUpOutline_22_N.svg.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\pt-br\ui-strings.js.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\ui-strings.js.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\pt-br\ui-strings.js.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\themes\dark\example_icons.png.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\selector.js.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_nl_135x40.svg.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\forms_super.gif.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Windows Multimedia Platform\sqmapi.dll.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\SearchEmail2x.png.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B C:\Users\Admin\Downloads\InfinityCrypt.exe N/A

Browser Information Discovery

discovery

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\InfinityCrypt.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\Downloads\InfinityCrypt.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\Downloads\InfinityCrypt.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 16313.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 590938.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 48754.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeImpersonatePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeImpersonatePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\System32\msiexec.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3676 wrote to memory of 2152 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 2152 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 4456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 4456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 1624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 1624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 1624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 1624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 1624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 1624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 1624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 1624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 1624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 1624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 1624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 1624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 1624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 1624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 1624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 1624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 1624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 1624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 1624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3676 wrote to memory of 1624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.google.com/search?q=cool+pcviruses&sca_esv=ebb47a98c5227d4f&rlz=1C1RXQR_enCA1085CA1085&sxsrf=ADLYWIL1jJ6tEozOXVwK-t4j3efTK2g6Cw%3A1731208009235&ei=SSMwZ72GDsrV5NoP_L_Y8AI&ved=0ahUKEwj9zrCz5NCJAxXKKlkFHfwfFi4Q4dUDCA8&uact=5&oq=cool+pcviruses&gs_lp=Egxnd3Mtd2l6LXNlcnAiDmNvb2wgcGN2aXJ1c2VzMggQABiABBiiBDIIEAAYgAQYogQyCBAAGIAEGKIESOUXUJkUWLUVcAJ4AZABAJgBXqABtgGqAQEyuAEDyAEA-AEBmAICoAK8AcICBxAAGIAEGA3CAgoQABiABBjHAxgNwgIIEAAYBRgNGB7CAggQABgIGA0YHsICChAAGAgYDRgeGA-YAwCIBgGSBwEyoAe5CQ&sclient=gws-wiz-serp#fpr=r

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe814946f8,0x7ffe81494708,0x7ffe81494718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,15217130779773404895,12128287164887164673,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,15217130779773404895,12128287164887164673,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,15217130779773404895,12128287164887164673,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2684 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,15217130779773404895,12128287164887164673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,15217130779773404895,12128287164887164673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,15217130779773404895,12128287164887164673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,15217130779773404895,12128287164887164673,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5404 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,15217130779773404895,12128287164887164673,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5404 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,15217130779773404895,12128287164887164673,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,15217130779773404895,12128287164887164673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,15217130779773404895,12128287164887164673,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3532 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,15217130779773404895,12128287164887164673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,15217130779773404895,12128287164887164673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,15217130779773404895,12128287164887164673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,15217130779773404895,12128287164887164673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,15217130779773404895,12128287164887164673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1884 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,15217130779773404895,12128287164887164673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,15217130779773404895,12128287164887164673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2620 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2160,15217130779773404895,12128287164887164673,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=1256 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,15217130779773404895,12128287164887164673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,15217130779773404895,12128287164887164673,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,15217130779773404895,12128287164887164673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6300 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,15217130779773404895,12128287164887164673,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6328 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,15217130779773404895,12128287164887164673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2160,15217130779773404895,12128287164887164673,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6588 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,15217130779773404895,12128287164887164673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6360 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2160,15217130779773404895,12128287164887164673,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6556 /prefetch:8

C:\Windows\System32\msiexec.exe

"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\BabylonClient12.msi"

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 70C6C51E10F40C75AB6C98E5F3D34AAA C

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,15217130779773404895,12128287164887164673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,15217130779773404895,12128287164887164673,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3564 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,15217130779773404895,12128287164887164673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2160,15217130779773404895,12128287164887164673,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7052 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,15217130779773404895,12128287164887164673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2160,15217130779773404895,12128287164887164673,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6940 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2160,15217130779773404895,12128287164887164673,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6788 /prefetch:8

C:\Users\Admin\Downloads\InfinityCrypt.exe

"C:\Users\Admin\Downloads\InfinityCrypt.exe"

C:\Users\Admin\Downloads\InfinityCrypt.exe

"C:\Users\Admin\Downloads\InfinityCrypt.exe"

C:\Users\Admin\Downloads\InfinityCrypt.exe

"C:\Users\Admin\Downloads\InfinityCrypt.exe"

C:\Users\Admin\Downloads\InfinityCrypt.exe

"C:\Users\Admin\Downloads\InfinityCrypt.exe"

C:\Users\Admin\Downloads\InfinityCrypt.exe

"C:\Users\Admin\Downloads\InfinityCrypt.exe"

C:\Users\Admin\Downloads\InfinityCrypt.exe

"C:\Users\Admin\Downloads\InfinityCrypt.exe"

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap13408:228:7zEvent29051

Network

Country Destination Domain Proto
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
GB 142.250.180.4:443 www.google.com udp
US 8.8.8.8:53 4.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
GB 92.123.128.181:443 www.bing.com tcp
US 8.8.8.8:53 181.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
GB 92.123.128.167:443 r.bing.com tcp
GB 92.123.128.169:443 r.bing.com tcp
GB 92.123.128.169:443 r.bing.com tcp
GB 92.123.128.167:443 r.bing.com tcp
US 8.8.8.8:53 167.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 169.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 login.microsoftonline.com udp
IE 20.190.159.73:443 login.microsoftonline.com tcp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.110.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 154.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.110.199.185.in-addr.arpa udp
US 8.8.8.8:53 collector.github.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 api.github.com udp
US 140.82.113.22:443 collector.github.com tcp
US 140.82.113.22:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 22.113.82.140.in-addr.arpa udp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 71.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 www.babylon-software.com udp
US 174.138.88.129:443 www.babylon-software.com tcp
US 174.138.88.129:443 www.babylon-software.com tcp
US 8.8.8.8:53 129.88.138.174.in-addr.arpa udp
US 8.8.8.8:53 edge.marker.io udp
US 104.26.15.104:443 edge.marker.io tcp
US 8.8.8.8:53 74.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 200.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 104.15.26.104.in-addr.arpa udp
US 8.8.8.8:53 s.w.org udp
US 192.0.77.48:443 s.w.org tcp
US 192.0.77.48:443 s.w.org tcp
US 192.0.77.48:443 s.w.org tcp
US 192.0.77.48:443 s.w.org tcp
US 192.0.77.48:443 s.w.org tcp
US 192.0.77.48:443 s.w.org tcp
US 8.8.8.8:53 api.marker.io udp
US 104.26.14.104:443 api.marker.io tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 48.77.0.192.in-addr.arpa udp
US 8.8.8.8:53 104.14.26.104.in-addr.arpa udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.32.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.110.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 arizonacode.bplaced.net udp
DE 162.55.0.137:80 arizonacode.bplaced.net tcp
DE 162.55.0.137:80 arizonacode.bplaced.net tcp
US 8.8.8.8:53 137.0.55.162.in-addr.arpa udp
DE 162.55.0.137:80 arizonacode.bplaced.net tcp
DE 162.55.0.137:80 arizonacode.bplaced.net tcp
DE 162.55.0.137:80 arizonacode.bplaced.net tcp
DE 162.55.0.137:80 arizonacode.bplaced.net tcp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 c2d9eeb3fdd75834f0ac3f9767de8d6f
SHA1 4d16a7e82190f8490a00008bd53d85fb92e379b0
SHA256 1e5efb5f1d78a4cc269cb116307e9d767fc5ad8a18e6cf95c81c61d7b1da5c66
SHA512 d92f995f9e096ecc0a7b8b4aca336aeef0e7b919fe7fe008169f0b87da84d018971ba5728141557d42a0fc562a25191bd85e0d7354c401b09e8b62cdc44b6dcd

\??\pipe\LOCAL\crashpad_3676_GUXXFVYWRCGOZMBT

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e55832d7cd7e868a2c087c4c73678018
SHA1 ed7a2f6d6437e907218ffba9128802eaf414a0eb
SHA256 a4d7777b980ec53de3a70aca8fb25b77e9b53187e7d2f0fa1a729ee9a35da574
SHA512 897fdebf1a9269a1bf1e3a791f6ee9ab7c24c9d75eeff65ac9599764e1c8585784e1837ba5321d90af0b004af121b2206081a6fb1b1ad571a0051ee33d3f5c5f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e93d2b103779be823e4ad4bc5a5304ab
SHA1 4b061c10854448fe18d62c1a38ec0a8a8f8275fb
SHA256 1a819a71f1a9c47ddce9df54f7208d8289ef4dcd32624b1345d9a0b3f69d4d75
SHA512 43e411e746fb45d8f7f3b360189cfdd4aaba215e86123957109c040844975f738589e1a491ac3504f05e858c1e68377d6e8e7d79871e38d876d9a530d045454e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

MD5 e579aca9a74ae76669750d8879e16bf3
SHA1 0b8f462b46ec2b2dbaa728bea79d611411bae752
SHA256 6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf
SHA512 df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5094b6a2d5ac44fe0a644ae21fedbaa3
SHA1 bf9eeca5f1e35704fcf619ffada224d059cf769a
SHA256 12807e46e20de436719e0fc46cc0d36c2fd4d17bf77591c2a97af92218de72b2
SHA512 3c726c33b737d8de5263358ca419098c367ef6e42843a97db1dfc283e754996cd8410498c3f5115ca68a00f50d8170b1deccd9fffb0b83a8283133e51400f56f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 38e84aa7b0ecc68066e3355bd60049e2
SHA1 52a15c51ee4c6d8731370776dc579723945782ae
SHA256 ad2d0f388ffb02babc5915b82adf096421cad74dd4c26f4a71a5f587b0108aba
SHA512 892d08457e1c2ef6bf7208336efb4577b90775c36f15eed7258b2a0a762abb0a81e7d69d9f30deb5b02cf8010f3fa56f2460f59230eec4b202edd15fd33e0b6d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ef70cdb0d4780e0f5513ffc359d27c0d
SHA1 92b4e83105450560917d4a43e5766c78be2c0a95
SHA256 d3b9c445e65ea0f258eb376137ba105117760406a11adf96dfd40e1f226b7418
SHA512 9b50448297c548971d60aad7f0d8ccc0a4c9f37ff2af6e985134fe2698b4fb6d62f52ca99e8335b14276b0e923e6ac30c52e2b8e6d5e0d0dbaebe170fd4ec527

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5813b2.TMP

MD5 bdaad181f22a617a8de5836811b13eff
SHA1 a6ad3ddb14c62062d87c28dc9febe75f0dc87d28
SHA256 5c3d5b118105f38e2dc6f25ba49e9815c8c4923f2005d5b0eaa420c45f662fdd
SHA512 c4f076a3fd019568498b091a15b55e35176c9d14c9f8c623ad22f66c02a57c0f1eab63ed29716339b66895fd051f18965ff62ec3c3f7a36eaa874c5152099652

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 fb8035304816b869ee2e5a91a364f4c8
SHA1 486c2564238280c79eab7a82dcd5dffd8b4d20d9
SHA256 59d8b2db2d4ba0e052c8691122c190a8fdfd053f078515b14e16d4555697bdd8
SHA512 91902f91fc3792af9e181a03a921be1592fdcb18cbca6e0f682975ce26683dc5cf71a93e70d93ddbcd7703e4ea563295176da5e16e7c0577c6bc86857fea0103

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 dd81e6c1723818a554e2152fdbe5b631
SHA1 4254d3f715f71fafc92914aa92cd9bca65406bf7
SHA256 51dd5d6e05574099105991897e50a205c147dd8a437601fddd66af088afe802f
SHA512 c34804f21d7524cb6a36a6d29b9de58321761bf854a35894b1863f491c24238e963c519868a66cb7f8a9378cbbed89c6a512cf50a6f0425ec8d043eaec5684cc

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 a15e73e9125aefb4db7027f1a9b7dc00
SHA1 b5dd3ccc7f4e50fc4537e8b6e7823c59c32d43d6
SHA256 7c9d5be1af683acc5a63966cd788c1e144b8ab55bb291a917dc5755ec110e582
SHA512 75e4ee199d49d455ea6dd52f3d287308f48564faaa7ca98c9aed9e3e5ce36c24d325727d6489765fa6e425c471063274fa9a5f885dfd2491e15dcaa36eee941d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 675ea97fbb812fc2bc6482f8ae8005d4
SHA1 76ca1a6e41238c45b3dbb60e6b937c55eb057b93
SHA256 0411d72aeeba3dc169d65b2820105b02505d1eb5d507071b3be97cf97f466988
SHA512 af6ce71514a9b97f5462b9c8e2d5215822e645d2ace1a26c343606c3d1a718dbc87b578c63e3d187115b3d3003fbc36a58f9584b84f935e7df8a29f06d8e02b1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c289a20b40c9a9298b95c291cadde38f
SHA1 91f5fe2adf298bc8f7a7165915573477ff72db4a
SHA256 256864295d03fc8b9bdaf7a8961688d76b63d0a0de6cc408365a6576a4306a4e
SHA512 facc91b8249dc86bc8e4ba37f1c8eeebf3e2218933350f2ec06e662f59c474790c7b32c87151d6996833e8a1f30b5683d0447ca40ad226569652a5f9c897ca4e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 943bca85be4b072bd31674b132392af5
SHA1 fd0e6312b23cefbf4f8fb12680e8635a38a6071a
SHA256 c29dbd988a7b1884e9e49ff7cbd9a3576e3615a9286c2a13151f3572f22f6924
SHA512 af7844a6072946371257cf2e0658c48c6674dd82cbf47603b303a2895dcd1b467986ec18a59d10ea56b33a7bc74ec5119b32d6d70d9d446bb204dcf37832b43b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 9bcf582c8eadaeebf2999957fdea108e
SHA1 822178a74d84f5a1e0eaa3a0567a1aacac66efea
SHA256 faf89119ce3d63060589ce3f9d2f9735eef7b1c9e365bfe88e28e2ef5f0a605a
SHA512 f13a43e312d8b7df60e423945ada86753e54ee11641e002b32c411477aa2ea5869af511841a8e450da7df607f7ed498502b12748157d7eac1c93711304416dff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 884eceb0c02365582955931e93603d30
SHA1 2ce51a6db17f57a8f0a25a9796aa4f229386d4fa
SHA256 1b6e35da82936d7d383453913cfd6e89cd0f784d4b89f067a46310d519ef335b
SHA512 3537781906cbfeec5ee4620c99c3f077071b6777bd0479c55d66c9c1fb1acc1f4213cd1f5d9cb0cdc3762970552b91202fac1f2828737779a4db53ef1c1b8542

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1bc063b79ab1204588c92e96fd97a183
SHA1 5672bdd773c584f4364db1fe451f36a35f4031c6
SHA256 115fa0912f94a4154bb0e4857e9449031d3280d4a14849345c8bcacb28e44c30
SHA512 c587d09b6ec15b1d3763e16c07536fb5ac194ea6b31440e8236fcd3a1fb29ae4f9f16fb617202ac791b391da29af077b95fe21d45eae2bbfff070b4410898c4a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_2E76130AF11138F39D76E0D756C0740A

MD5 1e94457a287807f497f9b347d27b0487
SHA1 bf42fc325242b3602cf84cef760f9b5ca8e0ec5f
SHA256 97f5eb864e2f16c5d6f3c810a7e81997259658dffe795de27d2b17f99ff4f4e6
SHA512 95d72581ef1e90fe6d5302f13a104a5105f2a64418c27ab620afcc4281b4a7520f3f0006fc09a3c1997ef66ae2c897df41487c1b98c7b8c273842ee734fcab96

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_2E76130AF11138F39D76E0D756C0740A

MD5 efb7026babcc7838e12685b2824b70e9
SHA1 0cd07ea544177b97cce17ea099ccdff98c7b29e4
SHA256 fef61d2cd6660717437ba2e1b14f1287cf995493667958259c9ec1384b30038c
SHA512 d88923ff874ddbf50fb7b13201d8c204bc617fab3a4cf9f15631be8321a3c8e0f40817c9127e4e5bcbb53fe4e412cac1c1c7e996901ea4a052126d5a55893ce3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

MD5 1425aae2b6e15ba77c0c4a8304422e63
SHA1 3c301b32c8d4193684f452a9c921d9135d085b6b
SHA256 4e948a3e1b38aa343e468510884a96f9def3270519b53f2e8734f1698fd954a9
SHA512 a9ecd4864f1139c8aa5aa5534a3cfb136b5e91121eb9d654a4b1dbb6149e5732d10bd5cbaf95b574848d06403c9cf1e096c5c7cb06bb6f41c3d116af69fe2262

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

MD5 99c7c19228218b556fa9c6470fee4d36
SHA1 14df0bda77b6304bd3d3a3787c0903665066f9d3
SHA256 3bc29395951b53f5fb1462f79bc765b741ce1d2a7657aaacaa88f4d8f5065b96
SHA512 0a1b9d4cfd8315848e1fb281d2733c3b9bf0b7dfa9589da575918569e9cd3069cb622b53e7ee5c6b9a21952b108fbc3ade9aa631414f41b00b585a0e79a58c2e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

MD5 766cf5cd1ccee5f31bf4332b8c8629be
SHA1 b2937666b4f615601081a7e1bdaee0326b820e38
SHA256 1e929742ccc963109fe468e0efed37be626873b4d70006928d1ce413c4019c69
SHA512 242343410a5d8ebe6e9d8d0b2fe833e9320068ae163ef02eab7cbb784afd66eb5a9e210cbc12ca419f559e3366d790ccd541e9027efc244ead30035abef6c538

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

MD5 14aa5424c48c17a60ae784bda406b590
SHA1 99326a10252526c4df346ff1a9d9fc73a9946975
SHA256 c5168fd8e9783f69e56e465a1f8e750f1a6df8c5c9a7b20ff410e718b7b02dcb
SHA512 e38f7900ce98bea3178b2c6bb6d33dcb64b22ab0ba97a4267c2cc4b9f9e883657c1eea6d081297deae418f072268a578dd24f5aa2cdfc7a24ced85c3ea1d448d

C:\Users\Admin\AppData\Local\Temp\MSI2551.tmp

MD5 6425466b9a37d03dafcba34f9d01685a
SHA1 2489ed444bce85f1cbcedcdd43e877e7217ae119
SHA256 56f8ca5b2079bc97a7af9c015ed4b6163635baef0d9a287d19fc227fc330c53d
SHA512 62f4c79d165282db14b662d4242a065af4c8a642f2023032ab5a059e2d6001f0b80e9a0562989013acf01a80a67491be9b671e6bd99220cf9d4fb44a17719371

C:\Users\Admin\AppData\Local\Temp\{09EAD19A-804B-444F-B17C-15F8C5837E63}\BabyServices.dll

MD5 11bf30b923d096bc73918c6079a927d3
SHA1 c75809bb25651e4e94a0dcdb2d124e64dd49287f
SHA256 60e601066d4a203e39eefe70ac05e1aac9b45f47f532e038affa8dae4e009275
SHA512 3f22b336df3a311ae707132a0451c83642683a01e1d0dd1b01f7c4f182efcd0bdec4c3effe02321d0aa619226f80853356e7e8692c443bf2f74a9ea382b3f03c

C:\Users\Admin\AppData\Local\Temp\{09EAD19A-804B-444F-B17C-15F8C5837E63}\BException.dll

MD5 a2d4928c9836812735b3516c6950a9ec
SHA1 01873285eec57b208fa2d4b71d06f176486538c8
SHA256 79ca108d5c51259d8fb38ed1cfcc5a70e9cf67a5954e52a4339b39ff04fa20c8
SHA512 d03964a2bb597bf0fdefb787de3b462010c4cd02d286b16587a03b5228553a307d1b8f472c312e0d8bb53f21570aa5b112d85193cf42b83ef33fb7905855eba7

memory/4516-590-0x0000000003220000-0x0000000003247000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 86ecdc4535616e0a82494188a2c62ec5
SHA1 ae3d38492304096057e86bb7838a5b6cd50152d6
SHA256 7d037822404cccc5d452ba6fba06d2f65f899c81bcd936924051b914e3396288
SHA512 59f8c4f82883ee3a6aafb26ea51ebcd625d79a6c95abbe78901f074258e76df540c113256ff016cefda4a01e0fa276a726b420f58520e182754298cb9e59c7b2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f34c5ca025bba81d3d002ab711be252e
SHA1 3c1b1121a4bc9bccf99f6b89ba13e0d79689f724
SHA256 906af884db2d49fcc8832a83a7281143819ba7c83f498990d5cfafdf685eacc7
SHA512 69413c70bbf413f54421575219895699fd61b525201a8d1dad26058d4030269294dc0c1875babd53bddd472b8f7a5db965470873a449b0678c455215b33b9ead

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4b93d0dc304b9d9f6d5facc8580d5e44
SHA1 a59ee83a094a0bb7929b9fa62b742f8849ebc818
SHA256 2d93ff8f4bc00c36779ae7d2d551c9bec1b65ec6ac6757691c2e5288d0ebafab
SHA512 b486d65a8fa3d96b75f70c08e4fdb5e9c61d953c9ca66966067b44702a084607a080ba20d5c482a21a35ddcc332221ff8812cc1a9ee55abb076b8dbc3dcf3169

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 356e096b0e45fb06f8e2260cb15ed146
SHA1 d30a433454c818eab01cbc0192ed010eabd98373
SHA256 7b88d5aea08b26c83f9e63016e9413a372ead11c9e7765d018638569c4718a31
SHA512 2e60989465eaf19bae15332426ad8944f710842027d5adb4242ba4ddec7fa011fd4d8d2e86ec26f43b0594df2ffc9696ba54f08f7f3d0af4fcc902d34f7dbbfe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 e92f11bb54082ab297a368ac50e2fae5
SHA1 6f2e4cdf847fab3239bdaba2ef8afa4a628e4637
SHA256 20e19f3ba05c9eda79269f21afd58e412115f2de5537b78e5af25f17792140a0
SHA512 de45af3ec27020723122b8d03ecb03c0de6be00efcdfcbffb1faff54cc4b2065b38badf8455f077061044acfb449ee68ae64448dd7702358625c26823a0cee3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f5bcf889cf2118446cd2041f71ee5d87
SHA1 1f7bc795b2ee679f8303365029cb74c4711b3463
SHA256 520751add9bd74b8d7ca48ab83e8eac6b7c3faf90484a9f344d33e6a2bf643b4
SHA512 7356a7e011314b29c51ccb042f084a60704c9915e4df91af7baacef43acccb8f419820470505cea9b512ca1d1ed628e88796265928a76ef46298197c02cca0ec

C:\Users\Admin\Downloads\Unconfirmed 16313.crdownload

MD5 b805db8f6a84475ef76b795b0d1ed6ae
SHA1 7711cb4873e58b7adcf2a2b047b090e78d10c75b
SHA256 f5d002bfe80b48386a6c99c41528931b7f5df736cd34094463c3f85dde0180bf
SHA512 62a2c329b43d186c4c602c5f63efc8d2657aa956f21184334263e4f6d0204d7c31f86bda6e85e65e3b99b891c1630d805b70997731c174f6081ecc367ccf9416

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 836e0dbdc077381d1bce11a6df0e8370
SHA1 15825e000307ff12a7108b6eaa1bbf40f7524164
SHA256 1f4df71671347550dad8a3d449c455bbddc9204d946a50b9e80c292ef535b547
SHA512 272d6349b3c31a7dc287e74b18812eb17cbbdf6292b4cf2feb77ec2e6c7590027ca204a6d48bfae6d120810bc92947a11baf5f27a08864f69612f25a253944a9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 0616805cf46095f66019c8afaa5bbe05
SHA1 8ab2799da39f6a703768257b41fd4413856f5f21
SHA256 c8861d7ce586ffeb55aba4149c6d3fe8d1a957f2137a519511aceb41cb4c9921
SHA512 6bdbbd7cb5c9c03df0421a7286b36993431fe4a35a81a35ff1f021ec2445a877a73f538381a0f9fedf098ff3231cf361c257d5b805fdbb8a12df61908e3ed813

memory/1484-923-0x00000000009D0000-0x0000000000A0C000-memory.dmp

memory/1484-924-0x0000000005360000-0x00000000053FC000-memory.dmp

memory/1484-925-0x00000000059C0000-0x0000000005F64000-memory.dmp

memory/1484-926-0x0000000005410000-0x00000000054A2000-memory.dmp

memory/1484-927-0x0000000002CC0000-0x0000000002CCA000-memory.dmp

memory/1484-928-0x00000000055A0000-0x00000000055F6000-memory.dmp

C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B

MD5 d6abe9d27e1ad211678cd59bab3442ba
SHA1 a3e1508117268868dba33e678be2033ae926f537
SHA256 277526d41e1b78949c5f0c8550451db75cb9279931ad5c84d6accf7ff6dd24d5
SHA512 7784428711ebe531ddd265bbe9a260bf6a29a3cb8dd2b542680d783f99d494b626789f7a1c8ba1e89a52bff9bbe2dc9d405342fa3e4adfa2f83028d711d4a975

C:\Program Files (x86)\Common Files\Microsoft Shared\ink\dicjp.dll.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B

MD5 d76a8730d0a3f981c850bb757f2154ee
SHA1 132fa42e6e0d018b2727ac772e839a58ccf412a1
SHA256 bd2e7f888f65e2f3e0aae99bcdb8d094fff83798535696b429b5863fdaf0f145
SHA512 9a2a73fc55e3bcaac0304e22ad285e042fc2783688360257844b2d960f92b96a36cfba76f3b6033dba605b7813dbb788014b7d0abfcd119e3618db6b49d362ea

C:\Program Files (x86)\Common Files\Microsoft Shared\MSInfo\msinfo32.exe.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B

MD5 42940041efa31b458067b87ae80c97c4
SHA1 91ce789104250bd726a845a11e882d8f4b7d22e4
SHA256 65ba5ec9db45b74f3928ad3150414fc451675337cd5678311f8c28b0a9dde74d
SHA512 e7724809fe96fb152e0a16cd1da0b5b0d19eb92e9eaa52de316f3bf48f80a6975eb605f263a0d01c4fc4c1204b79cfdb935865d900a282ac7636d06239b89388

C:\Program Files (x86)\Common Files\Microsoft Shared\Filters\tifffilt.dll.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B

MD5 e23c3d1d232409b7c511afdc1be00b7e
SHA1 2f364f41ea962c6decfffdda2c1e4d6a65edd270
SHA256 25301593a231929e6d60a9c2e1ff064504f65733b7ad4567a4e8d718f6981bb1
SHA512 23f23ffd3732f8a63f6ecdc8e386685003b6d67dbe75b5c4e1cc02735059ed7d85d17486dffc8b5e31971ab78260502f17b8bde5f111d9a496f9432c955eec67

C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\dao360.dll.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B

MD5 6f4dd066def126d35e277ebc3d1e72ac
SHA1 bf7024ff72cf0343155f1056e64adf24c43a7862
SHA256 6d917534f6f3fc7d70ba653906ee677ec26efb28396e570dff467fd9b9a90b6d
SHA512 9cf1d25eef80debfa52765a11776d508f5d1da82cdbfeaf8adb804b67ee9d5b4bc2bc95484fbdb118969bf11c097c71593bfce357d49936752206bbf5da05ef0

C:\Program Files (x86)\Common Files\System\wab32.dll.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B

MD5 68f8addfe8ff6733ed5f83dfb3989748
SHA1 a726e9f1a204c09de696182539b28d048e1f8b1a
SHA256 0f050e677731641236117e9134f615ee6cc6806d34384aba64f221e89ab32afc
SHA512 f5af265743beb84b5b653d2d19c4088a87528e6a741ad64f604a7e6ab55a60bfd6bab1fea714591757a3ffb0e8b420bc96a83f2db65653e9f1a05a2ab697e9aa

C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B

MD5 6caee02fd00ffa93e691acbb88c71d3a
SHA1 1499f300a92776ffa6ab77675d80078095a06b52
SHA256 f8273f98795011028dbed500f40d5d364dacde94bcefe10c2ff98fd06e71806b
SHA512 179b601f3a50ccc1059cfbf792cb08d27168732a9d2177e3b08980d4b712f4b2f255e4eda59629bc8c35cd4f22c97f7899fa786491beda86c97562f7211ca9ba

C:\Program Files (x86)\Common Files\Microsoft Shared\Filters\tifffilt.dll.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B

MD5 b72feadbbd90f6570dd01caf6adb710a
SHA1 0e096870fa9ef1e1303d19760a81d182fd7d36c3
SHA256 2c413b8252eb0664ec34e7964c29150e4fd374b9b776bb28c26840b1c50a0c22
SHA512 bccb75e5e02bae8ed823d052c4977b7a76227b31df7ea06cacbfad8b7f226637eb2f46fabf8f451c30891481af2d0278cca64e57e88a4709f580cb439ab8321a

C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\dao360.dll.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B

MD5 1ecc6e4477e178ba0011ee436898956d
SHA1 c15252d197f68c6e6a8651e9672ff52111ad8fa1
SHA256 40f228a3b9486989a618f5ceda5721959ebc16144c5873ba52ed7ec6ac3d2576
SHA512 31901c09edf874bde280a6293cebcda1c7367e63b0e76b0fc694d5daa10bf9a48a0cd48b0f60fbd7569492eafd8cc0d43b634ad8e47e7aabcc7b3e9f9594bf6a

C:\Program Files (x86)\Common Files\System\wab32.dll.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B

MD5 22512533fd95a3618764daae20953936
SHA1 57f22d3c05704dec9c21a772790c7883977c3a6d
SHA256 ec8a866a6934683232eb9f180f1587dd3a533985351b2bc4fea6c37e937f0d70
SHA512 4ad82f172210c4bc6f9e2491efd27f16012c0d179c94b964cb95f9fc2d81ba7624dcb8789d9e621d3b877383ca8044b423732c88a72613fc9b77ce10802f8c2f

memory/2928-1603-0x0000000006D60000-0x0000000006DC6000-memory.dmp

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\icudtl.dat.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B

MD5 e49d3c14a42563febb758e2aee405bc0
SHA1 a9635a1315c58d7a400a87243b541a0f38436a45
SHA256 c01c85dc51ea1ef79a2ff8769b392e5989855dce9334bcec06fa605dcded652a
SHA512 445b47cd1e7549c09ce36a01e1ecaf778ba003a97e49dabbd0b812da21a038a538247a700d34eb24d03636f288ac7dbf81e3033986f653a1bc234524b6712de8

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_remove_18.svg.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B

MD5 c4eacb21bfe1ffe7677b73d1c683f930
SHA1 48abcd4d21d44b6e61664e3ddff089ffbcffaba6
SHA256 1b147b56f1f80e5bff889650e86f458e0e97d35a6bfbee719a3bf4227a7b7ccb
SHA512 f2e6d1dfb44885ebec1943aef74c3a5c527126175e31d1df330910e82b05bb1185749308a2bb45e30bd80423d58bc0abf22169e4abb2b633e475b8db0012201c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons.png.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B

MD5 aca28e8d0fd63ee7ee8d1b746f11bac6
SHA1 898c9ad1a35c70c856b2e03837f15d52b82c1966
SHA256 afa817e838c339c770d1d4be5401704ddb24629ff95b059baea01016f26b59b9
SHA512 61a68c758a5214ba922913deb16b1e0400980a29acd59ef01b2800fdf12c6d19ef8179f4a3f8fa7b893c06ef75171415a8ee6dd945404eddce399fb8325e1402

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons2x.png.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B

MD5 d9f4fb8d388e573c02c2b58c83da7b22
SHA1 13aa7693e4cc87bceba61c4e1c2249b014f553e9
SHA256 a48edea5d4f94a62e1ab5d8cf307a4f020cc70ac6a5982199448617654555203
SHA512 4ac4413ec0157e6fbe1f9546719ec2a574afd38e3f6ef66221f4a61fd0065143b78240599cce9afc4e74d97810c00b16237d63bfcf854163eaa3d82f012f4865

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B

MD5 0c4e0b4c9f799d8df882bee021324d6f
SHA1 95b175ecbc0bd36fa85a767efd8fde73c96405bb
SHA256 9b0bab080f0258af8cf9136f3db23a5106762a0e8a15f9b8da40d8eed4e27ade
SHA512 d1b3be63006aa9056fc726a3356057624015eb15a3b992e39e16f5c2216e5566f019be7541776d3282001ba65db6f8a4b094c64760d55ff55c40eb47cd5bdc42

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B

MD5 5f8f56b34ba830b57e84dce665f722b8
SHA1 af7cf9eaba28c4c4034f1bdfe93a699c5ebf0029
SHA256 8d9beacb64129df63abb5a1eaf39197f56f9d2a727b4de54df67fa0c3207e954
SHA512 42ae5b19bb50c6c600db9b316251db5a02047622c63702d593e6dd5e57b0a08c446c18b0606e8a8fb5c0a44d3cea4283be0692b7ece6c5a3c940eb7cda42cf1c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B

MD5 990c9a30c8e05839e310323dfbab6388
SHA1 387f1cdb495f9536e6565dba9d2cac7f78543d8b
SHA256 912e1fad80a99df8ce9eec31523be008fd3d6a3f3feb1e4e0fa52651aaf837c8
SHA512 5d78d0f3808ae947ea5f8b0ccf73487a86d2cd83f0ed2777ab1234de6fd45593532415fca79270a3d15476f843de8b9bd1aa6c8a42766d3c2ebc7581e6f2b433

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon.png.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B

MD5 66f1af92f9476838a561dd7d134d347a
SHA1 c0d6cdce73f1257d3acb6c80c1362ae3dbff94ce
SHA256 36c1a3389f98d91f840572c1d8be5aad4579dbb474dd309f74748064837e8652
SHA512 6473f103de432e3483d26466a654d7076c2a9e1b1b56ba7d0d0c7cc8bb3ce7ae239edbb7d9ace8c5dbda29aa16b5055c173b8d463a489fe832414f34d017249d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover_2x.png.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B

MD5 e7e6f9a304cf24cddd039c4c089761b7
SHA1 988c88f4adad5dc919342ddbfb13f328b40f82b2
SHA256 a84ed0dda447c1472839ae8a62320430b23a6aae87561bbf6a31ae180d2a146b
SHA512 eab35f3ad7ba08c1f7a6aabe1a5a569668bf143eaa5239f77d3a37a521d91a74f94b329d6be93f98fa33eaa5870061676a6a4345b2b595439857c4bc6e93b94e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover.png.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B

MD5 ac3a17a84db33eedcf9b4153858cea35
SHA1 87e97eddb03a86fb0a81ac299c718dd757c3099a
SHA256 45122f92f2e4d0173cc8c94b53f28494a637be1bbf5c82e3d03e6b8b400050af
SHA512 bebffeed7dc3f4c8f9f40a59c5fb009286f23359b2b8fc93581cbddc6d1bb957ff9c984d7e9addead695fd40950ca91fb2c9c449e7b53175fcb59b84f4f1e5b7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_2x.png.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B

MD5 45d5e6bd0d3490cc14fc06521bf96211
SHA1 be59706abeb26bb3f08e67aa1150a929a50463de
SHA256 8f34900934c9f2e5cbf70607991f27cec6032a3158ca2112ec198dab3cbc1d23
SHA512 879fcb3bc146755157a0f83778a9ba939579bf63691635f2762e87f2090135f6dbbffc4c75174b194865fc50d2ef2aa30e5d035703b5e3a64668fe0bd469ad31

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon.png.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B

MD5 e29bf9b0fb77be7feff908f62afff258
SHA1 b082d0a83119c61456d29eb466d6ade5706a72bb
SHA256 8a8a70b439c484c9ca0f304d9c15b7b2df0a09f67d5a89e6f8b06fa7b6c83027
SHA512 cb2f2b5a3fd8a0f3c35aa4f992f409e6fdfd5dce9abaf3e664db7e49a5f58580868e290d4dfe41bf77221e1e37bfa35ffd1b920555329da08f0263796b3e430d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons.png.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B

MD5 f7f65e100695769a50c52243962a91ab
SHA1 39a76cd75701743e9a0b03b1ed20fd53ea35a3d2
SHA256 f7aace08cfaaf0a10438c797f2be0adcf469ca0bb2d322b5b67e704ea03dc301
SHA512 20aad216fdcac35f3471c8336399aabed8eedc88b08b7fc2aa1096cb484034695731d28ac500b6f6eee43b1331e385407abad49a96dbd9abeb4acf1031787bc4

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_ie8.gif.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B

MD5 f5f254d9a43058c665e51ce36289d4de
SHA1 a6a9f52e145ba3c4368d175d0b17e54e296f80ec
SHA256 2796abde17c78315acf495622e6955e4e52af1c39dc3cf675e30ce873c667073
SHA512 aa6800c2dff3ca4ebf44f4ba15b13e244f175e372d25981af17b85530541339014190c20a532faa27cdf50a42ce20f3c9be164b7dbbea3a0c99211dca85b5426

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_retina.png.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B

MD5 311587de8bf1fc6c75bb68bdac201a26
SHA1 3acf5d4865ed0e1d0880a7d2236b74c0770dd0b0
SHA256 e8a0b24d531ae4567ebde529e4e0662d67e846115b86bad642c8fcbe13a0c462
SHA512 e3759f9dc0c289a437e78e1f18a53b83aca83654c14cf901ef502953df939aec948fb588d608a2cdd4e4d18c9d3aae9c0a506fdd62a7c8864040f12ef99e1d92

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons.png.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B

MD5 32076c3f387d16deb9846c7267f56486
SHA1 b33510720364dee8137f26eed72024dd8be774fb
SHA256 3ec725728830542578f72ecfea5c6551760edb5566d5eb91fd85cd27dab4e136
SHA512 26ff4a003be3ec1942df95008251ea8f86aefababb14ad9729cdd8a68487f2e5dce38ee1c24f097a38ad9a9f1f53cd59dfd7773dd24c7e170c4adf4af051a77c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons_retina.png.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B

MD5 b492d769ddf135bc5b6f6852cf2bf800
SHA1 366ec1ae43de6e8630c73ff0fab642ed5028e360
SHA256 bd4f16d2ea3c42b44999a07629686fcd7639aa47c3df034066fa2bb873cf1e91
SHA512 222dcd792e8ed64a1e0b75e3fc655e94a67f518e1d33c0e7bfc5a90a1aaa50878d81fb2ff78b674fddd2575563e798dfd5c193159593fb376cf5696116174426

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_patterns_header.png.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B

MD5 5498938dbd4937df604f3d93e65fe04b
SHA1 5eda964a89c49a75c72ebf5be84905ae364f403c
SHA256 af63dd80cf2e61008df8b39ca52e096920cb44ee1a526ac175fada8cd0e6803b
SHA512 a680a2f81b49196c76f52d4baa83bda853b77685d433a34635f7e32958057e89bd15f70df28d4c8e1332102b82afbc3defc6ae0f21a5361321e7b674789957a5

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_pattern_RHP.png.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B

MD5 5772472a3452a7a231dbb1921f81834f
SHA1 9e43fe334431e2c4f14a5ebc4da67a2f29ae5d23
SHA256 8fbaa00c85593922bc25077feca5c3a88c6d016c24f0a283ec7c02a4059ebae0
SHA512 d9c1475cdc91f55fb6057df00e4c7b0e2bde71437355a3fc0f4df08519dfc6ac1e1b810cd31e0a8966606d36804273da542e9d90f8e8b29cb915c1f73add2ab7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations.png.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B

MD5 ceb244490c2421585f986de0f888a6bf
SHA1 84272eba4cc9a00c4760c9940816d76eca86a439
SHA256 292f63cb3c2e9d521cccb23de7d30f6fefbf99cda3144c7984e2b45acfda885b
SHA512 e97197fa12e7da7d62ef066d88c865697d9bedf225d5059bff7a08ddad6c11f5931ea72a5e90570611a07cec5e8666f789cf2be93e7d2287a67b46314c9c365a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations_retina.png.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B

MD5 f4641b2e69b03a00b77497ab7005e029
SHA1 39adced935dc4d5ecbe19e051f8078a57776b15e
SHA256 929ee1139476e51d643e547139a425c0be2dc6a64155389301cd36fe3b21ec64
SHA512 776e4f8bf02f772a1a18b595bfe2c2cb13307ed9a938a4968f508a74e6fe42e314e61e26c10e7424826194392ca87a33218b9383e2a1eb4b7b8241ba310505c6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-gb\ui-strings.js.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B

MD5 e59d977d16c30db0b0919419559e1066
SHA1 f999e15c65472a58a2cf6364f56a1db47538edd5
SHA256 9156ca1120801deed6a42404f08374493ba04d78702e61448348b4184b11c53c
SHA512 8e49798ffc58aec23d48261ebc8487a8eb2d8d68515f67c4e318bf5c95613213c7b879eae41d98671ff05554013dea94ebc768d3b0ce238303493f6a72773271

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ui-strings.js.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B

MD5 920c93c886667233190217334b7a9065
SHA1 d78af1b9eecbf3aff40e744f4f3533a381459e3c
SHA256 fb45ff38da952596a8ec26c5af617c419d463c619249c63e106396b2caed197b
SHA512 7ccd94d84094066d37cf6801f4ad495b9b3cf9fad86bb413f9b2d808423f3b8573b93b6925472b30764db6192d5e71b5ca24d1c74ce05ba3b50604c8ed804d39

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ui-strings.js.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B

MD5 2dbd3a42afb404b3bbae4df488996710
SHA1 8be6c8aef902432ab104aaf4d2b61eafed1f3e5c
SHA256 8a1922f17a49744094f391e20845fd53cf8a702f79defb38e913f6aa2139013c
SHA512 dd252e552720c4757c2c5195986f334641dfe5134c07ac3b012d1a5adaadb31f784070cb89d814731ab133e65d9dba0f41affb66209c4f69fd6d32251cf15356

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\css\main.css.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B

MD5 ecfe3f5c04e21eb3fb6c629630b47027
SHA1 088a0f31b11572873bf33a1c734050c454a09b07
SHA256 8a9a7fba38993ce2943635c0044a2eee8baf3aaa4f89c9fd53d347eb0d1189d9
SHA512 62e7c1fea926d14b4bcfcf385d254cc5dc73aed350bed78e876c91629962b99f131972643aad08d3a76f5e290157412297efc9fe72b61ef5608488fbdee5b5c7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\bun.png.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B

MD5 9eb12f6d8fc687be787f6a5c3870573f
SHA1 ad98084e568cb7ea5b1fca5b150764558cb92893
SHA256 c693324da2511613a0f98000d616b9b21b11a9da96ca9d715befe4821f192ef6
SHA512 1680ae580a9a83eb3c0297cfe5db7627951a107b88a3cf76dda81fd597dccffd30e383e15d6b06eea99096ecda7da08bb433144171932cb365c62a8f7cb6e34c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview.png.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B

MD5 96392dfd38c7f80df51957d19d57e4d5
SHA1 24d2c39742ee42527301618db5e09ccde26d3454
SHA256 da5cf2af1d432495af8c55ddbf5784900325621b8ecd583d5ef3387b1c3691e5
SHA512 d22c99c4fb3cee469ae8564e5fa8bccc8deef50cfdb81f65164f1c23ab829c45b16bf2fcd3754ff3f259669daf959b46209c794cc7fd5b695210f641a75a3a39

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview2x.png.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B

MD5 f4e71b5648169c218aed09cfb76e7240
SHA1 a4813dfceef078788b0ce31475e978782fe2bafd
SHA256 b25cbc13b186e5ac3a3380f325622f1e5b12374bb11aa490e825871889f14421
SHA512 cc1c29d86116fddd2b34a2f794496fbea01e8d8de491b2ea7e07a19743a026fe0a5e940ae500b1c297c8385aa000df40e055b9f010b52d44c293870663c79d65

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small.png.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B

MD5 f36bef5a20301ab2e44a1d8c59af9692
SHA1 9c7915874f44b238546e1b7951a78d595bf6bab9
SHA256 81975be9198f807deb99c27bc07da5e26e4c340105214bd42246e7aae81815de
SHA512 c08fb080a722e6e8a59fba261aefef13e5672acba91d635e1f129995fc6049d3ab7dae35368bc1d206c4a2e9724fa63f7d61f49fdddf447143a9d0586b42eb2b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small2x.png.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B

MD5 f1ca2ebf9d103a41c142086fdf42b179
SHA1 d7cb14e134481dddfcc93bb1402466e0fd21f648
SHA256 9461d90abf8a4d3ef33062437abd4098225b639e051bcabbc562d9724ae2236a
SHA512 54df2d79ec4df2d3149b81d1420e6857b0804608a18487e776fc413092435ea5e40cafeea3b040e059c4f9d7858a9ed1a8b47ff52c384f483d64d6b74656f5ee

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\nub.png.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B

MD5 78279dd09d9d729b10147a1338e14a9b
SHA1 86750280aba938f7fe6f361b67965f38bcc093c3
SHA256 4fe1701636d36de6f9ad9004908b74c2a3c2040eb436979c916133909f0ffb47
SHA512 b203db1a5bce5578b3926016dda51a8055c1ca5771605ca0f01cb62e2ffca68e107ea20477e6fe01b54bb92029308bc943390863b4a17e91f0ab305efb23b69a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons.png.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B

MD5 c5053a6381e411f9da388b1a1e169659
SHA1 5783941965cc084261cf47f68f999bc81bc2327f
SHA256 3b98fdb14ba4b1e90ad9a09d7726be620dd8446d80d61b6246af01be6b48e136
SHA512 134704d8fd67cde6551e23960ffdc3b0cbeb515cfff9ad0e6cd1ca3f033d633c89cec2678c0a78375d00e6693828c9198d59003c1fb9a76f52506576e87fd4cf

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons2x.png.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B

MD5 e8a0ca3505ed83742e9c596e0f071089
SHA1 dceb37aa67389ceb04f012538fd37f4b2874fa84
SHA256 b86d85ef806a71bcd7c6e8a5099274f1c32bd6cbf73a68b30643e0c4bb34e53f
SHA512 680c6fc251556b8f064dd916067e8681f02639855c999bd82201a5a36c65c9c384c02c2e837b0cc3eb0d7c0ca6c4c7c4c8909ff5aa6c0aa5e84d84ff7299eb94

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\nl-nl\ui-strings.js.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B

MD5 bf47aff7a3d733ce2c257d25c86b23b2
SHA1 d6b70697c9fac08884600887c5ce4e9767d4aeb2
SHA256 a1341d5674c92a2515d562b149fd0c0e8a843f54e257b181dd5d6d065a3d5e5b
SHA512 073dcff084c4811574fbd8be75a061a2d5b484260105e4d6ad973667c4e4928289a7605deca3d303fd4eedfc9dc3f72505282db3a2eb527a419b32c7464cccb4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ab4a558ddf72d09587565e2a144b3568
SHA1 852a8aa28e2bc50805ed57d908e2e1df07ace331
SHA256 110859a6178f04891c8d2b089b356495ec59c038743c380108b9f54cb3343d62
SHA512 c809d869c8e2bab15ac6fecd763dcd8109e34acb16c4e0ed9cfc15956cb4b060fcd3d1fabcc8e8dd52a924a5a65d1e455f10e0443d28fd7f9301e2a98552b8c1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d5f245bfb623c0acfb8fec21e1f81c63
SHA1 0c10401063d955dc520fdec1c1bf90b83f45a933
SHA256 695f8aac28eeaedb1296c2e3432b3088142dac884536f7ec6225639ac9718724
SHA512 2849cacd3e5a979c8d70cfc49f24eeba8ca3b57ad389880259303e8627e2b74f748a746d93981131d113b05ea3f8c0f6cd2965f8b9917e4f75357eab22899187

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 8e123d2ce6a200bc9519ea21a3f9afc9
SHA1 e71e5d30063fb2bd7364e610a0320a00d73d4552
SHA256 84cd4173501a5bb8d16446e58cd93de307c5402805268d65719625ad0acc7c46
SHA512 b939bc9f15490ec47ddca2973a51da8e8ee1defdc29f1af9ddaf20d0dc5c8347bbcf08b8a306affe3451c76e6fef871e643830652c0b5b50d927e2191f6bfa48