Analysis Overview
Threat Level: Known bad
The file https://www.google.com/search?q=cool+pcviruses&sca_esv=ebb47a98c5227d4f&rlz=1C1RXQR_enCA1085CA1085&sxsrf=ADLYWIL1jJ6tEozOXVwK-t4j3efTK2g6Cw%3A1731208009235&ei=SSMwZ72GDsrV5NoP_L_Y8AI&ved=0ahUKEwj9zrCz5NCJAxXKKlkFHfwfFi4Q4dUDCA8&uact=5&oq=cool+pcviruses&gs_lp=Egxnd3Mtd2l6LXNlcnAiDmNvb2wgcGN2aXJ1c2VzMggQABiABBiiBDIIEAAYgAQYogQyCBAAGIAEGKIESOUXUJkUWLUVcAJ4AZABAJgBXqABtgGqAQEyuAEDyAEA-AEBmAICoAK8AcICBxAAGIAEGA3CAgoQABiABBjHAxgNwgIIEAAYBRgNGB7CAggQABgIGA0YHsICChAAGAgYDRgeGA-YAwCIBgGSBwEyoAe5CQ&sclient=gws-wiz-serp#fpr=r was found to be: Known bad.
Malicious Activity Summary
InfinityLock Ransomware
Infinitylock family
Downloads MZ/PE file
Loads dropped DLL
Executes dropped EXE
Enumerates connected drives
Legitimate hosting services abused for malware hosting/C2
Drops file in Program Files directory
System Location Discovery: System Language Discovery
Browser Information Discovery
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Checks processor information in registry
Suspicious behavior: EnumeratesProcesses
Enumerates system info in registry
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious use of SendNotifyMessage
NTFS ADS
Modifies registry class
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-10 03:07
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-10 03:07
Reported
2024-11-10 03:10
Platform
win10v2004-20241007-en
Max time kernel
200s
Max time network
203s
Command Line
Signatures
InfinityLock Ransomware
Infinitylock family
Downloads MZ/PE file
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\System32\msiexec.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\rename.svg.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_listview_selected.svg.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\pt-br\ui-strings.js.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\fr-ma\ui-strings.js.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\css\main.css.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\js\nls\da-dk\ui-strings.js.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\msedgeupdateres_ka.dll.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\icons_retina.png.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\nl-nl\ui-strings.js.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\AppStore_icon.svg.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\it_get.svg.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\msedgeupdateres_el.dll.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_folder-disabled_32.svg.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_listview-hover.svg.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\plugins\rhp\editpdf-selector.js.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\el_get.svg.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\cstm_brand_preview2x.png.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\msedgeupdateres_ug.dll.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\fi-fi\ui-strings.js.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\fr-fr\ui-strings.js.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\ro-ro\ui-strings.js.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\fr-fr\PlayStore_icon.svg.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\pt-br\ui-strings.js.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\bg_patterns_header.png.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_link_18.svg.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\da-dk\ui-strings.js.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\en-gb\ui-strings.js.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\da-dk\ui-strings.js.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\themes\dark\new_icons_retina.png.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\root\ui-strings.js.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\main-cef-win.css.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\@1x\themes\dark\A12_delete@1x.png.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\illustrations_retina.png.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\lv_get.svg.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\ru-ru\ui-strings.js.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\msedgeupdateres_cy.dll.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Review_RHP.aapp.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\drvSOFT.x3d.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\illustrations.png.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\sk-sk\ui-strings.js.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\da-dk\ui-strings.js.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Edit_R_Exp_RHP.aapp.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win8-scrollbar\themes\dark\arrow-up.gif.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\images\themes\dark\rhp_world_icon_2x.png.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\da-dk\ui-strings.js.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\SearchEmail.png.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Google\Update\1.3.36.371\goopdateres_no.dll.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\eu-es\ui-strings.js.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\sv-se\ui-strings.js.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\en-gb\ui-strings.js.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\it-it\ui-strings.js.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\hr-hr\ui-strings.js.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\images\themeless\S_ThumbUpOutline_22_N.svg.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\pt-br\ui-strings.js.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\ui-strings.js.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\pt-br\ui-strings.js.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\themes\dark\example_icons.png.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\selector.js.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_nl_135x40.svg.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\forms_super.gif.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Multimedia Platform\sqmapi.dll.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\SearchEmail2x.png.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
Browser Information Discovery
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\Downloads\InfinityCrypt.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 16313.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 590938.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 48754.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreateTokenPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeLockMemoryPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeMachineAccountPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeCreatePermanentPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeChangeNotifyPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSyncAgentPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeEnableDelegationPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeImpersonatePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeCreateTokenPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeLockMemoryPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeMachineAccountPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeCreatePermanentPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeChangeNotifyPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSyncAgentPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeEnableDelegationPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeImpersonatePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeCreateTokenPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeLockMemoryPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.google.com/search?q=cool+pcviruses&sca_esv=ebb47a98c5227d4f&rlz=1C1RXQR_enCA1085CA1085&sxsrf=ADLYWIL1jJ6tEozOXVwK-t4j3efTK2g6Cw%3A1731208009235&ei=SSMwZ72GDsrV5NoP_L_Y8AI&ved=0ahUKEwj9zrCz5NCJAxXKKlkFHfwfFi4Q4dUDCA8&uact=5&oq=cool+pcviruses&gs_lp=Egxnd3Mtd2l6LXNlcnAiDmNvb2wgcGN2aXJ1c2VzMggQABiABBiiBDIIEAAYgAQYogQyCBAAGIAEGKIESOUXUJkUWLUVcAJ4AZABAJgBXqABtgGqAQEyuAEDyAEA-AEBmAICoAK8AcICBxAAGIAEGA3CAgoQABiABBjHAxgNwgIIEAAYBRgNGB7CAggQABgIGA0YHsICChAAGAgYDRgeGA-YAwCIBgGSBwEyoAe5CQ&sclient=gws-wiz-serp#fpr=r
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe814946f8,0x7ffe81494708,0x7ffe81494718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,15217130779773404895,12128287164887164673,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,15217130779773404895,12128287164887164673,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,15217130779773404895,12128287164887164673,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2684 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,15217130779773404895,12128287164887164673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,15217130779773404895,12128287164887164673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,15217130779773404895,12128287164887164673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,15217130779773404895,12128287164887164673,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5404 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,15217130779773404895,12128287164887164673,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5404 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,15217130779773404895,12128287164887164673,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,15217130779773404895,12128287164887164673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,15217130779773404895,12128287164887164673,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3532 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,15217130779773404895,12128287164887164673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,15217130779773404895,12128287164887164673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,15217130779773404895,12128287164887164673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,15217130779773404895,12128287164887164673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,15217130779773404895,12128287164887164673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1884 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,15217130779773404895,12128287164887164673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,15217130779773404895,12128287164887164673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2620 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2160,15217130779773404895,12128287164887164673,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=1256 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,15217130779773404895,12128287164887164673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,15217130779773404895,12128287164887164673,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,15217130779773404895,12128287164887164673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6300 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,15217130779773404895,12128287164887164673,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6328 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,15217130779773404895,12128287164887164673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2160,15217130779773404895,12128287164887164673,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6588 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,15217130779773404895,12128287164887164673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6360 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2160,15217130779773404895,12128287164887164673,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6556 /prefetch:8
C:\Windows\System32\msiexec.exe
"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\BabylonClient12.msi"
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 70C6C51E10F40C75AB6C98E5F3D34AAA C
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,15217130779773404895,12128287164887164673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,15217130779773404895,12128287164887164673,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3564 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,15217130779773404895,12128287164887164673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2160,15217130779773404895,12128287164887164673,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7052 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,15217130779773404895,12128287164887164673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2160,15217130779773404895,12128287164887164673,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6940 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2160,15217130779773404895,12128287164887164673,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6788 /prefetch:8
C:\Users\Admin\Downloads\InfinityCrypt.exe
"C:\Users\Admin\Downloads\InfinityCrypt.exe"
C:\Users\Admin\Downloads\InfinityCrypt.exe
"C:\Users\Admin\Downloads\InfinityCrypt.exe"
C:\Users\Admin\Downloads\InfinityCrypt.exe
"C:\Users\Admin\Downloads\InfinityCrypt.exe"
C:\Users\Admin\Downloads\InfinityCrypt.exe
"C:\Users\Admin\Downloads\InfinityCrypt.exe"
C:\Users\Admin\Downloads\InfinityCrypt.exe
"C:\Users\Admin\Downloads\InfinityCrypt.exe"
C:\Users\Admin\Downloads\InfinityCrypt.exe
"C:\Users\Admin\Downloads\InfinityCrypt.exe"
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap13408:228:7zEvent29051
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 4.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| GB | 92.123.128.181:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 181.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| GB | 92.123.128.167:443 | r.bing.com | tcp |
| GB | 92.123.128.169:443 | r.bing.com | tcp |
| GB | 92.123.128.169:443 | r.bing.com | tcp |
| GB | 92.123.128.167:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | 167.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| IE | 20.190.159.73:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | 73.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | 154.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.110.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 22.113.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.babylon-software.com | udp |
| US | 174.138.88.129:443 | www.babylon-software.com | tcp |
| US | 174.138.88.129:443 | www.babylon-software.com | tcp |
| US | 8.8.8.8:53 | 129.88.138.174.in-addr.arpa | udp |
| US | 8.8.8.8:53 | edge.marker.io | udp |
| US | 104.26.15.104:443 | edge.marker.io | tcp |
| US | 8.8.8.8:53 | 74.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.15.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | s.w.org | udp |
| US | 192.0.77.48:443 | s.w.org | tcp |
| US | 192.0.77.48:443 | s.w.org | tcp |
| US | 192.0.77.48:443 | s.w.org | tcp |
| US | 192.0.77.48:443 | s.w.org | tcp |
| US | 192.0.77.48:443 | s.w.org | tcp |
| US | 192.0.77.48:443 | s.w.org | tcp |
| US | 8.8.8.8:53 | api.marker.io | udp |
| US | 104.26.14.104:443 | api.marker.io | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | 48.77.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.14.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.110.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | arizonacode.bplaced.net | udp |
| DE | 162.55.0.137:80 | arizonacode.bplaced.net | tcp |
| DE | 162.55.0.137:80 | arizonacode.bplaced.net | tcp |
| US | 8.8.8.8:53 | 137.0.55.162.in-addr.arpa | udp |
| DE | 162.55.0.137:80 | arizonacode.bplaced.net | tcp |
| DE | 162.55.0.137:80 | arizonacode.bplaced.net | tcp |
| DE | 162.55.0.137:80 | arizonacode.bplaced.net | tcp |
| DE | 162.55.0.137:80 | arizonacode.bplaced.net | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c2d9eeb3fdd75834f0ac3f9767de8d6f |
| SHA1 | 4d16a7e82190f8490a00008bd53d85fb92e379b0 |
| SHA256 | 1e5efb5f1d78a4cc269cb116307e9d767fc5ad8a18e6cf95c81c61d7b1da5c66 |
| SHA512 | d92f995f9e096ecc0a7b8b4aca336aeef0e7b919fe7fe008169f0b87da84d018971ba5728141557d42a0fc562a25191bd85e0d7354c401b09e8b62cdc44b6dcd |
\??\pipe\LOCAL\crashpad_3676_GUXXFVYWRCGOZMBT
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | e55832d7cd7e868a2c087c4c73678018 |
| SHA1 | ed7a2f6d6437e907218ffba9128802eaf414a0eb |
| SHA256 | a4d7777b980ec53de3a70aca8fb25b77e9b53187e7d2f0fa1a729ee9a35da574 |
| SHA512 | 897fdebf1a9269a1bf1e3a791f6ee9ab7c24c9d75eeff65ac9599764e1c8585784e1837ba5321d90af0b004af121b2206081a6fb1b1ad571a0051ee33d3f5c5f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e93d2b103779be823e4ad4bc5a5304ab |
| SHA1 | 4b061c10854448fe18d62c1a38ec0a8a8f8275fb |
| SHA256 | 1a819a71f1a9c47ddce9df54f7208d8289ef4dcd32624b1345d9a0b3f69d4d75 |
| SHA512 | 43e411e746fb45d8f7f3b360189cfdd4aaba215e86123957109c040844975f738589e1a491ac3504f05e858c1e68377d6e8e7d79871e38d876d9a530d045454e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001
| MD5 | e579aca9a74ae76669750d8879e16bf3 |
| SHA1 | 0b8f462b46ec2b2dbaa728bea79d611411bae752 |
| SHA256 | 6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf |
| SHA512 | df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 5094b6a2d5ac44fe0a644ae21fedbaa3 |
| SHA1 | bf9eeca5f1e35704fcf619ffada224d059cf769a |
| SHA256 | 12807e46e20de436719e0fc46cc0d36c2fd4d17bf77591c2a97af92218de72b2 |
| SHA512 | 3c726c33b737d8de5263358ca419098c367ef6e42843a97db1dfc283e754996cd8410498c3f5115ca68a00f50d8170b1deccd9fffb0b83a8283133e51400f56f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 38e84aa7b0ecc68066e3355bd60049e2 |
| SHA1 | 52a15c51ee4c6d8731370776dc579723945782ae |
| SHA256 | ad2d0f388ffb02babc5915b82adf096421cad74dd4c26f4a71a5f587b0108aba |
| SHA512 | 892d08457e1c2ef6bf7208336efb4577b90775c36f15eed7258b2a0a762abb0a81e7d69d9f30deb5b02cf8010f3fa56f2460f59230eec4b202edd15fd33e0b6d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ef70cdb0d4780e0f5513ffc359d27c0d |
| SHA1 | 92b4e83105450560917d4a43e5766c78be2c0a95 |
| SHA256 | d3b9c445e65ea0f258eb376137ba105117760406a11adf96dfd40e1f226b7418 |
| SHA512 | 9b50448297c548971d60aad7f0d8ccc0a4c9f37ff2af6e985134fe2698b4fb6d62f52ca99e8335b14276b0e923e6ac30c52e2b8e6d5e0d0dbaebe170fd4ec527 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5813b2.TMP
| MD5 | bdaad181f22a617a8de5836811b13eff |
| SHA1 | a6ad3ddb14c62062d87c28dc9febe75f0dc87d28 |
| SHA256 | 5c3d5b118105f38e2dc6f25ba49e9815c8c4923f2005d5b0eaa420c45f662fdd |
| SHA512 | c4f076a3fd019568498b091a15b55e35176c9d14c9f8c623ad22f66c02a57c0f1eab63ed29716339b66895fd051f18965ff62ec3c3f7a36eaa874c5152099652 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | fb8035304816b869ee2e5a91a364f4c8 |
| SHA1 | 486c2564238280c79eab7a82dcd5dffd8b4d20d9 |
| SHA256 | 59d8b2db2d4ba0e052c8691122c190a8fdfd053f078515b14e16d4555697bdd8 |
| SHA512 | 91902f91fc3792af9e181a03a921be1592fdcb18cbca6e0f682975ce26683dc5cf71a93e70d93ddbcd7703e4ea563295176da5e16e7c0577c6bc86857fea0103 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | dd81e6c1723818a554e2152fdbe5b631 |
| SHA1 | 4254d3f715f71fafc92914aa92cd9bca65406bf7 |
| SHA256 | 51dd5d6e05574099105991897e50a205c147dd8a437601fddd66af088afe802f |
| SHA512 | c34804f21d7524cb6a36a6d29b9de58321761bf854a35894b1863f491c24238e963c519868a66cb7f8a9378cbbed89c6a512cf50a6f0425ec8d043eaec5684cc |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | a15e73e9125aefb4db7027f1a9b7dc00 |
| SHA1 | b5dd3ccc7f4e50fc4537e8b6e7823c59c32d43d6 |
| SHA256 | 7c9d5be1af683acc5a63966cd788c1e144b8ab55bb291a917dc5755ec110e582 |
| SHA512 | 75e4ee199d49d455ea6dd52f3d287308f48564faaa7ca98c9aed9e3e5ce36c24d325727d6489765fa6e425c471063274fa9a5f885dfd2491e15dcaa36eee941d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 675ea97fbb812fc2bc6482f8ae8005d4 |
| SHA1 | 76ca1a6e41238c45b3dbb60e6b937c55eb057b93 |
| SHA256 | 0411d72aeeba3dc169d65b2820105b02505d1eb5d507071b3be97cf97f466988 |
| SHA512 | af6ce71514a9b97f5462b9c8e2d5215822e645d2ace1a26c343606c3d1a718dbc87b578c63e3d187115b3d3003fbc36a58f9584b84f935e7df8a29f06d8e02b1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c289a20b40c9a9298b95c291cadde38f |
| SHA1 | 91f5fe2adf298bc8f7a7165915573477ff72db4a |
| SHA256 | 256864295d03fc8b9bdaf7a8961688d76b63d0a0de6cc408365a6576a4306a4e |
| SHA512 | facc91b8249dc86bc8e4ba37f1c8eeebf3e2218933350f2ec06e662f59c474790c7b32c87151d6996833e8a1f30b5683d0447ca40ad226569652a5f9c897ca4e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 943bca85be4b072bd31674b132392af5 |
| SHA1 | fd0e6312b23cefbf4f8fb12680e8635a38a6071a |
| SHA256 | c29dbd988a7b1884e9e49ff7cbd9a3576e3615a9286c2a13151f3572f22f6924 |
| SHA512 | af7844a6072946371257cf2e0658c48c6674dd82cbf47603b303a2895dcd1b467986ec18a59d10ea56b33a7bc74ec5119b32d6d70d9d446bb204dcf37832b43b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 9bcf582c8eadaeebf2999957fdea108e |
| SHA1 | 822178a74d84f5a1e0eaa3a0567a1aacac66efea |
| SHA256 | faf89119ce3d63060589ce3f9d2f9735eef7b1c9e365bfe88e28e2ef5f0a605a |
| SHA512 | f13a43e312d8b7df60e423945ada86753e54ee11641e002b32c411477aa2ea5869af511841a8e450da7df607f7ed498502b12748157d7eac1c93711304416dff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 884eceb0c02365582955931e93603d30 |
| SHA1 | 2ce51a6db17f57a8f0a25a9796aa4f229386d4fa |
| SHA256 | 1b6e35da82936d7d383453913cfd6e89cd0f784d4b89f067a46310d519ef335b |
| SHA512 | 3537781906cbfeec5ee4620c99c3f077071b6777bd0479c55d66c9c1fb1acc1f4213cd1f5d9cb0cdc3762970552b91202fac1f2828737779a4db53ef1c1b8542 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 1bc063b79ab1204588c92e96fd97a183 |
| SHA1 | 5672bdd773c584f4364db1fe451f36a35f4031c6 |
| SHA256 | 115fa0912f94a4154bb0e4857e9449031d3280d4a14849345c8bcacb28e44c30 |
| SHA512 | c587d09b6ec15b1d3763e16c07536fb5ac194ea6b31440e8236fcd3a1fb29ae4f9f16fb617202ac791b391da29af077b95fe21d45eae2bbfff070b4410898c4a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_2E76130AF11138F39D76E0D756C0740A
| MD5 | 1e94457a287807f497f9b347d27b0487 |
| SHA1 | bf42fc325242b3602cf84cef760f9b5ca8e0ec5f |
| SHA256 | 97f5eb864e2f16c5d6f3c810a7e81997259658dffe795de27d2b17f99ff4f4e6 |
| SHA512 | 95d72581ef1e90fe6d5302f13a104a5105f2a64418c27ab620afcc4281b4a7520f3f0006fc09a3c1997ef66ae2c897df41487c1b98c7b8c273842ee734fcab96 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_2E76130AF11138F39D76E0D756C0740A
| MD5 | efb7026babcc7838e12685b2824b70e9 |
| SHA1 | 0cd07ea544177b97cce17ea099ccdff98c7b29e4 |
| SHA256 | fef61d2cd6660717437ba2e1b14f1287cf995493667958259c9ec1384b30038c |
| SHA512 | d88923ff874ddbf50fb7b13201d8c204bc617fab3a4cf9f15631be8321a3c8e0f40817c9127e4e5bcbb53fe4e412cac1c1c7e996901ea4a052126d5a55893ce3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
| MD5 | 1425aae2b6e15ba77c0c4a8304422e63 |
| SHA1 | 3c301b32c8d4193684f452a9c921d9135d085b6b |
| SHA256 | 4e948a3e1b38aa343e468510884a96f9def3270519b53f2e8734f1698fd954a9 |
| SHA512 | a9ecd4864f1139c8aa5aa5534a3cfb136b5e91121eb9d654a4b1dbb6149e5732d10bd5cbaf95b574848d06403c9cf1e096c5c7cb06bb6f41c3d116af69fe2262 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
| MD5 | 99c7c19228218b556fa9c6470fee4d36 |
| SHA1 | 14df0bda77b6304bd3d3a3787c0903665066f9d3 |
| SHA256 | 3bc29395951b53f5fb1462f79bc765b741ce1d2a7657aaacaa88f4d8f5065b96 |
| SHA512 | 0a1b9d4cfd8315848e1fb281d2733c3b9bf0b7dfa9589da575918569e9cd3069cb622b53e7ee5c6b9a21952b108fbc3ade9aa631414f41b00b585a0e79a58c2e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
| MD5 | 766cf5cd1ccee5f31bf4332b8c8629be |
| SHA1 | b2937666b4f615601081a7e1bdaee0326b820e38 |
| SHA256 | 1e929742ccc963109fe468e0efed37be626873b4d70006928d1ce413c4019c69 |
| SHA512 | 242343410a5d8ebe6e9d8d0b2fe833e9320068ae163ef02eab7cbb784afd66eb5a9e210cbc12ca419f559e3366d790ccd541e9027efc244ead30035abef6c538 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
| MD5 | 14aa5424c48c17a60ae784bda406b590 |
| SHA1 | 99326a10252526c4df346ff1a9d9fc73a9946975 |
| SHA256 | c5168fd8e9783f69e56e465a1f8e750f1a6df8c5c9a7b20ff410e718b7b02dcb |
| SHA512 | e38f7900ce98bea3178b2c6bb6d33dcb64b22ab0ba97a4267c2cc4b9f9e883657c1eea6d081297deae418f072268a578dd24f5aa2cdfc7a24ced85c3ea1d448d |
C:\Users\Admin\AppData\Local\Temp\MSI2551.tmp
| MD5 | 6425466b9a37d03dafcba34f9d01685a |
| SHA1 | 2489ed444bce85f1cbcedcdd43e877e7217ae119 |
| SHA256 | 56f8ca5b2079bc97a7af9c015ed4b6163635baef0d9a287d19fc227fc330c53d |
| SHA512 | 62f4c79d165282db14b662d4242a065af4c8a642f2023032ab5a059e2d6001f0b80e9a0562989013acf01a80a67491be9b671e6bd99220cf9d4fb44a17719371 |
C:\Users\Admin\AppData\Local\Temp\{09EAD19A-804B-444F-B17C-15F8C5837E63}\BabyServices.dll
| MD5 | 11bf30b923d096bc73918c6079a927d3 |
| SHA1 | c75809bb25651e4e94a0dcdb2d124e64dd49287f |
| SHA256 | 60e601066d4a203e39eefe70ac05e1aac9b45f47f532e038affa8dae4e009275 |
| SHA512 | 3f22b336df3a311ae707132a0451c83642683a01e1d0dd1b01f7c4f182efcd0bdec4c3effe02321d0aa619226f80853356e7e8692c443bf2f74a9ea382b3f03c |
C:\Users\Admin\AppData\Local\Temp\{09EAD19A-804B-444F-B17C-15F8C5837E63}\BException.dll
| MD5 | a2d4928c9836812735b3516c6950a9ec |
| SHA1 | 01873285eec57b208fa2d4b71d06f176486538c8 |
| SHA256 | 79ca108d5c51259d8fb38ed1cfcc5a70e9cf67a5954e52a4339b39ff04fa20c8 |
| SHA512 | d03964a2bb597bf0fdefb787de3b462010c4cd02d286b16587a03b5228553a307d1b8f472c312e0d8bb53f21570aa5b112d85193cf42b83ef33fb7905855eba7 |
memory/4516-590-0x0000000003220000-0x0000000003247000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 86ecdc4535616e0a82494188a2c62ec5 |
| SHA1 | ae3d38492304096057e86bb7838a5b6cd50152d6 |
| SHA256 | 7d037822404cccc5d452ba6fba06d2f65f899c81bcd936924051b914e3396288 |
| SHA512 | 59f8c4f82883ee3a6aafb26ea51ebcd625d79a6c95abbe78901f074258e76df540c113256ff016cefda4a01e0fa276a726b420f58520e182754298cb9e59c7b2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f34c5ca025bba81d3d002ab711be252e |
| SHA1 | 3c1b1121a4bc9bccf99f6b89ba13e0d79689f724 |
| SHA256 | 906af884db2d49fcc8832a83a7281143819ba7c83f498990d5cfafdf685eacc7 |
| SHA512 | 69413c70bbf413f54421575219895699fd61b525201a8d1dad26058d4030269294dc0c1875babd53bddd472b8f7a5db965470873a449b0678c455215b33b9ead |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 4b93d0dc304b9d9f6d5facc8580d5e44 |
| SHA1 | a59ee83a094a0bb7929b9fa62b742f8849ebc818 |
| SHA256 | 2d93ff8f4bc00c36779ae7d2d551c9bec1b65ec6ac6757691c2e5288d0ebafab |
| SHA512 | b486d65a8fa3d96b75f70c08e4fdb5e9c61d953c9ca66966067b44702a084607a080ba20d5c482a21a35ddcc332221ff8812cc1a9ee55abb076b8dbc3dcf3169 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 356e096b0e45fb06f8e2260cb15ed146 |
| SHA1 | d30a433454c818eab01cbc0192ed010eabd98373 |
| SHA256 | 7b88d5aea08b26c83f9e63016e9413a372ead11c9e7765d018638569c4718a31 |
| SHA512 | 2e60989465eaf19bae15332426ad8944f710842027d5adb4242ba4ddec7fa011fd4d8d2e86ec26f43b0594df2ffc9696ba54f08f7f3d0af4fcc902d34f7dbbfe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | e92f11bb54082ab297a368ac50e2fae5 |
| SHA1 | 6f2e4cdf847fab3239bdaba2ef8afa4a628e4637 |
| SHA256 | 20e19f3ba05c9eda79269f21afd58e412115f2de5537b78e5af25f17792140a0 |
| SHA512 | de45af3ec27020723122b8d03ecb03c0de6be00efcdfcbffb1faff54cc4b2065b38badf8455f077061044acfb449ee68ae64448dd7702358625c26823a0cee3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f5bcf889cf2118446cd2041f71ee5d87 |
| SHA1 | 1f7bc795b2ee679f8303365029cb74c4711b3463 |
| SHA256 | 520751add9bd74b8d7ca48ab83e8eac6b7c3faf90484a9f344d33e6a2bf643b4 |
| SHA512 | 7356a7e011314b29c51ccb042f084a60704c9915e4df91af7baacef43acccb8f419820470505cea9b512ca1d1ed628e88796265928a76ef46298197c02cca0ec |
C:\Users\Admin\Downloads\Unconfirmed 16313.crdownload
| MD5 | b805db8f6a84475ef76b795b0d1ed6ae |
| SHA1 | 7711cb4873e58b7adcf2a2b047b090e78d10c75b |
| SHA256 | f5d002bfe80b48386a6c99c41528931b7f5df736cd34094463c3f85dde0180bf |
| SHA512 | 62a2c329b43d186c4c602c5f63efc8d2657aa956f21184334263e4f6d0204d7c31f86bda6e85e65e3b99b891c1630d805b70997731c174f6081ecc367ccf9416 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 836e0dbdc077381d1bce11a6df0e8370 |
| SHA1 | 15825e000307ff12a7108b6eaa1bbf40f7524164 |
| SHA256 | 1f4df71671347550dad8a3d449c455bbddc9204d946a50b9e80c292ef535b547 |
| SHA512 | 272d6349b3c31a7dc287e74b18812eb17cbbdf6292b4cf2feb77ec2e6c7590027ca204a6d48bfae6d120810bc92947a11baf5f27a08864f69612f25a253944a9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 0616805cf46095f66019c8afaa5bbe05 |
| SHA1 | 8ab2799da39f6a703768257b41fd4413856f5f21 |
| SHA256 | c8861d7ce586ffeb55aba4149c6d3fe8d1a957f2137a519511aceb41cb4c9921 |
| SHA512 | 6bdbbd7cb5c9c03df0421a7286b36993431fe4a35a81a35ff1f021ec2445a877a73f538381a0f9fedf098ff3231cf361c257d5b805fdbb8a12df61908e3ed813 |
memory/1484-923-0x00000000009D0000-0x0000000000A0C000-memory.dmp
memory/1484-924-0x0000000005360000-0x00000000053FC000-memory.dmp
memory/1484-925-0x00000000059C0000-0x0000000005F64000-memory.dmp
memory/1484-926-0x0000000005410000-0x00000000054A2000-memory.dmp
memory/1484-927-0x0000000002CC0000-0x0000000002CCA000-memory.dmp
memory/1484-928-0x00000000055A0000-0x00000000055F6000-memory.dmp
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B
| MD5 | d6abe9d27e1ad211678cd59bab3442ba |
| SHA1 | a3e1508117268868dba33e678be2033ae926f537 |
| SHA256 | 277526d41e1b78949c5f0c8550451db75cb9279931ad5c84d6accf7ff6dd24d5 |
| SHA512 | 7784428711ebe531ddd265bbe9a260bf6a29a3cb8dd2b542680d783f99d494b626789f7a1c8ba1e89a52bff9bbe2dc9d405342fa3e4adfa2f83028d711d4a975 |
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\dicjp.dll.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B
| MD5 | d76a8730d0a3f981c850bb757f2154ee |
| SHA1 | 132fa42e6e0d018b2727ac772e839a58ccf412a1 |
| SHA256 | bd2e7f888f65e2f3e0aae99bcdb8d094fff83798535696b429b5863fdaf0f145 |
| SHA512 | 9a2a73fc55e3bcaac0304e22ad285e042fc2783688360257844b2d960f92b96a36cfba76f3b6033dba605b7813dbb788014b7d0abfcd119e3618db6b49d362ea |
C:\Program Files (x86)\Common Files\Microsoft Shared\MSInfo\msinfo32.exe.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B
| MD5 | 42940041efa31b458067b87ae80c97c4 |
| SHA1 | 91ce789104250bd726a845a11e882d8f4b7d22e4 |
| SHA256 | 65ba5ec9db45b74f3928ad3150414fc451675337cd5678311f8c28b0a9dde74d |
| SHA512 | e7724809fe96fb152e0a16cd1da0b5b0d19eb92e9eaa52de316f3bf48f80a6975eb605f263a0d01c4fc4c1204b79cfdb935865d900a282ac7636d06239b89388 |
C:\Program Files (x86)\Common Files\Microsoft Shared\Filters\tifffilt.dll.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B
| MD5 | e23c3d1d232409b7c511afdc1be00b7e |
| SHA1 | 2f364f41ea962c6decfffdda2c1e4d6a65edd270 |
| SHA256 | 25301593a231929e6d60a9c2e1ff064504f65733b7ad4567a4e8d718f6981bb1 |
| SHA512 | 23f23ffd3732f8a63f6ecdc8e386685003b6d67dbe75b5c4e1cc02735059ed7d85d17486dffc8b5e31971ab78260502f17b8bde5f111d9a496f9432c955eec67 |
C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\dao360.dll.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B
| MD5 | 6f4dd066def126d35e277ebc3d1e72ac |
| SHA1 | bf7024ff72cf0343155f1056e64adf24c43a7862 |
| SHA256 | 6d917534f6f3fc7d70ba653906ee677ec26efb28396e570dff467fd9b9a90b6d |
| SHA512 | 9cf1d25eef80debfa52765a11776d508f5d1da82cdbfeaf8adb804b67ee9d5b4bc2bc95484fbdb118969bf11c097c71593bfce357d49936752206bbf5da05ef0 |
C:\Program Files (x86)\Common Files\System\wab32.dll.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B
| MD5 | 68f8addfe8ff6733ed5f83dfb3989748 |
| SHA1 | a726e9f1a204c09de696182539b28d048e1f8b1a |
| SHA256 | 0f050e677731641236117e9134f615ee6cc6806d34384aba64f221e89ab32afc |
| SHA512 | f5af265743beb84b5b653d2d19c4088a87528e6a741ad64f604a7e6ab55a60bfd6bab1fea714591757a3ffb0e8b420bc96a83f2db65653e9f1a05a2ab697e9aa |
C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B
| MD5 | 6caee02fd00ffa93e691acbb88c71d3a |
| SHA1 | 1499f300a92776ffa6ab77675d80078095a06b52 |
| SHA256 | f8273f98795011028dbed500f40d5d364dacde94bcefe10c2ff98fd06e71806b |
| SHA512 | 179b601f3a50ccc1059cfbf792cb08d27168732a9d2177e3b08980d4b712f4b2f255e4eda59629bc8c35cd4f22c97f7899fa786491beda86c97562f7211ca9ba |
C:\Program Files (x86)\Common Files\Microsoft Shared\Filters\tifffilt.dll.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B
| MD5 | b72feadbbd90f6570dd01caf6adb710a |
| SHA1 | 0e096870fa9ef1e1303d19760a81d182fd7d36c3 |
| SHA256 | 2c413b8252eb0664ec34e7964c29150e4fd374b9b776bb28c26840b1c50a0c22 |
| SHA512 | bccb75e5e02bae8ed823d052c4977b7a76227b31df7ea06cacbfad8b7f226637eb2f46fabf8f451c30891481af2d0278cca64e57e88a4709f580cb439ab8321a |
C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\dao360.dll.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B
| MD5 | 1ecc6e4477e178ba0011ee436898956d |
| SHA1 | c15252d197f68c6e6a8651e9672ff52111ad8fa1 |
| SHA256 | 40f228a3b9486989a618f5ceda5721959ebc16144c5873ba52ed7ec6ac3d2576 |
| SHA512 | 31901c09edf874bde280a6293cebcda1c7367e63b0e76b0fc694d5daa10bf9a48a0cd48b0f60fbd7569492eafd8cc0d43b634ad8e47e7aabcc7b3e9f9594bf6a |
C:\Program Files (x86)\Common Files\System\wab32.dll.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B
| MD5 | 22512533fd95a3618764daae20953936 |
| SHA1 | 57f22d3c05704dec9c21a772790c7883977c3a6d |
| SHA256 | ec8a866a6934683232eb9f180f1587dd3a533985351b2bc4fea6c37e937f0d70 |
| SHA512 | 4ad82f172210c4bc6f9e2491efd27f16012c0d179c94b964cb95f9fc2d81ba7624dcb8789d9e621d3b877383ca8044b423732c88a72613fc9b77ce10802f8c2f |
memory/2928-1603-0x0000000006D60000-0x0000000006DC6000-memory.dmp
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\icudtl.dat.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B
| MD5 | e49d3c14a42563febb758e2aee405bc0 |
| SHA1 | a9635a1315c58d7a400a87243b541a0f38436a45 |
| SHA256 | c01c85dc51ea1ef79a2ff8769b392e5989855dce9334bcec06fa605dcded652a |
| SHA512 | 445b47cd1e7549c09ce36a01e1ecaf778ba003a97e49dabbd0b812da21a038a538247a700d34eb24d03636f288ac7dbf81e3033986f653a1bc234524b6712de8 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_remove_18.svg.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B
| MD5 | c4eacb21bfe1ffe7677b73d1c683f930 |
| SHA1 | 48abcd4d21d44b6e61664e3ddff089ffbcffaba6 |
| SHA256 | 1b147b56f1f80e5bff889650e86f458e0e97d35a6bfbee719a3bf4227a7b7ccb |
| SHA512 | f2e6d1dfb44885ebec1943aef74c3a5c527126175e31d1df330910e82b05bb1185749308a2bb45e30bd80423d58bc0abf22169e4abb2b633e475b8db0012201c |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons.png.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B
| MD5 | aca28e8d0fd63ee7ee8d1b746f11bac6 |
| SHA1 | 898c9ad1a35c70c856b2e03837f15d52b82c1966 |
| SHA256 | afa817e838c339c770d1d4be5401704ddb24629ff95b059baea01016f26b59b9 |
| SHA512 | 61a68c758a5214ba922913deb16b1e0400980a29acd59ef01b2800fdf12c6d19ef8179f4a3f8fa7b893c06ef75171415a8ee6dd945404eddce399fb8325e1402 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons2x.png.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B
| MD5 | d9f4fb8d388e573c02c2b58c83da7b22 |
| SHA1 | 13aa7693e4cc87bceba61c4e1c2249b014f553e9 |
| SHA256 | a48edea5d4f94a62e1ab5d8cf307a4f020cc70ac6a5982199448617654555203 |
| SHA512 | 4ac4413ec0157e6fbe1f9546719ec2a574afd38e3f6ef66221f4a61fd0065143b78240599cce9afc4e74d97810c00b16237d63bfcf854163eaa3d82f012f4865 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B
| MD5 | 0c4e0b4c9f799d8df882bee021324d6f |
| SHA1 | 95b175ecbc0bd36fa85a767efd8fde73c96405bb |
| SHA256 | 9b0bab080f0258af8cf9136f3db23a5106762a0e8a15f9b8da40d8eed4e27ade |
| SHA512 | d1b3be63006aa9056fc726a3356057624015eb15a3b992e39e16f5c2216e5566f019be7541776d3282001ba65db6f8a4b094c64760d55ff55c40eb47cd5bdc42 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B
| MD5 | 5f8f56b34ba830b57e84dce665f722b8 |
| SHA1 | af7cf9eaba28c4c4034f1bdfe93a699c5ebf0029 |
| SHA256 | 8d9beacb64129df63abb5a1eaf39197f56f9d2a727b4de54df67fa0c3207e954 |
| SHA512 | 42ae5b19bb50c6c600db9b316251db5a02047622c63702d593e6dd5e57b0a08c446c18b0606e8a8fb5c0a44d3cea4283be0692b7ece6c5a3c940eb7cda42cf1c |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B
| MD5 | 990c9a30c8e05839e310323dfbab6388 |
| SHA1 | 387f1cdb495f9536e6565dba9d2cac7f78543d8b |
| SHA256 | 912e1fad80a99df8ce9eec31523be008fd3d6a3f3feb1e4e0fa52651aaf837c8 |
| SHA512 | 5d78d0f3808ae947ea5f8b0ccf73487a86d2cd83f0ed2777ab1234de6fd45593532415fca79270a3d15476f843de8b9bd1aa6c8a42766d3c2ebc7581e6f2b433 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon.png.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B
| MD5 | 66f1af92f9476838a561dd7d134d347a |
| SHA1 | c0d6cdce73f1257d3acb6c80c1362ae3dbff94ce |
| SHA256 | 36c1a3389f98d91f840572c1d8be5aad4579dbb474dd309f74748064837e8652 |
| SHA512 | 6473f103de432e3483d26466a654d7076c2a9e1b1b56ba7d0d0c7cc8bb3ce7ae239edbb7d9ace8c5dbda29aa16b5055c173b8d463a489fe832414f34d017249d |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover_2x.png.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B
| MD5 | e7e6f9a304cf24cddd039c4c089761b7 |
| SHA1 | 988c88f4adad5dc919342ddbfb13f328b40f82b2 |
| SHA256 | a84ed0dda447c1472839ae8a62320430b23a6aae87561bbf6a31ae180d2a146b |
| SHA512 | eab35f3ad7ba08c1f7a6aabe1a5a569668bf143eaa5239f77d3a37a521d91a74f94b329d6be93f98fa33eaa5870061676a6a4345b2b595439857c4bc6e93b94e |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover.png.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B
| MD5 | ac3a17a84db33eedcf9b4153858cea35 |
| SHA1 | 87e97eddb03a86fb0a81ac299c718dd757c3099a |
| SHA256 | 45122f92f2e4d0173cc8c94b53f28494a637be1bbf5c82e3d03e6b8b400050af |
| SHA512 | bebffeed7dc3f4c8f9f40a59c5fb009286f23359b2b8fc93581cbddc6d1bb957ff9c984d7e9addead695fd40950ca91fb2c9c449e7b53175fcb59b84f4f1e5b7 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_2x.png.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B
| MD5 | 45d5e6bd0d3490cc14fc06521bf96211 |
| SHA1 | be59706abeb26bb3f08e67aa1150a929a50463de |
| SHA256 | 8f34900934c9f2e5cbf70607991f27cec6032a3158ca2112ec198dab3cbc1d23 |
| SHA512 | 879fcb3bc146755157a0f83778a9ba939579bf63691635f2762e87f2090135f6dbbffc4c75174b194865fc50d2ef2aa30e5d035703b5e3a64668fe0bd469ad31 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon.png.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B
| MD5 | e29bf9b0fb77be7feff908f62afff258 |
| SHA1 | b082d0a83119c61456d29eb466d6ade5706a72bb |
| SHA256 | 8a8a70b439c484c9ca0f304d9c15b7b2df0a09f67d5a89e6f8b06fa7b6c83027 |
| SHA512 | cb2f2b5a3fd8a0f3c35aa4f992f409e6fdfd5dce9abaf3e664db7e49a5f58580868e290d4dfe41bf77221e1e37bfa35ffd1b920555329da08f0263796b3e430d |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons.png.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B
| MD5 | f7f65e100695769a50c52243962a91ab |
| SHA1 | 39a76cd75701743e9a0b03b1ed20fd53ea35a3d2 |
| SHA256 | f7aace08cfaaf0a10438c797f2be0adcf469ca0bb2d322b5b67e704ea03dc301 |
| SHA512 | 20aad216fdcac35f3471c8336399aabed8eedc88b08b7fc2aa1096cb484034695731d28ac500b6f6eee43b1331e385407abad49a96dbd9abeb4acf1031787bc4 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_ie8.gif.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B
| MD5 | f5f254d9a43058c665e51ce36289d4de |
| SHA1 | a6a9f52e145ba3c4368d175d0b17e54e296f80ec |
| SHA256 | 2796abde17c78315acf495622e6955e4e52af1c39dc3cf675e30ce873c667073 |
| SHA512 | aa6800c2dff3ca4ebf44f4ba15b13e244f175e372d25981af17b85530541339014190c20a532faa27cdf50a42ce20f3c9be164b7dbbea3a0c99211dca85b5426 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_retina.png.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B
| MD5 | 311587de8bf1fc6c75bb68bdac201a26 |
| SHA1 | 3acf5d4865ed0e1d0880a7d2236b74c0770dd0b0 |
| SHA256 | e8a0b24d531ae4567ebde529e4e0662d67e846115b86bad642c8fcbe13a0c462 |
| SHA512 | e3759f9dc0c289a437e78e1f18a53b83aca83654c14cf901ef502953df939aec948fb588d608a2cdd4e4d18c9d3aae9c0a506fdd62a7c8864040f12ef99e1d92 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons.png.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B
| MD5 | 32076c3f387d16deb9846c7267f56486 |
| SHA1 | b33510720364dee8137f26eed72024dd8be774fb |
| SHA256 | 3ec725728830542578f72ecfea5c6551760edb5566d5eb91fd85cd27dab4e136 |
| SHA512 | 26ff4a003be3ec1942df95008251ea8f86aefababb14ad9729cdd8a68487f2e5dce38ee1c24f097a38ad9a9f1f53cd59dfd7773dd24c7e170c4adf4af051a77c |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons_retina.png.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B
| MD5 | b492d769ddf135bc5b6f6852cf2bf800 |
| SHA1 | 366ec1ae43de6e8630c73ff0fab642ed5028e360 |
| SHA256 | bd4f16d2ea3c42b44999a07629686fcd7639aa47c3df034066fa2bb873cf1e91 |
| SHA512 | 222dcd792e8ed64a1e0b75e3fc655e94a67f518e1d33c0e7bfc5a90a1aaa50878d81fb2ff78b674fddd2575563e798dfd5c193159593fb376cf5696116174426 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_patterns_header.png.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B
| MD5 | 5498938dbd4937df604f3d93e65fe04b |
| SHA1 | 5eda964a89c49a75c72ebf5be84905ae364f403c |
| SHA256 | af63dd80cf2e61008df8b39ca52e096920cb44ee1a526ac175fada8cd0e6803b |
| SHA512 | a680a2f81b49196c76f52d4baa83bda853b77685d433a34635f7e32958057e89bd15f70df28d4c8e1332102b82afbc3defc6ae0f21a5361321e7b674789957a5 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_pattern_RHP.png.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B
| MD5 | 5772472a3452a7a231dbb1921f81834f |
| SHA1 | 9e43fe334431e2c4f14a5ebc4da67a2f29ae5d23 |
| SHA256 | 8fbaa00c85593922bc25077feca5c3a88c6d016c24f0a283ec7c02a4059ebae0 |
| SHA512 | d9c1475cdc91f55fb6057df00e4c7b0e2bde71437355a3fc0f4df08519dfc6ac1e1b810cd31e0a8966606d36804273da542e9d90f8e8b29cb915c1f73add2ab7 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations.png.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B
| MD5 | ceb244490c2421585f986de0f888a6bf |
| SHA1 | 84272eba4cc9a00c4760c9940816d76eca86a439 |
| SHA256 | 292f63cb3c2e9d521cccb23de7d30f6fefbf99cda3144c7984e2b45acfda885b |
| SHA512 | e97197fa12e7da7d62ef066d88c865697d9bedf225d5059bff7a08ddad6c11f5931ea72a5e90570611a07cec5e8666f789cf2be93e7d2287a67b46314c9c365a |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations_retina.png.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B
| MD5 | f4641b2e69b03a00b77497ab7005e029 |
| SHA1 | 39adced935dc4d5ecbe19e051f8078a57776b15e |
| SHA256 | 929ee1139476e51d643e547139a425c0be2dc6a64155389301cd36fe3b21ec64 |
| SHA512 | 776e4f8bf02f772a1a18b595bfe2c2cb13307ed9a938a4968f508a74e6fe42e314e61e26c10e7424826194392ca87a33218b9383e2a1eb4b7b8241ba310505c6 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-gb\ui-strings.js.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B
| MD5 | e59d977d16c30db0b0919419559e1066 |
| SHA1 | f999e15c65472a58a2cf6364f56a1db47538edd5 |
| SHA256 | 9156ca1120801deed6a42404f08374493ba04d78702e61448348b4184b11c53c |
| SHA512 | 8e49798ffc58aec23d48261ebc8487a8eb2d8d68515f67c4e318bf5c95613213c7b879eae41d98671ff05554013dea94ebc768d3b0ce238303493f6a72773271 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ui-strings.js.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B
| MD5 | 920c93c886667233190217334b7a9065 |
| SHA1 | d78af1b9eecbf3aff40e744f4f3533a381459e3c |
| SHA256 | fb45ff38da952596a8ec26c5af617c419d463c619249c63e106396b2caed197b |
| SHA512 | 7ccd94d84094066d37cf6801f4ad495b9b3cf9fad86bb413f9b2d808423f3b8573b93b6925472b30764db6192d5e71b5ca24d1c74ce05ba3b50604c8ed804d39 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ui-strings.js.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B
| MD5 | 2dbd3a42afb404b3bbae4df488996710 |
| SHA1 | 8be6c8aef902432ab104aaf4d2b61eafed1f3e5c |
| SHA256 | 8a1922f17a49744094f391e20845fd53cf8a702f79defb38e913f6aa2139013c |
| SHA512 | dd252e552720c4757c2c5195986f334641dfe5134c07ac3b012d1a5adaadb31f784070cb89d814731ab133e65d9dba0f41affb66209c4f69fd6d32251cf15356 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\css\main.css.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B
| MD5 | ecfe3f5c04e21eb3fb6c629630b47027 |
| SHA1 | 088a0f31b11572873bf33a1c734050c454a09b07 |
| SHA256 | 8a9a7fba38993ce2943635c0044a2eee8baf3aaa4f89c9fd53d347eb0d1189d9 |
| SHA512 | 62e7c1fea926d14b4bcfcf385d254cc5dc73aed350bed78e876c91629962b99f131972643aad08d3a76f5e290157412297efc9fe72b61ef5608488fbdee5b5c7 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\bun.png.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B
| MD5 | 9eb12f6d8fc687be787f6a5c3870573f |
| SHA1 | ad98084e568cb7ea5b1fca5b150764558cb92893 |
| SHA256 | c693324da2511613a0f98000d616b9b21b11a9da96ca9d715befe4821f192ef6 |
| SHA512 | 1680ae580a9a83eb3c0297cfe5db7627951a107b88a3cf76dda81fd597dccffd30e383e15d6b06eea99096ecda7da08bb433144171932cb365c62a8f7cb6e34c |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview.png.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B
| MD5 | 96392dfd38c7f80df51957d19d57e4d5 |
| SHA1 | 24d2c39742ee42527301618db5e09ccde26d3454 |
| SHA256 | da5cf2af1d432495af8c55ddbf5784900325621b8ecd583d5ef3387b1c3691e5 |
| SHA512 | d22c99c4fb3cee469ae8564e5fa8bccc8deef50cfdb81f65164f1c23ab829c45b16bf2fcd3754ff3f259669daf959b46209c794cc7fd5b695210f641a75a3a39 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview2x.png.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B
| MD5 | f4e71b5648169c218aed09cfb76e7240 |
| SHA1 | a4813dfceef078788b0ce31475e978782fe2bafd |
| SHA256 | b25cbc13b186e5ac3a3380f325622f1e5b12374bb11aa490e825871889f14421 |
| SHA512 | cc1c29d86116fddd2b34a2f794496fbea01e8d8de491b2ea7e07a19743a026fe0a5e940ae500b1c297c8385aa000df40e055b9f010b52d44c293870663c79d65 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small.png.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B
| MD5 | f36bef5a20301ab2e44a1d8c59af9692 |
| SHA1 | 9c7915874f44b238546e1b7951a78d595bf6bab9 |
| SHA256 | 81975be9198f807deb99c27bc07da5e26e4c340105214bd42246e7aae81815de |
| SHA512 | c08fb080a722e6e8a59fba261aefef13e5672acba91d635e1f129995fc6049d3ab7dae35368bc1d206c4a2e9724fa63f7d61f49fdddf447143a9d0586b42eb2b |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small2x.png.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B
| MD5 | f1ca2ebf9d103a41c142086fdf42b179 |
| SHA1 | d7cb14e134481dddfcc93bb1402466e0fd21f648 |
| SHA256 | 9461d90abf8a4d3ef33062437abd4098225b639e051bcabbc562d9724ae2236a |
| SHA512 | 54df2d79ec4df2d3149b81d1420e6857b0804608a18487e776fc413092435ea5e40cafeea3b040e059c4f9d7858a9ed1a8b47ff52c384f483d64d6b74656f5ee |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\nub.png.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B
| MD5 | 78279dd09d9d729b10147a1338e14a9b |
| SHA1 | 86750280aba938f7fe6f361b67965f38bcc093c3 |
| SHA256 | 4fe1701636d36de6f9ad9004908b74c2a3c2040eb436979c916133909f0ffb47 |
| SHA512 | b203db1a5bce5578b3926016dda51a8055c1ca5771605ca0f01cb62e2ffca68e107ea20477e6fe01b54bb92029308bc943390863b4a17e91f0ab305efb23b69a |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons.png.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B
| MD5 | c5053a6381e411f9da388b1a1e169659 |
| SHA1 | 5783941965cc084261cf47f68f999bc81bc2327f |
| SHA256 | 3b98fdb14ba4b1e90ad9a09d7726be620dd8446d80d61b6246af01be6b48e136 |
| SHA512 | 134704d8fd67cde6551e23960ffdc3b0cbeb515cfff9ad0e6cd1ca3f033d633c89cec2678c0a78375d00e6693828c9198d59003c1fb9a76f52506576e87fd4cf |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons2x.png.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B
| MD5 | e8a0ca3505ed83742e9c596e0f071089 |
| SHA1 | dceb37aa67389ceb04f012538fd37f4b2874fa84 |
| SHA256 | b86d85ef806a71bcd7c6e8a5099274f1c32bd6cbf73a68b30643e0c4bb34e53f |
| SHA512 | 680c6fc251556b8f064dd916067e8681f02639855c999bd82201a5a36c65c9c384c02c2e837b0cc3eb0d7c0ca6c4c7c4c8909ff5aa6c0aa5e84d84ff7299eb94 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\nl-nl\ui-strings.js.C5602A11E6C199BA625109964250F90F8CEF0300E2959C067A7F6D8C1341DF8B
| MD5 | bf47aff7a3d733ce2c257d25c86b23b2 |
| SHA1 | d6b70697c9fac08884600887c5ce4e9767d4aeb2 |
| SHA256 | a1341d5674c92a2515d562b149fd0c0e8a843f54e257b181dd5d6d065a3d5e5b |
| SHA512 | 073dcff084c4811574fbd8be75a061a2d5b484260105e4d6ad973667c4e4928289a7605deca3d303fd4eedfc9dc3f72505282db3a2eb527a419b32c7464cccb4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ab4a558ddf72d09587565e2a144b3568 |
| SHA1 | 852a8aa28e2bc50805ed57d908e2e1df07ace331 |
| SHA256 | 110859a6178f04891c8d2b089b356495ec59c038743c380108b9f54cb3343d62 |
| SHA512 | c809d869c8e2bab15ac6fecd763dcd8109e34acb16c4e0ed9cfc15956cb4b060fcd3d1fabcc8e8dd52a924a5a65d1e455f10e0443d28fd7f9301e2a98552b8c1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d5f245bfb623c0acfb8fec21e1f81c63 |
| SHA1 | 0c10401063d955dc520fdec1c1bf90b83f45a933 |
| SHA256 | 695f8aac28eeaedb1296c2e3432b3088142dac884536f7ec6225639ac9718724 |
| SHA512 | 2849cacd3e5a979c8d70cfc49f24eeba8ca3b57ad389880259303e8627e2b74f748a746d93981131d113b05ea3f8c0f6cd2965f8b9917e4f75357eab22899187 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 8e123d2ce6a200bc9519ea21a3f9afc9 |
| SHA1 | e71e5d30063fb2bd7364e610a0320a00d73d4552 |
| SHA256 | 84cd4173501a5bb8d16446e58cd93de307c5402805268d65719625ad0acc7c46 |
| SHA512 | b939bc9f15490ec47ddca2973a51da8e8ee1defdc29f1af9ddaf20d0dc5c8347bbcf08b8a306affe3451c76e6fef871e643830652c0b5b50d927e2191f6bfa48 |