Analysis Overview
SHA256
f5d002bfe80b48386a6c99c41528931b7f5df736cd34094463c3f85dde0180bf
Threat Level: Known bad
The file InfinityCrypt.exe was found to be: Known bad.
Malicious Activity Summary
InfinityLock Ransomware
Infinitylock family
Drops file in Program Files directory
Unsigned PE
System Location Discovery: System Language Discovery
Checks processor information in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-20 19:17
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-20 19:17
Reported
2024-11-20 19:20
Platform
win7-20240903-en
Max time kernel
29s
Max time network
147s
Command Line
Signatures
InfinityLock Ransomware
Infinitylock family
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\Help\ITIRCL55.DLL.BF5CF8BC1291AF75AFBA38710549F29F2B77F4A8754990470FAF202D11CDFDF5 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql2000.xsl.BF5CF8BC1291AF75AFBA38710549F29F2B77F4A8754990470FAF202D11CDFDF5 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\NA00454_.WMF.BF5CF8BC1291AF75AFBA38710549F29F2B77F4A8754990470FAF202D11CDFDF5 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18255_.WMF.BF5CF8BC1291AF75AFBA38710549F29F2B77F4A8754990470FAF202D11CDFDF5 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR37F.GIF.BF5CF8BC1291AF75AFBA38710549F29F2B77F4A8754990470FAF202D11CDFDF5 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl.css.BF5CF8BC1291AF75AFBA38710549F29F2B77F4A8754990470FAF202D11CDFDF5 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0107544.WMF.BF5CF8BC1291AF75AFBA38710549F29F2B77F4A8754990470FAF202D11CDFDF5 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\J0222021.WMF.BF5CF8BC1291AF75AFBA38710549F29F2B77F4A8754990470FAF202D11CDFDF5 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14529_.GIF.BF5CF8BC1291AF75AFBA38710549F29F2B77F4A8754990470FAF202D11CDFDF5 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\misc.exe.BF5CF8BC1291AF75AFBA38710549F29F2B77F4A8754990470FAF202D11CDFDF5 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\DEEPBLUE\THMBNAIL.PNG.BF5CF8BC1291AF75AFBA38710549F29F2B77F4A8754990470FAF202D11CDFDF5 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\FD00074_.WMF.BF5CF8BC1291AF75AFBA38710549F29F2B77F4A8754990470FAF202D11CDFDF5 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0105286.WMF.BF5CF8BC1291AF75AFBA38710549F29F2B77F4A8754990470FAF202D11CDFDF5 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\NA02417_.WMF.BF5CF8BC1291AF75AFBA38710549F29F2B77F4A8754990470FAF202D11CDFDF5 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\LATIN1.SHP.BF5CF8BC1291AF75AFBA38710549F29F2B77F4A8754990470FAF202D11CDFDF5 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif.BF5CF8BC1291AF75AFBA38710549F29F2B77F4A8754990470FAF202D11CDFDF5 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\RICEPAPR\RICEPAPR.ELM.BF5CF8BC1291AF75AFBA38710549F29F2B77F4A8754990470FAF202D11CDFDF5 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0279644.WMF.BF5CF8BC1291AF75AFBA38710549F29F2B77F4A8754990470FAF202D11CDFDF5 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\1033\RPLBRF35.CHM.BF5CF8BC1291AF75AFBA38710549F29F2B77F4A8754990470FAF202D11CDFDF5 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21534_.GIF.BF5CF8BC1291AF75AFBA38710549F29F2B77F4A8754990470FAF202D11CDFDF5 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\BL00985_.WMF.BF5CF8BC1291AF75AFBA38710549F29F2B77F4A8754990470FAF202D11CDFDF5 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Document Themes 14\Metro.thmx.BF5CF8BC1291AF75AFBA38710549F29F2B77F4A8754990470FAF202D11CDFDF5 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18215_.WMF.BF5CF8BC1291AF75AFBA38710549F29F2B77F4A8754990470FAF202D11CDFDF5 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18251_.WMF.BF5CF8BC1291AF75AFBA38710549F29F2B77F4A8754990470FAF202D11CDFDF5 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14583_.GIF.BF5CF8BC1291AF75AFBA38710549F29F2B77F4A8754990470FAF202D11CDFDF5 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\EURO\MSOEURO.DLL.BF5CF8BC1291AF75AFBA38710549F29F2B77F4A8754990470FAF202D11CDFDF5 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\1033\WINWORD_COL.HXC.BF5CF8BC1291AF75AFBA38710549F29F2B77F4A8754990470FAF202D11CDFDF5 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\SO01905_.WMF.BF5CF8BC1291AF75AFBA38710549F29F2B77F4A8754990470FAF202D11CDFDF5 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\MSOHEV.DLL.BF5CF8BC1291AF75AFBA38710549F29F2B77F4A8754990470FAF202D11CDFDF5 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.dll.BF5CF8BC1291AF75AFBA38710549F29F2B77F4A8754990470FAF202D11CDFDF5 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0.dll.BF5CF8BC1291AF75AFBA38710549F29F2B77F4A8754990470FAF202D11CDFDF5 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0145361.JPG.BF5CF8BC1291AF75AFBA38710549F29F2B77F4A8754990470FAF202D11CDFDF5 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\TN00011_.WMF.BF5CF8BC1291AF75AFBA38710549F29F2B77F4A8754990470FAF202D11CDFDF5 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\J0222015.WMF.BF5CF8BC1291AF75AFBA38710549F29F2B77F4A8754990470FAF202D11CDFDF5 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21296_.GIF.BF5CF8BC1291AF75AFBA38710549F29F2B77F4A8754990470FAF202D11CDFDF5 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\msjet.xsl.BF5CF8BC1291AF75AFBA38710549F29F2B77F4A8754990470FAF202D11CDFDF5 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\IN00351_.WMF.BF5CF8BC1291AF75AFBA38710549F29F2B77F4A8754990470FAF202D11CDFDF5 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PRRTINST.WMF.BF5CF8BC1291AF75AFBA38710549F29F2B77F4A8754990470FAF202D11CDFDF5 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\SO02051_.WMF.BF5CF8BC1291AF75AFBA38710549F29F2B77F4A8754990470FAF202D11CDFDF5 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Colors\Median.xml.BF5CF8BC1291AF75AFBA38710549F29F2B77F4A8754990470FAF202D11CDFDF5 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\CNFRES.CFG.BF5CF8BC1291AF75AFBA38710549F29F2B77F4A8754990470FAF202D11CDFDF5 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\SO00352_.WMF.BF5CF8BC1291AF75AFBA38710549F29F2B77F4A8754990470FAF202D11CDFDF5 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\SL00452_.WMF.BF5CF8BC1291AF75AFBA38710549F29F2B77F4A8754990470FAF202D11CDFDF5 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Document Themes 14\Flow.thmx.BF5CF8BC1291AF75AFBA38710549F29F2B77F4A8754990470FAF202D11CDFDF5 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\J0199805.WMF.BF5CF8BC1291AF75AFBA38710549F29F2B77F4A8754990470FAF202D11CDFDF5 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18256_.WMF.BF5CF8BC1291AF75AFBA38710549F29F2B77F4A8754990470FAF202D11CDFDF5 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\LoginDialogBackground.jpg.BF5CF8BC1291AF75AFBA38710549F29F2B77F4A8754990470FAF202D11CDFDF5 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\DD01157_.WMF.BF5CF8BC1291AF75AFBA38710549F29F2B77F4A8754990470FAF202D11CDFDF5 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\J0301050.WMF.BF5CF8BC1291AF75AFBA38710549F29F2B77F4A8754990470FAF202D11CDFDF5 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\AUDIOSEARCHSAPIFE.DLL.BF5CF8BC1291AF75AFBA38710549F29F2B77F4A8754990470FAF202D11CDFDF5 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\1033\PROTTPLN.PPT.BF5CF8BC1291AF75AFBA38710549F29F2B77F4A8754990470FAF202D11CDFDF5 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD14800_.GIF.BF5CF8BC1291AF75AFBA38710549F29F2B77F4A8754990470FAF202D11CDFDF5 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\GRAPH.EXE.BF5CF8BC1291AF75AFBA38710549F29F2B77F4A8754990470FAF202D11CDFDF5 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\BS01635_.WMF.BF5CF8BC1291AF75AFBA38710549F29F2B77F4A8754990470FAF202D11CDFDF5 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0196354.WMF.BF5CF8BC1291AF75AFBA38710549F29F2B77F4A8754990470FAF202D11CDFDF5 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PE04050_.WMF.BF5CF8BC1291AF75AFBA38710549F29F2B77F4A8754990470FAF202D11CDFDF5 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH01247U.BMP.BF5CF8BC1291AF75AFBA38710549F29F2B77F4A8754990470FAF202D11CDFDF5 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\SO00345_.WMF.BF5CF8BC1291AF75AFBA38710549F29F2B77F4A8754990470FAF202D11CDFDF5 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Colors\Apex.xml.BF5CF8BC1291AF75AFBA38710549F29F2B77F4A8754990470FAF202D11CDFDF5 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD15035_.GIF.BF5CF8BC1291AF75AFBA38710549F29F2B77F4A8754990470FAF202D11CDFDF5 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\EMABLT32.DLL.BF5CF8BC1291AF75AFBA38710549F29F2B77F4A8754990470FAF202D11CDFDF5 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\Help\1041\hxdsui.dll.BF5CF8BC1291AF75AFBA38710549F29F2B77F4A8754990470FAF202D11CDFDF5 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\DD01162_.WMF.BF5CF8BC1291AF75AFBA38710549F29F2B77F4A8754990470FAF202D11CDFDF5 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099191.JPG.BF5CF8BC1291AF75AFBA38710549F29F2B77F4A8754990470FAF202D11CDFDF5 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe
"C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | arizonacode.bplaced.net | udp |
| DE | 162.55.0.137:80 | arizonacode.bplaced.net | tcp |
Files
memory/3060-0-0x000000007472E000-0x000000007472F000-memory.dmp
memory/3060-1-0x0000000001390000-0x00000000013CC000-memory.dmp
memory/3060-2-0x0000000074720000-0x0000000074E0E000-memory.dmp
memory/3060-561-0x000000007472E000-0x000000007472F000-memory.dmp
memory/3060-562-0x0000000074720000-0x0000000074E0E000-memory.dmp
C:\Program Files (x86)\Microsoft Office\Office14\1033\INFOPATH_K_COL.HXK.BF5CF8BC1291AF75AFBA38710549F29F2B77F4A8754990470FAF202D11CDFDF5
| MD5 | a8a41f30f1b6651d9b0205b8ca6e9159 |
| SHA1 | ba0b409c31d1eabb0bfd88dfa430c700bc1e0722 |
| SHA256 | 7fba5655d311454460e2a2a4e04b7408b11911817772658d484a6da1a3ecf188 |
| SHA512 | 25075aa5a2d8666fc69aad63aefe7f7e887515a4fa8d8df48bc9fe8bea5d70b92e7955627eb6a12aaeba2415f72d81a0f1744a9ec066030ee74b4b93e6d9010b |
C:\Program Files (x86)\Microsoft Office\Office14\1033\INFOPATH_F_COL.HXK.BF5CF8BC1291AF75AFBA38710549F29F2B77F4A8754990470FAF202D11CDFDF5
| MD5 | c8bf48af806cefa2ed2301c34e759598 |
| SHA1 | 3f26732cb8ebd47f57b0baff79f7f2549b1e84c2 |
| SHA256 | eb2999cb32a79d8dc1ee720354e4e098a25148f5a02b7717beb73df395c0d031 |
| SHA512 | af81fbcf6bf147873cc1715e800871295778bd79aefd097fb1952c9c2318ac3c4269d324697a4edab51f40f1a7bffb8291a6a71ab24afca7cf23ff6bf53b281b |
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightYellow\TAB_ON.GIF.BF5CF8BC1291AF75AFBA38710549F29F2B77F4A8754990470FAF202D11CDFDF5
| MD5 | 5e083ef30c07c960e75a92d01c6d17a8 |
| SHA1 | 4966c1ddfde88eeb4cf0241bccf6eb6957d7f318 |
| SHA256 | 85d3574117c4ff1ac19d11d6350c1ccf8b4d7db5ae450eb82cd4b391f285a174 |
| SHA512 | 4b3365488d1925c573d461d96299be4acfb4677255efc9e904b8259b9ab49a745a1e061a9ad6054f9d24670a3c725ccf3c3767441e5eff45971ecd35dec85919 |
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightYellow\TAB_OFF.GIF.BF5CF8BC1291AF75AFBA38710549F29F2B77F4A8754990470FAF202D11CDFDF5
| MD5 | 6031819992959b78a408286870578570 |
| SHA1 | 9ca439bf0102c0b136e09488590eb48f7ca747c8 |
| SHA256 | 5a0a5cf634bb1031ae74cf0baa88a47e2865f7688b78ddd45270b02f28b76be4 |
| SHA512 | 895f31bf4e29d44cf0b136cdc79ca541e2ee2e2e5b32885f6366a3c41f91e751debb5e321cb2a1ce78ef22888116c45584fb17365cfb855f953e2cdade1a06a1 |
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\BUTTON.GIF.BF5CF8BC1291AF75AFBA38710549F29F2B77F4A8754990470FAF202D11CDFDF5
| MD5 | d6c1f7828ad450182ec5c9aecbe31ba1 |
| SHA1 | f9a589b4ff14e0ae740e354c83dead9eadf38b10 |
| SHA256 | 5bcf70bdb3cce0f19cffc85e57109bc96f69d28be9aa71a1d7a13b24d73778ba |
| SHA512 | 438eece0810bd7c4e9c98689e61fb8f2a1eedd2bccc8111d2f6db6c335b3f9d3dfa909fb3bd7170094a230d8cf747d304c8ee4b059ce408ba367a1bd4ea9ede8 |
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\TAB_ON.GIF.BF5CF8BC1291AF75AFBA38710549F29F2B77F4A8754990470FAF202D11CDFDF5
| MD5 | 538e1dbde4df0dd036b4ec932524f771 |
| SHA1 | 1fbee268dc49ed33522b0e98d904ac994fd4f300 |
| SHA256 | bd048d23f1aea9a038063dad29291178d4d69b64401a0018c8f157f3761e4b67 |
| SHA512 | 291d87ad5892d94260ff23507fd57f42f18e4919ad03ce7c166957ee76d8bb2e47056beddb7db72c4be8d71cd869c2f35a9e63faa9a92f620874f6fd3d9d6327 |
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\TAB_OFF.GIF.BF5CF8BC1291AF75AFBA38710549F29F2B77F4A8754990470FAF202D11CDFDF5
| MD5 | 48704f656e801512f4a70820f127be20 |
| SHA1 | 015fb64fce47fc8c89806cd63138bd550d943a02 |
| SHA256 | 4119cd071a1997cf14f08e8f28a38e3cc788bab6979385442809b7a2799aa28d |
| SHA512 | 73d967d887546a270c1bed0fec1cb138d494ee8d517e5032857878da534b02c7d938f55013d46df4ec427baa2f7f85aab920ec19139af29a97d988b3e58479d0 |
C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.NO.XML.BF5CF8BC1291AF75AFBA38710549F29F2B77F4A8754990470FAF202D11CDFDF5
| MD5 | 074faf4959f60f0f955dcb5ed8a9f373 |
| SHA1 | 2675c3896ba8242756910bfa9d2d43a796713af4 |
| SHA256 | fb8848ecf114f6185ab7cd3ffbd74ef765b76c90010d5eac99adfb9beaae1179 |
| SHA512 | 8ac78f078ddd39c6ff679463d430602af0a5dc086e123e084f2541c4028665dd0982162c6913a2f07fef86fafcead3526ac3649430e967285a7bd7699f80a8b0 |
C:\Users\Admin\Desktop\LimitTrace.xlsx.BF5CF8BC1291AF75AFBA38710549F29F2B77F4A8754990470FAF202D11CDFDF5
| MD5 | 406e69380e75cf7c3cf781de0b894136 |
| SHA1 | 57497a0477cb473742e02f048b5ab980cde72755 |
| SHA256 | ffcbea48f7290f812c6f146443582e6ee7e022cc42457fcd84a9f16dba3fade2 |
| SHA512 | aa40157c6c52a33d1775b8c8b1b2d2b6a25dca66aa7673f3a84e0495dc8530d4982e5a77260cb02d3f3762739325740fbcafcd5caf4edced2cfc4378c3c8bc29 |
memory/3060-5328-0x0000000074720000-0x0000000074E0E000-memory.dmp
memory/3060-5329-0x0000000074720000-0x0000000074E0E000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-20 19:17
Reported
2024-11-20 19:20
Platform
win10v2004-20241007-en
Max time kernel
7s
Max time network
140s
Command Line
Signatures
InfinityLock Ransomware
Infinitylock family
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\review_browser.gif.586C4ECDB38D5215D38606CA2E0EF1356F196B61B940806B9DC5EA26A9B978E7 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\review_shared.gif.586C4ECDB38D5215D38606CA2E0EF1356F196B61B940806B9DC5EA26A9B978E7 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_filter-disabled_32.svg.586C4ECDB38D5215D38606CA2E0EF1356F196B61B940806B9DC5EA26A9B978E7 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_filter_18.svg.586C4ECDB38D5215D38606CA2E0EF1356F196B61B940806B9DC5EA26A9B978E7 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\S_IlluNoInternetConnection_120x80.svg.586C4ECDB38D5215D38606CA2E0EF1356F196B61B940806B9DC5EA26A9B978E7 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll.586C4ECDB38D5215D38606CA2E0EF1356F196B61B940806B9DC5EA26A9B978E7 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_filterselected-focus_32.svg.586C4ECDB38D5215D38606CA2E0EF1356F196B61B940806B9DC5EA26A9B978E7 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_listview_selected.svg.586C4ECDB38D5215D38606CA2E0EF1356F196B61B940806B9DC5EA26A9B978E7 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\adobe_spinner.gif.586C4ECDB38D5215D38606CA2E0EF1356F196B61B940806B9DC5EA26A9B978E7 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\adobepdf.xdc.586C4ECDB38D5215D38606CA2E0EF1356F196B61B940806B9DC5EA26A9B978E7 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Services\verisign.bmp.586C4ECDB38D5215D38606CA2E0EF1356F196B61B940806B9DC5EA26A9B978E7 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_delete_18.svg.586C4ECDB38D5215D38606CA2E0EF1356F196B61B940806B9DC5EA26A9B978E7 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_opencarat_18.svg.586C4ECDB38D5215D38606CA2E0EF1356F196B61B940806B9DC5EA26A9B978E7 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\hi_contrast\core_icons_hiContrast_wob.png.586C4ECDB38D5215D38606CA2E0EF1356F196B61B940806B9DC5EA26A9B978E7 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\en_GB\en_GB.dic.586C4ECDB38D5215D38606CA2E0EF1356F196B61B940806B9DC5EA26A9B978E7 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\icudt.dll.586C4ECDB38D5215D38606CA2E0EF1356F196B61B940806B9DC5EA26A9B978E7 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\AdobeID.pdf.586C4ECDB38D5215D38606CA2E0EF1356F196B61B940806B9DC5EA26A9B978E7 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_filterselected-default_32.svg.586C4ECDB38D5215D38606CA2E0EF1356F196B61B940806B9DC5EA26A9B978E7 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\s_filetype_xd.svg.586C4ECDB38D5215D38606CA2E0EF1356F196B61B940806B9DC5EA26A9B978E7 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\en_CA\README_th_en_CA_v2.txt.586C4ECDB38D5215D38606CA2E0EF1356F196B61B940806B9DC5EA26A9B978E7 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_US\List.txt.586C4ECDB38D5215D38606CA2E0EF1356F196B61B940806B9DC5EA26A9B978E7 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_closereview_18.svg.586C4ECDB38D5215D38606CA2E0EF1356F196B61B940806B9DC5EA26A9B978E7 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\next-arrow-hover.svg.586C4ECDB38D5215D38606CA2E0EF1356F196B61B940806B9DC5EA26A9B978E7 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt.586C4ECDB38D5215D38606CA2E0EF1356F196B61B940806B9DC5EA26A9B978E7 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\reviewers.gif.586C4ECDB38D5215D38606CA2E0EF1356F196B61B940806B9DC5EA26A9B978E7 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccme_base.dll.586C4ECDB38D5215D38606CA2E0EF1356F196B61B940806B9DC5EA26A9B978E7 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_invite_24.svg.586C4ECDB38D5215D38606CA2E0EF1356F196B61B940806B9DC5EA26A9B978E7 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_invite_18.svg.586C4ECDB38D5215D38606CA2E0EF1356F196B61B940806B9DC5EA26A9B978E7 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\PMP\AdobePDF417.pmp.586C4ECDB38D5215D38606CA2E0EF1356F196B61B940806B9DC5EA26A9B978E7 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_move_18.svg.586C4ECDB38D5215D38606CA2E0EF1356F196B61B940806B9DC5EA26A9B978E7 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Accessibility.api.586C4ECDB38D5215D38606CA2E0EF1356F196B61B940806B9DC5EA26A9B978E7 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Office.Excel.AddInAdapter.v9.0.dll.586C4ECDB38D5215D38606CA2E0EF1356F196B61B940806B9DC5EA26A9B978E7 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\snapshot_blob.bin.586C4ECDB38D5215D38606CA2E0EF1356F196B61B940806B9DC5EA26A9B978E7 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\back-arrow-hover.svg.586C4ECDB38D5215D38606CA2E0EF1356F196B61B940806B9DC5EA26A9B978E7 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\logo_retina.png.586C4ECDB38D5215D38606CA2E0EF1356F196B61B940806B9DC5EA26A9B978E7 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\AppInfoDocument\AddIns.store.586C4ECDB38D5215D38606CA2E0EF1356F196B61B940806B9DC5EA26A9B978E7 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\init.js.586C4ECDB38D5215D38606CA2E0EF1356F196B61B940806B9DC5EA26A9B978E7 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\sendforcomments.svg.586C4ECDB38D5215D38606CA2E0EF1356F196B61B940806B9DC5EA26A9B978E7 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v10.0.dll.586C4ECDB38D5215D38606CA2E0EF1356F196B61B940806B9DC5EA26A9B978E7 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\main-cef-win.css.586C4ECDB38D5215D38606CA2E0EF1356F196B61B940806B9DC5EA26A9B978E7 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\apple-touch-icon-72x72-precomposed.png.586C4ECDB38D5215D38606CA2E0EF1356F196B61B940806B9DC5EA26A9B978E7 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\s_agreement_filetype.svg.586C4ECDB38D5215D38606CA2E0EF1356F196B61B940806B9DC5EA26A9B978E7 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\back-arrow-hover.svg.586C4ECDB38D5215D38606CA2E0EF1356F196B61B940806B9DC5EA26A9B978E7 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe.586C4ECDB38D5215D38606CA2E0EF1356F196B61B940806B9DC5EA26A9B978E7 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annots.api.586C4ECDB38D5215D38606CA2E0EF1356F196B61B940806B9DC5EA26A9B978E7 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\createpdf.svg.586C4ECDB38D5215D38606CA2E0EF1356F196B61B940806B9DC5EA26A9B978E7 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeXMP.dll.586C4ECDB38D5215D38606CA2E0EF1356F196B61B940806B9DC5EA26A9B978E7 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\JP2KLib.dll.586C4ECDB38D5215D38606CA2E0EF1356F196B61B940806B9DC5EA26A9B978E7 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\libcef.dll.586C4ECDB38D5215D38606CA2E0EF1356F196B61B940806B9DC5EA26A9B978E7 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\logo_retina.png.586C4ECDB38D5215D38606CA2E0EF1356F196B61B940806B9DC5EA26A9B978E7 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_sortedby_up_hover_18.svg.586C4ECDB38D5215D38606CA2E0EF1356F196B61B940806B9DC5EA26A9B978E7 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\A12_Spinner.gif.586C4ECDB38D5215D38606CA2E0EF1356F196B61B940806B9DC5EA26A9B978E7 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Microsoft Shared\MSInfo\msinfo32.exe.586C4ECDB38D5215D38606CA2E0EF1356F196B61B940806B9DC5EA26A9B978E7 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\remove.svg.586C4ECDB38D5215D38606CA2E0EF1356F196B61B940806B9DC5EA26A9B978E7 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\hi_contrast\aic_file_icons_retina_thumb_highContrast_wob.png.586C4ECDB38D5215D38606CA2E0EF1356F196B61B940806B9DC5EA26A9B978E7 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\SearchEmail.png.586C4ECDB38D5215D38606CA2E0EF1356F196B61B940806B9DC5EA26A9B978E7 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Oracle\Java\java.settings.cfg.586C4ECDB38D5215D38606CA2E0EF1356F196B61B940806B9DC5EA26A9B978E7 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_sortedby_hover_18.svg.586C4ECDB38D5215D38606CA2E0EF1356F196B61B940806B9DC5EA26A9B978E7 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_uinline_warning.svg.586C4ECDB38D5215D38606CA2E0EF1356F196B61B940806B9DC5EA26A9B978E7 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\organize.svg.586C4ECDB38D5215D38606CA2E0EF1356F196B61B940806B9DC5EA26A9B978E7 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Microsoft Shared\VC\msdia90.dll.586C4ECDB38D5215D38606CA2E0EF1356F196B61B940806B9DC5EA26A9B978E7 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\back-arrow-disabled.svg.586C4ECDB38D5215D38606CA2E0EF1356F196B61B940806B9DC5EA26A9B978E7 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll.586C4ECDB38D5215D38606CA2E0EF1356F196B61B940806B9DC5EA26A9B978E7 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\OptimizePDF_R_RHP.aapp.586C4ECDB38D5215D38606CA2E0EF1356F196B61B940806B9DC5EA26A9B978E7 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe
"C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 219.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | arizonacode.bplaced.net | udp |
| DE | 162.55.0.137:80 | arizonacode.bplaced.net | tcp |
| US | 8.8.8.8:53 | 137.0.55.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
Files
memory/4992-0-0x000000007531E000-0x000000007531F000-memory.dmp
memory/4992-1-0x00000000003A0000-0x00000000003DC000-memory.dmp
memory/4992-2-0x0000000004DC0000-0x0000000004E5C000-memory.dmp
memory/4992-4-0x0000000004F80000-0x0000000005012000-memory.dmp
memory/4992-3-0x0000000005490000-0x0000000005A34000-memory.dmp
memory/4992-7-0x0000000004EE0000-0x0000000004F36000-memory.dmp
memory/4992-6-0x0000000075310000-0x0000000075AC0000-memory.dmp
memory/4992-5-0x0000000004E60000-0x0000000004E6A000-memory.dmp
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.586C4ECDB38D5215D38606CA2E0EF1356F196B61B940806B9DC5EA26A9B978E7
| MD5 | 9286663f642be0f3eb7bb32a2032d202 |
| SHA1 | 95729cd12fe69ff83bcc82fead99726d51caeac3 |
| SHA256 | bffbe4747f69a39eddb0438b3cdf7469e74dad04cf3b1fcb04330db35a2b943e |
| SHA512 | b849d524d231c468b5ffac499e44f165404aeb78b1c9d8256a3ffc68ed47903bdf18a7b86cb7182c526b8fcdc7b6f60da5683b39ef4498a34af3744ef93ece88 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\icudtl.dat.586C4ECDB38D5215D38606CA2E0EF1356F196B61B940806B9DC5EA26A9B978E7
| MD5 | 57c966045b1f623b237458a1131b6ed6 |
| SHA1 | 23432f85f55c38202c38bb546c958206aadc159a |
| SHA256 | 5ba106c6980c7302779921f4a50e7151ac7f03e64b7a862faf7d8246e3849246 |
| SHA512 | 9bedba88e1eaf86e6381956d4447f92e4be1969db4a35b519a55d07c2a6933f83c272e0d8135221e0aba208f5918dd02ae4e939e160bb58f2ffce39f8641243b |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_remove_18.svg.586C4ECDB38D5215D38606CA2E0EF1356F196B61B940806B9DC5EA26A9B978E7
| MD5 | a680cfa83445f26bbb3d45ba1bc3928e |
| SHA1 | a1ee73c4b2e5e1d6f91acd24456d4dd75e478e27 |
| SHA256 | b8c7f44961fc356303bbda2617be5dde21dcd76b7d159ffac73f33ccd3bd159f |
| SHA512 | 52131b95ab002300bab498a93e06a266301c217a3070d1c9a2ae71664d89c6626d5e1b19cb95c4497ded71e66a6663f265ce45b2c73991c05a0bb28e4110138b |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons2x.png.586C4ECDB38D5215D38606CA2E0EF1356F196B61B940806B9DC5EA26A9B978E7
| MD5 | 6f7581edb87f2dd1ba469e2174a03d3c |
| SHA1 | 3a6d42a3fa8c3ea137a9a781122aa9f3c7652a68 |
| SHA256 | 2afe53691eea776ebb61febe5e73022524ab949b52af9c934d9d886eedab7be4 |
| SHA512 | 4c0b6f3fc1142105fc5dfa93d827d7489a80eb504f84b2888a78d8125ba9065a6faa43c2ce932ff9aba42f57240992b635956bcb182e8b53ec1ab50d4aa70775 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons.png.586C4ECDB38D5215D38606CA2E0EF1356F196B61B940806B9DC5EA26A9B978E7
| MD5 | e6b9a07bdf369340c297452586c68544 |
| SHA1 | 0bc04a2f4fa3c3925d7b7deee85d369a4b35b86e |
| SHA256 | 53e822e34c6cc42532daf58236028998e4dd405afcee97dfea95068f83fa6487 |
| SHA512 | cb033243a97c74f291a355b9340d842e58b8b5b0b7816c2e1f1e084639c944cdb699373e4ac2202765f66eb06b3625949df6aebb698e6520907ba1b483b1d552 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png.586C4ECDB38D5215D38606CA2E0EF1356F196B61B940806B9DC5EA26A9B978E7
| MD5 | 3ee52d9ba35aaea0de53470efe6dfe9c |
| SHA1 | 99b83da1ed536391b89ea6420e03f782964f1a28 |
| SHA256 | 79e887bfce3508df1ea014a0fdb32c383374c36e0e4de3baf0a8e6fbcaec807e |
| SHA512 | 54cafefa6155b86f8ee43e44c3b7f813c2855a18a2a62e1c423910eb7d458e907da1f7ed060e8362e55e5b5413cb65ac3994fd828de3cf396679feb43de55c0d |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png.586C4ECDB38D5215D38606CA2E0EF1356F196B61B940806B9DC5EA26A9B978E7
| MD5 | d97e1e5a236d8b62ad70efc9c7ec4d12 |
| SHA1 | 2d24469d0f326fbbabf90437e413fb68f5d262e8 |
| SHA256 | 49d0006cbf8dd3685470b84b1b3876bc0457ff339fee51093faecf5edc3f82e9 |
| SHA512 | c7d18ecffd1122e428bd6811e98a74c23424039fbda74befd0ec9166367368e32b7fbb6a7a0bc40817c620a31afc04f8ec276dd3a60846b38d65eae040b5acf4 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png.586C4ECDB38D5215D38606CA2E0EF1356F196B61B940806B9DC5EA26A9B978E7
| MD5 | 7d8d5f7bcd047b242504a67942af6a73 |
| SHA1 | af2923258ecc71736d3764448df3cc0d17679e9a |
| SHA256 | 1b6651cc122cf4953a068a462cde78bed2969d386ceb911746f489771db53193 |
| SHA512 | 5e8820d00b6363c59ab7acebd65838c2234496bd9ad42cd8de536f0cc742657af33bbf7e17784df378ec327615192425b4b626e7c0f88c2e9c302f97407f57d9 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon.png.586C4ECDB38D5215D38606CA2E0EF1356F196B61B940806B9DC5EA26A9B978E7
| MD5 | 506716144d01ed1234bdf14317ebe819 |
| SHA1 | dbe5cd4ed90982ddeb09266b6eff1256a106ee8c |
| SHA256 | 9291800449333480c4a8e100c37e32dd74d053930b5ada3dac78662a06bc88db |
| SHA512 | 520ae28dd2b5531e452b9873510ece81f793664f0eba6d8dd59c97632e45d2394850a3503ba3fa68acf4cdc3f06d2a5668381e50f237cba64c975f0fd7ced71d |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover_2x.png.586C4ECDB38D5215D38606CA2E0EF1356F196B61B940806B9DC5EA26A9B978E7
| MD5 | 8cd99ae80a4eafc734bc3485c023e1f8 |
| SHA1 | 4f0e3d49b7e228e33da82565aad8523d3db04746 |
| SHA256 | 863c600fbaba3bdda82fa101782cedcb7d25e6b961843c1c34f95f28a13d515b |
| SHA512 | cfb79ec2653885923d7b09d30cb8fdab1c0566f53681b9ade4d788b7158371e40ce76e0925fbe904f6ad68ea0c29de7801f114b89794d7a45ac828ebb7ea542c |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_retina.png.586C4ECDB38D5215D38606CA2E0EF1356F196B61B940806B9DC5EA26A9B978E7
| MD5 | 6b1814b1f17a046057e9e2b045b77310 |
| SHA1 | b02a5d66462f8226002ca0bb2700f49cc64489f3 |
| SHA256 | df877ba16b0d8c48f2d4f3061c0bfeb08e322940e78ff26845923f09693bbd92 |
| SHA512 | 90a26702bd72be3216f277ee5920854b09c1cb33273907f3fcb8e474eb863e6f885a2c31ea4c721758085555928d4584d08e1d07c43d4b4f205cf2364aea38e7 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons_retina.png.586C4ECDB38D5215D38606CA2E0EF1356F196B61B940806B9DC5EA26A9B978E7
| MD5 | 2d439523299e8407c2bca51cc05f4c32 |
| SHA1 | 571b9fbce5d547322ab5845515e24fc50c968bea |
| SHA256 | 19e12b4bcfa1bb1c4bde4210d344b2d1d0d952537d4dff5a0d89c04f83685267 |
| SHA512 | 5579a7706ab8cd876e4273f4321ae0ef007002d50b9d8bc2cfc8cf51e7874fd1140bf0fbae77649838d50a5238290813860ca63deab15a162a43a93be9d55773 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons.png.586C4ECDB38D5215D38606CA2E0EF1356F196B61B940806B9DC5EA26A9B978E7
| MD5 | 2478f6af5ecea18453df66c8bb5e9d63 |
| SHA1 | d52760fb2d4d1a72fd4574447add7ba5c1784713 |
| SHA256 | 82c53d353052ff80ed5179d9e48ebfc8bef1dbcee1969f4df804f1e2d13e9fb1 |
| SHA512 | da45d1c0b76b8be6194a2c0590fb81938888c4721c95c6ea7c4115096d354b951a2994a29f7d2f281a9f5a0430a13fd061d3837bdee41e9728bea42f6192dfcb |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_ie8.gif.586C4ECDB38D5215D38606CA2E0EF1356F196B61B940806B9DC5EA26A9B978E7
| MD5 | 53ea08770ad7c445a1fd538d777a373a |
| SHA1 | 42d76457b2698520ce0886f8763e3b617af27e39 |
| SHA256 | b4c7c7b7615b459307120b9a453478ea3fbfd290c258ae7811549e466c728bce |
| SHA512 | 876ed25034f4fb2f46af2b067268a4e948f4269a00a4cc1812802c6532cc6f573c9bc3d4b0d5bf632c6f367812461274c19690bd9514016231969b2732a5d7eb |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations_retina.png.586C4ECDB38D5215D38606CA2E0EF1356F196B61B940806B9DC5EA26A9B978E7
| MD5 | 1da26bf22fa5981cdcceeb65b3b19d46 |
| SHA1 | bfa1adb3a0a0daf24f06ca4bf58701c2cff09b55 |
| SHA256 | 9fddab39ecb53565b6201cd21b4e986d38b427560690d459cce5900dd750a411 |
| SHA512 | 299ff592b8eb1862e43569e66bc1c30e77e4eeb629c47f0f39560d2f7991151cecd85f06759303d9d09f22c9b517b2c012c315324df3f43be060c21852dfbbb0 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations.png.586C4ECDB38D5215D38606CA2E0EF1356F196B61B940806B9DC5EA26A9B978E7
| MD5 | 539d7305a91a6628ee847acbb5bb5ba4 |
| SHA1 | 05ed882f7f6c8c218d72cb010fd1eab8df24fe30 |
| SHA256 | 3057f4567372e2ccbaa40ebe1dc5afed647ba37fc49acd5adfc251965c32ed23 |
| SHA512 | 5506bf0b93b66d7b1ae07317bfdbcc4450a114c8be18f1fbc18371fb81a763801144834e6ef71ede3dd3ddc1c7c4de4904fa9e49c7c7b3c7265abdb03c7de643 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-gb\ui-strings.js.586C4ECDB38D5215D38606CA2E0EF1356F196B61B940806B9DC5EA26A9B978E7
| MD5 | 9041ab926c8544f132228fe9feba6b5e |
| SHA1 | 6443a5d1532e54922b71adad9c584ca06e5dbdb5 |
| SHA256 | 949b9f552908f81e91b9af81ce48fd49502ca5fd5aea3c253bdaaeadb8b10272 |
| SHA512 | d5e66dac5407ca40984281bda557f456a56388cc69512f9959b8e3ec69cbeb5d2e4a4f166032556dda9e0cbcc0a8d5904b7b36cfdf0b9600594eecf8b8271e08 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_pattern_RHP.png.586C4ECDB38D5215D38606CA2E0EF1356F196B61B940806B9DC5EA26A9B978E7
| MD5 | e17b146480eb165ea5bb92fe29ae5d49 |
| SHA1 | b5bb8dd4332060c6f76c8a38ca1530d29c5026e1 |
| SHA256 | f4d2d387d9fa093bca04fc21644f68207020a9a2eee7e8da24e5401ee6e2cdf9 |
| SHA512 | 9e0f611b2c76f2815095371be1f75893265147c3bd719edc0556371d3ac535921096f126ee07f3699a86c432ae215f23f0fe5e92c2e7794f8f588e339fa66a24 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_patterns_header.png.586C4ECDB38D5215D38606CA2E0EF1356F196B61B940806B9DC5EA26A9B978E7
| MD5 | e4996528aa25c3b449358166b6184ca6 |
| SHA1 | 836e33740fc718f05236e41545c417108514cccc |
| SHA256 | ef455794ccda84b8dc4a77e84b1384ee5d583e0d7ac564a07f4b9fe3ebf9b95f |
| SHA512 | 8f0a700935bfc3c8e9fba918ff4d9234fd787471b4db5a422fb84c9f12953360e162668c850d0238edb3348e9c6ce1cb0f78e542a64b88277b447ee1b2c25c2c |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons.png.586C4ECDB38D5215D38606CA2E0EF1356F196B61B940806B9DC5EA26A9B978E7
| MD5 | 01066aeeedd1743de18187e68f943aaf |
| SHA1 | b0e96de36b34137b514032da1e91863346b02c13 |
| SHA256 | 564a791a8c21b5926bd954b077d184247fb7376b5709754d454aad5f97f8a765 |
| SHA512 | ab51e93ad44056640c7609f48a5d9d29034e84d91a7c5bb025dae93cc0d625920dc8f9f7df7f517631a40353ad40be21f48632e33c2c9aaf9a4e80ac5adedf8b |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover.png.586C4ECDB38D5215D38606CA2E0EF1356F196B61B940806B9DC5EA26A9B978E7
| MD5 | b0b362556bb644d6e5a52fa8f99bc326 |
| SHA1 | 7a0569f6caf8c70cda5da180a00498da62e25ad4 |
| SHA256 | 53a1cb8ef31a5492d861f4eb4a6cfdc4d1d17941fc985069180fddd1abbc9db8 |
| SHA512 | 0067bf733d2cea2ce7802084f91fcf508e98b56318abcc7ffae3de85aecf5bbc29bb42c58287bddb50d440289230c275932cf061c1700b60ee7fb23b3ba1cac3 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_2x.png.586C4ECDB38D5215D38606CA2E0EF1356F196B61B940806B9DC5EA26A9B978E7
| MD5 | c4e09a6949b8aa6a7227dd1a12e34162 |
| SHA1 | 8b4e27585af87212adeab7f4c4b981dfe8136445 |
| SHA256 | fabfcf12471f41e5e8ebbdf376f851781a2e6a5bf8795a01f672bcdc1f2cc9e6 |
| SHA512 | 9a07fcce01b65d706fe642eb1ef1b5bca458d8d6fab53b9292ab8036348ab626e82166813e8a76af22d4444bd087b60ff9aebbe3458d5aa511a10e8d4f19f7fd |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon.png.586C4ECDB38D5215D38606CA2E0EF1356F196B61B940806B9DC5EA26A9B978E7
| MD5 | e914894da59b2b1e0a510787af525f16 |
| SHA1 | 925a31536d02726cfc217943f8cc79480e7bb517 |
| SHA256 | 45a7100635f1c1de1c678435796555ed9064a58c209ab78f8555a86898ee8bd4 |
| SHA512 | 986286709a53b954b1f288fcfca0f29af979c3a549daada54d5844d61c26f95edfd735d378fffb57fc4afecce844fc95a7fdf29fe44d4f53b1cf4896bac8e80d |
memory/4992-1984-0x000000007531E000-0x000000007531F000-memory.dmp
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ui-strings.js.586C4ECDB38D5215D38606CA2E0EF1356F196B61B940806B9DC5EA26A9B978E7
| MD5 | 954df0d5f8ca857d673d2714dd317e1a |
| SHA1 | 44bc5de1cc1f7bb7447ef153e5b414c2fac93f89 |
| SHA256 | 57a8ce57885d57e1c89baa7c2c7aa89841e4dd2bdb2f79a707c74e0ab7669807 |
| SHA512 | b964b7575e1e41bf4d9828492ed556669c7d271eb7edba7ba28609903d3307dd271c54e82eb9f9ccd0093928209a1de577888a63172a778c932e69430e67aeb2 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ui-strings.js.586C4ECDB38D5215D38606CA2E0EF1356F196B61B940806B9DC5EA26A9B978E7
| MD5 | 5c680569c3e15ab49a5fe3946e86c972 |
| SHA1 | ee8b15b9f3001359081ad9b2bbc0c6d1033562c7 |
| SHA256 | fb1c0a71b08f21e164b04c7ff01518621c502b779bbcf04ceae35f9811663b38 |
| SHA512 | 23775eb010df8f953d68c0ba398fd88b510efaef453d3bff028b09f93eabd10e1de598d3b5377f3a1e349f769f9c46bd02c1ecd87efe93e5aa25f9a6099a084c |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\css\main.css.586C4ECDB38D5215D38606CA2E0EF1356F196B61B940806B9DC5EA26A9B978E7
| MD5 | 7c80c9493885a4d06876a5dd9058a5e0 |
| SHA1 | 9950295a239257d867fcdf8ea61b316f408d2f99 |
| SHA256 | 0fadc76662eebf9a97674864b68eff0e93c5c23200b3101fb46e899c847abcb5 |
| SHA512 | 37155d60f1147a98c10026629aa501f88b777ff0752367b36238d667727f2a5468d4b14837609093443dde126458e4a60b1841691e40ed84bbb18c316132b7fd |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons2x.png.586C4ECDB38D5215D38606CA2E0EF1356F196B61B940806B9DC5EA26A9B978E7
| MD5 | 93f5c15407c0a3fc1a21ba91585cd2b6 |
| SHA1 | ab9ca4e331d3dd46b5b1cec6c5de05a81e103776 |
| SHA256 | 120a01764df583ad58e96fdcd7cdfd7e374f573f17917c8ba761ad365491d0a0 |
| SHA512 | bcbe39d20e2054fae69ab20445fd5a9730d5e8632ac089242883bc56911b60b31c8a6eaf6a7cf43525b1f5f29af935bc6fd89c13287bc44f756237a73330bc12 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons.png.586C4ECDB38D5215D38606CA2E0EF1356F196B61B940806B9DC5EA26A9B978E7
| MD5 | 9bef38ce0553b51fd864b8c56318c8f4 |
| SHA1 | 3022ea80db3c952b498330cd016bedc9ce5d7185 |
| SHA256 | b1586241abd4850cde2dd2a48ecdfad0e3f32be8745456213fc994e27cc7c407 |
| SHA512 | 61fefb4758e95c1b59e3677a618f83271e034940ab275015349c973954ab3db6925b712399e24b90f954e69245f8389f5cda4433b938d40c4dabbbcc3bff84a3 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\nl-nl\ui-strings.js.586C4ECDB38D5215D38606CA2E0EF1356F196B61B940806B9DC5EA26A9B978E7
| MD5 | 67699aefa4ff24d765cfe8014a61bd22 |
| SHA1 | 51c6cd4d82b74dffb44dffd9ed0c4e1e395a72cb |
| SHA256 | fdb9b7a473ce09a13480909d7c3d0fe6c3e7419a318e2205fc2b5c6feacc549b |
| SHA512 | f429a69df27e1a778fac65678b727b131191bda9cd76c32d2c5960e1f8372e4246f883f4cc1ffacd1f420ed317eda429baa27475bd3bb511a1010a2979d4ba68 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\nub.png.586C4ECDB38D5215D38606CA2E0EF1356F196B61B940806B9DC5EA26A9B978E7
| MD5 | 85e8279deb612d812037aa5e29c2a9d4 |
| SHA1 | 262f40a089c29fc11b95cd7554d52f7b09126ec4 |
| SHA256 | 77309b697d027f01ec46b97a3044657b42a36501b285c66b5c82f0ea00dae66f |
| SHA512 | 07b286caad1613e7767479823504acff724cbea3d2dca7eb9e8fd8e1a58185401f5542fa21a8eeadd1799beecd39038263ed3a0b7d33c0f2648929cd1241e32b |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small2x.png.586C4ECDB38D5215D38606CA2E0EF1356F196B61B940806B9DC5EA26A9B978E7
| MD5 | a19098315734518ba45c989630f5224a |
| SHA1 | b4474894996e6a6d5eb5061d7d2f4860cce8effd |
| SHA256 | 6c819f1c15514c6fbadd331b7f118e4750c68ff5cdc4f2a983f4776f3a6b2b25 |
| SHA512 | 78fc95312dea936999a8f7cc6db43fac453988d79995628700e9030c937579235b51840f712e7f615751f5f0140f56029b6bd901ad5bb308acda4a2770cc6008 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small.png.586C4ECDB38D5215D38606CA2E0EF1356F196B61B940806B9DC5EA26A9B978E7
| MD5 | 279e089e202ed1a59e2d3feb0de4cc80 |
| SHA1 | 347942d67f3bbf4156cb6067c196d70b7bbe7925 |
| SHA256 | f04ad19c07ec8af47a144b43dd419d2df1abb8d5bad0789124ee74e85385ee68 |
| SHA512 | f3235b649a8871454894bf862f3740ea544bbb6bd3abb8929005f6b293e11719b1946c5e745b7b6575ecaeafe2cb43b1aa999bc189da5ab6e2a07d046270aa71 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview2x.png.586C4ECDB38D5215D38606CA2E0EF1356F196B61B940806B9DC5EA26A9B978E7
| MD5 | cf174aa14d326c4136c642347c76bbeb |
| SHA1 | eb256f76b797eda22a747111b7927b11fcdd2b3f |
| SHA256 | f9648dc9e17e1d057d960ace4d2fbb5b61ddfb59289e0ad6918c032be298ea7b |
| SHA512 | 6f9245c39935a0060bfd4a3eb26f1d8d06d99547e7ae33b89add7313365eea5a4dcb3d2302fc172bfce586a11823b84990f8f5ccf4f8bc9c7cf644c21fbe87d3 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview.png.586C4ECDB38D5215D38606CA2E0EF1356F196B61B940806B9DC5EA26A9B978E7
| MD5 | 5abcd3aeb7db4d6754c08b6d3480ab06 |
| SHA1 | e0ca1cb660c86b71c2974efd87a8f9dee0db9ef1 |
| SHA256 | f751a7a82919c133d41355d21b9ae1140638ee18bf05c51834738e9da8ddb63b |
| SHA512 | cfa4ee554ffae67cdcce8722ece72a0e0377e327ee0e5027039711cb140e5c32013280d12f67780d1a010bc1260288c3ce1b87732dd16d261dd3331d1f829ebc |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\bun.png.586C4ECDB38D5215D38606CA2E0EF1356F196B61B940806B9DC5EA26A9B978E7
| MD5 | 9542bd077934ed749b4110ec05ebd8a7 |
| SHA1 | cd188e505ea0af14a9717e5b1cc1897991818d4a |
| SHA256 | 14132bfce6748d0a3071b093d271ba2857185447e4f1d2fb654607185df31a36 |
| SHA512 | f176edff3c84ed105fe14d024a2d584837d8a9251391d90faa94cde861ddc6f55863645e0e21330cfc85d71011502c6aa4e102222cb0b060e74a95d157233a64 |
memory/4992-2704-0x0000000075310000-0x0000000075AC0000-memory.dmp
memory/4992-3433-0x00000000062B0000-0x0000000006316000-memory.dmp
memory/4992-3434-0x0000000075310000-0x0000000075AC0000-memory.dmp
memory/4992-3435-0x0000000075310000-0x0000000075AC0000-memory.dmp