infinitylock | hxxps://github[.]com/Endermanch/MalwareDatabase/raw/master/ransomwares/InfinityCrypt[.]zip

Resubmissions

09-08-2024 16:13

240809-tpk5wasfll 10

09-08-2024 16:12

240809-tnvb6asfkp 6

09-08-2024 16:09

240809-tl9ztswfnh 10

Analysis

max time kernel
64s
max time network
65s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
09-08-2024 16:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/InfinityCrypt.zip

Score

10^/10

infinitylock discovery ransomware

Malware Config

Signatures

InfinityLock Ransomware
Also known as InfinityCrypt. Based on the open-source HiddenTear ransomware.
ransomware infinitylock

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
13	raw.githubusercontent.com
14	raw.githubusercontent.com

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\PackageProviderFunctions.psm1.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\forms_super.gif.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win-scrollbar\themes\dark\arrow-left.png.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\example_icons.png.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\it-it\AppStore_icon.svg.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\sl-si\ui-strings.js.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.195.15\msedgeupdateres_bg.dll.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\AddressBook.png.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\de-de\ui-strings.js.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\tr-tr\ui-strings.js.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\tr-tr\ui-strings.js.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\ru_get.svg.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\eu-es\ui-strings.js.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\cs-cz\ui-strings.js.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\ja-jp\ui-strings.js.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\EPDF_RHP.aapp.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_reportabuse-default_18.svg.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\es-es\ui-strings.js.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\tr-tr\ui-strings.js.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\zh-tw\ui-strings.js.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\themes\dark\Close2x.png.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.195.15\msedgeupdateres_ne.dll.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\email\dc_logo.png.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A	[email protected]
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.371\goopdateres_vi.dll.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.195.15\msedgeupdateres_ar.dll.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A	[email protected]
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\fr-fr\ui-strings.js.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\zh-tw\ui-strings.js.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\de_get.svg.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A	[email protected]
File opened for modification	C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.Targets.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\js\nls\fr-fr\ui-strings.js.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\share_icons2x.png.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\js\nls\de-de\ui-strings.js.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\DropboxStorage.api.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_download_audit_report_18.svg.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\ko-kr\ui-strings.js.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\themes\dark\rhp_world_icon_hover_2x.png.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\ro-ro\ui-strings.js.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.195.15\msedgeupdateres_pa.dll.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A	[email protected]
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagementSource\en-US\MSFT_PackageManagementSource.strings.psd1.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A	[email protected]
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\Build.bat.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\file_info2x.png.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A	[email protected]
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\ja-JP\PSGet.Resource.psd1.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_newfolder_dark_18.svg.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\zh-tw\ui-strings.js.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themeless\media_poster.jpg.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\MobileAcrobatCard_Dark.pdf.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\pdf-ownership-no-text.gif.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A	[email protected]
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.371\goopdateres_sk.dll.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_removeme-default_18.svg.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\nl-nl\ui-strings.js.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\ro-ro\ui-strings.js.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\fr-ma\ui-strings.js.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\s_filetype_xd.svg.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\@1x\A12_TypeTextFields_White@1x.png.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\hr-hr\ui-strings.js.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\tool\plugin.js.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.195.15\msedgeupdateres_sk.dll.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\pdf.gif.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\plugin.js.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\de-de\ui-strings.js.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A	[email protected]

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	[email protected]

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	[email protected]
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	[email protected]
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	[email protected]
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	[email protected]

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2356	msedge.exe
2356	msedge.exe
4388	msedge.exe
4388	msedge.exe
3620	identity_helper.exe
3620	identity_helper.exe
1712	msedge.exe
1712	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	4784	[email protected]
Token: SeDebugPrivilege	1524	[email protected]

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4388 wrote to memory of 4692	4388	msedge.exe	83
PID 4388 wrote to memory of 4692	4388	msedge.exe	83
PID 4388 wrote to memory of 1392	4388	msedge.exe	84
PID 4388 wrote to memory of 1392	4388	msedge.exe	84
PID 4388 wrote to memory of 1392	4388	msedge.exe	84
PID 4388 wrote to memory of 1392	4388	msedge.exe	84
PID 4388 wrote to memory of 1392	4388	msedge.exe	84
PID 4388 wrote to memory of 1392	4388	msedge.exe	84
PID 4388 wrote to memory of 1392	4388	msedge.exe	84
PID 4388 wrote to memory of 1392	4388	msedge.exe	84
PID 4388 wrote to memory of 1392	4388	msedge.exe	84
PID 4388 wrote to memory of 1392	4388	msedge.exe	84
PID 4388 wrote to memory of 1392	4388	msedge.exe	84
PID 4388 wrote to memory of 1392	4388	msedge.exe	84
PID 4388 wrote to memory of 1392	4388	msedge.exe	84
PID 4388 wrote to memory of 1392	4388	msedge.exe	84
PID 4388 wrote to memory of 1392	4388	msedge.exe	84
PID 4388 wrote to memory of 1392	4388	msedge.exe	84
PID 4388 wrote to memory of 1392	4388	msedge.exe	84
PID 4388 wrote to memory of 1392	4388	msedge.exe	84
PID 4388 wrote to memory of 1392	4388	msedge.exe	84
PID 4388 wrote to memory of 1392	4388	msedge.exe	84
PID 4388 wrote to memory of 1392	4388	msedge.exe	84
PID 4388 wrote to memory of 1392	4388	msedge.exe	84
PID 4388 wrote to memory of 1392	4388	msedge.exe	84
PID 4388 wrote to memory of 1392	4388	msedge.exe	84
PID 4388 wrote to memory of 1392	4388	msedge.exe	84
PID 4388 wrote to memory of 1392	4388	msedge.exe	84
PID 4388 wrote to memory of 1392	4388	msedge.exe	84
PID 4388 wrote to memory of 1392	4388	msedge.exe	84
PID 4388 wrote to memory of 1392	4388	msedge.exe	84
PID 4388 wrote to memory of 1392	4388	msedge.exe	84
PID 4388 wrote to memory of 1392	4388	msedge.exe	84
PID 4388 wrote to memory of 1392	4388	msedge.exe	84
PID 4388 wrote to memory of 1392	4388	msedge.exe	84
PID 4388 wrote to memory of 1392	4388	msedge.exe	84
PID 4388 wrote to memory of 1392	4388	msedge.exe	84
PID 4388 wrote to memory of 1392	4388	msedge.exe	84
PID 4388 wrote to memory of 1392	4388	msedge.exe	84
PID 4388 wrote to memory of 1392	4388	msedge.exe	84
PID 4388 wrote to memory of 1392	4388	msedge.exe	84
PID 4388 wrote to memory of 1392	4388	msedge.exe	84
PID 4388 wrote to memory of 2356	4388	msedge.exe	85
PID 4388 wrote to memory of 2356	4388	msedge.exe	85
PID 4388 wrote to memory of 3668	4388	msedge.exe	86
PID 4388 wrote to memory of 3668	4388	msedge.exe	86
PID 4388 wrote to memory of 3668	4388	msedge.exe	86
PID 4388 wrote to memory of 3668	4388	msedge.exe	86
PID 4388 wrote to memory of 3668	4388	msedge.exe	86
PID 4388 wrote to memory of 3668	4388	msedge.exe	86
PID 4388 wrote to memory of 3668	4388	msedge.exe	86
PID 4388 wrote to memory of 3668	4388	msedge.exe	86
PID 4388 wrote to memory of 3668	4388	msedge.exe	86
PID 4388 wrote to memory of 3668	4388	msedge.exe	86
PID 4388 wrote to memory of 3668	4388	msedge.exe	86
PID 4388 wrote to memory of 3668	4388	msedge.exe	86
PID 4388 wrote to memory of 3668	4388	msedge.exe	86
PID 4388 wrote to memory of 3668	4388	msedge.exe	86
PID 4388 wrote to memory of 3668	4388	msedge.exe	86
PID 4388 wrote to memory of 3668	4388	msedge.exe	86
PID 4388 wrote to memory of 3668	4388	msedge.exe	86
PID 4388 wrote to memory of 3668	4388	msedge.exe	86
PID 4388 wrote to memory of 3668	4388	msedge.exe	86
PID 4388 wrote to memory of 3668	4388	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/InfinityCrypt.zip
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffff7d446f8,0x7ffff7d44708,0x7ffff7d44718
  2⤵
  PID:4692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2004,18283830182852626455,11327952020462044401,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2020 /prefetch:2
  2⤵
  PID:1392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2004,18283830182852626455,11327952020462044401,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2004,18283830182852626455,11327952020462044401,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1496 /prefetch:8
  2⤵
  PID:3668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,18283830182852626455,11327952020462044401,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:4808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,18283830182852626455,11327952020462044401,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:4092
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2004,18283830182852626455,11327952020462044401,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5216 /prefetch:8
  2⤵
  PID:4008
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2004,18283830182852626455,11327952020462044401,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5216 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,18283830182852626455,11327952020462044401,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
  2⤵
  PID:3956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,18283830182852626455,11327952020462044401,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
  2⤵
  PID:1568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,18283830182852626455,11327952020462044401,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
  2⤵
  PID:804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,18283830182852626455,11327952020462044401,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
  2⤵
  PID:3676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2004,18283830182852626455,11327952020462044401,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5784 /prefetch:8
  2⤵
  PID:4716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,18283830182852626455,11327952020462044401,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1
  2⤵
  PID:3648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2004,18283830182852626455,11327952020462044401,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5840 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1712

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4716

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:884

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4392

C:\Users\Admin\Desktop\[email protected]
"C:\Users\Admin\Desktop\[email protected]"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
PID:4784

C:\Users\Admin\Desktop\[email protected]
"C:\Users\Admin\Desktop\[email protected]"
1⤵
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
PID:1524

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\icudtl.dat.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A

Filesize
16B

MD5
75d606b1a6cc84aca900dff6fa16e9c4

SHA1
9efd254fd75e5a47914185b95fcb3ddce09fa3d1

SHA256
4efb12b2c4e4c1e7a498e1cd15740161cb69c85f466bb2532c8155617558d2e8

SHA512
c23a3e92afc79174f6ab8c52b30af90f6bd3d0c39c0d12fdb2c50d457c99516db5629a7d070d71a0fece9e944857bbc6d7d18fef9adb854f10cdade395cbfb50

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_remove_18.svg.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A

Filesize
720B

MD5
f68310bf483fdb4a1ad17cb3281e1a1b

SHA1
5dc63a8551578834ffad5dc4cc9273b234aa8b57

SHA256
2d76462e0136334c9b1d908c8f3869d20e692ccf49c22b8f022da35dd34602ca

SHA512
ee44c543dc681acbb40b2879c8f5fb08f8d1edbad42c19b0511f54eeaade64d3dbb9cddcc00dd06fbbfdfebc6b31bbe8861b8d4734e259d9cd08ef97b8d7f0d0

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons.png.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A

Filesize
688B

MD5
5b559b8868d0c822d825c62d7bf4b7f5

SHA1
432fb14f7d7a9ab2d696def47a482b5f13315257

SHA256
1a6fa9b8b50c60ffdea43336b6b26c386bbd1be8c54197a62920b0c292ab95b2

SHA512
4da1cfe8f56c7fd35bdac0ac1207521a3e631879cfbb61deb0ff1d011a8c5e0b407a0fc08d710f3624dc701f46c4cd2b9ccb05034fb592dc5b5d4b4edd78f5a4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons2x.png.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A

Filesize
1KB

MD5
47e99f5b20bdb521fc2277d2c5e343af

SHA1
8d66a5b74043f639ba4ebedb61ca48c68a0a3211

SHA256
dab32b058b60bb9bba4c9e729763225451550c03dd7300311b1875c42bff7441

SHA512
020c4e8096b6bf2fce0adc3fb54e794edcf84328abd03dbcc5d7e6f69ceb18136f01d0831debcfe719f987237fcb568c67bbef93c5563f1402c8b9f7ef4dec92

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon.png.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A

Filesize
448B

MD5
77f836d9978ea0c138d79838491c2375

SHA1
80cec6cbd108d8bcd95a52c546299e74fb33e823

SHA256
f96e26a0e0efdaf8351bc12d9230e0113d50be61414104ace4725e52f6886146

SHA512
b4465af0030ad60336557bd32d28cc77f9b7bf7255be2ef81a7d2bdaf8969606f811ac45055012f22bda1024515bec4d584b239184f8b4008ef47a6188ee82d8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_2x.png.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A

Filesize
624B

MD5
4057ba07f511695e6cde6ee67c25aaba

SHA1
75c4c723ad61fc3c3008e7470f40fe9294c46d11

SHA256
efce6eef2c6fcb13e525aa7cba0a03179fa3dcc8848420102be11eae2ac5e4ed

SHA512
3645f46468cbd26561d4ef8cc465fe0c6d4d8f1bcfafa93dc6f2e243eb79d975791f57abdfc5f1463f1f17f1b78394110b6b926723ba3cd89d2d439865bd1966

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover.png.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A

Filesize
400B

MD5
9913e64732a96422b86aecb3d2eb2170

SHA1
6dc02920e37560a59bfbb32ade9a9f34ba15fada

SHA256
c5f5a348677d94feae191be60820d33bf6d8a7bb818724c7637d60ed4b8add7e

SHA512
62f3a5dfc79f3d46657ba73a3befefd58dbe317eee7da805827cc2e8e7af81281dfe227ffb78498b0a86b1d1ea3b1d1ef5a3f156164cf619143b423f99b9203e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover_2x.png.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A

Filesize
560B

MD5
a022445f8d701d99157a947ade3ae4a8

SHA1
fc7aee800c4476c2a6fae255b2588832561e05bf

SHA256
f49dc5038aad24e4f519a7e839259118b04614e9aff994992fddc1089559356d

SHA512
19c685b45d28c5d4bbec49cff42387ca8e3227d33c32d366f314773d40d106f09e566718ba66180069c4f592e4aff616befb883ebd918fa5f76cacae35df00ed

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon.png.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A

Filesize
400B

MD5
2bb647182aff6d0e4508ed8656fdefd2

SHA1
5884c92144db3c47d653819a57fd7aa7c5b6dc86

SHA256
796369efe13f13e19ba298cb7f0ccebf6d1cfdf40c9ce0832a2ffedc686acee2

SHA512
8678077ae69d531b0319a04a0593f2077b390fddc5c0a778274e9c81695b314c6d5cb4c07f3ae4f18c19866120ad25c10f7bdbd9db73e39be52657e9cea49644

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A

Filesize
560B

MD5
b49329c6dbaeec27fab889177f73486f

SHA1
38c56435e998ea959967a8884cfa9bda9a65b2ce

SHA256
c5c5b65030ac1a40be462d3f7d4235a84cf88dcdba556c2df4b70a480bc3c660

SHA512
f0f46e15cb05938f9f60aeb839a86ffd47344625e904d5741722d384d3889e23f32be5a6ddb3d7cfafbc06342aa2c46b695405bfd61d4c726981abc27be45c02

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A

Filesize
400B

MD5
252338b3e63f24d0e58586646135ec16

SHA1
eb43d09c8200f3fd6bc94232eb26c76eb6083154

SHA256
71d4cdfc8628ae0cdc4d47d9ee793e378d75bd7cb24350c236a7cd07e9db46c8

SHA512
7fc3dc76577b143f1087b57444f0cd4b0c32b7814f2c078d295b2ae37989fa8c7df4b5c1e1e47f0b9da939563aae02e9e7e2a73fe8275c46340b1840aa56c275

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A

Filesize
560B

MD5
44f9727a8937b06ce77898f090b7ade8

SHA1
0b895a08e41280bd326cd466985d2647bda583f9

SHA256
069c74af228e7f5550d75068850aa6e5e28161e329dfc81c77dca56ab893486e

SHA512
b28c0f8fc07d6b5fc4c42e7bec9e89c118aac0728f47257785280b49edc8c0d8a592548e068166f729f9b1ac59ab075ba7f65f7504d22d3691b9477555bd4276

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons.png.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A

Filesize
7KB

MD5
5893c1bc525b3adae1fce341102cb8aa

SHA1
3b52aafb86c2bd5a24520df0c8a9d9a7d4833660

SHA256
48ac04d58d75d6d031e0104df1cd632de25aebd11496a86dfd12f0de5280c872

SHA512
73348ef964b5098e5b71f47392bae584bb3232662bda5cfa9067f08590573f3ce4a4029ef7bfbc0b32c4e2dfa7441c3bc7397c8be9a8cc3d5cbcb19bf0220c3a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_ie8.gif.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A

Filesize
7KB

MD5
c64d285600502030273abbd74b2b4edd

SHA1
4c3f966dce520a42150db0420cebcfd34d30b16d

SHA256
8103375c6c0ae35b0e7c2c170f567ac30d8a6f2f008dc4b0b633fa2a505a84a4

SHA512
94ef4cc0fcbac875902080b782019a0b782f9f3bd10816c61bece29def89c57dc7b966c84435525e7daec8a7c3c062a25927e6d4a40624db62b7b62aafa081a0

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_retina.png.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A

Filesize
15KB

MD5
693241a379712427425dcba489646982

SHA1
82d0a71080003fe877145abb47654bcc5b6200a4

SHA256
abbae0b75fda3198ce9dd7e7c57aa7a9fd9f100ede480a69a4c8f52934c5b23b

SHA512
e6ad96ff2c09e48279ac88fd118723c719b4dafb278fb3d982c0eba5d0e5667a03b6529efc9babd975cb462bc731b994c1c1246bd724640b2b937765d30cd5d7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons.png.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A

Filesize
8KB

MD5
27435714034301b30efa0b48b9c7cea7

SHA1
cc098c5d7a7ee41bc8daa8c205749689b89332a2

SHA256
a92a5e0d3d1370c8e90a0a155bacfc361e11c5c0d3a927e60eeb79802d31565f

SHA512
c51a3f81e8436f2aa3940fba74f131a7992ffda20b0462df3dba30427742f6bc1bfe6dae95fcd696f45effd7baa7da2dfa8b789d9ff82646c3d0abfd2953e22e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons_retina.png.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A

Filesize
17KB

MD5
2135a706f0fa5599d236562c73d26890

SHA1
091d44aa5d84ca954aa18a55c3e74a50b49cd175

SHA256
58ae792f5ba3847ba37d2563440c7f7e6d4b002012990fd4e1a7d47fdcf731cb

SHA512
ae9162bb2944cb8f002ee9a45095c5bf2b7d7e19fe7d7c7d944d53f19ab2392f50f8c434606b0148c817b6c0cc1cb086fe209c79e8a684e8626a630aa7608ffd

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_pattern_RHP.png.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A

Filesize
192B

MD5
9867d930895c108b9b8436e569b97e87

SHA1
1a003e32a21074406ed3815fe860278bf2bb3b98

SHA256
6d9779407e37dde839470e15eb71f86eddca90e1fdb4ec1bbbc23ee8acd87153

SHA512
6be4711c0bf07aa51b7d80029fc77f3b91e814e17817759511b7723254007bdd9ea0e038fb2afd654be01717396108bbef445fee0abd1c34d924aec13ba4c49e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_patterns_header.png.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A

Filesize
704B

MD5
1bea344a2154df1a5b138f1d434cf387

SHA1
f7115b5a21e2b755a7edadd897efd6751ed6d6bd

SHA256
fde28ff853ca896ab9fbcd056774b7c700cc39cb3375a4253b7c94c33a5a7470

SHA512
aa7e8d3953f2d9f2170402300ccb90122ef0af646ac9ae4bf2e4abbb8fa2e0b2f88f9c3f04b634450c2e875502a7520ea1c4643d8043d50b4a34ae1d052f99ec

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations.png.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A

Filesize
8KB

MD5
2cc6f8ec9fafac481afbb1e8e5112b0a

SHA1
f433c80c024b1d657ed7743f50a90e3c5a77ccf5

SHA256
8e3eda31be19cd5bc0d2011681ad1bc146c69ee77ce1d4915fc1036e22f54c35

SHA512
aa83254c5808bae7920435fbca57ec5c8dbd2c263b08151af2592a66b196787040a5cce4d43fc1b6604e631fc454c56977a134ad6b080eacf00a36bc9894a72c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations_retina.png.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A

Filesize
19KB

MD5
abee5fd22ba2a92e90d8b3691137a731

SHA1
793b1d90b286636fdf37f19641d7dca172224c6b

SHA256
729b9892e351f87eed8717fb37ccc24d129d72e4b9fd42a98e39130784876b0b

SHA512
176788505c1df1d65df0bd06ee05c5d67f4d7b10247a248e6100ad73b1ec31baf877c220655eba451cda5cc3ef55abf74c1d5bd0ca7696b75845182b9df0d1bf

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-gb\ui-strings.js.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A

Filesize
832B

MD5
305a860b9d99eee5f70bcde574f0c43a

SHA1
7174ac811c899c3968bf85e6857033b0faf2f046

SHA256
d8d6e8eedddb5cd76d538d03218f65153d03f6db3bce7b050494085f6519f578

SHA512
7f51a2e07ea0c2fcfd86bdbc9cc9683d1edb285e01008d9fd82f3c277c575b6b4c2df53d4d762911bb6d3bfe758d008105672cb634d1ab1c3c34309db14f6849

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ui-strings.js.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A

Filesize
1KB

MD5
cf793d5d15b73cd837c310400e9c2aca

SHA1
ecd68f5842bdc396d2b0a3b4228f7b1b1ec14658

SHA256
370d2342441b081c65e045687ca71e4e34e1ed3985f846d978279e26372152e6

SHA512
08f1943f06f65d10497c0ae0113e49c0f0842d5a1eebfc0ad38f04eb46259b43165279405e44767e445d4f3bd99186fb14a1fbc1fd82fd3964ade3c622018414

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ui-strings.js.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A

Filesize
1KB

MD5
2b6fe05220a5c416853dc6b42593c644

SHA1
9c2ea8fd153b41f4f351dfe3c0ac874c8b66d26a

SHA256
05e5dd16624147f8e6c0afccd5fcb1c615d04776987f5f8fd9789e908e3855ac

SHA512
c129e0227938f63750f6a293a45eb14badaa99a724c39e356e314caee77fc0261d2362e5aab26b89d56f38e7d0653d06ecc157bfe07d5d3e8ad68026e69a2a57

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\css\main.css.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A

Filesize
816B

MD5
67b06970565dcecf43fc37fc3bd770fe

SHA1
160c4921d34cdfbd6493e2a4a8bb07f731d9160e

SHA256
dda45b86c6f28cc331ee1d22217491dc7f3f606e07a2cce3adab7e58c27ef08b

SHA512
6e3d1964b88941754bab2c073e3eed031bd2780700f36d163b5d420744052ea51506b1e12b114435fc5535c0affd352552ad940539e8c5e601fde30da0a15e40

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\bun.png.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A

Filesize
2KB

MD5
f81ba4672c6d1e211934f797a131d836

SHA1
b72d368ebc7c07ae6328012125fe8c045b01005b

SHA256
dc60d2f50b1a1b5afd94b8338b0dacc3f15bb324fe266b2aed815e9b5db61792

SHA512
7823de260ae1ec578751dafa76b4042b9329a1869eb580f30c666fa28d8c19779d72677e5d94e01baf2553abe08df95b2a04c46ea72a4e3a31b9f1bd08526d47

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview.png.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A

Filesize
2KB

MD5
06249b194fbed4b3ea117cf15939bd24

SHA1
82858ea8a16d36bd4a9c41f8f86ac22c7e19942a

SHA256
eff15572b46f662d9c670b21269805b9270ceb1070eae2d719b7035f1faa9f45

SHA512
967903e4a4f91d58d471f49105d8aba6ee6d7ecd66d018cbea03ca65fa15fafe1718a3a544eba193bff2549d6cda378afeb4bac97a146e81d74c534e3fb05bf1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview2x.png.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A

Filesize
4KB

MD5
e8ce3d5602ed7cc4e0d27a7bbb97d532

SHA1
5a8865b92b6be9b00f99484c283934e59a04b22b

SHA256
2a5287c3f5b38c7e61e3d015a5c5b1d69e1a57dd552392ceec66713cf48ef76c

SHA512
8e726e58b5774cc521863fb93612fa0f8c7bf334d51eae0e18af7e10fac0e6863b9317f0917c0ef97e3678de7eb2f78c78e19fdaf510776edc84bf5f86ae8d2e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small.png.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A

Filesize
304B

MD5
d2992d54780749a3e00fb294ffd4f76b

SHA1
84507a922020e70640daa8be194c8c52bcdf173c

SHA256
4045b1c95156eb95a704abc4edfbf07ae44dc47ef1e5104d762ae14a2cb44df4

SHA512
d21a7c62c058923616c9e4bd28311a37e625332a50cac6bf9b8fdea62ddd9008536335641d85f67a3c5e1571326d620a3ea0dc8ff0dd8e511df5606fdecd7bbb

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small2x.png.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A

Filesize
400B

MD5
14fe05e6b9fa7d6baa44276344a79760

SHA1
a546ce05d669a276e02467a8c0df728118a93150

SHA256
be21ff207914ce574ac6522c3612a4e5f00a72ef7901838d3bc8112b4d11179b

SHA512
9279e0e703d3fbd0be795e2ea26eabe7156042dc035d9c7bb86a8ce12c0dd1853843508ff2d41667dd80cf53c337d1446e048a450637c2b962eb5302db206f82

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\nub.png.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A

Filesize
1008B

MD5
88f01521461138b1d352c952558e257b

SHA1
d99f895e9fcf5dab6ed453e82bd82c2e38b00dc4

SHA256
912584a1efbb3d8f0d73df7fa005e86cf86f1e0452cb792b833eb2b3f03c7335

SHA512
70fc1fe71a4de72cb1eeac358787b9096c3b39103b4016b1acb18d4d6d23927969d36fa2fe197dc97b2879a42646b1bd8e63a974d6ca443b1d2ff5dbea71b8e0

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons.png.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A

Filesize
1KB

MD5
2464c40d7aad913ebf6dd4bb35528c5a

SHA1
96f249d2841f9cd5f0e95b7403583011dff2665f

SHA256
7e4b5b87d9c90634894c7021ecbba0fa6c7a579fdf50bd25ff080e7af9771adf

SHA512
4261622e54658393c305ce346fede21da2194231cac7fcde80e223a180df18ece73670d53d14a8d44c407826fc43940e12932179b4ac9f64211539c06ae8fe83

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons2x.png.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A

Filesize
2KB

MD5
56896894ad12572f8cd1b6fe3878afde

SHA1
26543a8575bff6f0070c21792188b272a02cdc9c

SHA256
81871f6efbb84a5a0afa73f1af64ea43f719b1c71d230a4f1ce459d477f90fb1

SHA512
70dac633b7c34afc2e905d1c9bfefbee1b74f53171f96042a45794994a847a19bce9c94a3452d1d312597c7dafe20fc09d731bfc3952e530c5bcfb33436db200

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\nl-nl\ui-strings.js.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A

Filesize
848B

MD5
02b2bec73e29c2c285af61ec829a42d2

SHA1
dd152d22c99eb23bf45a1a20e30194c1743dac2b

SHA256
f7692d57d7ced1d61fce229647418927b4807aa4f6b6f828f90795c6c98f8d8a

SHA512
49bbe4a90057d9d6f5bc8489a4afbe14395fb79ab4c62654766fb22eba7c856c40da533de74b03332588837a490059dd28c5fb7e1f6c6850d48062f20a70ca4c

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A

Filesize
32KB

MD5
3b00bbf01ff0222d6082e6abfb14f058

SHA1
1dbe9770c064eb9f2fd8ce25567e6892cbb67822

SHA256
a5f5d8903e9fe59bfef9dc74f6c1cae34749b1407fe1b99af84e63237f494763

SHA512
81b1dc1282a5616b5f9263893251e8912da7bb88a6be77f0904e94d6f95ac002bc51fb8b576d02f5b8fa6b1b00691afac95c1d493ef5ae43d84176dffacd38a9

Download Submit
C:\Program Files (x86)\Common Files\Microsoft Shared\Filters\tifffilt.dll.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A

Filesize
172KB

MD5
b5790af22e055a252524a1581c8a64bd

SHA1
78f8c35b85e16259b8c2d1030f82eab712a0aac8

SHA256
8670eb5e7f58c3dd2343392416677dffa1cb30251a1b200b9ab345b5e95d90a6

SHA512
890fd454a0bce898288a6c9c51ab6d3accaa0e9726d03c450dbe93b03e9cfaaf5327d7283d63a963da8aa18fb29396bc413e2c999d9a3b5d9c5a95c58832151a

Download Submit
C:\Program Files (x86)\Common Files\Microsoft Shared\MSInfo\msinfo32.exe.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A

Filesize
268KB

MD5
8b38db8f967a69d0e49c173bd7f6ebfa

SHA1
a856e6ad882d8875ac7fbff78a18b470ce91e0f2

SHA256
0afed0b0c0a02e9ece41be0342281925c363a32ace3ca327ec9484d590000893

SHA512
b5aa0b6c3045088af7a5695a764d51baa6f5783002aa8a7660a966b539e78848b40bce86de7ddd55b61f9644b63bffc092f3f9261c899757df5ff23f4a881457

Download Submit
C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A

Filesize
801KB

MD5
bce3efb2f0eb88db829aa5c4e036d5ed

SHA1
6645942e75224c3acef847eb1675ecfa9427f2d0

SHA256
3db668cd32d522f073346f02365be8ec857d49cc4c0fa12d23dad22b897da30b

SHA512
e56c8eb253f975a923d27b6c01ae0110b84aeab5be7b2af7f6e7c83aecb9ffe5d6b44d401acd5f3720b23968a8f37a8470a05fd75a304efa306cdb9f86dacb70

Download Submit
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\InkDiv.dll.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A

Filesize
297KB

MD5
f824078c54c3c6586e42f22062c8a353

SHA1
a062f584517ce3747685c19c86071da29ea16ef2

SHA256
58b41b42b7f535aa82ed7e392320ceaa5fae22dfbd977616c398c81ff182b506

SHA512
699b98b6382c3106a5f9a517ff73f7700e5433e9cb829df863344d3ea4ac5fb8ae2c3e03b52e2fe3016d0a0856173739534283a0d8b0ddc3be9768aac82c5322

Download Submit
C:\Program Files (x86)\Common Files\System\wab32.dll.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A

Filesize
726KB

MD5
7ec02e224e44f3b7ea4a0cdf17e1a5c5

SHA1
d8cd36b3762b3262884ce6de3d77bc30f74dd324

SHA256
0e5d641ddf809764868518758b2c7ac7f71aaff4d5e694ddd3b55219f400500b

SHA512
cc991bd6c69aa147be83b689d3ea2d7cdb8f67c1d3dc5c79a5112bc07eb75deaeab15d5f675da9795b1644e9c5bc9fba7df65cfde9cc0fa255ef60c9e90e4dce

Download Submit
C:\Program Files (x86)\Internet Explorer\ExtExport.exe.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A

Filesize
44KB

MD5
32a710450ece0a2ebaa23a02f7427314

SHA1
d07f6db07539544d2a761acf588d904df62800b7

SHA256
b9ea8fa5b5b5079ce0b989c0ce78a4019a7548527bd864d7f80c892a986e298b

SHA512
f5ba65531ad38536cff53bdd0e66ff91b8d0ca1569ae0a1e3c68c8a2551511200f3b369f445dcd5f24431d204d33848c376dfe767c84586296f0017a26a3656c

Download Submit
C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.Targets.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A

Filesize
7KB

MD5
9335a6ebc8e8ad62574adf09651a9d08

SHA1
efee0f71f46d1c30690f531bf2041c1f71d866fd

SHA256
618c6947f7f13d37d15e6c564b483eef9e8e053e92f47cbf4017d065a7b5cc6c

SHA512
0a2a8ff10c8765497134220aeb24db8c6795675e3494cf61e5a62f55e9dd6199482765fe8fa4a3fdb0108775f6d8ed00a0ca3b8177cbe893fb847af84a90525d

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A

Filesize
3.2MB

MD5
3f02eea551d6ee136ff6f5659fa40b12

SHA1
cccb7d6b43914a06c4fb97ed76b221cf81064cf5

SHA256
dd87f2ce59d3c8896e26005a7dd2d7e14c04893b562488f2232bbfd66697c650

SHA512
1193186440c1f09cb6af14b6cd6af4f670c99039c40b0aa997e0424c94344cd6c48c95a7bcee12738f2445f723afe97e5dfce2e9070ccdd3ff98d785ec35e927

Download Submit
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\PresentationBuildTasks.dll.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A

Filesize
168KB

MD5
d52519a93f379fc772ac22eb4c1500c5

SHA1
05c3ed9d469d9b06211dc87668f4913716c4ce47

SHA256
71d19910251eabeba2ea1805e6c6a2d716acadd905896ff937791c2cfb642026

SHA512
8b8770cb24a14ffea2f2b9e73dbe4881181044715309cdc6e9bea6bb50b9b9d4093b40a9aede1b3ada3896fbbb8b8cb7de4b4e0529cc62b5a1994078dd777220

Download Submit
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Conversion.v3.5.dll.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A

Filesize
104KB

MD5
19586e3c6745165a8ac4cb33b8069ec7

SHA1
c907680f7694ad5d0232a982f098187112e9c09e

SHA256
21abd8524c70e39d9c485b399b84eb1e8ca0eb749d980a78dab3265aece757e9

SHA512
853574b9552cc98c97c9daf187d524eec4000efadfa75984014da42b4efedba9aa03715b79d281c5e379612077f1234427695adccb1c3aabc67aef9ba2d06314

Download Submit
C:\Program Files (x86)\Windows Defender\de-DE\EppManifest.dll.mui.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A

Filesize
2KB

MD5
d86936482c31a3f4e6da2b9e420e5373

SHA1
951ebcdfc9827bda68aa05d82f48d6b2d06248b3

SHA256
16b0dd5f553a8884688d2ab9913d8db9c146779003a9702e2b8744c951c56532

SHA512
7cfeb994afdc128265e49fc096abe6ddedc6514b4816dd4b86c48d4159955dac7ce644f01c99e412a270645b511ed086b8f62c712b060e65e26c7447b787cdbc

Download Submit
C:\Program Files (x86)\Windows Defender\es-ES\EppManifest.dll.mui.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A

Filesize
3KB

MD5
7e7267aea45b20d8d332c899290ad611

SHA1
b535677ece243c9640f0ab8230cb4f796ae45047

SHA256
4a4b48c5393f35aec03842b9f968b59c0f2e4df207795a7c65463235d7f0e9c7

SHA512
6d95ada722da78dd97cc60082beb2a0b73b040babbeef86be039edbf8cdb3d94f7b6710c0c35d081ed18347de60534bc1e70df742b7020fbfaaeabdeb91143de

Download Submit
C:\Program Files (x86)\Windows Defender\fr-FR\EppManifest.dll.mui.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A

Filesize
3KB

MD5
ec09ac2a257841803265ed5fa5b86a01

SHA1
31272040b6467b6ec6842eb3e206955880b9a8e8

SHA256
9f0fc948db6dc8f4d91ac8621da3b095eb398f260a23423d0df3b639f586dcc0

SHA512
dbf2ea2dd83521a3bcd23c5ca6571955297f8adacf325e125a6903b32f3c48c6f60be9aa9e6cfd75a71865942e7976119a302330cc3f58fbc56aee1c7bd03211

Download Submit
C:\Program Files (x86)\Windows Defender\it-IT\EppManifest.dll.mui.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A

Filesize
2KB

MD5
e96e1acdce225c0dd4809b242ae714c5

SHA1
543ab335371f0d6b0b4e9cd8794aa0b957023cc1

SHA256
d6aa05b9b7deb3496dc2d261f00c2c3883bd48acadabe2d16b2219019aafaa72

SHA512
a18e055b2c82caad48e015f2f3810e80eeef71edc905ff96cd20acba6f2e008d63c920de974ff62fe9aaf49c5bffae07332acb90de715bcda550cab5c3fcb0e3

Download Submit
C:\Program Files (x86)\Windows Defender\ja-JP\EppManifest.dll.mui.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A

Filesize
2KB

MD5
e7011e24a8c436f41d7d8829107ab163

SHA1
3d661761f2893d4e147dfb38573bfef29d809c55

SHA256
2ce774575d2d5cd7f465658242a5be31e9f3d1720d35648cb65d0f68307fa317

SHA512
ef6f302fa098fc1dee4e82ab7d61dfcf3d5a9dd911b247da582477c53634135270bde83e9723789648b172ac7d8f3f630acbc3050196b7d6a558a50ad97ce763

Download Submit
C:\Program Files (x86)\Windows Defender\uk-UA\EppManifest.dll.mui.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A

Filesize
3KB

MD5
9ad14348a28d176c2ba786c7440052bb

SHA1
2021e945278ff71ca7dc7b835fb580fb926c4203

SHA256
26e368ce8292bdfbad3c62ae06e94b851898159b0e8b25c8e5532bb42a834ead

SHA512
642125c08731776e1ec8037565de50178a7b508c7d72b8997f7c7230474a6813a4f182902da951440ed6ef9f06a164819338e0ff4d768d398d0eb19b5581994b

Download Submit
C:\Program Files (x86)\Windows Mail\wab.exe.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A

Filesize
504KB

MD5
ae7780a895c260817546994f97d35b57

SHA1
1aae3d6e31511c1ced374c35061ff02b886d9c83

SHA256
b7c1009a02f465ebea61f36ee197f00da0ce45c8af0d7f3f3cd05d98b24e0d2a

SHA512
fed680a925b6d1c4533840be169f678876ace2b58acb4e0eec33c306a46ca5d3d798723534dff144297d2e1f9ad5b28b156093eca1dba8e0e9cb796428bbec6b

Download Submit
C:\Program Files (x86)\Windows Media Player\mpvis.DLL.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A

Filesize
96KB

MD5
4c05c218bba03b03e993a00febfbd47c

SHA1
5e9c64b1ea74920b06008c95c2c925d8ae4175a4

SHA256
72dd609568597d3204644c7a0e2c10c9cb7a39f82da44c86b6aa850c489a89ac

SHA512
d9032369b815f14166bfa5451f0efaf50e597e3d84a3dbf447ab83e6443cff083d57dffebe05ae650b711990c695f2c91addcf25f3fcf42ea78b54f5fb063b1d

Download Submit
C:\Program Files (x86)\Windows Multimedia Platform\sqmapi.dll.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A

Filesize
39KB

MD5
aea5b2fbc482c0e864052df1e5ca451e

SHA1
ad7d5edd32fa6d8f424caf698c1cbd2b998fa0b0

SHA256
6833760032047db5c194265ea96dd46e2bca724709babacfe669123ba3e08006

SHA512
aefec5e78886e9574f759ae11d547db8a437b3b5fcdbdc6be911b809aea0c952dbf9e56e50db073f544597389977e24771a1d22d8b3613be6b0434ae92484f6e

Download Submit
C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A

Filesize
2.7MB

MD5
01424ee072b47b34161f4dbdfde364c1

SHA1
6647bbd43d19c57701698b9ada85df31d2b4c542

SHA256
4e4aecc4930d079a3fc21883594ba97370fb81027fdc544b0afca569721b7fab

SHA512
1ad3eca1fa2d1566f9e087952d6a00e3548ba2c746d3f396dd93e56e8b3285f58e19e40c1ac255c3c2f08d81cb32924b52619dee3b94220719162b93b0a5f26e

Download Submit
C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A

Filesize
93KB

MD5
b6a166093b4b92bfddd47e5ecbe2b7fc

SHA1
eb60eebb79524a0f7fdf0a758ae70c9ed75cc022

SHA256
af6b7b5ea55f2eabeaa05bb4a45445761f8096de4e642239312f1fa216275d66

SHA512
e65b50bef558a9415e8ccdb2cf14fd34d4ced5bc9f1749febd2e6a5fb3948ff78c2a747398385ed4abcd58f6127db18a943f79b7ea4defdefb221e0608af4741

Download Submit
C:\Program Files (x86)\Windows Portable Devices\sqmapi.dll.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A

Filesize
39KB

MD5
d43de6010bd1a8b797203e7d4fb4fd71

SHA1
f2ca5845bfa1edbebaf2de3d44e4cf1a82e1c930

SHA256
c942a2e076332f516f405c2f5d200bf23c499d8c968639be4f1b3fcd812525b4

SHA512
85694eb0e12384c82d2b1c60e885692dc585db4367a03bd598523f8694e48e190e249d25efc9a72b7a67a5d45d48e216f4c89f64a37a4ef44c403541b1357667

Download Submit
C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Microsoft.PowerShell.Operation.Validation.Format.ps1xml.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A

Filesize
3KB

MD5
0ebaec770576e75fa470b69e9c7a343d

SHA1
972bbca08e5661e76e3cc3c7be65fe39b2c5aec8

SHA256
3fb0ca3e2a58975f75955537cc23e10f3f8d74f58573b279f97b5514534dc7fd

SHA512
b45e258aac994233fc48dbc75a19dae2f737a900203b2c8c1b612fd9da23c496842337f1c0d566b61a495d74c446e569efa857c08c1ac3a660e044a8ace65b24

Download Submit
C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\Build.bat.20D631FCFC8CF72CFD5B1ADF59C45FD42BA10E75AAACF3B7208841E52BFCF48A

Filesize
752B

MD5
40199309fffd082abf049148061e9d8c

SHA1
120d3df2e2015c43e2cdb657f8c3fa6cb6b15348

SHA256
c73f72dc124847bed2b184bfab4b2a7ff19221356c9a9b9303990533ebcdf8ed

SHA512
2d7cd1524622099fffc991b555b4fc2b1f0861663d23049beb42b4e935197ca1b46ea42167907fba66d618a326f161f73bbb996065872c39d3ce7bd20e9082b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9e3fc58a8fb86c93d19e1500b873ef6f

SHA1
c6aae5f4e26f5570db5e14bba8d5061867a33b56

SHA256
828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4

SHA512
e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
27304926d60324abe74d7a4b571c35ea

SHA1
78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1

SHA256
7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de

SHA512
f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1c472cd1b67a2edf21f22d112aa10221

SHA1
7abc9a7a0d1a1c4a2eabc296c6e9be1432a5f874

SHA256
09bcf9e16e95872e8810814e2c77b7cc57f94642e1f6f56dfc3e9b3d96ce58e6

SHA512
dbf5b74dfcdb8956626980ab98ae7782e38944b33827fb390c156ca3e535b2099a2637eb0eecba38381c8c837960c5821a13cef486030db581f6273a4fb06022

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2bbf49621675f7c5c46a291954d315ce

SHA1
a150d9cb8c577e9ca3aedee73a76eead975de9cc

SHA256
e8350e5f5702d8d54677979418b241dbfd6421c39adfe21a62cce19292dffa7a

SHA512
0c392e38fadf491d61b94fd756bf4f7a660f487a2ca4e115314a72cf5e2164f53661e081a0735b622a8888aafd05ab5b948793dc1a0592a67a795b8213442674

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2409b4d8c8a52a88e1c69fa2a4412de9

SHA1
ae198aa48d2b1dc57ec8b9defb85801135f07e04

SHA256
0133ee83b5ddef7f768fc6e86ed6f59fdd9f5866ea7373046e14783e8deccb77

SHA512
1d3715e91b1127852840928250319f5d7c30d5cc954d67af35682d6e2ab1b07211211e0b4e5125362a6050df14651bc5387970b54f567566c3340c795281d4e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4bd852cd19e5505949ec34c067daf5d3

SHA1
c30d37a1c56439b8bb17632ceb17abe93550d6c3

SHA256
290cb8065296cd95b310c2be91cbbff5ac1ba284ddfc3ecc08dd33a9b2cf2c0a

SHA512
6b380800f995bcb10e4c3a7a1ffd8740d50b330cab99b0e90326560c4eb6ec68d4efbab4782b0201c4ed8eec3656a9fd571ff67f556e85dd4e07a74aee4b9a25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7cd5f1d79f9898c7fd72ed5dabfe20f0

SHA1
3a824f750e9a60ce5b1588cb02e0a451ee4fafbe

SHA256
e565afd82497d635b35e488f6b01dd16d04b374e3be250d00eba8ed83c5d8565

SHA512
fa67de2cae3498bcac1ce0803da5e8eb9960a9cd0dd207caa79bc957e459afcb593a191e6d88bfe06280f53703d4174ee98516b54749de3b79eb594a2be9b687

Download Submit
C:\Users\Admin\Downloads\InfinityCrypt.zip

Filesize
33KB

MD5
5569bfe4f06724dd750c2a4690b79ba0

SHA1
05414c7d5dacf43370ab451d28d4ac27bdcabf22

SHA256
cfa4daab47e6eb546323d4c976261aefba3947b4cce1a655dde9d9d6d725b527

SHA512
775bd600625dc5d293cfebb208d7dc9b506b08dd0da22124a7a69fb435756c2a309cbd3d813fc78543fd9bae7e9b286a5bd83a956859c05f5656daa96fcc2165

Download Submit
memory/4784-92-0x0000000005390000-0x00000000053E6000-memory.dmp

Filesize
344KB

Download
memory/4784-91-0x0000000005180000-0x000000000518A000-memory.dmp

Filesize
40KB

Download
memory/4784-90-0x0000000005200000-0x0000000005292000-memory.dmp

Filesize
584KB

Download
memory/4784-89-0x0000000005710000-0x0000000005CB4000-memory.dmp

Filesize
5.6MB

Download
memory/4784-88-0x0000000005090000-0x000000000512C000-memory.dmp

Filesize
624KB

Download
memory/4784-87-0x00000000007E0000-0x000000000081C000-memory.dmp

Filesize
240KB

Download
memory/4784-3175-0x0000000006570000-0x00000000065D6000-memory.dmp

Filesize
408KB

Download