infinitylock | hxxps://github[.]com/Da2dalus/The-MALWARE-Repo/blob/master/Ransomware/InfinityCrypt[.]exe

Analysis

max time kernel
161s
max time network
163s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
25-08-2024 19:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Da2dalus/The-MALWARE-Repo/blob/master/Ransomware/InfinityCrypt.exe

Score

10^/10

infinitylock defense_evasion discovery ransomware

Malware Config

Signatures

InfinityLock Ransomware
Also known as InfinityCrypt. Based on the open-source HiddenTear ransomware.
ransomware infinitylock
Downloads MZ/PE file

Executes dropped EXE 3 IoCs

pid	Process
3592	InfinityCrypt.exe
2352	InfinityCrypt.exe
2316	InfinityCrypt.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
3	raw.githubusercontent.com
21	raw.githubusercontent.com
33	raw.githubusercontent.com
34	raw.githubusercontent.com

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\sl-sl\ui-strings.js.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\MobileAcrobatCard_Dark.pdf.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\pdf-ownership-rdr-de_de.gif.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\pt-br\ui-strings.js.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\ja-jp\ui-strings.js.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\en-ae\ui-strings.js.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\pl-pl\ui-strings.js.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\share_icons.png.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\en_GB\en_GB.aff.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ahclient.dll.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\es-es\ui-strings.js.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\sl-si\ui-strings.js.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\Locales\ko.pak.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\devtools\pt-BR.pak.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\S_IlluNoSearchResults_180x160.svg.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\js\plugins\rhp\pages-app-selector.js.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0.dll.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\Microsoft.stdformat.dll.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\identity_proxy\dev.identity_helper.exe.manifest.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\ResiliencyLinks\Locales\as.pak.DATA.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\over-arrow-navigation.svg.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_invite_24.svg.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\js\nls\nl-nl\ui-strings.js.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\fr-ma\ui-strings.js.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\hr-hr\ui-strings.js.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\pwahelper.exe.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\sr-Latn-RS.pak.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInViews\Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0.dll.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Multimedia\MPP\MCIMPP.mpp.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\en-gb\ui-strings.js.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\en-il\ui-strings.js.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\hu.pak.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\turnOffNotificationInAcrobat.gif.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\icons_ie8.gif.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\root\ui-strings.js.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\images\example_icons.png.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.371\goopdateres_ur.dll.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.143.57\msedgeupdateres_gd.dll.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\root\ui-strings.js.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\ko-kr\ui-strings.js.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\nb-no\ui-strings.js.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.371\goopdateres_tr.dll.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\ui-strings.js.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\images\example_icons2x.png.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_tr_135x40.svg.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\it-it\ui-strings.js.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\hu-hu\ui-strings.js.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\themes\dark\Handler@1x.png.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\icons_retina.png.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\pl-pl\ui-strings.js.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\ResiliencyLinks\Locales\it.pak.DATA.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\fi-fi\ui-strings.js.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\uk-ua\ui-strings.js.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\de-de\ui-strings.js.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\zh-cn\ui-strings.js.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\kok.pak.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\ResiliencyLinks\Locales\lo.pak.DATA.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Common Files\System\wab32.dll.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIDE.dll.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\de-de\ui-strings.js.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\it-it\PlayStore_icon.svg.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\identity_proxy\beta.identity_helper.exe.manifest.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2	InfinityCrypt.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\InfinityCrypt.exe:Zone.Identifier	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	InfinityCrypt.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	InfinityCrypt.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	InfinityCrypt.exe

Checks processor information in registry 2 TTPs 24 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	InfinityCrypt.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	InfinityCrypt.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	InfinityCrypt.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	InfinityCrypt.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	InfinityCrypt.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	InfinityCrypt.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 5 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings	OpenWith.exe

NTFS ADS 3 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 952474.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 962199.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\InfinityCrypt.exe:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
2144	msedge.exe
2144	msedge.exe
1768	msedge.exe
1768	msedge.exe
1596	msedge.exe
1596	msedge.exe
3880	identity_helper.exe
3880	identity_helper.exe
2680	msedge.exe
2680	msedge.exe
6112	msedge.exe
6112	msedge.exe
5720	msedge.exe
5720	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
4416	OpenWith.exe
996	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
5720	msedge.exe
5720	msedge.exe
5720	msedge.exe
5720	msedge.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	2352	InfinityCrypt.exe
Token: SeDebugPrivilege	3592	InfinityCrypt.exe
Token: SeDebugPrivilege	2316	InfinityCrypt.exe
Token: SeDebugPrivilege	3380	firefox.exe
Token: SeDebugPrivilege	3380	firefox.exe
Token: SeDebugPrivilege	3380	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
3380	firefox.exe
3380	firefox.exe
3380	firefox.exe
3380	firefox.exe
3380	firefox.exe
3380	firefox.exe
3380	firefox.exe
3380	firefox.exe
3380	firefox.exe
3380	firefox.exe
3380	firefox.exe
3380	firefox.exe
3380	firefox.exe
3380	firefox.exe
3380	firefox.exe
3380	firefox.exe
3380	firefox.exe
3380	firefox.exe
3380	firefox.exe
3380	firefox.exe
3380	firefox.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
5720	msedge.exe
5720	msedge.exe
5720	msedge.exe
5720	msedge.exe
5720	msedge.exe
5720	msedge.exe
5720	msedge.exe
5720	msedge.exe
5720	msedge.exe
5720	msedge.exe
5720	msedge.exe
5720	msedge.exe

Suspicious use of SetWindowsHookEx 48 IoCs

pid	Process
2596	OpenWith.exe
2596	OpenWith.exe
2596	OpenWith.exe
4416	OpenWith.exe
4416	OpenWith.exe
4416	OpenWith.exe
4416	OpenWith.exe
4416	OpenWith.exe
4416	OpenWith.exe
4416	OpenWith.exe
4416	OpenWith.exe
4416	OpenWith.exe
4416	OpenWith.exe
4416	OpenWith.exe
4416	OpenWith.exe
4416	OpenWith.exe
4416	OpenWith.exe
4416	OpenWith.exe
4416	OpenWith.exe
4416	OpenWith.exe
4416	OpenWith.exe
4416	OpenWith.exe
4416	OpenWith.exe
4416	OpenWith.exe
4416	OpenWith.exe
4416	OpenWith.exe
3380	firefox.exe
3380	firefox.exe
3380	firefox.exe
3380	firefox.exe
996	OpenWith.exe
996	OpenWith.exe
996	OpenWith.exe
996	OpenWith.exe
996	OpenWith.exe
996	OpenWith.exe
996	OpenWith.exe
996	OpenWith.exe
996	OpenWith.exe
996	OpenWith.exe
996	OpenWith.exe
3380	firefox.exe
3380	firefox.exe
3380	firefox.exe
2480	OpenWith.exe
2480	OpenWith.exe
2480	OpenWith.exe
5568	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1768 wrote to memory of 2036	1768	msedge.exe	81
PID 1768 wrote to memory of 2036	1768	msedge.exe	81
PID 1768 wrote to memory of 4104	1768	msedge.exe	82
PID 1768 wrote to memory of 4104	1768	msedge.exe	82
PID 1768 wrote to memory of 4104	1768	msedge.exe	82
PID 1768 wrote to memory of 4104	1768	msedge.exe	82
PID 1768 wrote to memory of 4104	1768	msedge.exe	82
PID 1768 wrote to memory of 4104	1768	msedge.exe	82
PID 1768 wrote to memory of 4104	1768	msedge.exe	82
PID 1768 wrote to memory of 4104	1768	msedge.exe	82
PID 1768 wrote to memory of 4104	1768	msedge.exe	82
PID 1768 wrote to memory of 4104	1768	msedge.exe	82
PID 1768 wrote to memory of 4104	1768	msedge.exe	82
PID 1768 wrote to memory of 4104	1768	msedge.exe	82
PID 1768 wrote to memory of 4104	1768	msedge.exe	82
PID 1768 wrote to memory of 4104	1768	msedge.exe	82
PID 1768 wrote to memory of 4104	1768	msedge.exe	82
PID 1768 wrote to memory of 4104	1768	msedge.exe	82
PID 1768 wrote to memory of 4104	1768	msedge.exe	82
PID 1768 wrote to memory of 4104	1768	msedge.exe	82
PID 1768 wrote to memory of 4104	1768	msedge.exe	82
PID 1768 wrote to memory of 4104	1768	msedge.exe	82
PID 1768 wrote to memory of 4104	1768	msedge.exe	82
PID 1768 wrote to memory of 4104	1768	msedge.exe	82
PID 1768 wrote to memory of 4104	1768	msedge.exe	82
PID 1768 wrote to memory of 4104	1768	msedge.exe	82
PID 1768 wrote to memory of 4104	1768	msedge.exe	82
PID 1768 wrote to memory of 4104	1768	msedge.exe	82
PID 1768 wrote to memory of 4104	1768	msedge.exe	82
PID 1768 wrote to memory of 4104	1768	msedge.exe	82
PID 1768 wrote to memory of 4104	1768	msedge.exe	82
PID 1768 wrote to memory of 4104	1768	msedge.exe	82
PID 1768 wrote to memory of 4104	1768	msedge.exe	82
PID 1768 wrote to memory of 4104	1768	msedge.exe	82
PID 1768 wrote to memory of 4104	1768	msedge.exe	82
PID 1768 wrote to memory of 4104	1768	msedge.exe	82
PID 1768 wrote to memory of 4104	1768	msedge.exe	82
PID 1768 wrote to memory of 4104	1768	msedge.exe	82
PID 1768 wrote to memory of 4104	1768	msedge.exe	82
PID 1768 wrote to memory of 4104	1768	msedge.exe	82
PID 1768 wrote to memory of 4104	1768	msedge.exe	82
PID 1768 wrote to memory of 4104	1768	msedge.exe	82
PID 1768 wrote to memory of 2144	1768	msedge.exe	83
PID 1768 wrote to memory of 2144	1768	msedge.exe	83
PID 1768 wrote to memory of 1012	1768	msedge.exe	84
PID 1768 wrote to memory of 1012	1768	msedge.exe	84
PID 1768 wrote to memory of 1012	1768	msedge.exe	84
PID 1768 wrote to memory of 1012	1768	msedge.exe	84
PID 1768 wrote to memory of 1012	1768	msedge.exe	84
PID 1768 wrote to memory of 1012	1768	msedge.exe	84
PID 1768 wrote to memory of 1012	1768	msedge.exe	84
PID 1768 wrote to memory of 1012	1768	msedge.exe	84
PID 1768 wrote to memory of 1012	1768	msedge.exe	84
PID 1768 wrote to memory of 1012	1768	msedge.exe	84
PID 1768 wrote to memory of 1012	1768	msedge.exe	84
PID 1768 wrote to memory of 1012	1768	msedge.exe	84
PID 1768 wrote to memory of 1012	1768	msedge.exe	84
PID 1768 wrote to memory of 1012	1768	msedge.exe	84
PID 1768 wrote to memory of 1012	1768	msedge.exe	84
PID 1768 wrote to memory of 1012	1768	msedge.exe	84
PID 1768 wrote to memory of 1012	1768	msedge.exe	84
PID 1768 wrote to memory of 1012	1768	msedge.exe	84
PID 1768 wrote to memory of 1012	1768	msedge.exe	84
PID 1768 wrote to memory of 1012	1768	msedge.exe	84

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/Da2dalus/The-MALWARE-Repo/blob/master/Ransomware/InfinityCrypt.exe
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fffaa653cb8,0x7fffaa653cc8,0x7fffaa653cd8
  2⤵
  PID:2036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,7062583699894159045,5272939913849955966,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1824 /prefetch:2
  2⤵
  PID:4104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1924,7062583699894159045,5272939913849955966,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1924,7062583699894159045,5272939913849955966,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8
  2⤵
  PID:1012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,7062583699894159045,5272939913849955966,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:4588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,7062583699894159045,5272939913849955966,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:4600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,7062583699894159045,5272939913849955966,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
  2⤵
  PID:3796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,7062583699894159045,5272939913849955966,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
  2⤵
  PID:4364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1924,7062583699894159045,5272939913849955966,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5860 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1924,7062583699894159045,5272939913849955966,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5896 /prefetch:8
  2⤵
  PID:3320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1924,7062583699894159045,5272939913849955966,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5824 /prefetch:8
  2⤵
  PID:2876
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1924,7062583699894159045,5272939913849955966,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6400 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1924,7062583699894159045,5272939913849955966,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5100 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:2680
- C:\Users\Admin\Downloads\InfinityCrypt.exe
  "C:\Users\Admin\Downloads\InfinityCrypt.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Suspicious use of AdjustPrivilegeToken
  PID:3592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,7062583699894159045,5272939913849955966,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1960 /prefetch:1
  2⤵
  PID:4212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,7062583699894159045,5272939913849955966,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
  2⤵
  PID:3328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,7062583699894159045,5272939913849955966,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4428 /prefetch:1
  2⤵
  PID:2972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,7062583699894159045,5272939913849955966,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
  2⤵
  PID:2968
- C:\Users\Admin\Downloads\InfinityCrypt.exe
  "C:\Users\Admin\Downloads\InfinityCrypt.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Suspicious use of AdjustPrivilegeToken
  PID:2352

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2128

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3544

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3540

C:\Users\Admin\Downloads\InfinityCrypt.exe
"C:\Users\Admin\Downloads\InfinityCrypt.exe"
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
PID:2316

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2596

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4416
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\DenyImport.rar.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2"
  2⤵
  PID:3540
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\Downloads\DenyImport.rar.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2
    3⤵
    - Checks processor information in registry
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    PID:3380
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1948 -parentBuildID 20240401114208 -prefsHandle 1864 -prefMapHandle 1856 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {280fb11e-f803-4016-b319-902bd2844912} 3380 "\\.\pipe\gecko-crash-server-pipe.3380" gpu
      4⤵
      PID:4508
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2364 -parentBuildID 20240401114208 -prefsHandle 2356 -prefMapHandle 2352 -prefsLen 24598 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5e79f79f-2f10-4724-ade7-c545e2810b33} 3380 "\\.\pipe\gecko-crash-server-pipe.3380" socket
      4⤵
      Checks processor information in registry
      PID:864
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3448 -childID 1 -isForBrowser -prefsHandle 3440 -prefMapHandle 3436 -prefsLen 24739 -prefMapSize 244658 -jsInitHandle 1348 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {679d99a1-ce3d-476f-8646-22ef610a014c} 3380 "\\.\pipe\gecko-crash-server-pipe.3380" tab
      4⤵
      PID:3272
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3116 -childID 2 -isForBrowser -prefsHandle 3120 -prefMapHandle 3332 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 1348 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2a75360a-3ff9-4bed-a264-33636c5a698f} 3380 "\\.\pipe\gecko-crash-server-pipe.3380" tab
      4⤵
      PID:8
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4860 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4852 -prefMapHandle 4848 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {26a14636-af20-4e4f-86ce-2cc9ade18f63} 3380 "\\.\pipe\gecko-crash-server-pipe.3380" utility
      4⤵
      Checks processor information in registry
      PID:5280
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5508 -childID 3 -isForBrowser -prefsHandle 5336 -prefMapHandle 5528 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1348 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {55e086e3-ee68-4bea-95df-97803a27b917} 3380 "\\.\pipe\gecko-crash-server-pipe.3380" tab
      4⤵
      PID:5812
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5652 -childID 4 -isForBrowser -prefsHandle 5660 -prefMapHandle 5664 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1348 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5ff9d2ce-8a70-4cdc-894e-d5ce7b567d7b} 3380 "\\.\pipe\gecko-crash-server-pipe.3380" tab
      4⤵
      PID:5824
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5868 -childID 5 -isForBrowser -prefsHandle 5944 -prefMapHandle 5940 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1348 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6becd4fe-19bb-494d-88e6-0bd1d18b50aa} 3380 "\\.\pipe\gecko-crash-server-pipe.3380" tab
      4⤵
      PID:5836

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:996
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\DenyImport.rar(1).2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2"
  2⤵
  PID:132
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\Downloads\DenyImport.rar(1).2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2
    3⤵
    - Checks processor information in registry
    PID:3904

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2480

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5568

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:5720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fffaa653cb8,0x7fffaa653cc8,0x7fffaa653cd8
  2⤵
  PID:5716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,10972695292984092767,15731420803395939154,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1916 /prefetch:2
  2⤵
  PID:6060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1904,10972695292984092767,15731420803395939154,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1904,10972695292984092767,15731420803395939154,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2568 /prefetch:8
  2⤵
  PID:5532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,10972695292984092767,15731420803395939154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:2836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,10972695292984092767,15731420803395939154,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,10972695292984092767,15731420803395939154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
  2⤵
  PID:3008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,10972695292984092767,15731420803395939154,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
  2⤵
  PID:972

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3480

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1084

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\icudtl.dat.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2

Filesize
16B

MD5
d27a14d90a0e3777894ad67065121381

SHA1
4c571fe5a5b12c8ee1ab0d629425a05a0676d544

SHA256
53b57629c6bcdfe151ce38cc32d2cf0fc08897225c16bd3841b35edddd7b1950

SHA512
6476ff5180187fa7d3c21ddd731e35a248bf16b07f7e45b0cb26c22c53dca42ffda2343fc7106e5d7f1dfdaf64f435c8d7adb369bb9ac89c6a3570b307ac869e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_remove_18.svg.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2

Filesize
720B

MD5
6f4703732548d18efa07d15936742ec1

SHA1
9914c755a22f687b57e188e836c24d7949f7464c

SHA256
d0c26e389816ed7084c9384a66f1ff6b639911723b6c08e5c168ef7c1d6be8d0

SHA512
9e63ada4a24f36514f8bbe34a116a54971140c62edc024ddf37cdcca1563b83721c5a90e750e6fb7da48b4dfd22fe044d60f6d2df9cdd47eb5ed8c57ac0adf36

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons.png.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2

Filesize
688B

MD5
6a389dae510bf3e1347b916e5db01a63

SHA1
46ccf73b2ea35baa7e80750717282f6484eb38da

SHA256
c72988f57cd0105156affb586ab478966ced2d3c4e14154eca0155707c956ec0

SHA512
41d4ce7740ec643ed3ffe77140e99a32b193ce74a623b2f4b2c09c015c94c2dfc741b84c176d9d50688ce6e148ffcd175f4942f5aa342dff8e6d73a97151bcde

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons2x.png.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2

Filesize
1KB

MD5
01d2091c40512c7dd32997ab6f8e8a30

SHA1
5c03129f7811b13f4c5870658421c2e414fcb9cc

SHA256
5b9d82d1d843dc74ae2fac7ae59719c0c845fa16ced0b3a5a2f48f28ef7f3b0f

SHA512
6382478061911d82707d2e36c84280ee3d0c6b4b4a982afc85c48a6da30e0ca8ff3863fe55db2b065062b40cd593808bfaaae36b4f4097d3167627f221f82b0b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon.png.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2

Filesize
448B

MD5
bce29be96657b2a720e8d3897f6dcb79

SHA1
d1d4bd34f3b231cc064b067d44e4fd377c5e8a7e

SHA256
4ad6d7d829276836d4fafc49ff065f376dfafb58d3e3b8ead0e0c00bc63b708a

SHA512
106b3d318e163d579774adacf031f91af195b3132dca178378956e6f1eef523a33ca73e353ed4a07a963ff2b3f160c25c48504bbbcb6f788b6b53417b5ac5902

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_2x.png.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2

Filesize
624B

MD5
8829d9536d01f21c3bfe3abccb86214b

SHA1
edf63d4e977e65191fbb7c91e049b6e77b9fd0d0

SHA256
4373b4302604bb66c92e686c413c3ff9279c8801d1cf1b28362f147022fd7db7

SHA512
3ff35cfebdcb4a2828a976faf6a7b8dc2e0f86fbed09ba662867b80eee9b310ae7619bfe755a43dd2749899245b004e634086f16957145aeab3d414350826c96

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover.png.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2

Filesize
400B

MD5
58712c9152ee4f179dcee7bfa60b42ef

SHA1
0b531025ad5e704420331c30b60371bdf76fa809

SHA256
7c8386860d94af6c7207156d1a90b81db997106bbe21b62183db85724f98c120

SHA512
1351fff24b0fe74190f13fcf0ccabad687eed74ca9b9cb34123fb286b140629a79eb7c1fbc12bce6db216adcf2360e531c0db17ba9d2aed0e65bc00bcd10a43f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover_2x.png.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2

Filesize
560B

MD5
e010d7337c131f8927368811c7819472

SHA1
881f0969e88c0238f31296cb86fd4d00e3167351

SHA256
2db3bf03a6333237a962f1b71c9002663493e24121fbd34dac42126e7e62979f

SHA512
213bf7a18a2e4ed94d62bc80beb7dd571330df3dd090568b29b63bb107f7ae7e809431d8149eac1b098b505de9e56827c14908c19d00a0232f477d6c24e37f75

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon.png.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2

Filesize
400B

MD5
325e2945474eb0531b5bf5832273cca2

SHA1
8216a543c1a015113919bac543a2568c076d52fb

SHA256
bdab06691e1759541a62d3acb290d98d76216a226daab272e8d5e8071510cd38

SHA512
aec17f28b3e7eef241a6d9e938fe502255b9c1b3d8ef26112d0f354ad826568cab10455da34fe04b5a2ba030450857b887935e4de354bb9611105fe006177100

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2

Filesize
560B

MD5
c184f31735adc9ee814959cc4aae5bcf

SHA1
165845cc26c05fa37da3e0778840a49dbd568064

SHA256
254f85450f03ae1b435e5d5ec5c60075dd0bb6d78b0eb713103572e8c111a330

SHA512
7e204a1c08218be82f4b88741317f7048437682a90cf1622c29fd86fbc5314b454a73e0df8e8f7acf37c71bedb294b88386b1d39257d637c1f607e3083e92572

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2

Filesize
400B

MD5
4f100e3abd37758bb2341f07d6d08af2

SHA1
fa10be79b37060fb2b6bebce95d83d08197954d7

SHA256
c67f147a9a034e3d8d60701bce1f5d8486cef6c1335e9705c3698c41af1e685c

SHA512
fb58fd1b0ce82929384fe5be296b7beae1e914bbdb7435c6aec909181218d5c1b20b1017519d1db8a4de658d66f67c4733566470f7de4bc3ee39002005fb6f8b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2

Filesize
560B

MD5
86b4523aa147930a793d4e252d4f8447

SHA1
62969a499a5e16b3a910c5059f83c2fa5244bca2

SHA256
6f999c537a44d89f93445bf6c673821f1614939345b88b18009e781f8fcec671

SHA512
edb539a8b4a25370426bab3a1b0fe74b3bdbdab22ac62cc77dcf5a5ea5c863323c99e0e64a9d912c6f900b50b56f6979b60d2d67fa703b40cb81275093699ddc

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons.png.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2

Filesize
7KB

MD5
e3d1e7c51cd7d5f93cd0a893df868587

SHA1
dff51257eb835cb6e17d7a0a9d57603daf5dc667

SHA256
86b4b375dd95f467c7de6d377c8b5028fbcb5b4aa47a3a05607aaf2dc770215d

SHA512
e242de0aa56d3b7044f4b42688e86df0e0fdff69a7451166ed409b8597a13b9b24f92d1104391b759a34b0944e0d5c43567156518cd1d10fc50bb392c0cfa243

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_ie8.gif.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2

Filesize
7KB

MD5
8e046afb8e0919e0b5660f3637204a6b

SHA1
a2a49143d8746d0f131b80cd8d6e0c1db4d1c199

SHA256
de959d3d9aff006e83a24cec56991b5a866e6f11dab3076977b88d27351ba569

SHA512
7ad70957781689de534f72f587d5005d64be40ced629fbb8fc9cfdc0d4cae42fc3a019337a04137b7afd45679bd70360a9921b35cc6b31d9ea41e73b0fa69ab6

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_retina.png.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2

Filesize
15KB

MD5
78e5f72847658fae84926c74bccc54a6

SHA1
f3fa60ba0692b79f2711e18445d0080450577918

SHA256
93e675807270fffbf1195790d924b3e183dd3c39903f4db92dac366fd7ac1975

SHA512
afb7e84bd2b7767930f952bf5bc87e1d3ea9fed39420320ba344925286b468a045e12e7ab31027b4a7ba21677fd78cc16aea9f9198edcf9241cecffb1d29234f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons.png.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2

Filesize
8KB

MD5
faa78a8fce5f20e46e9f28b6e9033aed

SHA1
82e764f63de39b2c7340c5b912a58d26f1e0a29c

SHA256
4c81532ad82e0831c184b1d92570771309017224ee73271b4155916e70d12c99

SHA512
b4b11b02cb9ca12d439b4ec01e1462040e03a65584bd0f0ab1c4e70e46232066e2cde01265d8d1e66d4e9f8a11f36c4ec9e4a2e7f3682fd4cd7c64545b80345e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons_retina.png.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2

Filesize
17KB

MD5
3de4e6d7ddbe15b6d445b4e96e44f30f

SHA1
9ae583a0826ca168c77870a60e2730aac37f736d

SHA256
cc822462b5f80cc3b4931d52b2326dc6dd1303df40b39ecdd63294b9ff219959

SHA512
bfc59f41153181ebf67eb6950d1a2ed37b22a34207b4665e48c94e5e9f2a604beaea47e1d1dcdb1f1b6f0d7a559e5d8f1a5d9a5388adc3e64a99fa66fcceb637

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_pattern_RHP.png.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2

Filesize
192B

MD5
1738c64e4b2b7e5270b2df802861975d

SHA1
8f578b65f301561d691839cd63e63c2b23113cb4

SHA256
bb096cd862ca534670969d9d6a9d9563532b219ad3834900773e1d23a26dd172

SHA512
c04820fc3139046010f2b8ba61f9314a55e14c243d7c5ad30ea327043eba6ead81f783e739d7676ff556ee98062f205faa348f12b0dd142083a5bb08e8e707a9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_patterns_header.png.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2

Filesize
704B

MD5
6e7ac421747304fed00357a7b4d96032

SHA1
21cbd1e30228cd19f3ff0b53f53a4ff85c69ce1b

SHA256
4ef85857a7daaa5843227a4c153c3ee3b66e3764e609b02f713edc42fde1ec4c

SHA512
e00182213d0abde29b18220dc24cb00962ffad579d167617d165a920c5d885ccd613f499acc5bfdc6edc09062edb5990669f6f00d0e867bcca12ca02ca62ec60

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations.png.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2

Filesize
8KB

MD5
5f961d5010c6c3b0cbc0c7ce271f5cc3

SHA1
b95e47ce8e6f5a2430568f438738af197587a58a

SHA256
04dccdbeec9db4c49a2c5d90504a971988f2e371fbfa45bb6cb85a7b6f770ea1

SHA512
bf2d3ce73cb8702c7e8572cf97516a1f235bb38c2e00f843c7292a160bfec999c886784c5d83bde905d42efa8d047bb2a4d92a5b7d055907d43d1dda83ae9f5e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations_retina.png.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2

Filesize
19KB

MD5
10f059f7649da81ec0afc407009a52e9

SHA1
2abf5919e4cbfe8c6daa792de4941068146df3af

SHA256
0a407cb58540d291eb4516b4aa454768772688f7d55b5225b94dc4742b3a7a47

SHA512
9448b76634458be55bcba9dbb36fc3cdd4788e1376f3dfa08743402f6d9a252f2a5a44bd6ed7c063b7e4614ec635a6ae005a89ff240f1bdfb38d9cde72e88d0e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-gb\ui-strings.js.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2

Filesize
832B

MD5
78b1c37b21cc619d2f4bb6dc284452ad

SHA1
cf9d7178b64d7dfe1b684718080b2726e5cf2596

SHA256
3cffdbe68352e4418cfb94ff398732e8a173e92af176dcabe9e34fed7e068b0f

SHA512
d5980d6e9644086204be3dcd7c822ab773c0ef24d38ac2357d4c7e0737892c9313476dc8df6a7471ed516027248aebf4f1e22504ed82d13182d2c122a461e413

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ui-strings.js.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2

Filesize
1KB

MD5
5ab6620f482860d4d8b9cde465ddc14b

SHA1
f73f92125b8e80bb16f29a6fc0f9b4746dfbc0bf

SHA256
549f71c035300bf4f1cc57bf627e318cf7e5a2392a04c76ef3c84a2a5d065642

SHA512
eb05a1e64e7e0966f608693a86478836755efbbc3ba9094b1dac0940aa69eda26dc012204c0a7d5c244da20958a29d6ebfdeb8fcd8021edcde149371bdecbc0b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ui-strings.js.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2

Filesize
1KB

MD5
ec37862209a2ba2f674500293f35eb35

SHA1
c10fa2377738ce05d97a006d8e19a34756f90c71

SHA256
18a28993120f367e5965ba2535858241bc7d66650d7453b1d0229a9b54297f13

SHA512
d308338c8c214953b84818554ac3fa4745301e2ac4d3b7738da43bda98e4354272df7b3edefbaf7f81faf5eda3582cacaf082e8066a971d3ff9715127e9a3c08

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\css\main.css.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2

Filesize
816B

MD5
b636b7407a9d92050711ce8e8a448ed3

SHA1
d605ad912750a080f528ab959c3396ad7add5bde

SHA256
67fd3c7cb108f78458224ef55f3fcdf059399473e4940e4ed4e800988b34659d

SHA512
59d71109135f9ab0ea499a6351297a525603c48b0a75a18f2391a9cabca6802c67dcad1aa45b54487f06ad360976a9b24aa756ee58c6fa90c56ee743a1b48d66

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\bun.png.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2

Filesize
2KB

MD5
8cdec89f612d42935bc686c70db8cd64

SHA1
10a1a4192d5d6e35056cbaba5c080518cf0bd0e9

SHA256
21efd6231a992c6925f0ee0a4ecc6492625638b997ab5af1db1505c51b28c0a4

SHA512
fbd662db98dfa47f3e3dc7acb9e3701d65ede8943a8defd29fe2a59b3c75c725ac3f4421d0d1dab2f828caf44cca08d1d305c70746f39b04af3acdbf4465cc43

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview.png.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2

Filesize
2KB

MD5
940a6a5a158e458eea95d100f6a43e84

SHA1
d787e6c378ccef6fa517ff86f2d9c6dcf828c8ae

SHA256
7b6452a9b53c88f71178f51ebae6b458db22ed27c6182cb679371e1e18bb5ff6

SHA512
0cf6dafaf83591eb16ad88e788dea16117301172fe58e64b236049c71c114bff5618382b1835ae8b0e7bae00903ee1ec4d4bed3b458f0b2571806b2b3d9d5628

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview2x.png.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2

Filesize
4KB

MD5
32408ec68ac2b983da7819106508435b

SHA1
101edaa8e37165a9cbeb7daf909110108d22f3c6

SHA256
8bca94a5b9ea810ac63dced52e8324775db35b4be602409bf61603e2149e4908

SHA512
45d1c32a051ce0bb51cbf235aa0167306090292f2686bf02655aad4063da75f6a5cf4abe63a8eb29b8f357d65305d02366bd7e4809fd9283543af159fa396ee5

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small.png.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2

Filesize
304B

MD5
2cf395b8cc2859b47403e38a49db9b8a

SHA1
1a81a6b863eeb33a44211c605f3883406059445e

SHA256
e4eb3b82bc7595069b9105f9f1de1318b6c2c60bddd9f3747607e865c455a21c

SHA512
3254eced3d7dca091cf0978b5417b54973923a5e1a30d2c72a64d210ba235b644113db9d5483ff5b504cceb47c70ec0f354e291dbfa92f4e77d2670d87d6015b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small2x.png.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2

Filesize
400B

MD5
d83b06eea7efe84d2a4f0e39638b7ab9

SHA1
ebcf04bae35d32fd85e9b576fb3907d819ec7cf0

SHA256
7c3f88a013d1e6f30ef22298daf374f976bfd0c5f0bdb989b41a2b207a437ba9

SHA512
8f03e847e573350e1b5540de79c37dace7baae9dd2fcd53deca59809fdc66806dbe4b228f0f5c102758aeff238f32d34b16a15d47528c58a83757e9d2643f1dc

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\nub.png.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2

Filesize
1008B

MD5
8ea24d7d100d61e7b5917dbb2ce15da3

SHA1
1271c1f4ea346de5d97ce0ba0a9eefbb4ada1253

SHA256
aa5293652685cde2bc27de6103a32284af88dc5d6d3a735435a75a40f86fe939

SHA512
3a19bb4253ea812ca5a3899730f1c796d2e1bd872e243b8e9ea42e23f7054fb0fe09bb6c19ce380d87e95a38a59c0a58b28642ffb214aa2efe78a824a26bb133

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons.png.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2

Filesize
1KB

MD5
88d1570f9811a641ba30e6f20d8acf94

SHA1
6ba35500e4547fcfbf8475c8e08952a593cce1cb

SHA256
c931b9cfb2748cfd1603accb770fa24310e21e2673b386b4065cc0a09b904d61

SHA512
38b0dbd686b62e724ea1036ce15034e561596e5c19d2fb2726b06356be887234bd019d9aa2ee315a6b18f5776ff8f611d4cbeca2ca3896b0b3e418ce798e77c4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons2x.png.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2

Filesize
2KB

MD5
9451c9e491067f26717010c8a43e1127

SHA1
4ea290fbce467e2c03bd636f1255bde495656e08

SHA256
71c018cb9634f941395171143bb5af5a0ca70dc6bff7976bba948db4cd00dc79

SHA512
879bcac49760a8dcfb1ed91293d6063b89fc77d56f7e8829ffbce43379dab2f92bf6b8140b9cab3ddd6f9645e1c09ac2b8957eb4f96ffa4ce64902788f734242

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\nl-nl\ui-strings.js.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2

Filesize
848B

MD5
2d2ae382f110bf96a2cd5d662e3a96f7

SHA1
499ae952970d6a6fa76c873be6999e4465aa7f15

SHA256
0bdff6e4093edf139e0d2aec9fa65edd193f8a8b902b5ebc97a552a0cbba5105

SHA512
ec41ff07905113152ff2d816490fedb9849fe3f6886810c4c72d7fe770e4560c7ad2e84db53aa0abfac64959ba88dddd5fb97641d8761dd510287df51f90580e

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2

Filesize
32KB

MD5
fb18f35d5effacc7580ba240b801c19b

SHA1
a86ced41c382bcf15aa8746fd11c4a52d2af5f1b

SHA256
565076a6bb4adaf978bd42397bca6db48f79a5512897a7a2c220ae1da978d3e1

SHA512
193a91fa489d72109374ef22d088f16a8b2687bb51cf2c624402faa96c4dc8719257d6cdbe5370dac41b3de7187b5b6b0a63436780df4ba2957485cdde1f84aa

Download Submit
C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\dao360.dll.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2

Filesize
596KB

MD5
d0d83185de26830c10ebb7d5eb9f9707

SHA1
287e91b563dd088bb5284def9ce94760d142955b

SHA256
50e904d50319e67fbf48babf528ef0903c0ca9531955b6ed6a548ced9f93d985

SHA512
d52d9f8dbf81eb7f43171335f609e9ba6ec031b5980191586345ee4aaf6796a23aa45f68b3bfa2722a4d097112906d1f020d2ba96dd7a49b48a35dab4cac5fa1

Download Submit
C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\dao360.dll.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2

Filesize
596KB

MD5
50a971a5095573169b156cc77c04a5e4

SHA1
da866a38597ffcbd9f870fe6c18196940d3893f5

SHA256
345aee847b5d239f33829fe5e42dc1b809cd7040e10dee465daa496f03272d38

SHA512
27051849e80a95013c8cfff192707c79acb3609c46a16f1ca1e6084fe6fc427fbb336a85d37fec5e387362e23fbab02cd6f97a9f3b26794bc2fba4c88991630a

Download Submit
C:\Program Files (x86)\Common Files\Microsoft Shared\Filters\tifffilt.dll.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2

Filesize
184KB

MD5
a8578d4e730a764ff2cf0daee024e8d9

SHA1
9c8e8b874db1cf81dce2466129b2726e72e67742

SHA256
1bfdfb32aa0d2f1f020de639172b5e46d7c393028eecf6883629c09c1ac68ffd

SHA512
9220c6582efdaf472592d4f5452279151df08c0bc8802cda0db6a6a613afb338694acdf7f67ffa11c9aa692e18590bdb44629b563e6577b89559d3f9c3398786

Download Submit
C:\Program Files (x86)\Common Files\Microsoft Shared\Filters\tifffilt.dll.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2

Filesize
184KB

MD5
c777d7f7f28192bd84617abcaa6466ed

SHA1
b68103383ce581e0a7e46e7ad8d18d2e50f7a8a7

SHA256
de2492109831e7b4b1e5f547f77a70d33e3d8da0db153fc6c39bd972a9ce1489

SHA512
dc15592a892e7998c773a47704942f7f7566460265798b0c9e6d70547796fe1efabbacbce3cc2a1444ae6c69badfa0319d6091d0e2dd4dbec635cde12839e486

Download Submit
C:\Program Files (x86)\Common Files\Microsoft Shared\MSInfo\msinfo32.exe.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2

Filesize
267KB

MD5
0240258d5bbd4186a113498a13ef08b1

SHA1
5597276691c389e1ebb6f345d9dd6e88483eb0b7

SHA256
ae582dc5e0d2a4312daaa45186d76c66532d106734eeccb5964a7ea60a58f1f9

SHA512
843eb188d251464e56a2ffe50ec008e5b0f71ceb086cb4cc375d03a03a9a99d77d08fa53f767ca40f165b25d988e51913d435b78dc6950239f3ba3b30112aeca

Download Submit
C:\Program Files (x86)\Common Files\Microsoft Shared\MSInfo\msinfo32.exe.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2

Filesize
267KB

MD5
eae804b23df1eff6c6efd69f28d28e47

SHA1
f6fbdb402e2484ee7cdabf7f21b0e4b79dd66cb2

SHA256
f1c8022dc788fc3a1be90c6719aeaed60649d32e072405679f3e33a9ac24dba7

SHA512
96599d8217e4afc7bdc342257d74f471f7f495e0ad105cf2f746dddb2affb5e64b5e2644fbd68ef4f0634ee413fec59b4711f6b84fc8454251f92b7a5692b7cb

Download Submit
C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2

Filesize
576KB

MD5
8234e6480e69bbd594e8ba3dbb51f6fb

SHA1
2b75c1771b9fa53f0f718122333a86d51ed588df

SHA256
e715ea36ad713efe14cf6f0be51831de22f4887d1bab3f597a67b3dc6503a754

SHA512
56eb15aaefc2cbf454dfbbb537f09c4bc857e6a7f090cd24bf0e5307f970691d742caf7ccf0d36e1876957a423bd35348427b68f2a669114d1c022be2be4ccee

Download Submit
C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2

Filesize
802KB

MD5
da696b4a70bcdf5b6f6cbf99e8db53a4

SHA1
5711a708259cebd1cc3bc9bb09c9e99eca775ff3

SHA256
c1ec2e8e74c8cfb51287689f844c50506651fdb2d0033c8877d984409f5c6899

SHA512
2361d275a4c6c638eb1c725b9aedc8b1ca8fbde351652b246333fe511d7847d68c0b3154a80fc75d89c6e38ef91bef57fa73759ac6bebb957ee6d0f88ff78e66

Download Submit
C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2

Filesize
802KB

MD5
ece2fc50b11a3dbb09045ec318238647

SHA1
b97fb1429cf3930f7f23827c34a588ecc65b322e

SHA256
b82edc7209e0be4487ae92e8aeeb691c8aaeb94d2ae045cbcd01f99277607955

SHA512
9b543d5a6562630e0f034965e1b27237f9db89b012d88f402f269e139b354deb2e1a08e21fc770a3005d5043dc4d3cefc801902f29bb175e3cc048e36333087c

Download Submit
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\InkDiv.dll.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2

Filesize
303KB

MD5
f7c0d3bb0b8483ac03c87ba3ac8bc7ca

SHA1
f8c555345419016d31680210eda2d7bee742a8c6

SHA256
b741b26793f29ad83b38fba2e4640ecad07d192705e073c79d81c5e24f1c4543

SHA512
d775af2885d5736d58850f68730abc260d6aff437280b686a8a2f911b6cedb9fc812353e3dd70913cfee4d9ba056d035e3e97e033b2e148f6d70d8cf59171855

Download Submit
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\InkDiv.dll.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2

Filesize
303KB

MD5
2d815f208a5d8b34272551760ba81ce1

SHA1
eb1ac0a97cab78bd5b43b6001d56edf227157a98

SHA256
c9bdee819bfccb93dc653b0e05f97cb5c9f4dfb5bbc502d372cda1b197b600c1

SHA512
5517293aec6d315e06f9ab1e0b194b4b64285a60a4c627c9a82f62ae320db3bc35b34ef1337a7370c991f4a68ae9dafb8d9df2e81ea6dd2d40939f981b84fe14

Download Submit
C:\Program Files (x86)\Common Files\System\wab32.dll.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2

Filesize
740KB

MD5
f1b448122d1c84646ab3b40378d29ce5

SHA1
c64133b4d6ecb9e68f419f2f8b7a990f5542b47c

SHA256
01722970b2a6d7976abf820460b9720a23951b622255e42ab9e695509ac0a536

SHA512
c1176947de22c2e75101ae78027aaf9ad3555a09a78a4c10f9b18a0c6a009c777befcb720fd8e778b6a34a345d75cf3ee4bf1f50822dd91b38661e380d54b51e

Download Submit
C:\Program Files (x86)\Common Files\System\wab32.dll.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2

Filesize
740KB

MD5
075841de229551c9bb6f74cadb7cdee5

SHA1
fb1fb0eb1381bc564bd6bfaae0e77f81ce13650b

SHA256
1b18041b545f10c30e73ca5e53a4f0a43917f404db0c11ff31b9982b1087a484

SHA512
2080a6df61fe067e1510bade5e457dd5036d3752ec8bb7aabda5337346ab89a7453878acd6c6c480ac1af2d3cf0a4da6d57242c7c5c379c6f9277adcf8522298

Download Submit
C:\Program Files (x86)\Common Files\System\wab32.dll.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2

Filesize
380KB

MD5
a098717d0ced18221cc517264f855e64

SHA1
f8ad5f8412ec62eb47f75e6fe22166cf434f8178

SHA256
1a37f8f65a28cbc5fa4a4270994e624d895112886774d9ef681e2393ea8b3a76

SHA512
0404772be03b1e8fbce2e28a689da7d33a6b84f13a717adf677239aa0af26fa8b3cd3d33191c49d769a3711d92b9f4bafcf51da0df563e6ab26d25a470eacd55

Download Submit
C:\Program Files (x86)\Internet Explorer\ExtExport.exe.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2

Filesize
47KB

MD5
f7e02f14d1a005ad5d70b016873814ad

SHA1
c10b48dca3d25db3bbbb57176a3ed6c069bb883a

SHA256
1259028107106a7f9405718dd3149fe9e281d2915ba26536919d9b1310ed1ff1

SHA512
72d6b279afdfc34f2de9809be6b98afb0c039b98adaf68e0a2b9ed3312375f862b06c6c248990c82282099ba6f7fe58d563a11901a0e16125b1458233e7a13f9

Download Submit
C:\Program Files (x86)\Internet Explorer\ExtExport.exe.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2

Filesize
47KB

MD5
26ceac6343adc14689b40a1465ec17a3

SHA1
18ccd3ed44583ca0e4fc9c607bd1b917533b156c

SHA256
fbdb6a1b579196832ab5e8ca91b011e5123229b15f2e46255827cb7c31be1d81

SHA512
c0b57b31a76e382c510d536fc050d32db426abd242f4c1f97d79c28fed1a15c5d7f7a83b974e45dc7597b729bc97a4168c525727d385c6c0de8f8d1165a3e417

Download Submit
C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.Targets.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2

Filesize
7KB

MD5
2c70547b0ad88efd6e08b3879a0e3b50

SHA1
0a45f6d402791670ee8230c9ca13d827719d3c4a

SHA256
069b96093f8e65d1e427be3034401005d722ca80be5c1d3814eb8e0011a39191

SHA512
be5dd33f994dde539717dc21170e33ec925efdb3d04f1ab8189e06555b45f20dde7cd288c1795209c10c0e1296425fee676d363cc5ee5f97c3761f3790b541a7

Download Submit
C:\Program Files (x86)\Microsoft.NET\RedistList\AssemblyList_4_client.xml.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2

Filesize
15KB

MD5
89025116a0fa2f920800eeab43d27fc4

SHA1
45b903fa3d9051aebec4c84e07ab8b081ad5a3c3

SHA256
2cdd026c31915f1130a6c4cbb52a7b6eef391c2a09ff25b89cb92ae4fff368a1

SHA512
baa116edd09341df5bf8d78e389483c9142433d61fcf6acc79d8c6753d19b259ca8851df8369b29e4a1ebcb41fcd1b98243155b898ff3704cb4d75858f3e4c35

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2

Filesize
3.2MB

MD5
a80dfb85b0fc4f43e537dd41ef494f11

SHA1
cb26a8cc4cf028fa277eb81d3d446eeee9086718

SHA256
5379f9a36a348264d529486d69e0a33070c4bd78a6d4d486a2f07cb1b55f6fed

SHA512
655310bf207586bcb12f296b3dad4ff30da6b54f731948f5a47885ac589f197d724d19d39fb53d57c6d38f49d46501cdd865433bb8a18187a059b087f7d720c3

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2

Filesize
3.2MB

MD5
dbef570d961eedc107d5f9f7be5e4807

SHA1
4d7f76e9ef45180975c28641ea2c8b59ede01306

SHA256
2e1bd9cda6baae005878c036d557ab27f0418f30e9829a54ff57432a51c91c97

SHA512
055af3e7dd1e8eb01232b10fe7d0da75bd9ef3c5604cd584e5ea797894e49240f895805fdfdf56222b64df9736c690daf414cfa84085f76bb3770aa3aca31d41

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2

Filesize
233KB

MD5
e9f347bf569149a85c28186fec668822

SHA1
75cf5e5b0042410b04b35bce8b6bfc1e539b6ab5

SHA256
fb33dc54e08ed53d58a8b1de589cfe4596ce9c1c0c56b0eb8f5b880151985b03

SHA512
a50e230d108fd91bbfd26aa49fad450cc85f0baa2cdef2dc45bcc622d6abacad3e79c7f8495ac9a67877ea2ff0685f17b0a17e74c4f11c3bee16c43b2ee04854

Download Submit
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\PresentationBuildTasks.dll.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2

Filesize
584KB

MD5
b7109c878ef2c454f0784d142b25bd96

SHA1
a5682cd9b7675956d581a98af8ec7d2154888d21

SHA256
c480ee429573142ff3dc02807ac015cf67eec21f3567ed68d8fba316aa1bf5fc

SHA512
325fe8a5c84cb415b17b1cfbabcc31625c852ef227cf88f2b5f44bca2932a43214bac350e2f011399d1b6d63f2bbfa39a16a2d1cc837720eaefc5879c0a64c81

Download Submit
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Conversion.v3.5.dll.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2

Filesize
104KB

MD5
2f9c9de15f8c54c2ba6398f5b448faa3

SHA1
b4b25c076caf30f3bc6ae440736af61f76a08f62

SHA256
8a7e06d75b7578ec108de23e9d93bf93f59b910f69d4011151ab6a03af2dc6c6

SHA512
be345b3b4083153253400979fe21ac038caf52662a17664a08fcda5934a9e4d12228c51ae89cecb1dda3132e21f7181a1fdcaefe4b8147d1f6dd7a21504c8d20

Download Submit
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Conversion.v3.5.dll.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2

Filesize
104KB

MD5
bf7ac11d936f6f0cc746bf2b1e27b7cd

SHA1
914e12777bc45ffd5ec465b3ddf4e3bf0c934e42

SHA256
1868c254be1be0818fb9d9a6f5cbfc6e192d141687a1e2742d386f769b2ce275

SHA512
58ad7e6b828de2f227442ad56753f2ba81af34f811f01db8d63a6c4f04dc1c54041c7ec706cae5602906b22491be487f4a66eadc8ff4b46e0c1f187d69906666

Download Submit
C:\Program Files (x86)\Windows Mail\wab.exe.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2

Filesize
505KB

MD5
1c5f9112adb0e8acde72111edd8eeac7

SHA1
b6a81d2573d3f6e99db91b3af8edc1d0f9f75615

SHA256
fc9fecf9e8f2a34c281bc504038e9a271b9310ba0de72cc61ffa3c60038784a4

SHA512
f1a5f015134bfc7d630bfc0241aeac68fade35030093838249fcb52e36acdcc397aba5c0bf7f8a501970b6558d9372ee02faa8eb424fb14775c5056990fb9139

Download Submit
C:\Program Files (x86)\Windows Media Player\mpvis.DLL.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2

Filesize
161KB

MD5
c66d898f89cfb2f05db8b2442424a211

SHA1
9c7f96770df0083f4128b8387fc89dfaebef0ee8

SHA256
ef37686dd974cee9827e4c003bfa723089547c3ee02c0f673bc069c2934b9979

SHA512
ec9869ad13a2b7703e583b695915bb49f7606859f501b187fc918ad199daaba8f2c1294ad6d04aa99810e07282d54b1ff8520d45e20ea4b9fa1af7c70322ec6e

Download Submit
C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2

Filesize
2.7MB

MD5
809887ef6353f7f78711cc61874e22b5

SHA1
e884cff6a8dc987ffd68c0eb39d0c2d189102dab

SHA256
9dd48800db290e7b9944ba33c6c814a9d0d42db5b8ec503e617053c14e43a614

SHA512
cf2f22a29984fcb14d2b8fd1d2864654517f647ecd0c1d40c5b34b4df1541dc1c446556da017362435ad62f9db7fc015dbc5893fed24121226f68eee56695e68

Download Submit
C:\Program Files (x86)\Windows NT\TableTextService\TableTextService.dll.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2

Filesize
622KB

MD5
3c4e17fec36738233045df23b4d6d46a

SHA1
b666c7a01b877d4d6c000aed511151f24a148b8f

SHA256
0cf382301691f3ac5f4447128e7a9ee5c1ad4ead5c2beab8c76c168e71a3587a

SHA512
188c006041918466831eb1857356298ab49e986ff86bfd66fa5bd92bf69fbc3dce2cbffde67f5af85f8cd906afe8b04c21395ec2e1347b85e7e3afc0062bb527

Download Submit
C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2

Filesize
93KB

MD5
652f783d2e2fa0d84164a48519357588

SHA1
403b553e364e2ab56a0530ac4264cb3cf7589b41

SHA256
d70b637db4113672917d05cec9cf9c5206d625a1ce0c9e1cf6ddfc928c60be6b

SHA512
8d5048e753d1d014a24c6ecebafd7159161b43d5b58de554aeb00b7265246326ca830fcb42f9dddfdc4383e45682dde80df55f352e6dffa3a823d5edc2f26cbb

Download Submit
C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2

Filesize
93KB

MD5
abe1c3fc933250f0e7dd06c0144a04ac

SHA1
5bd1858d07431fb186e0fb747d0113c9097dc490

SHA256
409c7fc4296fe60a979b24b2e8e6e2ff0a2f1ddff57d39cfb2fddb117374c0ac

SHA512
92e74c2e611d5087a8dcf9c664161444299b1daade3a2b93999913d99a5215cf0e478d9542023791c017df2c1b560915801ae1acf9bb84e938d092a9dc089a53

Download Submit
C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Microsoft.PowerShell.Operation.Validation.Format.ps1xml.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2

Filesize
3KB

MD5
079bada89163781bc69ceff98fbc7d3f

SHA1
2a1d9930b424fec4d1df4e64731c2293af7752a0

SHA256
c5e3aa26ee07222b73fb113fffd7ec3b94f0d8396203617e525ed0fb57675eec

SHA512
bd7b43b9d602d2a7b4968cd5926ae7857b7d10ab78fc65429a6876ea61e898ed78dc9fedf9c60ba3a681f91ab5b2ffde253d771fcb1b6cdf3027197b897eb29d

Download Submit
C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Microsoft.PowerShell.Operation.Validation.Format.ps1xml.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2

Filesize
3KB

MD5
53bcadafad7e91c511c15e10a61e66e3

SHA1
b1bce155f577cc04eca86bee436b9ddf3cad276b

SHA256
04f25e644d67cb73b0cba229208cd6524c59216cde7ca22b43b82dc8fdd805b6

SHA512
7f4b8b7e6e73b4ff4d04ee3de18b017873e783a35a62f76c0aa28be8c815890236dee242ec2fb8af629ec757123475637c6b4c771becf6c2c9a7765dce784a71

Download Submit
C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\Build.bat.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2

Filesize
752B

MD5
33e899bd041b8b5e60558557e8f65908

SHA1
db227430fc402b4f8994dfbfa72e00a4b78b02eb

SHA256
9fd91d610b4e7811bba456bb0be1fa5e2fd0b5729e95a08a5ae84fb74fc2f556

SHA512
dfa8cc6e866d50f8aed20285d0594046dca4473666ceb542c467da541b455e890faa3059df9b4330b891bd9734e0678215ffc5da703f80a74384fced7305c9d1

Download Submit
C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PowerShellGet.psd1.2C811D3DF4688AC8CA554E4F17CB10515F8ADA9414348D99EF18E1DEA7E532A2

Filesize
2KB

MD5
550c8762ca08b37f91b217fad44e47d8

SHA1
9e61fb31c477ac6607515cc6e625247b7ed5bc1f

SHA256
c5403a1969506324bc2f1d0c783fe6c0d8a02ed0c39da6ddac8fe8d62fa22f86

SHA512
db6c4b5999b186856b853573692dd5b460fa63e5c5c451659b7e5e8b8c6a8b1194de06f6d9d0d5d8b1f53445a52ea4a8b5753736d271bad521017ccd8bd52219

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8276eab0f8f0c0bb325b5b8c329f64f

SHA1
8ce681e4056936ca8ccd6f487e7cd7cccbae538b

SHA256
847f60e288d327496b72dbe1e7aa1470a99bf27c0a07548b6a386a6188cd72da

SHA512
42f91bf90e92220d0731fa4279cc5773d5e9057a9587f311bee0b3f7f266ddceca367bd0ee7f1438c3606598553a2372316258c05e506315e4e11760c8f13918

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
058032c530b52781582253cb245aa731

SHA1
7ca26280e1bfefe40e53e64345a0d795b5303fab

SHA256
1c3a7192c514ef0d2a8cf9115cfb44137ca98ec6daa4f68595e2be695c7ed67e

SHA512
77fa3cdcd53255e7213bb99980049e11d6a2160f8130c84bd16b35ba9e821a4e51716371526ec799a5b4927234af99e0958283d78c0799777ab4dfda031f874f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e74940e7c86ec9977a335ae6f8d7f676

SHA1
726dc899244c3a82940f2e07b0d0c17749c87d21

SHA256
2ad4e474cda387dd04dc36d21ff1571d95721a1b9d40ea83bacc540191d120c8

SHA512
baf261ee52cb540b137df4156c0807ea2e1d22859bbffbce89a7f3d2bf2238ed661fb53caa43196e45f9768ac6d1d3f8f364415e67ff6a0712399389061f4fb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
7a96ced594b9cea9fc768b0874649a20

SHA1
08e12959012af90ab33c619bb1bcc46c25ca5036

SHA256
877d82c8aa8f5a628a2e2c32f58035c77ea10ba4fe0ac14c86248e707c1c17f7

SHA512
b7278383431f9f2af78136f207de5ee3625b9f2df12beaa619999875b75f2d0a5c1c5396d75b8bef5f813be0f0e93a01d304e0956ba1ec8e5f5ab0a8037f3582

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
579B

MD5
08242dd21b0bf1bb3df7ab55624381f0

SHA1
44986abc886bc8cf9d7dda495bd40ff45718105c

SHA256
2f275fb155779b14fd109179a5d2829dd3c06e8fef3c29716107e49e7e6ba40a

SHA512
c056775705ea04b4fbab016e77bf9142003b351b1038ce3dc4263776542e16987f30cbd4f7482acb9abb5e044097104ba933bff774c236e174ecd396875f9e2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
865b3fc8bcee0242cb87f81b9b512856

SHA1
dfbe6c72de001d40a8aac23b60f8483dd7130cf3

SHA256
df9215e730ab19352feefb1715a2a1dcba16973f8fee98391dcfa6fd461592f8

SHA512
b7d6ea070b795e4f56947476a0286d93652244995cb713f044e53ca0304893e5ac63f46ba620537438cb660afb11de5c8deefb72e474b08f6406e0c32915848f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
af9f8012cc82c9a8de1c1bfd8bf7665d

SHA1
162d574de26090081f2762d7b3bf26be773370be

SHA256
f24279a8f7c372075ded4c06830597c2529c7c1bc73edf60f265075a81352ae4

SHA512
74a0f7a448392e24b77264d6cc87e908dcc3bcf62ab7d972763824c44f62c78ac25c60316cb79f22caff258603febba2aa1d59f72fa871de726111b0ad22acbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
44960c28e01e8c1a6f4f6de7b4d2194a

SHA1
649ffeef03769a933eae58a5adbd85b8a8e78917

SHA256
b05c11277cb24307755e72f4193181be7e7efe317709ac37231ae2fbff8151d4

SHA512
7ea9bb50f579692634f2cee9ffee79ccd176ab49bc215a069aa2bc58077e71ded6f7f63f6c68f7c8f24a1a394986124555f6f31f3a3caba819b81fd003027330

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ad275769891cd814bd7013d919594bfe

SHA1
bc90eadf7ac23ec43dcd4d742bac1e08d9c40857

SHA256
0e3995181266dfefe746677966a57b0ae088089e6ff3c75a52607ca7d6f60ae8

SHA512
54f11ccc4dc52e97e21ba3e7167fa6fa6852993a3d8fffb4df50ae43c4bff0490f78b004111a96e3ffe7eec0da1a3c06b951094241199a3e817b9f587748fddb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
731d7bc003054d66c5d8cbe548133f74

SHA1
067f0a2dd505e7730cfea525966f6e4cf0b4ca73

SHA256
ce574c1e6473588e600ae46ca0f68d382501ea121cc449c182cf28b54231af19

SHA512
7cc88809cdb17f2a3f7963c01a7d94c8eaf5cdb09d621e422e3fadfd0e1d95451e2c6936ced2e40bdcbff6636950422f963c04d8875e4a32814b9d174c8b834f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2e7eb5cca487789a05ba699e322ef7c8

SHA1
da4fe1965ae4af547b96210ccbe0a1a01490ac53

SHA256
230819d8a2908c03a817b50f2d28935247eb118d68a57bbf42ab284ee58bc6a3

SHA512
03316812113c64c58ef85c083d10e666c1694d91bcf529b564ced3ea12906595b53c296768f894245606e1a9823671d3b216c19ad4e67334a28c349d192f8e2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e1b5.TMP

Filesize
539B

MD5
cec9fba9b75038f1033f14d175e13686

SHA1
55b70b80e1bdb30a45f8d442d70ef3b7b5c4f5c2

SHA256
6bcd69e8ecc127a292be4701ae731874f7ca6a1242b52398fe0e8b979dbb5cb4

SHA512
b838c0856f832516ffd244a3aaa53455a22144a5f09aa81272f4ae55f7d3fec9216ac72e986750a2ea8889e3d3305390efe47a82e9dae4bb6a385dee72d0820f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f1fa05e4-4904-440f-9323-82bd4fdc4704.tmp

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ff441d4316d4f22a7784352ca38accb9

SHA1
e438fa67b02b01c4a30748cb86dd787f529aeef8

SHA256
e2ea7dec1183d0e0cda4cfcd8f59153d2eb6564d2cb3dd1b47466741d9247e36

SHA512
a3fa522b5f84f7788e46c18cc65efb8b8f28c85eecedc552f4ec724a6e5b935be485fa2aca50029bf244f1a733bf0284d93ea3f9ac92f3e0983c13dd89178b32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
591978fbffc98dba0cb828db08f6598e

SHA1
e33334db3f2b26806276ab1a5a4ad767e07a4aaa

SHA256
358c978f47fcc885abf6b6ac3ceafaa2454347ca6746bceddab053d8ca86c4f3

SHA512
5cabff7da4a403eadf2cf101fca88f8ddbbd863ff1ad09dc2e55b93720991c4968bed2e93cbd869d9ccbfa996ab762ced50413a1e97ad2c467d12a191a2df45f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
bb2f872323ca36dc1da98d3bbba20da5

SHA1
579ab84395671bda2f64a12257d82a95180f3699

SHA256
21744e2d884ef111f16d5976e83991b9feb0eaa9536d58f0146f91095c57e689

SHA512
6f1c5edc437fab3d6802d8f995b90597a3b66b113c9fc20b50d1a2128f5f764167daace6b09c0fcd6cf09f9d4debc1962a65c4d0a46cbec4f4f2c15a479251ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a51155e3d72874df43c1e44a6f9950ed

SHA1
e568248419931eb98f9f7406c50ade04e182346b

SHA256
3e2444e3f039e0009ab43e0b3b1911e5577f628327cb31ad9021e6f79d3b4aa9

SHA512
6f502d1c397597fb171d559a2bde5f62ea409980b7dd3e7478753e7fde4e08e7297038231d312705ea601eff3fea1ad8c4666e0c73a1de4b54d15af501a52c03

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zgr882s2.default-release\activity-stream.discovery_stream.json

Filesize
45KB

MD5
28c63e47d7188c449f09db5e2a1806ca

SHA1
fd50e9e63c5dbacb2930b755f328c15eb37d908b

SHA256
72576a2d0a9e8859e9947535604edd3ff79c457335a4af6cefa37f7a99b671a4

SHA512
c50c2c477c4d2370466e00d7c3236061c524ceb86e54963b5cdeafbedcbd02bf3faf2c4134c4cccfca3c44232ee9f2c816438b13c908b396a5f1686202ef3803

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
551bdcb736cb32396a01d77aaf6571ce

SHA1
6f84a289b9dec1f05eb915ecba66cfcf63338221

SHA256
c429962518686041632b11cc7a8b9e2b5242e0ea4d67eefe53864fbbda844981

SHA512
f7d8b964e8b64f3378c5cd54be942e8c09c9f0a1c3a0786ea0a04e672581980961b4937e81ed042c6bbfba6129a0e4853f678a6428088d071a3c62462c2a8747

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
57711339568b2b35acf057cd4320cfe7

SHA1
0fa2921446857bac0b0d2ef7b7ec5f10a2293c9c

SHA256
a29472bab3d5e94ab0998404174bdcf1e84c78923f84e0acf4c6e20467a275e2

SHA512
8e49fd8f9e3cc1c3bf8dd8684d13f81aed458438c488114d9b485077ec479cd9aa83a42726daa44cd651bf0e14769adf36fc8506f187d844fbeec021ab7f936e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
88d23adee236785f7cf121ee044f00de

SHA1
c9d4ae755c4417ad2a617cb8bb4c8a7a0baccba2

SHA256
9bacc1e841d735d40c1984d8a51bade935196966c2809b19821ebf64381e25d2

SHA512
a3f960075928fa8e7e04db7b5abf739d251c2375a9dd01e47af4d94efbb7745d7a3574c4fbb82ce09a2b2ba2b28a7148e052b0cfe39e6084e768841498d30937

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\datareporting\glean\pending_pings\bab43a6e-8f4b-4e20-99a9-8069e730c704

Filesize
24KB

MD5
ce19c7ed75efb5123b7ba5d846b7e591

SHA1
5b2ea93f47241c0e9d72f77bf92c116ec226fa6e

SHA256
bd235b2d78168acc6cf7c230b6a9377bd90fef4084f196907c36dcaf613bd3a7

SHA512
be532b0e609ef701cd2b6cd2f57bf0cdd5478615bf5b16b8bce2881f524fc908a6c45fe76deb4a01b7632dbc4991f8d8bed834b62d1a5cddff8fe5a6c00481b2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\datareporting\glean\pending_pings\df266a04-25a4-4588-8bed-5a0678e638c5

Filesize
671B

MD5
51043e0016591d2404b9fed018e5db21

SHA1
19114feb184fdab68941c7a0ade9f1e9751ccf63

SHA256
070e113bbaf45c0e5ad18251652167207abebc57c446c456a4c0aa78e94467bc

SHA512
a7bad6f34c7b206c8170a66377cc9d620813c9640c091ebbcd087623d1d544a1c1454a0053836b59125f28eff63f2ae0a179c3fc8184d601963e8c93540e2f39

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\datareporting\glean\pending_pings\f3c0f9ae-1195-48fe-8d6a-f2060129cfbf

Filesize
982B

MD5
87e0221bce547b9642aaa2afc249fdc3

SHA1
d1ee05ec0dc248d17f8e21c512c822bea1e3dfe5

SHA256
7c770fac2616c410d59bc5cb89542920960587b266d2371f072735bbd97709dc

SHA512
c99cc36d85b4e9208f9a4e4d114bf560423361ab1de6093912933be78ba8db299575eabdeeaa0cc285b970ac43c2212ac075f0f4d21c3634541766b9a3b4a4c6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\prefs-1.js

Filesize
11KB

MD5
41026dc503934cbe9e36f810e8029f93

SHA1
a98e27060e67371130f9805d267f19148d3fce66

SHA256
782f49c49ff1d7ec49c0245dee74929f1de24b1a8a08d3696753787b639bb2c7

SHA512
7bc214946d69aa09cf3c2773db105305d808d8148b6e247fe4cb4cfd801cb6638b354baf5887fab92e70d959d7e2be429d9c2dd4204bd06533fba270ddd7c620

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\prefs.js

Filesize
10KB

MD5
d4e095eaad4b030132d5aefcb38145d2

SHA1
e696bde88b09ac56238ed89ea10afc951398b534

SHA256
f0692ef09c4c5ee569d67db7b0af5136dacbdf57051a807fd90504f1f0e4758d

SHA512
2b5283605c6d3b53a9843c9fc9b2bddb79e1d8a3e4fa99b6fa2eb1238f86acedadcc2f9e7f07416d9a4ae4162ad723af5e4476ce2f5e5821075dacf0c3c4daf9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\prefs.js

Filesize
11KB

MD5
fc7d1180e0da6ed67a10838122ed97f4

SHA1
d4a5dd1636e99c0337016305592cc9c09c433bec

SHA256
3e3c753968e13375803c5ade9e98ad011c08a35720b835504ace6dbc75cc6a80

SHA512
870a39fe5584af7505b2ce5aa329c09785501d08ffcbf0bfb602741b61e77574b9ee9bc6f056ad6ee57799ad7928e2f159282107948b11417a739681da295a45

Download Submit
C:\Users\Admin\Downloads\InfinityCrypt.exe:Zone.Identifier

Filesize
230B

MD5
c904db59e1d39c115a89c9d20e4df7d1

SHA1
8bf2036530b7e0ce6df2202e08d5356c3473b826

SHA256
a3f77532cd912a250e2d9b63deb6b0c36baf20d1002863e265f2b0e5681b7914

SHA512
309b2315ed2d26c6e9075f358efaa10d2a0dd538eabcc87fd0e5b86a45919d76b67a7a08e740d68f949388e86c3ee3b0a7c7f8741992496c30392917db6b7e41

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 952474.crdownload

Filesize
211KB

MD5
b805db8f6a84475ef76b795b0d1ed6ae

SHA1
7711cb4873e58b7adcf2a2b047b090e78d10c75b

SHA256
f5d002bfe80b48386a6c99c41528931b7f5df736cd34094463c3f85dde0180bf

SHA512
62a2c329b43d186c4c602c5f63efc8d2657aa956f21184334263e4f6d0204d7c31f86bda6e85e65e3b99b891c1630d805b70997731c174f6081ecc367ccf9416

Download Submit
C:\Users\Admin\Downloads\pwBNzpWH.2c811d3df4688ac8ca554e4f17cb10515f8ada9414348d99ef18e1dea7e532a2.part

Filesize
746KB

MD5
276effaa54defacac94cca330e174a10

SHA1
3e595372308108b3bc5a106ac6a4a249bf545306

SHA256
ab6c7701e69b1b0715dab2a7c48f02117a164ecdba27b10aaba65eea52060178

SHA512
8944971888b0c3f00a4ce743a24b732c225549b56e42c2af60960c64926ea61751e8fd9c8be2ba6c55f4572638800194e7b17f66afea623bafc38faaf60dab66

Download Submit
memory/2352-3964-0x0000000007750000-0x00000000077B6000-memory.dmp

Filesize
408KB

Download
memory/3592-235-0x0000000000E90000-0x0000000000ECC000-memory.dmp

Filesize
240KB

Download
memory/3592-236-0x0000000005930000-0x00000000059CC000-memory.dmp

Filesize
624KB

Download
memory/3592-240-0x0000000005B60000-0x0000000005BB6000-memory.dmp

Filesize
344KB

Download
memory/3592-237-0x0000000005F80000-0x0000000006526000-memory.dmp

Filesize
5.6MB

Download
memory/3592-238-0x00000000059D0000-0x0000000005A62000-memory.dmp

Filesize
584KB

Download
memory/3592-239-0x0000000005830000-0x000000000583A000-memory.dmp

Filesize
40KB

Download