infinitylock | hxxps://github[.]com/enginestein/Virus-Collection/tree/main/Windows/Binaries/Ransomware

Analysis

max time kernel
103s
max time network
103s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
22-10-2024 21:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/enginestein/Virus-Collection/tree/main/Windows/Binaries/Ransomware

Score

10^/10

infinitylock discovery ransomware

Malware Config

Signatures

InfinityLock Ransomware
Also known as InfinityCrypt. Based on the open-source HiddenTear ransomware.
ransomware infinitylock
Downloads MZ/PE file

Executes dropped EXE 3 IoCs

pid	Process
5764	InfinityCrypt.exe
1568	InfinityCrypt.exe
5028	InfinityCrypt.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
63	raw.githubusercontent.com
64	raw.githubusercontent.com

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeLinguistic.dll.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\ja-jp\AppStore_icon.svg.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\vstoee90.tlb.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_gridview_selected.svg.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\s_agreement_filetype.svg.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_sortedby_up_selected_18.svg.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\fr-fr\ui-strings.js.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\ru-ru\ui-strings.js.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\ko_get.svg.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\he-il\ui-strings.js.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_removeme-default_18.svg.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.371\goopdateres_nl.dll.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\it\Microsoft.PackageManagement.resources.dll.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\en_GB\WordNet_license.txt.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\icucnv58.dll.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\selection-action-plugins\epdf\selector.js.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\fr-fr\ui-strings.js.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\@1x\themes\dark\A12_TypeTextFields_White@1x.png.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\pt-br\ui-strings.js.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_forward_18.svg.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\back-arrow-focus.svg.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\back-arrow-hover.svg.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\over-arrow-navigation.svg.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win-scrollbar\arrow-right.png.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\ca-es\ui-strings.js.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\ja-jp\ui-strings.js.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\sv-se\ui-strings.js.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\cloud_secured.png.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\themes\dark\file_info.png.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagementSource\uk-UA\MSFT_PackageManagementSource.schema.mfl.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\fr-FR\PSGet.Resource.psd1.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\back-arrow-default.svg.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\selector.js.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\sl-si\ui-strings.js.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\css\main.css.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\en-il\ui-strings.js.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\msedgeupdateres_bg.dll.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\msedgeupdateres_nn.dll.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Common Files\Microsoft Shared\MSInfo\msinfo32.exe.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\it-it\ui-strings.js.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\themes\dark\new_icons.png.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\en-gb\ui-strings.js.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\uk-ua\ui-strings.js.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\fr\Microsoft.PackageManagement.MetaProvider.PowerShell.resources.dll.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Windows Defender\de-DE\EppManifest.dll.mui.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\CPDF_RHP.aapp.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_filter-disabled_32.svg.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\da-dk\ui-strings.js.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\core_icons.png.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\dot.cur.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\zh-tw\ui-strings.js.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Download_on_the_App_Store_Badge_cs_135x40.svg.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\js\nls\nl-nl\ui-strings.js.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\msedgeupdateres_hr.dll.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\fi-fi\ui-strings.js.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\@1x\themes\dark\A12_Checkmark_White@1x.png.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_replace_signer_18.svg.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\s_filetype_psd.svg.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\acrobat_pdf.svg.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\pl-pl\ui-strings.js.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\pdf-ownership-variant2.gif.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB	InfinityCrypt.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	InfinityCrypt.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	InfinityCrypt.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	InfinityCrypt.exe

Checks processor information in registry 2 TTPs 9 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	InfinityCrypt.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	InfinityCrypt.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	InfinityCrypt.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	InfinityCrypt.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	InfinityCrypt.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	InfinityCrypt.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 148896.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 501886.crdownload:SmartScreen	msedge.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
5632	EXCEL.EXE

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1444	msedge.exe
1444	msedge.exe
4068	msedge.exe
4068	msedge.exe
1352	identity_helper.exe
1352	identity_helper.exe
5600	msedge.exe
5600	msedge.exe
5652	msedge.exe
5652	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	5764	InfinityCrypt.exe
Token: SeDebugPrivilege	1568	InfinityCrypt.exe
Token: SeDebugPrivilege	5028	InfinityCrypt.exe

Suspicious use of FindShellTrayWindow 46 IoCs

pid	Process
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe
4068	msedge.exe

Suspicious use of SetWindowsHookEx 9 IoCs

pid	Process
5632	EXCEL.EXE
5632	EXCEL.EXE
5632	EXCEL.EXE
5632	EXCEL.EXE
5632	EXCEL.EXE
5632	EXCEL.EXE
5632	EXCEL.EXE
5632	EXCEL.EXE
5632	EXCEL.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4068 wrote to memory of 3236	4068	msedge.exe	84
PID 4068 wrote to memory of 3236	4068	msedge.exe	84
PID 4068 wrote to memory of 460	4068	msedge.exe	85
PID 4068 wrote to memory of 460	4068	msedge.exe	85
PID 4068 wrote to memory of 460	4068	msedge.exe	85
PID 4068 wrote to memory of 460	4068	msedge.exe	85
PID 4068 wrote to memory of 460	4068	msedge.exe	85
PID 4068 wrote to memory of 460	4068	msedge.exe	85
PID 4068 wrote to memory of 460	4068	msedge.exe	85
PID 4068 wrote to memory of 460	4068	msedge.exe	85
PID 4068 wrote to memory of 460	4068	msedge.exe	85
PID 4068 wrote to memory of 460	4068	msedge.exe	85
PID 4068 wrote to memory of 460	4068	msedge.exe	85
PID 4068 wrote to memory of 460	4068	msedge.exe	85
PID 4068 wrote to memory of 460	4068	msedge.exe	85
PID 4068 wrote to memory of 460	4068	msedge.exe	85
PID 4068 wrote to memory of 460	4068	msedge.exe	85
PID 4068 wrote to memory of 460	4068	msedge.exe	85
PID 4068 wrote to memory of 460	4068	msedge.exe	85
PID 4068 wrote to memory of 460	4068	msedge.exe	85
PID 4068 wrote to memory of 460	4068	msedge.exe	85
PID 4068 wrote to memory of 460	4068	msedge.exe	85
PID 4068 wrote to memory of 460	4068	msedge.exe	85
PID 4068 wrote to memory of 460	4068	msedge.exe	85
PID 4068 wrote to memory of 460	4068	msedge.exe	85
PID 4068 wrote to memory of 460	4068	msedge.exe	85
PID 4068 wrote to memory of 460	4068	msedge.exe	85
PID 4068 wrote to memory of 460	4068	msedge.exe	85
PID 4068 wrote to memory of 460	4068	msedge.exe	85
PID 4068 wrote to memory of 460	4068	msedge.exe	85
PID 4068 wrote to memory of 460	4068	msedge.exe	85
PID 4068 wrote to memory of 460	4068	msedge.exe	85
PID 4068 wrote to memory of 460	4068	msedge.exe	85
PID 4068 wrote to memory of 460	4068	msedge.exe	85
PID 4068 wrote to memory of 460	4068	msedge.exe	85
PID 4068 wrote to memory of 460	4068	msedge.exe	85
PID 4068 wrote to memory of 460	4068	msedge.exe	85
PID 4068 wrote to memory of 460	4068	msedge.exe	85
PID 4068 wrote to memory of 460	4068	msedge.exe	85
PID 4068 wrote to memory of 460	4068	msedge.exe	85
PID 4068 wrote to memory of 460	4068	msedge.exe	85
PID 4068 wrote to memory of 460	4068	msedge.exe	85
PID 4068 wrote to memory of 1444	4068	msedge.exe	86
PID 4068 wrote to memory of 1444	4068	msedge.exe	86
PID 4068 wrote to memory of 5076	4068	msedge.exe	87
PID 4068 wrote to memory of 5076	4068	msedge.exe	87
PID 4068 wrote to memory of 5076	4068	msedge.exe	87
PID 4068 wrote to memory of 5076	4068	msedge.exe	87
PID 4068 wrote to memory of 5076	4068	msedge.exe	87
PID 4068 wrote to memory of 5076	4068	msedge.exe	87
PID 4068 wrote to memory of 5076	4068	msedge.exe	87
PID 4068 wrote to memory of 5076	4068	msedge.exe	87
PID 4068 wrote to memory of 5076	4068	msedge.exe	87
PID 4068 wrote to memory of 5076	4068	msedge.exe	87
PID 4068 wrote to memory of 5076	4068	msedge.exe	87
PID 4068 wrote to memory of 5076	4068	msedge.exe	87
PID 4068 wrote to memory of 5076	4068	msedge.exe	87
PID 4068 wrote to memory of 5076	4068	msedge.exe	87
PID 4068 wrote to memory of 5076	4068	msedge.exe	87
PID 4068 wrote to memory of 5076	4068	msedge.exe	87
PID 4068 wrote to memory of 5076	4068	msedge.exe	87
PID 4068 wrote to memory of 5076	4068	msedge.exe	87
PID 4068 wrote to memory of 5076	4068	msedge.exe	87
PID 4068 wrote to memory of 5076	4068	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/enginestein/Virus-Collection/tree/main/Windows/Binaries/Ransomware
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff93e5d46f8,0x7ff93e5d4708,0x7ff93e5d4718
  2⤵
  PID:3236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,17876422289682190284,11979640895014733190,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  PID:460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,17876422289682190284,11979640895014733190,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,17876422289682190284,11979640895014733190,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:8
  2⤵
  PID:5076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17876422289682190284,11979640895014733190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17876422289682190284,11979640895014733190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:4144
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,17876422289682190284,11979640895014733190,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5224 /prefetch:8
  2⤵
  PID:1592
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,17876422289682190284,11979640895014733190,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5224 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2060,17876422289682190284,11979640895014733190,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5612 /prefetch:8
  2⤵
  PID:1080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17876422289682190284,11979640895014733190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
  2⤵
  PID:4628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2060,17876422289682190284,11979640895014733190,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6020 /prefetch:8
  2⤵
  PID:912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17876422289682190284,11979640895014733190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
  2⤵
  PID:5208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17876422289682190284,11979640895014733190,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
  2⤵
  PID:5216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17876422289682190284,11979640895014733190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:5368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17876422289682190284,11979640895014733190,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
  2⤵
  PID:5376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2060,17876422289682190284,11979640895014733190,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5416 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5600
- C:\Users\Admin\Downloads\InfinityCrypt.exe
  "C:\Users\Admin\Downloads\InfinityCrypt.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Suspicious use of AdjustPrivilegeToken
  PID:5764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17876422289682190284,11979640895014733190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1896 /prefetch:1
  2⤵
  PID:5980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2060,17876422289682190284,11979640895014733190,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5772 /prefetch:8
  2⤵
  PID:3056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2060,17876422289682190284,11979640895014733190,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5716 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5652
- C:\Users\Admin\Downloads\InfinityCrypt.exe
  "C:\Users\Admin\Downloads\InfinityCrypt.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Suspicious use of AdjustPrivilegeToken
  PID:5028

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3148

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2004

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2288

C:\Users\Admin\Downloads\InfinityCrypt.exe
"C:\Users\Admin\Downloads\InfinityCrypt.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
PID:1568

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\Documents\AddSwitch.xlsb"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:5632

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\icudtl.dat.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB

Filesize
16B

MD5
af924710ec7b2b2cb09d0d4bd4d5f966

SHA1
0b1d453edeab1f70dfd31de0f55e706c2c3c6e91

SHA256
cc029d591eb2d78e9a4c51a6dba73a0fc5f70dd1535a647894fe7215dd2cca55

SHA512
c11c3b48048a30f529ec30dc761cb1f506682f645a91b1cfd37a58468e21d623b1fa29a1b45c5f3d4f627cad86ab36eef4de6762b56dec13eb51f064ed6846e4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_remove_18.svg.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB

Filesize
720B

MD5
6d9b09448eabc4d1836d59202f70f2df

SHA1
0d840fa5389bc0a38be7f66cde2208a1c3820125

SHA256
a975d3602e5127741baa86ca79a958b54bb8e8653bae450271343d4ffcea975d

SHA512
34a070cba392b401f901e03e925e8fdc28137ec32b55ea2ee5a29b50cd4a69dda1193bfbfa747c1eaf03f518b5e2d0f56c393648843588d61ada0f1431edf646

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons.png.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB

Filesize
688B

MD5
f8b4fb5a99936c99848f625513d7749d

SHA1
2fd59c8dff609c4a7b95f3403c926e10b2252acd

SHA256
fb9ea2814a056b2ebabf66db54570b14b33859feee19d7821775880bd79e5dca

SHA512
e4918a8e7dba4967d23d16cd00ed17f33851cda86b31ce7a4ec4dccfea0afdcc203411c2bdb936f053aa82c96520d593aae4b584ce772503d430e0b54207970c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons2x.png.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB

Filesize
1KB

MD5
0f0151e6cd5b89a5e16950b82f5233c6

SHA1
790cbefa9e6d1d9afb42858587b6540ff01056b5

SHA256
dc27153987abb06992a5b3af31eec0827128f6f8af072fb62d335278f66ecc8f

SHA512
49e493849df883d8282a266bbc3981cfe3acd402037f8be03cc381f36840dfa743e9db82612255e1f38ca333c3aa700b0f190bb9e7b461554ce5636423f8a5ca

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon.png.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB

Filesize
448B

MD5
046be30f3ac818ff63eea7750212c65d

SHA1
980b1e6eb042556562bf8faa98c8d963fdad3db1

SHA256
adf0a8aba8cbf8dd15ebdab664cd845aa5fa9fbfe3d027eb3e868bfd9ada4e2c

SHA512
d77274037207feae7d2adf2a8ac5d0ab23c7c8a45616f5679d542251f37628050384111440ff684166468a4bc040d1cafa8ee616d860cb87009cf9a1de57a8be

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_2x.png.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB

Filesize
624B

MD5
cce832db490750ffc45b466486018e71

SHA1
d4cb998b3a66e5df1f142c26bb10682c300ccf0c

SHA256
262b65ffa4fb58d3bed48901591d2c5b6bba7a35c68b49f6978d69be17e1def1

SHA512
1ab61e256ed144e48ac78c9def10cd9693d916c736acf632078886423f30004211512467a301de6447c61236269704e6c64c9077d6a8071d4c09f91fb339881f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover.png.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB

Filesize
400B

MD5
2b0a98dbd9347f94a8dd6431da94e699

SHA1
25b1cc490a7cd422345a99d0b1c7841d6fc7f245

SHA256
9b8807e94c1c31580a1fce8fe8c2199232437b582620df98d4d114de8a09d698

SHA512
0f680997b3f8d399b54cf2d9b29d343eadc897ea580fe61826c62943cfacbcbe9e26042761509be971f74459fbd388da38765a8fba6393bcefef9430a0f90b31

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover_2x.png.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB

Filesize
560B

MD5
b26a580514fbbcbe9c6bdd1f52ae5ecb

SHA1
ba52741c7170630d3d656568dad88c051376d636

SHA256
f370fa6bcc96172df57b83a6f981bf85c9e53e109a1f29359d67305878e586cf

SHA512
afbfe71a1942752300e93b5424ab91e28fb13ae33752b0ad85f3a3e2614cdfb8d8d03a787f6b4d8bb038efba86b3c652bfe0fbd0a0a1bdf9d86f1f876c3d5f28

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon.png.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB

Filesize
400B

MD5
fb9d81ff99ccfcb06acec68ded3b2873

SHA1
94a9b4485b8d0da52a0a0aa3bb9fc6ca97334372

SHA256
644ffac61cf1f043015480a2686b24d6399377bca3946532179d3dd497d86356

SHA512
5bd01a9044b8a1dd627a3f8e711e63ea135f7f6e4dd28626f529bf17fcdd924a8590171674d160783f9dd1d0ba916274d8fcaa28cfb7fb82d28a6b0c0ba7e323

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB

Filesize
560B

MD5
4ebdb9458370545a877744226cd0c452

SHA1
62b21b3018b4b16a4e49e7d967ae947a55763660

SHA256
b6f7ce1b88298279bd7cc68fe73fd18dc74c949c54c8af691b1eee36e0a84a64

SHA512
c9034d77931e5388e60ea699c53e825e4660c5b148ada3619aa6d9cd6d74f780db66807c3f5113637fab28cd7ac1e60e9307e1366f12d6c8922dd83d2cd50c91

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB

Filesize
400B

MD5
b847a8940354185cf65ee212760ee74b

SHA1
853afa70b00ecbc2df05d760daab9e40b21ef977

SHA256
fc686a13fa8405141fdd0aca23e04897e503e908985dcf13b3728e2a14f919ad

SHA512
ea225060c11fcc8a0477be2a471665b49e6f01d498a069c7969e2d3cc0025dd9fec847938687a33b3b50ac16387340f203ed0e75f8354aee71c2c2a70947982f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB

Filesize
560B

MD5
ce24cbdc6081f32ecabb160517c2d013

SHA1
0b62d21f82131ea65b3388bd1f6601e9f1e83d58

SHA256
d9a7a629e3b4998641b5a92a66f6cd6d76fadac539cb2fd4feede9af12246ff8

SHA512
b83fb0a8ede943349da06b44e408e38dd3217ac6d35a07470f5008d3b89b7284bf5da1b7a2fd02188aa5effaebdfec32ee128b44281df3f1612607ed233ddf2a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons.png.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB

Filesize
7KB

MD5
9b17a8898faaac1a48af9aee7d7867e3

SHA1
25efc788ea62fccae3d12a13494cd42f82fd0851

SHA256
ff7b3a43dc1204d377b7d6eaca171cba9c7512d329620e7ff8047c84f632756f

SHA512
c51003182de27df8c446996144c6cb737beac291b2a667b91e5a60af2fe2529383c4124e68662294ae5edcc80fe5034becf70adf56a5bde18c0628ba68cf5430

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_ie8.gif.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB

Filesize
7KB

MD5
2c11fd885897d58f1d8bc768506b8e8e

SHA1
9ef85873818700d4c618fcd0ba9b78c021c5de56

SHA256
d0642e2a060f33bad325bd79593b65f099165b7df71f90e17dd97fd83d38873c

SHA512
b3e9bcdda9a65408504bfb4dbf19fcdb4557fa6aedb1fc29d46a943d3eda22f4b6c4cdddbbbbc850da64e6f5f63d6a54ea14e3ea149b01cce909d4b7dc6d83f1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_retina.png.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB

Filesize
15KB

MD5
6aab8f39a8f79e14f972672550165781

SHA1
48c10f3277863028ca2d4710e4b6507090649aca

SHA256
7fb362cff3324db6516d93bd2f19ff913bcfa9b554f82e35c28bf977ceb8f4fa

SHA512
1f24c38597298762d284a779241d946df96443c317223446b4468816e0904171b162f1ca3be3f1567a3fbcb0e84cfa5333ff67a457b2d59ded2675ac9058fdfa

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons.png.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB

Filesize
8KB

MD5
e884c5bcfa2e0bf8aba810e51ae4fb91

SHA1
39d640c49f15459f8ad64b0aa7454e828e4f5e31

SHA256
6f48c98a9925139dcd0c526c0708a2dd09f5d41753a024088512977f91dc9918

SHA512
3e87a74ff66bf70250a3f177d2cb337f4a7b49b868bd9638760d235f3460fc06a1de56e5ab7b65db2123a8948349e628ad34340ddce080e9757adfb0a7e844e9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons_retina.png.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB

Filesize
17KB

MD5
2b38ebd6e8404e3c38f5c81c9f7076e0

SHA1
e7c3a5dd43ce87112e38f404b5ce2d195184f55f

SHA256
9f2f56cfe62afef7f567675c89e4d7d0c2b3a94edeadba4f92e25dc755851d6b

SHA512
3db35668c97b8d32c919dbd2614b619f0b198b30c55dbe8906e8d4e0b99afa0d96219354bc0910977482829ae89edd8212bfc24593bbef3e9946321b73863571

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_pattern_RHP.png.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB

Filesize
192B

MD5
bdd840d02e62056ecb37b272b463850c

SHA1
d4bdc12ef4101d704d958e0c59fe4f1503994eeb

SHA256
77d62c941864c0576d9ddabb0fa0c045f27a1cf75791e27cc6a6ac9c6920cc84

SHA512
c3562d643723f60edbc490fbfa530c3bc90811ec1a66dc503405e9f659bbab9cdcfad6434d090f6f28e434dd4d93fbecc5d032e4d2e4322f29e474191b8e9972

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_patterns_header.png.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB

Filesize
704B

MD5
f27dd78e11fbff1b6bb389c5f92540cb

SHA1
9085a9a9a7359e39ff6dde6caa73e2707ccfc926

SHA256
e72770bb512bce947bcf5e945f47f8e8b0ac517cc80ae6a5574057018b3e8c82

SHA512
220a2db2ccbc1f196db0a5b9c7cd703e5034ca21e2f3914bab4269810028a35e19117618955e98c5baaff03ae4241b9e0f3c9c73d6e912749e69b3ffd8684c97

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations.png.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB

Filesize
8KB

MD5
348dde3a45226c84f9b3343ee34c1441

SHA1
df388eb21cfd76fdce85b182499e4a1c442ae83c

SHA256
0c24c96f56ace415463de703305417a4cbc5efc1c843a7923536093b1332c3d0

SHA512
7324f124e7aae33913bbafe3cb7ac2396c1c372096fecd26e7803204adcd2285c56daadcd1e25da3219795e50a0bd0105de41a67a16d2d4d99fd17edc8add9cc

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations_retina.png.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB

Filesize
19KB

MD5
4068088a396fa03bf6d136053e68dc73

SHA1
364e11bb427c0ccf22710e7d1af8336ede1a9d8c

SHA256
580b3647045bdeb11f5b39f55e73a2e6a5345a4ffb9b4913e266fed4748ddb86

SHA512
d36b6ce92a908603e0a3795424887dc90abda2bb7b82bf746f76c8c2a99b291227f140c059d1f7633dfbb3402b799d79286e781067290e900a043a6652f7c782

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-gb\ui-strings.js.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB

Filesize
832B

MD5
cbde06d699d8002347f8130465a1cf08

SHA1
5dd523ee99db77c3918446b062d311a9ffcb19c5

SHA256
3f9ecaed95ab6539a87828795ecd0d05b63605c668d42f5317711e040518eaff

SHA512
7f611c9410be32ec76d83fcc8e1b66176ef7129105a2434a780952493b0625d113f9b526c92bd3df0d07fc9b6d9911c027c5dee14121f61f2d4ce1e860ddf873

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ui-strings.js.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB

Filesize
1KB

MD5
79e364069dace1e8ebcebee556cea21e

SHA1
15b61b9b43e1b943f6c3842fddae531241bb2480

SHA256
26d2e44bc6e367f28615097c8fe06a6be5bc7b06508b8157f542be4adfa2063b

SHA512
e37577a3cc202ed37723b26d99a38f75c88e31272a3839f6d36102ab490c857d8abaf89c53160c4238ce49b405e8431f8a94597efb4268989ddc0c9953cace08

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ui-strings.js.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB

Filesize
1KB

MD5
2255bee3557725aebf3f8b9963cc85ad

SHA1
99f17276265443529d368db16f6221a23519187f

SHA256
4bf915d332e66e0f75d64f341ccdc46910a463a46a0bdf54c41bf4cbb85e283b

SHA512
d7968a0f7e19cbc85ab7cc65f21ed54a12760681a5ec3872cd469a3d2dbf267d75f115c06a28f8d05c7dac2654929aa5f655111744d291480463b3a6b143974a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\css\main.css.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB

Filesize
816B

MD5
258cb7bb72cfc077c8b06a2e5b9fd7b3

SHA1
cddd583a3cc9af9fa6651818d8dac94db30ed1f1

SHA256
6bb81f92e84a2d17e21d26023e32ef73bf8235abe8c96c8381fc148ebf48b3b5

SHA512
52feaeb648dd444acc0cbf30980723f43110afa19bf2e922c3ed79fa1f28b55a871bcfd537f78a7862930fa2a35f5e53089c649f64f324b240f9854b58d02dce

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\bun.png.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB

Filesize
2KB

MD5
6998a1544dd540e806488998b7b71b37

SHA1
e92ca6d2d80a21707f1a3259fff4ec10251a7429

SHA256
86b194b9bb3b13444872888d0bf1eacd4980baa14249b932e17bf95573c6873b

SHA512
a3bd8ea7a105c86ecd14ef730be1f88b1416996846f1c47a73d2bd30527b1dcfa6bd3845f90267dfb69dd2d0dfb2d2ea731fa85219c8bc1f78090f6e542ae3c6

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview.png.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB

Filesize
2KB

MD5
8d50c8d8419a48f8aa708946b5e64dc3

SHA1
47045c1f2833e7a3adae0a8a3632991cb7c6746e

SHA256
29189fd1c9080f0f9506d0cdae39bbda0b9aafb6916f7974a25c0a5dfaf792c7

SHA512
c72a87d18edd462b5880f61d2d12a4bbbc73424432493258e2b89c86deaac953d65054d1f3a598aadbae6156212dd013bc786abf1c8c90551b2ceb7d6c1147fc

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview2x.png.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB

Filesize
4KB

MD5
8a9b43cc44d62da4caef214648f24493

SHA1
3f82ca2dc9eb8fce5c42bc150ea50a2433bb0e3f

SHA256
0bc567a9a075dec32d9352740a735aa422f67c84611d37e4686a313edc7f691b

SHA512
cf94640b1b52abbfd9e6c339bec8e56c86580df4200875c53e03b59db0b32c200ee7480b4b25c254a415d2728181676c7506137f8e9bbed1a3e70f7f983327c8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small.png.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB

Filesize
304B

MD5
206a5add71ef51b846488767a302e5d5

SHA1
389b6953210be070d7751ebbc4a8b398e9e20a38

SHA256
1b97434b09e2c80f31586b2bc50faf897acb1dbbcf04c01a12ab340b2420366c

SHA512
fabaff750cbcc955843cd22aca32bbfdc375312ffed2272d147c4a4472519420ed7e115f48afe63d9b646ca71e4ba598167a8dfce4d7753db4bfc7825c3418ce

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small2x.png.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB

Filesize
400B

MD5
96106ed4e03b18eaa23059b82db2a531

SHA1
a0185793ca7cff476c1db308512555c968f2704f

SHA256
de51177362283b3236b75e825fbbe79d4dc1113d7b8b7ef524ec9475e52f99e5

SHA512
358847025215f50244fc9f699d18a7de6ee3da51f6ebb4d5dda1c3ef1e0d22231efe464ee513f36d83a047b21a761134286895e95dcf3c38bdd2e55965f4e001

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\nub.png.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB

Filesize
1008B

MD5
e9281bfc3fff49eb82b9acef7ddc5f60

SHA1
0057d9846c852f61c9e1b0bbe66e9ecc95d44f31

SHA256
718ffb79567d13d26b8fd3802af214d02695329ac4f018aa44ff9761d8ea4b18

SHA512
ae3033c8380303820c2931f21654173b1324a69c9cc2f5b7bc2ca7593917c7fb5a48248cc2565937f40524df1ac38fa35fbefaf834b10c74c6d2720058cd0959

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons.png.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB

Filesize
1KB

MD5
a6e484ad6f213153080e01ead5b45389

SHA1
5d39072987479d0278a968171c001cff1d3f30a3

SHA256
35758c2adc53931bedea1e0ca0f4f72ad815f80766a9fead498547832c97db72

SHA512
5c3ea18366af47cd64193f2c4c85700a45fc6f6543176e3edc4a189b9fd0e3cdb3e132f0d751d881a7f8d28ab8de9ce2113f50871297bee966e54f6286ef6c6c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons2x.png.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB

Filesize
2KB

MD5
10b7bef3b7ebb25e79bebb90f4460443

SHA1
4f40c860b7e4a952adc1bc5b11c5f7cac6d65473

SHA256
54271f802c44dfc094dfa698a760e78a596cf270f6fbcdb5e7dac62e10c087f4

SHA512
582ab26fdadb06f1488981e29b9face07c196d944a1a0ce1de8335f992fa8797711e211e269d9b50a73be02def8cc78a243074c37495f4208c1e5dad649e2366

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\nl-nl\ui-strings.js.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB

Filesize
848B

MD5
87a429eec8b82ca99114a60d37dbe332

SHA1
6becb05d9ab47e79a100a2dec14737d07505c6e9

SHA256
45759442f3c29f9ffe47c3cf3d382e2f2b19e4ccae33f5dd6bb1055744a91a8c

SHA512
75a8a50253aa4fbc6b014b1bd706c47ee5f94bcd35da66f12612fb0ed64e412b7e9e984b1525b75549876c71c632182e1c3833d32087c7a3304bf4ad7e68a0f4

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB

Filesize
32KB

MD5
59df8eb32fcfcf01bf98ec87648eaefe

SHA1
7626a81f671f67f20bd9fe371219b385f45119f5

SHA256
5c12ca811fda6142d340e39dedb94163e56e405f27d5cac48f376b51d286e2d0

SHA512
0377fbcdb2c97b5f065f9746d007585bc8717b11117eacdc615e0d8cf41692ea6f3f898190a593bece7a37518cff8c62be9fe979d0be507209e38269eb00496d

Download Submit
C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\dao360.dll.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB

Filesize
596KB

MD5
bb8e63a2839fab23303ba5de92af47e6

SHA1
a0313c699e075410df6475bb3850faf5d303d852

SHA256
51e68da111c789699b83e43f213ffe8449c37348ce2de5bbf998308f290df575

SHA512
e678002cdb8bb8227450132e77080976f04b7f15c1f5d07ed5d932eb249a548524f341d220b57490b9a43517c46b8f4454fdaa56cad635b4b5bdbbe84eb14df3

Download Submit
C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\dao360.dll.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB

Filesize
596KB

MD5
9f96cd903689fa32157110dd83e26dec

SHA1
3e17c5b39b18bb27f93bf871c14a3de2baaddcfa

SHA256
2554f47dc215284467d8fb4172aa615b4a4afc4e74e986991796af88c4935d40

SHA512
feeceff8a81a25999a6bec04e06eca21a5c7a60270617f2c8f635ef4412780b223fcf0226e8dd5d9c77472a552a81d7ff1a6e3343d7dc6043dcace9f844b07ef

Download Submit
C:\Program Files (x86)\Common Files\Microsoft Shared\Filters\tifffilt.dll.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB

Filesize
172KB

MD5
7fed12dfe41badbcd5add26a9a8805f7

SHA1
00a39be149f6b42b506d3e1a4dd75154b4d1b529

SHA256
1fbe0652988ba90ce863fd56ee53b63c3c29cb9420aaa8e394194f886d417b97

SHA512
f914b0b408113a1f1d126b4a9114c3e8feadbda7a62453e7fa4f2d72047f894b9de5102814fbdb08ad52c3428130c314fa8e98ef403b2ee283a131548ce26a83

Download Submit
C:\Program Files (x86)\Common Files\Microsoft Shared\Filters\tifffilt.dll.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB

Filesize
172KB

MD5
92d3d5bea9683e60e4c2ded433605b54

SHA1
db39275ca20defa285d485740ef5087620c23a46

SHA256
750c0ee0c61969ce1d4d47d209539b340010187facbc87ffa62b6b81a59d47eb

SHA512
a1d3a28def6ef8be284a1fcdb9fa139fb3ec328b60e98b17bbb866f0bcbb1ce449e7ba643b7e6f61f47c56ca6066ab8ca545a9f49fb99367e2b40c7f9645d4d3

Download Submit
C:\Program Files (x86)\Common Files\Microsoft Shared\MSInfo\msinfo32.exe.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB

Filesize
212KB

MD5
eba4b63a859a5da2adc8769e985bda98

SHA1
94e33c847c1a6989fa363b1997646e9c4b24fb2d

SHA256
71bee44721609c6dd57b38886b294f2c74a3a2338b33b2f84b244952951b9280

SHA512
3dd7ba9b5f530a63f4e0f677213b17a1140ee06a2c896d5ab82e20bdca8b789bbad84513e40ed03c7f06e758a709af0635646270c503ae50fe7ce901a6c24713

Download Submit
C:\Program Files (x86)\Common Files\Microsoft Shared\MSInfo\msinfo32.exe.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB

Filesize
330KB

MD5
2e2e62f678397e0c0723adcb8c590b90

SHA1
960a66f4cb7530e141f693fc9fcd0cefb2d68280

SHA256
98381f0e26e0e9494bda17568236c55c1bcacbc466d63c65420528d209e01008

SHA512
e3ef150cf6575263d55fb827b6205a852fb675f525dc0929c9fbf90a61650ff7669a11fc6d52582dcba6bd52494d9eb965e2189adab92a077f9f216688c9239c

Download Submit
C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB

Filesize
524KB

MD5
417ff2d826e0fc854c41b28f12ccd3bb

SHA1
8656f5aa2d0a00c3732311037cb0d24c1cd3d8fb

SHA256
ea59a56360cdf8d00c2d28cf3def8935bcd15cd6f830ce7bd120c0c9025f6204

SHA512
5dd35e4effcf4f84332cb672bd20b91ca11162a083096dfa029f5a9215b5e292c5e475e79e511595c7d077fa235547bc646a0ac9ac7046f7e2bb7f96947eaae2

Download Submit
C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB

Filesize
32KB

MD5
663619ed2f9d22506ef405563485cd55

SHA1
068e8333ce51f7df5a1be03cbf97cbbc31941207

SHA256
35f150c6365e3b5ac99e83cc938c7daaed8197dfc4b0e78576ac69448b17df93

SHA512
479365af8314e8895fac8a718065de915bef3f4a46e414fe8ad97eab202d2f6fc63d59c4df820e6f57e8f0893c99d6b230a7370a5970150fe64c60ae12e1d70d

Download Submit
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\dicjp.dll.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB

Filesize
10KB

MD5
a577f9549738b5a9f11a2267a53d52c0

SHA1
801fa47f829fa994d079aa0ea2867dfbb20a0a81

SHA256
d94ecc25599db09ba7d55209ed6f1856775b0225b8039f8d5461caeb9d873bd6

SHA512
a6e596b3bc7eb2fe6100f75603ef5cda4939550bede6a5d4f6c8ca38c4ddc84a9e4b967771e61a867ba0f4f26fbccb31f0d594153e255a8eddba5cf96d5b9f59

Download Submit
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\dicjp.dll.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB

Filesize
10KB

MD5
1c336d2a7e8dca3c4c6d2a8f8afb1d30

SHA1
dcafa29c28f9c81fe03304ff2354292bb457f407

SHA256
7299c94ee3d4d53c623c4f002d45f20c65fdbf652a74d5b449773ca8b42545c6

SHA512
a2e9e1b07881cb6993a596bf02fdf44c17a455a584fe9cace16a5e5418b10e40c5a9a04cab909db6f7d2bd0bfb09175e5098de115aea23cbdac2eb20c90d6198

Download Submit
C:\Program Files (x86)\Common Files\System\wab32.dll.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB

Filesize
726KB

MD5
b9880a4410a8b751ab81e6f2d1d784fa

SHA1
3fa359cf85fe16dbbddba203c4754899b873986d

SHA256
edc67bc68c9178d712b0c88b562451029e8ac026d4f784a66c456d48ee7d07fc

SHA512
09d98b8dcaf5a35cc35e7f0c227238d83ae586f9a22c94ceb65c22b0b369adb8248b4b6c800eb94eb0ca7bcb81a82f85d9a0b07cbfa5c8f60bc86a8111f26cc9

Download Submit
C:\Program Files (x86)\Common Files\System\wab32.dll.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB

Filesize
726KB

MD5
e6dbeca8aae7f2e1b5f364e478744404

SHA1
6c917d4b20ffd04ed8d9b9d730cf51d38d3adfc0

SHA256
10860124434b724120134eac285806ecbfaed2a86ce39265b79364e955eb9fa2

SHA512
df4d811594dc8b1d02c3a57cc0ea86b16a2b5c685f057be6865518b1024a6e54f50927c7d0c01f57f93d3ec82a8763beda39aecd53ddc39abd243e8d3ee80ce2

Download Submit
C:\Program Files (x86)\Internet Explorer\ExtExport.exe.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB

Filesize
44KB

MD5
f0b4e282ba864705b9472a6726c575ae

SHA1
25eb8bdc730ac443f121e1f4cfc72aecadffd1c6

SHA256
b7d2acdaa2413b5821119e51edf34f1fb2e1cbfe6561844d1efc88e33edebc44

SHA512
09f26f5ceb1cb628e2fcc15156fec8b387f76b020ed45059c743665b2915f2dc15802e60911e1e03fa16ec6b9711c9c2e09c4256fc75a984c0eb7e723e7bed22

Download Submit
C:\Program Files (x86)\Internet Explorer\ExtExport.exe.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB

Filesize
44KB

MD5
2c6a08f4adaae3e6e7294e3cb87a1dda

SHA1
ff88a2016e8d042791c042676b04a8498cf50bd2

SHA256
b52cfc53980be681dce291a96d812ac501abf1bf98567e3b94c49f3956db479f

SHA512
2ddb6196beda168bf4c39ff5cfad12861eff77002525e2416e7af3ef0d5e4d3369ebe85c086cecfef1d579c5ee97777d2aadf09911d0e7f19f874217f5d7e494

Download Submit
C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.Targets.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB

Filesize
7KB

MD5
5f1fb54f27edef6091afc340901d6018

SHA1
a162607174804e82de3444931ffbab8b80b0e8dc

SHA256
103281b572097c248bee1b085b0585acd796c5fd33dc78ddf286a9a8a92b8bce

SHA512
b5ea61cca5553249fab1b0f44d991eacf75afb7d03819d8642bdf23e1eddac78ab2d51c9029504bd24cec4f742da6d22d69baddc144b08b54b07f7612a4a036f

Download Submit
C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.Targets.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB

Filesize
7KB

MD5
c7c7eb516f825751ccd758b7902bcf55

SHA1
8f9b4c640444ce3084930e75ffad30db10f84b90

SHA256
6edf395f417b05883239e597d488ae5ca5b11b5a38f7be932878672f17d60bc4

SHA512
1db87163b7871bcef562be88fd80a5102bd63f2555e9b772c412bed641a54305de9172a252b067e5231320de8ee518964c1574b8d799cbe10d2fff39d1962783

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB

Filesize
3.2MB

MD5
552d101597592d4ae7b36c33b46883a3

SHA1
41d216b958d792bb43c9790565e3b20dd4cc5b3d

SHA256
545f2b13265c4d04f6ac4d78dbcd66b9465c99c48b36ddd365cfd972ffd97630

SHA512
23a0b82f44b5006816eb1de2a60b12a185714fd9fd77ca60242beeaa64ea3dcf55decd89a3c2bb375e7239b16902cc6e18a9b84a21b7f5e1f4e01b4300b91495

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB

Filesize
3.2MB

MD5
1aafbf55cc6562dad9791b427730b042

SHA1
e38342b7615961cdd75a0b6080ceb7511f9b79b7

SHA256
c021b519afbb8eeb9effaa10cdec91804462248102b10fc8f64a12cbe8f3e55e

SHA512
596d41bd0e08778d0b5c6cc6a1d29fc810b6487adc051b0f50a2c42a673f134b465f94d29c96436afeca59a1dc20a2fb1bd065b1c21d30da53a02cb51a1ad8c9

Download Submit
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\PresentationBuildTasks.dll.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB

Filesize
584KB

MD5
fd03caf4b0b9b9709ff26c5348e5fdff

SHA1
ac81205fd509c8203938af173b37e80a7a743fd3

SHA256
2cc9d3307299281a75531daa9aa2f2a231875fa0a5ae7d7306190b464d86a475

SHA512
343360a620f779d3c27613550399993cb316bce96c546b346ad9ed595d3ce39e51680dae7d24c52c741e4d58deebb8c10e2c18fb863f0e3d5780c3cc93234aa3

Download Submit
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\PresentationBuildTasks.dll.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB

Filesize
584KB

MD5
7347045c0d929f145801175e9afb4e20

SHA1
9f3e549c7a962739e22193c2ccbe54a1f493ab2c

SHA256
d666be2c698418aa67509a65ccbb874417bcf2df749fb699e0e898384f12fc9a

SHA512
2fa97210863edd65cea15bde6867968718be147fd5247208888e632c20b4dfdd3dc7acabb598bb4e8d3cf683787f889254c9e1923588fceff9860f8247acee91

Download Submit
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Conversion.v3.5.dll.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB

Filesize
104KB

MD5
59922422e3b61356aa7d3a9b4e4f27bc

SHA1
051dabaa69c6210d44fd8443e6eddafb18b7e36e

SHA256
cad8d22219489804199c74677d2d7ad6ef1ec968c510ee3df6cb19be5b6ceb4a

SHA512
c6a1af8293fa4a63bd9201e65b637d402d9a1bb6f7a83f71155c2c717e18806a6193b0494f4a7e346694da77bb4c4a065a9ed8655e832708597f2a4dfa5f854d

Download Submit
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Conversion.v3.5.dll.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB

Filesize
104KB

MD5
c15006e4a0c0f692c85e26ebc181ef52

SHA1
b5c0023d6cda22392b753fdf4d26f16cb60ecdd6

SHA256
bb6e7a067089d061fc06d51ddd42c4ae6e3399e48ccbf562d1a573f50f6636cb

SHA512
ab13c2685aab5a586273d877656cc90bb51ec85296c176826e97c7fbf8e254ae93a6ea7c5918c54e7772ef205b6433966b9e894e9fc14c51a17aeedc53e6574e

Download Submit
C:\Program Files (x86)\Windows Defender\de-DE\EppManifest.dll.mui.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB

Filesize
2KB

MD5
6c92da61ee40a01f9c04cc53489d0b82

SHA1
99e4c2074609dd0ee42419cc28b8c75ea727b88b

SHA256
2642277c9062ec27325d5c1b422323cf74ae54e97ec610ae8e1b80d5f10f04b9

SHA512
ff72092a26a4eb8d43f0c3717f13182478683ef97cdb5b0f10a47c1e277a82d31d6b43d8e55e5ded7653cd55e2eb0400cae31604c3792c1c55deb4f2aa3862fa

Download Submit
C:\Program Files (x86)\Windows Defender\de-DE\EppManifest.dll.mui.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB

Filesize
2KB

MD5
a74d1ebcb6a6cb36fc7f4f797875e40d

SHA1
abc073039697616ba63e10a3452de2bad09e14de

SHA256
4a6664cfcf9d27eebe240ae6bea6c54c486f798379eea038c522ef7635107b19

SHA512
663c1628d23aecdffa694760af58a6f6032c949c1ff29a7ea769475e18234aef6dd2549885b3c0af5bc96e9332191a91a179fb9f1fc1e8f12a024aa4134bf6d0

Download Submit
C:\Program Files (x86)\Windows Defender\es-ES\EppManifest.dll.mui.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB

Filesize
3KB

MD5
27d3411f39df22121601e5e1da2ff128

SHA1
94878a4c8d751f5fb25da86fc8b003b77bd62906

SHA256
f1155563833d716ba9acfaff2f6206d0c051983dd5e755b8cb291b393369d929

SHA512
1df5a1537e0cbf00744a8919f5ef88c5de8eb908fa66529edd0ab5bd2c091778a9d44e480628fb59192ac81f49eff1cc05851bbdb644d15940852fac4a36e251

Download Submit
C:\Program Files (x86)\Windows Defender\es-ES\EppManifest.dll.mui.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB

Filesize
3KB

MD5
40c70bf8fa82dd489077a77e8fdf856d

SHA1
9f527c7e0e0afab0cfd5c6858e29bece7f70b226

SHA256
175e76e02fab5fb9bcc7d99e45e73fa252290466e8fcaaaf4ff56fcfd46880d3

SHA512
ce7ffd62ec212e029b9d20ec48f101c9996e387d74941363a90800086a3e6b35589e38c106572f8e7dfaac21e9508abb92aa4cf7e0a1475a46ab0f035735daaf

Download Submit
C:\Program Files (x86)\Windows Defender\fr-FR\EppManifest.dll.mui.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB

Filesize
3KB

MD5
7487758093100fb79a123bbc6dfbf54d

SHA1
14b7304179a411bab064b84fa1971ebfc7c49141

SHA256
79080fd97188468429419ff576d4899d4fab19a781bfff4955a6483a01aa6e07

SHA512
60c9e4c22ac57ce4fe5be359ac2ba48dedbf5365a99531f82ac5dcc505cfc79a19922128040420e43b22d10afae180871db98a6017c97aa418bedbc78b97d546

Download Submit
C:\Program Files (x86)\Windows Defender\fr-FR\EppManifest.dll.mui.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB

Filesize
3KB

MD5
b0c963a696584f3c7e8125de408154d2

SHA1
5c5403a44283edea18ea326a6262b04df11bed45

SHA256
691f548c3f4f987b4efd07e2dbc2697b48c5c76f3bb0f070a9d0a16f09afb6da

SHA512
1fa16f87fcb5e36509ec91257ce919cb339bf1406ced5693fe9fbd634abcd736ebf7c763b62b403d6591d969f0877f27058892c079a68fe91b0d0b0d125c926c

Download Submit
C:\Program Files (x86)\Windows Defender\it-IT\EppManifest.dll.mui.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB

Filesize
2KB

MD5
103848421311f246794f4fbaadaaaffc

SHA1
14e4a0333243e4fa1b842925234843644ae6f260

SHA256
1f8b69d2cf17dd902589d9815ba4b9e127aa42572c0768eb1a0333fa1e7e7481

SHA512
97f892c90002fb69ea7b3f87619954182a1dd74fce6044103da79cad86802c40d1d8826e9765a033eb82fd640128438e6c352bd9e6b8ced180f83e682a7ab754

Download Submit
C:\Program Files (x86)\Windows Defender\ja-JP\EppManifest.dll.mui.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB

Filesize
2KB

MD5
eb91105ab8ce3b0c53f323b19cc00e1c

SHA1
b688deba9e6cb67fc4cb4a8ceef86669cae2581e

SHA256
383e766e85a55b032ac370c44580fdd3cc1704a55aebf25b637683262e301b9f

SHA512
a27d823b090ee569168237c42b7b96b913e2fbf19f855e4770105c4053c6602c3ff5729daa52d8bf2ae46678192adfef7a7f3a1495ae1f85bff4fbc737519863

Download Submit
C:\Program Files (x86)\Windows Defender\uk-UA\EppManifest.dll.mui.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB

Filesize
3KB

MD5
504f13942fdbcb6189ef9514184cb19c

SHA1
c985f293c9c9f92c6d6cd03c4e0d9358249da37e

SHA256
6166d819de47ebcec844e845b1a46aa387b5cbb247cfa662c1c360f70c3db9a6

SHA512
914a7ade4bd9dc048ecd77d8b47c1f18b43282e831369d49e2014e609a2bece8f9d4ba1fb7429e94e82b94c98639231aabe7ac0309b08337bb8ddbe32104d19e

Download Submit
C:\Program Files (x86)\Windows Mail\wab.exe.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB

Filesize
504KB

MD5
06912eac613ce419c9eb657ab5ef11d1

SHA1
9ce34bd991d28998d2acc388ff8e216c14e74a98

SHA256
3eca461f6d6e5b62f271304f0cbdb3f3c1e34b17d6e32e1a52698da09e83cf2c

SHA512
6f178b7c59df7ebd6dab89cea50b00bdbf925cb5c24f2d8faeea9c8ee1053afdecf769f5dfb5f2a293e4946e11d8ff50c8f08160eed281841fb7bc58b1a89542

Download Submit
C:\Program Files (x86)\Windows Media Player\mpvis.DLL.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB

Filesize
159KB

MD5
0d401947f56e5a554fa66e9722ed0e0c

SHA1
0965057785f7685146bba8e02de69e2c63ee7801

SHA256
14ccd3036c31ec4a7f76c6bc146fc855194f23861acdce82c37b05cfb1f0290d

SHA512
e5d758c2d678d02a283129ca3390e9dab0e63e8c9bb164e2be7f33fe16f1ea04813df377da235e55e9b911b91cc4a390ef9d03503da31b04c8b3b6d49d7a8366

Download Submit
C:\Program Files (x86)\Windows Multimedia Platform\sqmapi.dll.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB

Filesize
39KB

MD5
23b30e5a73c82eeb9edeb29a13c6def3

SHA1
864b67d1ed8c15c74724312392a970ab03acef26

SHA256
2a12f59b9303a60a51b00206efcb72fe4dd6b3e9c36541e037330274f71bbd9a

SHA512
1a807d31b03c58bf0f69841ae1bf11eff00d2e72b01987e657c366ef7e835d91d123f7ab940ee9645f9f4f77a790249ad62e1363b9fba1f924c393aad3992951

Download Submit
C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB

Filesize
76KB

MD5
d27e84ebee261a7539bc0d369e259402

SHA1
3fb86ceebe0089e84639530523bb41e0377c3d54

SHA256
45d8432c321105cf329beffc08441622e69b0ae8aae81ab62af65f95380b3e01

SHA512
8375cc0a2202e8755100cdcd20848cfb11a30224717bc8aa292e1bcc45c2d88d0b61ab28869982e0594a69eca32d8e1fe092fc96447a545be134daeb0451b8eb

Download Submit
C:\Program Files (x86)\Windows NT\TableTextService\TableTextService.dll.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB

Filesize
601KB

MD5
ecaae2b995fbf9a37e6ec6a8abfee330

SHA1
41b91b55667672b17177a3b45f69b1f31c9d3593

SHA256
4b0e9e9eda10f7d918754a9d9e9eb0a4cc1c46c4796eadda69dab96e2c04a1d7

SHA512
806664cad2342959821e54c55082961669e1cb482010a328a5189bb1ae6e3cb36c5f7c43f414ee349983a23b24233ad0f6f8ad6670fe2da5d8183ef751650d0b

Download Submit
C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB

Filesize
93KB

MD5
8dec325f522d7aa1d88b19736b48edd0

SHA1
15872d50d46f1ee6278c0d6bc987f3ee9b67ff1c

SHA256
c933ca41a5c53768b95b984fc412794a861e0730470866de763854a220ce35f8

SHA512
49564af79b518d206a6ff49917f9c69b0da74d491225e6845b662368899de1a6a7bc06061be53057d48672e6154594479ab48482dc6d9870c8cdc7e47e351574

Download Submit
C:\Program Files (x86)\Windows Portable Devices\sqmapi.dll.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB

Filesize
39KB

MD5
819cecb334ab943a03b3aeb2c6f0c5de

SHA1
03cc34b267224c2f52ddcdd58befbafc2df6d4db

SHA256
b0ac38b5f2b06ac34faa07201cc1fa65fae1d3e2268572f224f3f0844a996297

SHA512
b25a3cfe97d57dc99b5cf0e5f42853140198dc7718b653fbef2a2e220c5fae08351e031eb3803772e4e1e6fcbe340d6d4dbca6f5d709eea8a35dccae1594b507

Download Submit
C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Microsoft.PowerShell.Operation.Validation.Format.ps1xml.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB

Filesize
3KB

MD5
fc873b1bc286be5dff51ab8b63341f5e

SHA1
2591112e726d334c2e35830fbb05320643add557

SHA256
12305723d90198e04c9af6997c75d84fefc1fdb2625130e3b096101ec7f06c85

SHA512
02762249e565ee318e4199caeddde6489542378d44ed724fb4f4eaf3b999081ccb3f8c2baf6dade3a744fbe5a9fde5918edfeafce4c45b2f86ddb422e84de1a1

Download Submit
C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\Build.bat.1C81A6CB4D11DD54691188D5348D11F3B15E30DD5323B68BD24502BA9C48AFDB

Filesize
752B

MD5
0c72f206b09da2a4529961172fb07faa

SHA1
5d5e6867fd5026552ea3df931ab6860da7ece344

SHA256
d902d773f4190fdebe674a543276d54c32929e20b5710bf2078f1bfac2fcfd3b

SHA512
9a7da2e3e48a680c5e64b6cd56ec3482d486e3b9062564f75a2989deec6dcacb14011c4febcb1e954940d643d1f1ab28a95c3251a546f661355b1b858149ec27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56a4f78e21616a6e19da57228569489b

SHA1
21bfabbfc294d5f2aa1da825c5590d760483bc76

SHA256
d036661e765ee8fd18978a2b5501e8df6b220e4bca531d9860407555294c96fb

SHA512
c2c3cd1152bb486028fe75ab3ce0d0bc9d64c4ca7eb8860ddd934b2f6e0140d2c913af4fa082b88e92a6a6d20fd483a1cb9813209f371a0f56374bc97d7f863b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e443ee4336fcf13c698b8ab5f3c173d0

SHA1
9bf70b16f03820cbe3158e1f1396b07b8ac9d75a

SHA256
79e277da2074f9467e0518f0f26ca2ba74914bee82553f935a0ccf64a0119e8b

SHA512
cbf6f6aa0ea69b47f51592296da2b7be1180e7b483c61b4d17ba9ee1a2d3345cbe0987b96f4e25de1438b553db358f330aad8a26e8522601f055c3d5a8313cdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
be882101eb24acd3d62ccd8c0abd4cc3

SHA1
effb23a179cf9a2f5298226edd2750dcb336ccfd

SHA256
dd78a99c4d7bb557e7ebe7a5fc4b98710db3a284483df813d99cc61111f22f9d

SHA512
bc98942e3f989f0b320d3d6a7d440f1b042916ef3576909a96e7718d390d04c5cc78139e1599439fca68b78d8bb67fce865e68987c9fd29abd9fe1d79fa9a3e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
579B

MD5
ed5f4213c17629776cd75510648fc019

SHA1
ebfa685dca9b7c920cd5ad521c03e4ad0ce435b9

SHA256
e969795f0e63ec8a35cdf34d5bc43867ca0825bebfed9734943e69b34ed2ad87

SHA512
71bcc166ae5a48f7a79aa5de7ecc7e10dce22c39240ca9ffe9d0f9340f40fc2a2429529cfee8b2b5d7082efe94921fa7df3454852d5313ff4093bfdffc189627

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e7ec3d823ba3f7fb67a7d3fbd318aa01

SHA1
158f0ed77cf6e38e83f501313e42d2fed67462f6

SHA256
8d1f0165b02b3925205a17a8f1101982a4cbcfb659fa495d556879fef087c5de

SHA512
31ba0024ae4b68df7a1378867821b5c26fd79b1d8e6bad5a3f8044ba70c739252a9a5d5e53aa59f41c1f7582b7cc3dc81143131731a089c5ba1b6181919622cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
90f18c1b6fa9984b94100e8a5a223b11

SHA1
67c12da4b408128e777344fe891c2233ac0b0f0f

SHA256
ecd9131d24f299aac7fe57a176df95400ab41aba0d616297eaa6a483ae2f4daa

SHA512
57dae4cc449ef78e0e9a5849a7a980d2e11578195b2d3a27e6b93f73490987c84627716502dc3bad85ea4f0c99cdf8ae90a61395a4634dd158f32e9551faf3e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3a03888d8bc1272419b8704a23a253e5

SHA1
eec435249c5a95b49e9d7d7f40255b9e81f85939

SHA256
6c47e4a93377f21d0b53685818123faaff2644b9372249ba6f0cd3ddf1be2d97

SHA512
a961ea2584dc359ecf0852867adba0fdef2a76e003772ec47612749732a006bc0f1ddd6e80a812f2d215f816a123d2f938d5ed9578a4e9588197ed1d92362cff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
89a49ce5502d6fb4f4036889d45b9487

SHA1
10c45e2123dd97dbbfa02f7a12ba09d07cb338fd

SHA256
d7433403530eef48258d08b319241b42e0c6c8284d7a4b226d5c08580c2cf005

SHA512
01b02f2bcc4a3ab7ec2bdc8b1a87304830e73ac8c514404ad7aaf3f47f3272838980ce9a6f62838da795ca4041eeca9f75a2d962431d6af089c291f2028d3a2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
be03ff6e740c8afe7da184c1861fa7cb

SHA1
07085faa77d25e4abf12600f322f3d6445f11cdf

SHA256
96ac86fe132d8310cc0cc18f937f282aa092fe524ff6740b3885b6f85fdbf869

SHA512
37ef0c0274e0702ad5d217d04d42430b17586211d4e1455ddfa8f0c583fa48f8b0f5d9130a386448e6c59c2ab84e7e8697e912d44fd3eec8d02e431417cadaef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6fed303f826d95d9a1fb1aed1c4967ce

SHA1
9656775a52b369c1d0333e2602a200f9f22e35b1

SHA256
9758e6893ea3020561d2cc126c3ff1e9ae2f55ed7a555f4e3299478492749c21

SHA512
a0b1967457bfccccc8d325ab998aa3f74624d6389eb5ebddf305d855cba8eb583611d3d65c6ddf9d4c379f3506bb8e1a41a5588888e72d1cd366ec23ff80d1df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0780022a30fd7cd797f97268568d8b32

SHA1
41ff424549f75304eec64c0d7a54563ece8b1459

SHA256
af982c8f787457c48006b02945eeb157f3fa9a4dd111f1f897e11408dbdafd35

SHA512
11a303ed1b789fac7a412b350b56b943c3b7bb3718df2bfde724668d6a65375582f462e18c9e3a9d926434e07102ad759c641b7c22cabcd0c95e327d287f7aa1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57fe94.TMP

Filesize
1KB

MD5
18fb22ab99b7bccb282216edd0405b06

SHA1
fc713c67011cd8a6328bc77d0d0bdd8d4e9196a3

SHA256
fdd33bcdca31f4520bff8c1fefb0303a3bdbc66706735f04660f24eabdfda9ad

SHA512
998e850420d643e8f80c8769636e6bdc3685460fa8544a5140270fe3949df5a7a8933a35545f4993ece2c92225a37b54cda0e973238d6977b5d79d3aa5320400

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
848bd4e3fa77387004367638c9186abc

SHA1
f9aae28377a10ac9da4f187fa6e8f5bb1600e4ae

SHA256
9d2f577a7c62e7f693b8a68766f87d5b07b66ddefc56edda87243dfdb6d566a4

SHA512
92847db15978ad4cf7d5182d9b1d037ce2ee88f5eb2e0578e48b5e686a83178cebbcd28d3c59f99957849810a2a111d796a84cd8ab714be83b01adc8a0c87c08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
16812a48e704da6baa76756bdb33bb4b

SHA1
2101677fea25af1f6588128a3c0cbe987c6e7608

SHA256
36b329030a94db68d5244a8c55d5a4ccaa48ffcb5c79142270d53f013e84e4d7

SHA512
401393f4375c61613f736d6b6948079a188a713a13b1d2b32be34132505749020bb3072866b6fb9082bb7da5ca42663183c30936e9a9dbee46befcbd58173eee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
050fcf0cc34119f119eb4f730a7b8baa

SHA1
dbb70f2c9b97c1f279beaf34668aac5c520fed4f

SHA256
4b7b2d9f83e2c30e06503829b3bcf74bb883f5ccd9dc7d44b45d4785d1a09e26

SHA512
6828925f1d576587825aa1865f9b90c26d1c17d253bd08ff5e9dfc80e6f368c477e2b53eed6bce8c6cdb38ca39aaf6cb95de39252d71724c2589a5cfba27ea91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
c58c0e72cd49898d3dd4e76340b3f3ba

SHA1
74c8cf1340087234c76ff71b69448d8609a13097

SHA256
0914a6c36daca6953c8fe94d00c8efb132ae089af32543eb3ede1d5bc808ddf8

SHA512
7b775b0b7654ffaceb90a5315c36094a92ef77b25ab3446a458a9e300a865494ce7ccabf06d01a841d2e0a90c29298b610c59dfa9467f14ee0d8b745969238dd

Download Submit
C:\Users\Admin\Documents\AddSwitch.xlsb

Filesize
1.7MB

MD5
396140cd146f34ecfcd9403a37b53d2c

SHA1
096be057db90f1c02953e01e071d9f9d10c837eb

SHA256
2aa3b2e69f277a747ab049c9d936609b7886025ac11a329bbe04bcbf1c209bca

SHA512
495b1c989e0d7ed3866c64a386f32f0f1a909cc482a135b738c2cec54fe6b864a7d1e0ae8e2e53b07511af92196f22b7b414c562f9adc38a6fd9948a45a55bca

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 148896.crdownload

Filesize
211KB

MD5
b805db8f6a84475ef76b795b0d1ed6ae

SHA1
7711cb4873e58b7adcf2a2b047b090e78d10c75b

SHA256
f5d002bfe80b48386a6c99c41528931b7f5df736cd34094463c3f85dde0180bf

SHA512
62a2c329b43d186c4c602c5f63efc8d2657aa956f21184334263e4f6d0204d7c31f86bda6e85e65e3b99b891c1630d805b70997731c174f6081ecc367ccf9416

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 501886.crdownload

Filesize
53KB

MD5
87ccd6f4ec0e6b706d65550f90b0e3c7

SHA1
213e6624bff6064c016b9cdc15d5365823c01f5f

SHA256
e79f164ccc75a5d5c032b4c5a96d6ad7604faffb28afe77bc29b9173fa3543e4

SHA512
a72403d462e2e2e181dbdabfcc02889f001387943571391befed491aaecba830b0869bdd4d82bca137bd4061bbbfb692871b1b4622c4a7d9f16792c60999c990

Download Submit
memory/5632-3513-0x00007FF90DA70000-0x00007FF90DA80000-memory.dmp

Filesize
64KB

Download
memory/5632-3482-0x00007FF90DA70000-0x00007FF90DA80000-memory.dmp

Filesize
64KB

Download
memory/5632-3516-0x00007FF90DA70000-0x00007FF90DA80000-memory.dmp

Filesize
64KB

Download
memory/5632-3479-0x00007FF90DA70000-0x00007FF90DA80000-memory.dmp

Filesize
64KB

Download
memory/5632-3481-0x00007FF90DA70000-0x00007FF90DA80000-memory.dmp

Filesize
64KB

Download
memory/5632-3515-0x00007FF90DA70000-0x00007FF90DA80000-memory.dmp

Filesize
64KB

Download
memory/5632-3480-0x00007FF90DA70000-0x00007FF90DA80000-memory.dmp

Filesize
64KB

Download
memory/5632-3483-0x00007FF90DA70000-0x00007FF90DA80000-memory.dmp

Filesize
64KB

Download
memory/5632-3514-0x00007FF90DA70000-0x00007FF90DA80000-memory.dmp

Filesize
64KB

Download
memory/5632-3485-0x00007FF90B350000-0x00007FF90B360000-memory.dmp

Filesize
64KB

Download
memory/5632-3484-0x00007FF90B350000-0x00007FF90B360000-memory.dmp

Filesize
64KB

Download
memory/5764-228-0x0000000000590000-0x00000000005CC000-memory.dmp

Filesize
240KB

Download
memory/5764-229-0x0000000004F70000-0x000000000500C000-memory.dmp

Filesize
624KB

Download
memory/5764-230-0x00000000055C0000-0x0000000005B64000-memory.dmp

Filesize
5.6MB

Download
memory/5764-231-0x00000000050B0000-0x0000000005142000-memory.dmp

Filesize
584KB

Download
memory/5764-232-0x0000000005060000-0x000000000506A000-memory.dmp

Filesize
40KB

Download
memory/5764-233-0x00000000052D0000-0x0000000005326000-memory.dmp

Filesize
344KB

Download
memory/5764-3362-0x00000000063E0000-0x0000000006446000-memory.dmp

Filesize
408KB

Download