infinitylock | hxxps://github[.]com/orangegrouptech/Biohazards-from-orangegrouptech/raw/refs/heads/master/Ransomware/InfinityCrypt/InfinityCrypt[.]exe

Analysis

max time kernel
73s
max time network
75s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241211-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241211-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
27-12-2024 23:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/orangegrouptech/Biohazards-from-orangegrouptech/raw/refs/heads/master/Ransomware/InfinityCrypt/InfinityCrypt.exe

Score

10^/10

infinitylock discovery ransomware

Malware Config

Signatures

InfinityLock Ransomware
Also known as InfinityCrypt. Based on the open-source HiddenTear ransomware.
ransomware infinitylock
Infinitylock family
infinitylock
Downloads MZ/PE file

Executes dropped EXE 9 IoCs

pid	Process
1292	InfinityCrypt.exe
2552	InfinityCrypt.exe
6060	InfinityCrypt.exe
5272	InfinityCrypt.exe
5780	InfinityCrypt.exe
5556	InfinityCrypt.exe
240	InfinityCrypt.exe
5584	InfinityCrypt.exe
6092	InfinityCrypt.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
22	raw.githubusercontent.com
23	raw.githubusercontent.com

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Microsoft.NET\RedistList\AssemblyList_4_extended.xml.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\s_shared_single_filetype.svg.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\desktop.js.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\nb-no\ui-strings.js.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\ko-kr\ui-strings.js.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\themes\dark\faf_field_grabber.png.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themeless\combine_poster.jpg.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft.NET\RedistList\AssemblyList_4_client.xml.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_checkbox_selected_18.svg.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_auditreport_18.svg.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\hr-hr\ui-strings.js.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\sv-se\ui-strings.js.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\faf_icons.png.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\zh-cn\ui-strings.js.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\iw_get.svg.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\A12_Spinner.gif.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Windows Mail\wab.exe.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\root\ui-strings.js.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\pt-br\ui-strings.js.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\js\nls\fi-fi\ui-strings.js.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\themes\dark\share_icons2x.png.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagement\fr-FR\MSFT_PackageManagement.strings.psd1.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32Res.dll.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\msedgeupdateres_ro.dll.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\adobe_spinner_mini.gif.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\example_icons.png.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\ui-strings.js.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.371\goopdateres_no.dll.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\ja-jp\ui-strings.js.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\sv_get.svg.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\js\nls\ui-strings.js.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\ko-kr\ui-strings.js.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\CPDF_RHP.aapp.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\back-arrow-focus.svg.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\createpdf.svg.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.371\goopdateres_mr.dll.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\close_x.png.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_download_18.svg.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\sk-sk\ui-strings.js.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\reviewers.gif.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\es\Microsoft.PowerShell.PackageManagement.resources.dll.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\ja\Microsoft.PackageManagement.MetaProvider.PowerShell.resources.dll.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\cs-cz\ui-strings.js.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\fi-fi\ui-strings.js.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Stamp.aapp.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\msedgeupdateres_gl.dll.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\PMP\AdobePDF417.pmp.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagementSource\uk-UA\MSFT_PackageManagementSource.schema.mfl.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_anonymoususer_18.svg.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win8-scrollbar\arrow-up-pressed.gif.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\files_icons2x.png.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Common Files\System\wab32.dll.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\es-es\ui-strings.js.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\no_get.svg.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\ind_prog.gif.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\it-it\ui-strings.js.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\themes\dark\line_2x.png.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\eu-es\ui-strings.js.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\themes\dark\icons.png.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\help.svg.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Windows Media Player\mpvis.DLL.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_download_18.svg.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1	InfinityCrypt.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 9 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	InfinityCrypt.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	InfinityCrypt.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	InfinityCrypt.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	InfinityCrypt.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	InfinityCrypt.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	InfinityCrypt.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	InfinityCrypt.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	InfinityCrypt.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	InfinityCrypt.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 18 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	InfinityCrypt.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	InfinityCrypt.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	InfinityCrypt.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	InfinityCrypt.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	InfinityCrypt.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	InfinityCrypt.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	InfinityCrypt.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	InfinityCrypt.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	InfinityCrypt.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	InfinityCrypt.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	InfinityCrypt.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	InfinityCrypt.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	InfinityCrypt.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	InfinityCrypt.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	InfinityCrypt.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	InfinityCrypt.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	InfinityCrypt.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	InfinityCrypt.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2366345620-3342093254-3461191856-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 13 IoCs

pid	Process
3776	msedge.exe
3776	msedge.exe
3900	msedge.exe
3900	msedge.exe
1060	identity_helper.exe
1060	identity_helper.exe
1496	msedge.exe
1496	msedge.exe
3004	taskmgr.exe
3004	taskmgr.exe
3004	taskmgr.exe
3004	taskmgr.exe
3004	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe

Suspicious use of AdjustPrivilegeToken 14 IoCs

description	pid	Process
Token: SeDebugPrivilege	2552	InfinityCrypt.exe
Token: SeDebugPrivilege	5272	InfinityCrypt.exe
Token: SeDebugPrivilege	6060	InfinityCrypt.exe
Token: SeDebugPrivilege	5780	InfinityCrypt.exe
Token: SeDebugPrivilege	1292	InfinityCrypt.exe
Token: SeDebugPrivilege	5556	InfinityCrypt.exe
Token: SeDebugPrivilege	3004	taskmgr.exe
Token: SeSystemProfilePrivilege	3004	taskmgr.exe
Token: SeCreateGlobalPrivilege	3004	taskmgr.exe
Token: 33	3004	taskmgr.exe
Token: SeIncBasePriorityPrivilege	3004	taskmgr.exe
Token: SeDebugPrivilege	240	InfinityCrypt.exe
Token: SeDebugPrivilege	5584	InfinityCrypt.exe
Token: SeDebugPrivilege	6092	InfinityCrypt.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3004	taskmgr.exe
3004	taskmgr.exe
3004	taskmgr.exe
3004	taskmgr.exe
3004	taskmgr.exe
3004	taskmgr.exe
3004	taskmgr.exe
3004	taskmgr.exe
3004	taskmgr.exe
3004	taskmgr.exe
3004	taskmgr.exe
3004	taskmgr.exe
3004	taskmgr.exe
3004	taskmgr.exe
3004	taskmgr.exe
3004	taskmgr.exe
3004	taskmgr.exe
3004	taskmgr.exe
3004	taskmgr.exe
3004	taskmgr.exe
3004	taskmgr.exe
3004	taskmgr.exe
3004	taskmgr.exe
3004	taskmgr.exe
3004	taskmgr.exe
3004	taskmgr.exe
3004	taskmgr.exe
3004	taskmgr.exe
3004	taskmgr.exe

Suspicious use of SendNotifyMessage 55 IoCs

pid	Process
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3004	taskmgr.exe
3004	taskmgr.exe
3004	taskmgr.exe
3004	taskmgr.exe
3004	taskmgr.exe
3004	taskmgr.exe
3004	taskmgr.exe
3004	taskmgr.exe
3004	taskmgr.exe
3004	taskmgr.exe
3004	taskmgr.exe
3004	taskmgr.exe
3004	taskmgr.exe
3004	taskmgr.exe
3004	taskmgr.exe
3004	taskmgr.exe
3004	taskmgr.exe
3004	taskmgr.exe
3004	taskmgr.exe
3004	taskmgr.exe
3004	taskmgr.exe
3004	taskmgr.exe
3004	taskmgr.exe
3004	taskmgr.exe
3004	taskmgr.exe
3004	taskmgr.exe
3004	taskmgr.exe
3004	taskmgr.exe
3004	taskmgr.exe
3004	taskmgr.exe
3004	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3900 wrote to memory of 4124	3900	msedge.exe	81
PID 3900 wrote to memory of 4124	3900	msedge.exe	81
PID 3900 wrote to memory of 3292	3900	msedge.exe	82
PID 3900 wrote to memory of 3292	3900	msedge.exe	82
PID 3900 wrote to memory of 3292	3900	msedge.exe	82
PID 3900 wrote to memory of 3292	3900	msedge.exe	82
PID 3900 wrote to memory of 3292	3900	msedge.exe	82
PID 3900 wrote to memory of 3292	3900	msedge.exe	82
PID 3900 wrote to memory of 3292	3900	msedge.exe	82
PID 3900 wrote to memory of 3292	3900	msedge.exe	82
PID 3900 wrote to memory of 3292	3900	msedge.exe	82
PID 3900 wrote to memory of 3292	3900	msedge.exe	82
PID 3900 wrote to memory of 3292	3900	msedge.exe	82
PID 3900 wrote to memory of 3292	3900	msedge.exe	82
PID 3900 wrote to memory of 3292	3900	msedge.exe	82
PID 3900 wrote to memory of 3292	3900	msedge.exe	82
PID 3900 wrote to memory of 3292	3900	msedge.exe	82
PID 3900 wrote to memory of 3292	3900	msedge.exe	82
PID 3900 wrote to memory of 3292	3900	msedge.exe	82
PID 3900 wrote to memory of 3292	3900	msedge.exe	82
PID 3900 wrote to memory of 3292	3900	msedge.exe	82
PID 3900 wrote to memory of 3292	3900	msedge.exe	82
PID 3900 wrote to memory of 3292	3900	msedge.exe	82
PID 3900 wrote to memory of 3292	3900	msedge.exe	82
PID 3900 wrote to memory of 3292	3900	msedge.exe	82
PID 3900 wrote to memory of 3292	3900	msedge.exe	82
PID 3900 wrote to memory of 3292	3900	msedge.exe	82
PID 3900 wrote to memory of 3292	3900	msedge.exe	82
PID 3900 wrote to memory of 3292	3900	msedge.exe	82
PID 3900 wrote to memory of 3292	3900	msedge.exe	82
PID 3900 wrote to memory of 3292	3900	msedge.exe	82
PID 3900 wrote to memory of 3292	3900	msedge.exe	82
PID 3900 wrote to memory of 3292	3900	msedge.exe	82
PID 3900 wrote to memory of 3292	3900	msedge.exe	82
PID 3900 wrote to memory of 3292	3900	msedge.exe	82
PID 3900 wrote to memory of 3292	3900	msedge.exe	82
PID 3900 wrote to memory of 3292	3900	msedge.exe	82
PID 3900 wrote to memory of 3292	3900	msedge.exe	82
PID 3900 wrote to memory of 3292	3900	msedge.exe	82
PID 3900 wrote to memory of 3292	3900	msedge.exe	82
PID 3900 wrote to memory of 3292	3900	msedge.exe	82
PID 3900 wrote to memory of 3292	3900	msedge.exe	82
PID 3900 wrote to memory of 3776	3900	msedge.exe	83
PID 3900 wrote to memory of 3776	3900	msedge.exe	83
PID 3900 wrote to memory of 852	3900	msedge.exe	84
PID 3900 wrote to memory of 852	3900	msedge.exe	84
PID 3900 wrote to memory of 852	3900	msedge.exe	84
PID 3900 wrote to memory of 852	3900	msedge.exe	84
PID 3900 wrote to memory of 852	3900	msedge.exe	84
PID 3900 wrote to memory of 852	3900	msedge.exe	84
PID 3900 wrote to memory of 852	3900	msedge.exe	84
PID 3900 wrote to memory of 852	3900	msedge.exe	84
PID 3900 wrote to memory of 852	3900	msedge.exe	84
PID 3900 wrote to memory of 852	3900	msedge.exe	84
PID 3900 wrote to memory of 852	3900	msedge.exe	84
PID 3900 wrote to memory of 852	3900	msedge.exe	84
PID 3900 wrote to memory of 852	3900	msedge.exe	84
PID 3900 wrote to memory of 852	3900	msedge.exe	84
PID 3900 wrote to memory of 852	3900	msedge.exe	84
PID 3900 wrote to memory of 852	3900	msedge.exe	84
PID 3900 wrote to memory of 852	3900	msedge.exe	84
PID 3900 wrote to memory of 852	3900	msedge.exe	84
PID 3900 wrote to memory of 852	3900	msedge.exe	84
PID 3900 wrote to memory of 852	3900	msedge.exe	84

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/orangegrouptech/Biohazards-from-orangegrouptech/raw/refs/heads/master/Ransomware/InfinityCrypt/InfinityCrypt.exe
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x84,0x130,0x7ffda0ce46f8,0x7ffda0ce4708,0x7ffda0ce4718
  2⤵
  PID:4124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,14218684648789033074,4652964925556218274,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
  2⤵
  PID:3292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,14218684648789033074,4652964925556218274,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,14218684648789033074,4652964925556218274,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
  2⤵
  PID:852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14218684648789033074,4652964925556218274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:5080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14218684648789033074,4652964925556218274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:2084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14218684648789033074,4652964925556218274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1
  2⤵
  PID:5044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2072,14218684648789033074,4652964925556218274,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5988 /prefetch:8
  2⤵
  PID:3728
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,14218684648789033074,4652964925556218274,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 /prefetch:8
  2⤵
  PID:3920
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  PID:544
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x24c,0x250,0x254,0x248,0x258,0x7ff693475460,0x7ff693475470,0x7ff693475480
    3⤵
    PID:328
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,14218684648789033074,4652964925556218274,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2072,14218684648789033074,4652964925556218274,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6264 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2072,14218684648789033074,4652964925556218274,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5244 /prefetch:8
  2⤵
  PID:3964
- C:\Users\Admin\Downloads\InfinityCrypt.exe
  "C:\Users\Admin\Downloads\InfinityCrypt.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Suspicious use of AdjustPrivilegeToken
  PID:1292
- C:\Users\Admin\Downloads\InfinityCrypt.exe
  "C:\Users\Admin\Downloads\InfinityCrypt.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Suspicious use of AdjustPrivilegeToken
  PID:2552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14218684648789033074,4652964925556218274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
  2⤵
  PID:5616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14218684648789033074,4652964925556218274,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6588 /prefetch:1
  2⤵
  PID:5624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14218684648789033074,4652964925556218274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6892 /prefetch:1
  2⤵
  PID:5872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14218684648789033074,4652964925556218274,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:1
  2⤵
  PID:5880
- C:\Users\Admin\Downloads\InfinityCrypt.exe
  "C:\Users\Admin\Downloads\InfinityCrypt.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Suspicious use of AdjustPrivilegeToken
  PID:6060
- C:\Users\Admin\Downloads\InfinityCrypt.exe
  "C:\Users\Admin\Downloads\InfinityCrypt.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Suspicious use of AdjustPrivilegeToken
  PID:5272
- C:\Users\Admin\Downloads\InfinityCrypt.exe
  "C:\Users\Admin\Downloads\InfinityCrypt.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Suspicious use of AdjustPrivilegeToken
  PID:5780
- C:\Users\Admin\Downloads\InfinityCrypt.exe
  "C:\Users\Admin\Downloads\InfinityCrypt.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Suspicious use of AdjustPrivilegeToken
  PID:5556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2072,14218684648789033074,4652964925556218274,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3132 /prefetch:8
  2⤵
  PID:5764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14218684648789033074,4652964925556218274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1848 /prefetch:1
  2⤵
  PID:5124
- C:\Users\Admin\Downloads\InfinityCrypt.exe
  "C:\Users\Admin\Downloads\InfinityCrypt.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Suspicious use of AdjustPrivilegeToken
  PID:240
- C:\Users\Admin\Downloads\InfinityCrypt.exe
  "C:\Users\Admin\Downloads\InfinityCrypt.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Suspicious use of AdjustPrivilegeToken
  PID:5584

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1600

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2920

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3004

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5236

C:\Users\Admin\Downloads\InfinityCrypt.exe
"C:\Users\Admin\Downloads\InfinityCrypt.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
PID:6092

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\icudtl.dat.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1

Filesize
16B

MD5
ef20d14395e6854480b320b112beebb8

SHA1
aca1f5772368d93ebbf8d03749dc00015d540b9d

SHA256
9468610b43a1d630dafdbf3e1f348fae57a36f4c67eb1fe8067ef5bb2bc5ba9d

SHA512
f7a2e9c40f35011dfd38e8f55056fc6d48ebbea2eaf6ba1253cd2827bb284533615908c510ffc16942a2d63d5017d09739d30a856263051521edefd2b1cd850a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_remove_18.svg.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1

Filesize
720B

MD5
3d36c820ccaa91e05f7ba5667171acbd

SHA1
92aceba63ea2abb726b001eb51e17a8baa1d5280

SHA256
d2de1299d4f184105d342d20c2b3e5fa8accb62d437602342d4b2bdc1580ccce

SHA512
aa766abcd8b23e7c9b9b98886a9066a54058e1d88a1b8df3644ac2c2aa4c5acb3ab2634f10bd1deef596b53c3406101cdaecf8019aeeea16ebc4e5a0c0868ae0

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons.png.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1

Filesize
688B

MD5
a385647d7b2da3efee3889d637e6dceb

SHA1
4b177ac0744c492d56420236b017c121986e63fe

SHA256
2d8821cdd2a8c705ac86cfeadd74dcec66f3c5a05cc241f71d53f4bb816772b8

SHA512
ca520b6b1bb639723f2e196a8247de9a851d1fb30f75c07595de35650b54cee6e2a0d203b4eb42632ae68da099b994768bff4ae06514cb6add856f196cc85244

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons2x.png.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1

Filesize
1KB

MD5
f9f3a742ae03029492bbf64c758de98b

SHA1
5e28378a068dce6c4dca242e2abd9abb27bdb464

SHA256
34c4a1f5681a848aa048ad42d9c3365457ef65c7eafeb2ba03fd8e68f000fc6a

SHA512
cbb60bf1ff2b0d5de1cdb66aaa96753897673f32fe33277e16d404ee9cae0c935dede86892d9cf9b1751aa0e00e4897b4ee778170a8d7a4b2f7067b71dfd9e99

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon.png.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1

Filesize
448B

MD5
cbbb35b43455f16ead9705a6e67c5270

SHA1
027295d3810a389c48488283bb1656e9aee71da3

SHA256
0fbd44a96c34db0000e8b42db29ef4ea58e707cdc2658982754ead09efd128d2

SHA512
c39a6a45cb3e2b1a997369bad2ea64db332ae8e272f25aea27bab7268893fbaa1e39cfdf24a141820e89e1336ee43c98e3a675a6cc8c93f4677959a2b6c8ce54

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_2x.png.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1

Filesize
624B

MD5
9556aab70ffbd381b43280fc2e25dd25

SHA1
61d23de7fdb832654efa8fc810da7664137c228d

SHA256
625e228e3f94312110c67c14be19ec662779304cf1bc9382b9cbada80a8317ce

SHA512
fff4055b255c98491fba6801c762da962269cf90171020bb03a791b32322eadea2e732f277e602581eeae89e77d184c34980998b794bc28f6a54b927080b9adf

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover.png.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1

Filesize
400B

MD5
d0500aad4d1c142ea651b1c699d274d2

SHA1
5890501506f289800ffed9352778095a44d4b080

SHA256
fdf46b5aa1a26c673f52798264b5258b88c5560d18b0b73326e0b9317470c856

SHA512
a36b49c32e44c93e547c892481b6ec52dbfd84b667ef46a4d5d6311802ed57ce3585da1e57773a1fbe635ad13c8d19d60f6f2f567622ab00ccfb1e0c06f6b0fa

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover_2x.png.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1

Filesize
560B

MD5
2b68772c9d72f3b237f02e77e8998f54

SHA1
b96f9769bb24a38e32869b8fc0af71ede6f9be02

SHA256
8d9f8a4198e9d79e05122f87b864c8b30231d29f4fad085268050c5cca94ced9

SHA512
78f6520255792f0925a48d9c20e09c634a5fabd22be5b2df2cd2848cf75cf3de3f25f19dd3598e397d3e743e48ee94bfee02d04ee0bea8b3c424f2202648a462

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon.png.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1

Filesize
400B

MD5
cc5c60c3f4e063f2f6f7fd66861b7249

SHA1
a8ac3e0cd3a4ebdbf4bff90845fee79fa6698db1

SHA256
d6e3875d405a63db643c3c514c9b03920aa013932726ed125303e7c21bad9cb1

SHA512
9e777f57a09b44b22dd7905d98977268d64703d43f32e7ac6b7b284c1015a7f39bc061b31dba68b085f57d777afcb789690a704754cd3cb274d4a45758780b58

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1

Filesize
560B

MD5
e58230383e558ca59e9ac67d649dd046

SHA1
0a19345e33d7b67743789a51d586af0d684e7ece

SHA256
812413a53bc2b2724b092ce7d0dea678f088d4d1fda7b46139354a9e79b69ae1

SHA512
ae4a5cd0b0cf5f061c727983d38d2e72046bc320f4d61d23c3f24ec411874c5eb3756067f12334f0f36fb5fd7c6fa9d28b7e1886602df52e023e2c9f01d18b00

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1

Filesize
400B

MD5
1a53654af52ad41e89e920b0befd4df1

SHA1
af958b47a22215604141dd97fa25befe965244a0

SHA256
156f4d7cff667d859d428029e97d74d3586a05f7364973e49b15bd7a4a5b1d76

SHA512
f81db86e4fc937c0b8a58e5236c064019e64bb854d506141f6eb8fa9bd34e203594331273ac505c1bb89c7c16d76996705f7ac8fce9e99b32974697d57005172

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1

Filesize
560B

MD5
fd12a30e5823ee373248ce3689010a66

SHA1
3794f9e251251e9b4b96a12b87e01e1c9f0872ca

SHA256
b74554058e4751260535e3ae3d51de9501db645a207dcc5f36f0dc24ff328a60

SHA512
21c234244a41cb344d1c8d03e2a985a0c486b0b3bbdb9951680a4d5b6a4e4c30d43dd5982102914d07605696e1c11650752417fd4e12b17af6d7c193639fdfd0

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons.png.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1

Filesize
7KB

MD5
70b6880fc595bf09d63f66486c6b9285

SHA1
e817f4dccb9982986551fd4fab0a86419a8da862

SHA256
886f5b505bd30efdd97204c1c94b52741e3598f9a5b9135259a0535b6f0e4c96

SHA512
3359fda77235e61d9dd111b1af59a3f0ad6c02bd5b2d467b8c0a6febdc421a1fceba02d2e37cb20282b520d9cc5d646873f43b07697ea107a06a41c507de9435

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_ie8.gif.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1

Filesize
7KB

MD5
5efa52c0b92fd2ec1231d7bf9927ea8d

SHA1
965b2ceb8ca904f45bf96ff2dd30c5cbdf789ecb

SHA256
212bd3527ce03ec1b6692f27be35ad98b92b4dc7e61d25d1ed521145a204895f

SHA512
131b1ce9c0d0008a1f93d2ba809fd26de91c6400cef9baf07db3a0c6e6d2581238cce247386d27f9aaa105fdabce1026932a6a3f14c08f93e2e47019d5e2a149

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_retina.png.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1

Filesize
15KB

MD5
fa558a9628c6aa17723058a2cb734f8b

SHA1
3bd6e4542b1b4d1781ffca4db5ce7b5dd2c14c8b

SHA256
958bff1b47021966b043f26a282fc98f0a15b7c1c63d743bf1871d90b18994a0

SHA512
944c3b25a2ed07fb7cabe7eb2643d34761102e44ddafae9747cb979e453dc1cea9dbd32141f4b458797088c14cd29896d48a87dc376765338547ce1ada839621

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons.png.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1

Filesize
8KB

MD5
eae03ea0f312ce7a73cad38d541dcd86

SHA1
5351a99b01ae3a3a993dc15950562465804ed5f0

SHA256
a3b341c1265f1ceaa4ece8c69914e9de99f2cfda609afc9ef2425b9cc374308f

SHA512
cc38288e3d184cb921fdd3ab78d176ca950b10278e75da669c1a7b68aa3726defcb229881c927e71cd365549c9bc6cd6fb44345420ccc3b4bc454b1426ea4b61

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons_retina.png.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1

Filesize
17KB

MD5
4f5a1a5ab1619040bf13e083dfa21a84

SHA1
a40463e4065df589440593838d5109101d1e2b72

SHA256
adf482333d5795710d195628e0a781890ab8f80060d34be4b1f0dcf6f52c1012

SHA512
45e0850525e9d69564f0f550d18e61b221dc211f06c3d6777a5b599c0ff739817bb62dc934780fe07a2242877e3b8c0c88cc113920144f09424702504d343f90

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_pattern_RHP.png.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1

Filesize
192B

MD5
436a4acfb0e04888878234407d2cf8ee

SHA1
b4352a92c4e19456ee236a91c520901e2c426e60

SHA256
e87e0ffb91062ef6cc85c890c01da560531f325b046e04418bf24b2fdae1b76c

SHA512
dd0dd75d9aec60ac06b8527f655867055287e11f0ffe6ac82fb1ea24eed46e1c6ea27913e4557e4c36887ca52ed131ea4cb04396fcfcb9ee99bd1755a3c35beb

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_patterns_header.png.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1

Filesize
704B

MD5
ec7c28aad2f17b48cd842139d085d903

SHA1
c8322f3a2b2b0c9d01fe005541ecb3f091534578

SHA256
f4b000c7f92dad53ececbac35841371a916ee984b999fb064e17a16d7d4d59f2

SHA512
1ed8bc77e955cc58c94940543356767c98387901d035e3a906c8bf987bac94514780b7d3d4c9d77480347e6e70104b4be7b96a3bdbb7c95f32ccb3b402605e23

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations.png.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1

Filesize
8KB

MD5
4a49ea640a19ee00fc0b74151a255446

SHA1
5979482bc65426176c43c11b4be40ee74a1d5b95

SHA256
3edbea8baf60ab84715b26cdc388f234bac88b938796d72928432098cb634d70

SHA512
213d573f17544c01b2177f358b242804ac67cb318a1a77ebd5cc66e77fcf30f04b14628cc190df5d90d90d6fe823624cf75d09d4e81857d4c5a5250707f029a0

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations_retina.png.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1

Filesize
19KB

MD5
dfd0e48e0144a2a851f4b602bf1dd144

SHA1
7384f8731d2468309b9389a23790be64d34d1900

SHA256
491ee5346404276ecfcd07e9914164a1f0c0aca193d020234403fac640e4ef35

SHA512
2554c6ab74b3410761965ab039b142edcb2d21761ab4815d27ed0c2e3c13c72383a54f6917f8adcea1c857a4d75079b2b6890692213aac5d564f9ba340838af1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-gb\ui-strings.js.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1

Filesize
832B

MD5
2615e56f346512fdae12500061b81477

SHA1
c4c223ef8a9ca1fc76892d6d2d581e0e9761dd06

SHA256
8efd39453e4a63f64c1c1a763352b977ee638c64f767ce1aa1f122566aa650c9

SHA512
54a0b58d16116c7111bcd1ef7cb4140de2cb1e823272fb5ca42688d7e207ffe95a2f88cd3082022598ac55c61931e7f209afba375d385c6560ca87bff4299f0b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\css\main-selector.css.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1

Filesize
1KB

MD5
b2582b367b792adf743b876896badd89

SHA1
0b0bbd360728d4f95253a863860117dd59a1d45f

SHA256
54b366884cfa00188e940af30b15b17d054e6a6bfca9989b0b96f6407fe42e50

SHA512
28cc5ef5052b579cb2a6ba5580acd7d852323bf856f1e34c4607316050bd699585aca187dd4c0acdf18db03d595f1c64ee3d234acd0ce685d35b427923952b97

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\js\plugin.js.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1

Filesize
928B

MD5
257ef9fafc02520a3e7eea9d25b31cf4

SHA1
a5d17464f6b208d03ba4ac985b0d98f2f1b70b14

SHA256
a23c7d7e7c0a08eca682347fffce96401571c2ce012654304f885067b464dfad

SHA512
5969d059c4114dcb602f4f442b1a140a4d60144817ead7d5259df5cc9fcc6322040da502af552b49c784cabc6ba754e8a3c82236601e82b8bf6c56619b370959

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\css\main.css.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1

Filesize
53KB

MD5
86203dd4d9d0d73f6627dfcc651a1df8

SHA1
507275ef63cd3fe1ddcc3dc2dc5155e7f6cd5742

SHA256
97709456a72911f36f38d53ee4e1053fe1a688d278323af9c879905f5bc4e516

SHA512
e0640e17a7b2ab46da14e129106fa2958b037bf01d7e1b8f1a28a9f7c75b6a1e3b09cd49d62b2868da51def581b615ca95d274c6d5ceb2c6cbc1c1aa68919919

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\bun.png.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1

Filesize
2KB

MD5
167971e1dfc8f991a80f5913c74c474e

SHA1
0d611f606075187d1afc45928674c183566f4dfd

SHA256
590f146288843919fe6a81419db7cec31845b1aab8dc001ebe8a2d9000f4a577

SHA512
598636ea445ecc0f742a3c92811fd55521f872621e257f77283b91d91a4e86ece4fb3b46c1c0d6b9210ed75a9394277d8e3ef33ce17e488c0355f16c6cc1150f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\plugin.js.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1

Filesize
237KB

MD5
d5a55eeba1024ffac8fa3491a608ef02

SHA1
8819680a3e5d8b9cab49c78d9811d5fef416d338

SHA256
aa3ba021f54db1951942e67d9426556d9fc0aafa89d4807aa13d9811a439069a

SHA512
3d937c07fca84ecb5b826d0c9a10b863ca6cac28b35f7d946fd1006083d76551fef61983872bbfddb85d8f3e38af955e84216db13806986a144f7c99fce61b9a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\assets\Sample Files\Adobe Acrobat Pro DC.pdf.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1

Filesize
143KB

MD5
c0253ea4685be2ff5414326c13133213

SHA1
56d7e1b8919513985a13014ddd121aacdace924b

SHA256
5d57dc83430f87597c7cd987c5779263e95ff85a0cd9380b530e54ab508f3dd3

SHA512
a64ee542db9d80fab3ad5b14e1413a618ff1709785dae59ba9be6b0b006367dfa878291ed7f24c2681bf27f8143bb7a8a9923befae7242b5ef2a03cebd922b84

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\ui-strings.js.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1

Filesize
1KB

MD5
41f74b786d040347ee0ef1a9da1a5363

SHA1
2e5d7c19ee97f963d79edbf8ece653392ffce50e

SHA256
6bb5b7373ff64d72a0c4714e4cef27c255a29aac59446588d35a21699965b544

SHA512
c32d95a96a8feb46824dc30d6b629c858783b6d969ec4491cf6084592879d5c8a126ba2e3dc243a284604ec2552037677fb1a33d90b6a55d77625402713f715d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\css\main-selector.css.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1

Filesize
816B

MD5
e35df0897176a0b9d495fbcda1cb63c6

SHA1
361e2748b921c975653385ba7cc7c4ba44aaa05d

SHA256
462e85e5f23cfbb3d11ec50937ec31182c5f95666bd9671111e20d4d00bd208c

SHA512
25be67f83cf79584d2a18c9c304a6ad08de01ee4330d87d9b00a2c3da8fea40be50dc14537b9252a195325560c316f7c7208395b7db2c40d045a9f4f239948ce

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\appstore.png.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1

Filesize
76KB

MD5
76a7b78f437323c1533371297a08d89e

SHA1
f67853093a83616186b336ab15baf86d16695931

SHA256
2891e618e7642677949aef1b4d4b722b018fab80ff2068dbda35d05a8ddff3c0

SHA512
642808eed1860c6459b1ea147cf654cfaadacf76df3dfa152d1f578b5750ea05c4510f1048d7032d675e5f356511e3618519d4bb01a3230ec3654cae9b078172

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ui-strings.js.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1

Filesize
1KB

MD5
d53400c5491009a4aa5a9945053f6cb3

SHA1
75b31d5b84736a06d6c36a4b55e27a90a5e73b2a

SHA256
cbb2aa74975ce7ee90bbca63af516cc906365537fa268cc07a166b57aacc2ddc

SHA512
61b76a6797e66ba44862a740262f9726ff107ba81c6c0941ea860b349158585078867f1c674340bd85938bc1f268fc867b4aaa30eb52ca8daa9fe3d6882ceadf

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\css\home-selector.css.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1

Filesize
816B

MD5
8af92e4ff0e1ce3133eb2138022d5140

SHA1
d7ed9c2fd3088b192c7329bc8d8c459abe37efde

SHA256
d625510f566549a965d257b4d6744efc29f75ddbc4db73a1bd5dfd3215f2469d

SHA512
ff014a55a0d476f5697d8abe47a0e4f211dc774c4a82bfaa4e823bd944ba7b9117f1823194b2b1e1995f1f91130d9b0a400445f2cd2cc614696a88a4bd29e04d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\nb-no\ui-strings.js.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1

Filesize
14KB

MD5
4edcc36dcef148e7cd32e85d41e464f2

SHA1
1239d5ff87f4b77f432f7b014b5a6e25098f4611

SHA256
d3e21523b0e3f40ff3078c4c27971fd895753ab72797fbdc044b63daf36dbcdd

SHA512
273b51873a09e00941ffa7e3b8dd1939bb508417b16caed9f347b156c4bb7eabf25715797e0b6c22201173d931e7e43484222fb4c910f22300266e381bd64eae

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\root\ui-strings.js.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1

Filesize
13KB

MD5
4e3f339744b574422689987440f48d5b

SHA1
3ee9c1776f59c74892d49207172bf6c2b2e0af12

SHA256
8eefdb3f8589f742cb0ee1e75e6cf1d070216d764f767c95479bbc62db24ac41

SHA512
67faf4d5626ac34d06cb244c7d5d1c336d45163e67421fee8c24bdb138be7a588f4043e7850344f31d7f66f1ad2b554a58562ece93dd54d96efffeb14f60160f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\nl-nl\ui-strings.js.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1

Filesize
848B

MD5
6738616f3c5966f3c96084858d75dde4

SHA1
9253cfae0a5f53d6d7bcb61fee8b44ea4cb998e4

SHA256
1f0380c17bca671564eb63a666d00e51f894f509c749d01f5f0bb45ae9e77633

SHA512
f4e4dbddbe504a85d360c009bae2f3eb0c1a414c9499709c84ff4526dea48f9f2d9a3e07a82136dba49f3827441e31080304c7a6bdf6ff7e793b6eb0b33fdb4f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\ui-strings.js.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1

Filesize
1KB

MD5
ebdfc37c95f87920ea68fe6b69ca37ff

SHA1
1e22322dfaf03d2dedbee764d1ca81c56b81b93f

SHA256
19eec073c2061eaa02e893b012e995af13d6f68a445c3c97bfee39d5f06bd8ff

SHA512
7c63eae6a647291851e1589c9cf66604b191e54b9eb7cac9c16d8ffdeb7e60ff484ef3c0f5a87d4965ce10810c85b5842edce2fcc4610036863cd3aa2577b4e0

Download Submit
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1

Filesize
1.1MB

MD5
2cddcf7b9d0dfa896485f21037d05a5b

SHA1
fd1a366023af1ba1f93e50573157d6237162ba30

SHA256
2ff9de47ea079bb691800692f675c0deddaa6d395427e930503f4debefc8ec3a

SHA512
ea779487a35f6e99450466d4c4abac9e6b38c6b14f9a1f80f23e83fe0fc6ead0014b6bbfa4bc0c1f08a289f9f57dc597a68aa1d24c238cae6267d754d786d0d1

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1

Filesize
32KB

MD5
6becc4fc51dc754a97db458fca68e8de

SHA1
c44177c3a9a64f49c07ba6e1a9620c88e88bdd55

SHA256
a70a7912b20b6a76a7e642d42c2284931c46558915d25731e4a482ca2f01b976

SHA512
c27f1d0dc47365b51cc9bab727da67d3666a752f4aee6b788f39ecea7b70f568b5d341b3f23e0ee01912592f1651a744d21f25f8944b1a766c5c9afb785b4e84

Download Submit
C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\dao360.dll.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1

Filesize
596KB

MD5
34f991d799d3a97045c8e34344a73524

SHA1
25078b93a63aa2aeb9bb08f69c4a3a6b8e4b9d41

SHA256
d86132def8471d43c7a845a8a42e537de750bfb38ff57c9fb87ffc9811767886

SHA512
08a08e79f43bd2bb34d2ed4388350a4f919985d8c5022365cc4b296af771742d95428057518cab532b84972dd3bcd3c1f41a266515bf3786c15a6bf1ac9dafbb

Download Submit
C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\dao360.dll.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1

Filesize
596KB

MD5
b715c1905e0b69a643626fc3f61f08d9

SHA1
6bfeecc59e9fdcda5054d3766260230c6615630a

SHA256
18d4bba06fd0c73462055b0383001a61eafec4e3272325a35435ad00572c5847

SHA512
5cde2a1563f10671ac708325c100c5cb86b15a32e980542bae7237fdc3541c5426b106f666cb0cb69470995008ad62a2f3dd9970cdb5169e53898e3e61527fec

Download Submit
C:\Program Files (x86)\Common Files\Microsoft Shared\Filters\tifffilt.dll.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1

Filesize
172KB

MD5
a39c5944295845b725767b0b574076aa

SHA1
b2696723a6e62af30bd2c0bbaa96df7030a4cf49

SHA256
d8e4e147e27c08adeb46421fd7055f1d735b8b56a670c9b7bd7e3ee75d7e755a

SHA512
f4a9e96c863fe2d29b78d6630f84ce46985443f969ee666b9a41beb650cdfba641e926b3b4eec9167536ccdb052d56ecab9c267adbf0f9324c8d9a5206e36337

Download Submit
C:\Program Files (x86)\Common Files\Microsoft Shared\Filters\tifffilt.dll.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1

Filesize
172KB

MD5
94fe7119f2438ed8c040cbe1d894934a

SHA1
a192ae47e43102b326029883377b39008eeb8728

SHA256
79e1358ad982ba7965e02f1784a42651d236e07fe3b237e3ef5ef874376cea48

SHA512
621580a64856467f99b287f1e952ba106721b9077ef73e5f1f699d4832c54355f14549ff69b401fa10648cc88b934e9f9c1f54b8c89710aa65b3d0a57ddc739c

Download Submit
C:\Program Files (x86)\Common Files\Microsoft Shared\Filters\tifffilt.dll.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1

Filesize
172KB

MD5
790f8c2f477b98335971a54e07b66deb

SHA1
114b626a3fcb64143beea8f71b3e3958637b38a0

SHA256
19f7b9e07bcd2fbfb7b348157f815987acae623a2a7a0e86bf1715a739a1e23d

SHA512
57e8993bf75a2bcfd3a76548ecaaa6b2b7ec402455b68f2b10b80473d5b175a11c40f13b444d399d391219e3d14f8568866ea36fe8b74f65419640b10d4d84b6

Download Submit
C:\Program Files (x86)\Common Files\Microsoft Shared\MSInfo\msinfo32.exe.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1

Filesize
331KB

MD5
b86584f715b6f09b1607343cd8df763f

SHA1
63540ad008c42c4803c891fd2219e7e612fbbf4c

SHA256
28d93c1ec34532e73229c8df120052d77b9c0ea26a3ac07eed34002600b4810b

SHA512
b441788c456053d7548997aa85085ce2fe5697750cff4985922930693d1a07e0a3ce3d4105fbdbee52e6636441b1c31899b09afbee32aac831c66b194914e3eb

Download Submit
C:\Program Files (x86)\Common Files\Microsoft Shared\MSInfo\msinfo32.exe.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1

Filesize
331KB

MD5
52c687f897db9910b3a47fd6beffb588

SHA1
638a761c3728b3b40c018037ffa04f2247d18802

SHA256
3bcbda16c3977988ba9cf7aadb8907f508788d40026d8ec4ea057b4d66b16956

SHA512
20e6a1716aa29da27c56b668af91ef5da5b3873e24149e409363d572c8a74b46d20a46ef489262b08add82075aee7bde931a16fd7f302ce5faf42c9f5c2b44fc

Download Submit
C:\Program Files (x86)\Common Files\Microsoft Shared\MSInfo\msinfo32.exe.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1

Filesize
331KB

MD5
0cefdb3f5d057682af143f2dc086bc80

SHA1
a9bb6fb71151badfcbcc1772168c1c2159d0bd6e

SHA256
f01527d611e52186eb0a43244d5d28a4b11e31f3b8b9b7ae62202eab92a1fa18

SHA512
a9550c109f4358bd838afc200417428d78b040c01b0bb83cc8364bc258fd3c0a857173b1322940baf36716e8cfa67db49aaf993fcf7f71dbc442da8ef3424db6

Download Submit
C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1

Filesize
801KB

MD5
81573b25b385ab9ce08a9f78168897df

SHA1
e4c5548f68a8c4a45f63678c65ba1542fca69bbe

SHA256
53a0d41831bd91003517e5ef900b270523d41eeec8c45fc37973e22922a502dc

SHA512
40ae8977024d68e147c2a142a478635c1251c7560673f2b9e4ea9c0c5b6149c2d7899d7ea63b25419243f430eba2999d265233bf8e5b10acd56d106cbde63219

Download Submit
C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1

Filesize
772KB

MD5
ab9d0f0a82760438c6578f543aa45268

SHA1
e66c85f4a3edf66806668c4ec274afe5f866dee7

SHA256
cfc7a135c23feb60e6ee4f2ee61be0a00fbf7d57e1f76363700c1353a621a12c

SHA512
ed377f61fc934dac0105e7a6c538ca14cb1964b40635c472dc957c6263220eec462f4df792bf8113f41f89d65d355eabea7d8031f99e1072a5037e6a280d9b08

Download Submit
C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1

Filesize
704KB

MD5
e644ca16904432d07eea29b074ccb653

SHA1
ee1d6190a8475688078236f98a7c47af2ac30714

SHA256
a471f0015d4e5545a83fcd86ae15bab9a99182aa351a6e9e6e659da1351aa3fc

SHA512
68c2ac6d583cda6d800ea014e0cc43d593ec842f50f70d268391ee1673d73601efd9b7a994670f9586388778a0678e2b0638c1b44c2d0bb628feaf1c78a83bdf

Download Submit
C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1

Filesize
120KB

MD5
8da1c59e992a36379c233cac5cfd7ea8

SHA1
ded75d55ed5878e394849850bb851e7c4216da8a

SHA256
a7fef9eee2dac629d26fe0c3e28cbd2b764e4ed35c8c844e8580179ad276d2ad

SHA512
b3e77fe76401336f06a13af0643595ff5acfcae8f1d7ab51239f1098646c09f105f9422d39e1b14dd5a84a25cc1a20b70980fdaf7a14a743a47babbf8370279e

Download Submit
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\dicjp.dll.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1

Filesize
10KB

MD5
ae852abfb053dacd78ae0876afcae252

SHA1
ead23871e569be9e5cc4b73098f61863875f9787

SHA256
09dba85a5b57a07195210a6430eddffbff00104e34d667954ddebdf1ad49b5ef

SHA512
1e30e76d606e813f4f8ba207266809679d841ff7e1b10a29388fd693fc353d6b4872e13c973f5e593217941dfcf5497110ac51a3eb3bf53d72cee840bed77ff6

Download Submit
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\dicjp.dll.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1

Filesize
10KB

MD5
e0a4496c6edfd81c82042f7525126da8

SHA1
e2a47c6947b6febd6ceddc146e7306d19ff00d1c

SHA256
a2f9ac42f35b71b436b21186f1f90ea9daf70139f5589580b111fb3aad2faf50

SHA512
2634e986a0a9a22578f3e79d8d50bc3293588bb39da04b47a00c83e54ec9c8ac177edf05caebb4b56cbe2fd1e658997a9ed9e24ca11a5a3ed1ff1033674006d1

Download Submit
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\dicjp.dll.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1

Filesize
10KB

MD5
6894ad60049a763d7d5acb6218235706

SHA1
8409a7bfbb2092107dab650b4e628d560f8a997d

SHA256
980b174176a694ea845a02e6d88bf6225ed3a00a9862fac6a0c2243d849e3ece

SHA512
22fec23b7ab668c7890ff7c5ead00a3e1ba4816689fe1dbb98caad0dd9e56cf5a69572a669f40240fe5b58f6d66ef8dbb75fcf816bb1b2d0fe07132fb94be51a

Download Submit
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\dicjp.dll.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1

Filesize
10KB

MD5
273a0468a75e19825792c89d310dcd2e

SHA1
82a6700af123d9f7075a60bedb4f6cdb5a4bc270

SHA256
c863e4dce4049ba636a055912c5096b3be2224e312b4f35c1fcc3b4576360304

SHA512
5142eea855bdea805884afc93e9d04653f34af44c8928c910bca5bd27ee31e91535804a63eb7f78c9d0be47ff49adf21916f4ed6df4631e2701db8ea27180c46

Download Submit
C:\Program Files (x86)\Common Files\System\wab32.dll.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1

Filesize
728KB

MD5
6270a3c5a14d0b970066653ea952f97b

SHA1
a42230812474b418945e0afc57620ce705a8c396

SHA256
5fb369679c4818f6c8cc9f2d854701087b7ec539584f687e5334e795b28ef975

SHA512
c98f5f9af739f2c38d3c4e27a3fa0b4e1762dbd5c699c71e03485657b8e2eb42b6b2123cbcb1296b1608fc1bab04d6b07585b9a0b2fb0763e30f62084dfa9feb

Download Submit
C:\Program Files (x86)\Common Files\System\wab32.dll.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1

Filesize
728KB

MD5
0eeab0f7e932d99b7afe91b79c49f58b

SHA1
0b56ea680876ccba2a0e910c4570061fa6f14866

SHA256
619f286781ccf918e6869326f62394b5b947568aa06a7c4c8b908be4bde27bad

SHA512
729fbdf5da7aa55c5333317479a9ecec4b28b082bb378b1d57d8494f9fafe86ef9bcbe1030ce2f0855ddd0a069e5537c49878650781781e457b4ac121aff5a87

Download Submit
C:\Program Files (x86)\Common Files\System\wab32.dll.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1

Filesize
728KB

MD5
20e4b7030339573f58812602cbd500a7

SHA1
6427edb3782098bbc71a8c16a38d2bf730f0b9f6

SHA256
b89d734ad20dea09545483bb3cb342832ae025ac08f0db4e2d76e1d0c5b69528

SHA512
7909b787481ca1ff432ce5c65a95e52a6cb6fd494d9c707f392a6e430d787d2e6c57b15e6ea67316a76a0a70cdb44f6a4a7a0a08098680cdbc9025f201dde013

Download Submit
C:\Program Files (x86)\Internet Explorer\ExtExport.exe.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1

Filesize
44KB

MD5
930d2b7474466db5560d89ff7785d1f6

SHA1
27fa4b25fecb29cf0a1d7cd9916e0663abdcbccd

SHA256
17521cc8431975ba9254ff619264c1806aa995584b03e1ec09b9549c908a9040

SHA512
4ec04a8d972b58cbaa6f11396aad873bbe4697ef93b5378b666dce46c223e853bcabcfece050ca17a7d6df58d62e508fb0485112cabff51971c35579a50d8652

Download Submit
C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.Targets.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1

Filesize
7KB

MD5
badc2ac40ea255585b669b6f2ec2766c

SHA1
6700cbcf965884e13bf21300ccbb794515295bb9

SHA256
58fa6dedcac790782d2c8a416ecd7928e4539330e67163d381773c6e4c5fdf41

SHA512
20ea0c74ea525b6f8f9ce7797dab0fc55bbf9cefa7524ea5a48dad88fc1eec17a48d3cb67ae601f49a379fd87b69338bb37c1383905639a5fd1e59681966932f

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1

Filesize
3.2MB

MD5
f998a6eef9710c128154bbe371c7ca38

SHA1
7823cc2ddc1816208e406baaca5b4a9f7616a5e6

SHA256
72484d27208c7b4c411d8e9657dc5fdc2eec6b045422576685e0f9b32f8d2746

SHA512
3e3abcdf2841b407ed6706438f2569313293edd097ac9303358c02ecf1e396771c970b86f53d726d117a878dcd202a28dc3e08d8c4901b8deca5283b0edd8184

Download Submit
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\PresentationBuildTasks.dll.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1

Filesize
584KB

MD5
45fb5cf9c53f6ab3c830ddbeab2f258b

SHA1
7896a89763010385110e4a5a27286935517bf97a

SHA256
06473a6bdea9605d88e847de8ef8b3868bfdb65ca00b330124762a8155637801

SHA512
e9b9196233ea7a074e1f3a56787492c9c110e8864aaaca83b98b8d9eef12124c6cdc10bf59593633bcda9af46531880d8b16633bedd51eb1d5657d6aafdf9112

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit\Reference Documentation.url.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1

Filesize
208B

MD5
4deea076f5bd2f72e6f2102458cf89b9

SHA1
f3d859cde0ce8c673286f03bfb55ab9cd883f268

SHA256
9f32356eed133ae4ef3466470cc45c3c3d1a0c8959c2fe71af061dbd095c4108

SHA512
902a3174e007816ecd6b2a27fc90ab791f2322324497b127e6746ea4ec4f26a14b179a57034b0e97a3616d2939fb1d94daf17ccc14cdcfc1f6b44c1eb322c0b6

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.url.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1

Filesize
192B

MD5
2f02dd8ec376c55f0035b7222b299190

SHA1
13202e45c645dd11feb96b1d47a497a21b2251a4

SHA256
6eb4595550cbb33a1f0f4cdae38e12183195768cffbc5cb69272db71e281fa4d

SHA512
d12d2b7511bf3627bfba11c7e669093b85fd34ab0633661d021cfc884335f1aed70f10532cf919a1643cd4c959f98c7147833ed4cf557329e5bac7e40b559989

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1

Filesize
176B

MD5
f84d59d758d6dec4704894596a430914

SHA1
e3f8ba0b19308ba8ca090ab45ecd6c0f1f913fe9

SHA256
4489ef3d6ce5cb92c01d6beb8be44cfa37c74cc3b9effac639752edb335aecd2

SHA512
b03d78c85817ec74ad8476180042da05c568c5a651fefdd0219675b8a3dd482d358cdd20b41a74e667acafae0923362cd3a6f78f8c519ed526d39625b491512c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0d57a449c855203411a38d5ae80bc24c

SHA1
b361032efa556fc4557bbad595ce89c4b0c13dba

SHA256
bb59bab10e406cd91bdfe4fc0e8ce2817a6ca32fc731ccb3f90b6b79c1a46c21

SHA512
8d4244dc9c0e9518cd71aacaa54d43c1e2d74519e3e692160b2b040d00aac25c4ba7a5705391e50957d46c8c711dc07604effea3bc06c8956ecf717f61008da3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
77fe0ce7e1f9c9ec2f198ad2536bf753

SHA1
2a366472f227a24f3c0fba0af544676ea58438d7

SHA256
c69ca7653724e1e9e52518de8f4f030813e1431223d5b6ad3270531d8df89f00

SHA512
e8d4e17b93fb19364eeeffc5b1016fdbe566a8b8d702005291ff263367840b8ccc76290d8a3ad457d40fb5d1c2204bdaa5acba9374236c77935ebb0fe597a095

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
261B

MD5
2c2e6472d05e3832905f0ad4a04d21c3

SHA1
007edbf35759af62a5b847ab09055e7d9b86ffcc

SHA256
283d954fa21caa1f3b4aba941b154fab3e626ff27e7b8029f5357872c48cbe03

SHA512
8c4ce1ea02da6ffb7e7041c50528da447d087d9ee3c9f4a8c525d2d856cf48e46f5dd9a1fedd23dd047634e719c8886457f7e7240aa3cc36f1a6216e4c00ee37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe587cdc.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a3942846858922727ec0356161a89b64

SHA1
de813790e64211d31ab312b4f04df5494a1d65ef

SHA256
36d7bdac3b6ab05366022e23eaa49f0ebc6cd1d1358414f049b0d33d905403a9

SHA512
338b5ed93de92c2e5a99aa4da05bbf729204182b20ff0b8ee026e0695e2de9c8311f669470ee7bcfacfb7a36e09995e30e0e726f51c0a41fdc037f1af854cf92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b1f16015d6bd4228112645b07386f5c7

SHA1
a0cf6569532e1ed2710f9f032abae115351dfb08

SHA256
16122e89685279002b5e48e4bf0a2e90722f413adb76fd7b4970eb9bc5a068ff

SHA512
b2780be8bdfecdcc0e617f16fab6edcfc7aafe6ecec8e5285a33f67cc57c3788dfb772bac10b7060880ade78e3a44d638b5ba9feec80248d49007a2be6e71f65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
18fdb7a77210823f1e94b606c8b92461

SHA1
8e19520912e4d1721d3e91bbd0904f8fc671821c

SHA256
a63c9b87f0d92c2e0beebabec012b1074566b599f84817df49b9df03347486ed

SHA512
fd913d6e18bbd7e734d57fe5a1d972401ced366e8b7e8615b08e27d375a0d51dec2b3fa700d07d546fb87ab34832294630e9b983c79d340fa4cc1b371da32e76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
9b2345e425acf05ffaa1dee20d4fdbe7

SHA1
aecf86c5a5d24b77aea68f6bc99e7f42c9048bc3

SHA256
1eb6cc0eab0b222c1111dba69db74281366b9f5dc9f8707ff215b09155c58d14

SHA512
647fc97d693b709ef3b0877b6de1d4f9f4e1085d35b809d27360ede1be52b37f9a967fb80ce43be35d60b52409c7e4036376d7d931c96f0660a2eeffa58a8208

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
77006dacd174a80aa9b867f95d5df337

SHA1
7078db638c72ee5cf4ede7911e4421cc4ae103c7

SHA256
5e22af33da2ed3f3197d9c899a8fec5e2716b54be019c484cd59960da8f143d9

SHA512
e8268ed24af38eaebda4cd864e5580ed1bb63e3e4b72a27fe3404baeb7c8c944a7e79282712ac9d0b33f0123654dedb1984633d6ae2a5b412d6536e2b0389bb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
5c3e5757c4e7fe4692c7a7552652e543

SHA1
5d11b5006e4c9cbe834496188307932a23413dea

SHA256
6ebe653ddfab77b0098d3178e66dcdca57921934005080c7211254d29f02ed73

SHA512
8c9927befc437ff552ca4045c5b6985d8a0c1c5a53ac45820173006c18f6f0b35b5afc44a037ddbc1a7fba8d5a8c66a255d41ab475d764fd7dbcc64f11b38fae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
5574a4a8971158a1992967448c3af9c4

SHA1
b732336d30c4d42203102f6702973b29c84a6751

SHA256
da96e82daf0d27ad3b5b457ca4224997e7fffc3eeb82085b2934a176e8ada91a

SHA512
8689479155808da4ac09ae77b7eca991c80cafdf62188e62b3623b38d6fa1d61a2fe66a83df05dc650201ed75566ff696903629fda71e64af83bb232a84804ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
9fc9c80e83d454f975ed9babe475a723

SHA1
a235afcd13849b4beb8e8e745e3cec4c26be7411

SHA256
cd9323a6516150181b82cc209f085fe74ad1dea3279b0f4ebb816c6347b7fea9

SHA512
d3ba0df8c3a5563420326c53d33bd8d8382abdf935fd10f05d9e55abd1a4a9674547f674d1122eb2ae293f7855f983084e43580c4079db47ca19f78d541ecf29

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
21f7752ead5489888ea90459f6696ec1

SHA1
ac70f4d0058eaabc47bbbe0da7cfb0fbe1372866

SHA256
9676b9d7a86e48211201dfd9d89c2e307ecb17c4f83bd32ebe23d4f07c3783c3

SHA512
944d604e45552a7236ac313458855a5d9d106ce5aeedd67ee123dea6da2dacca5764820c6b9546de83550ba7095f9a63b80f8e1a28bb8e71a30f6f1f1aa69d83

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
07a00b43b8ac694be46d0603d7c89d7a

SHA1
c7f6dc4186162161dab0d969fbe3e72797885c05

SHA256
72ff82ebe3cadedc8e7914ec8a3a49a6eac6c6fc96c9fde7f4433f5a99fc7f79

SHA512
7e4713a48470ad330feffb67899a51b67ccf88aa85150947c193c951fe3e44dd0260f83f71e4d6416de19ca5f70e2b9edc19be834949b02752b7105a80e799fa

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Desktop.ini.AFF900C2691E921AC159DEC84A2D4AB53E9D6F7881EDCF66CE2760FBC0A902F1

Filesize
944B

MD5
3f35ba354beb536e5550bc1580365f6b

SHA1
666f8c082d01813484ed28cbd7b28cb46a672b82

SHA256
b65c52d3527ac0c222c27a6f72e52effb02a7f4f128ff149fb0c331e7025e1fa

SHA512
32a1a368423bfd4d5ba6c8e78830d4fdd1c55f6481004655434a768bd801cbedacd74d47decf96665d14c3f6231a5dde1f80d5251db632d83eee8f2bf808ae9a

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 17705.crdownload

Filesize
211KB

MD5
b805db8f6a84475ef76b795b0d1ed6ae

SHA1
7711cb4873e58b7adcf2a2b047b090e78d10c75b

SHA256
f5d002bfe80b48386a6c99c41528931b7f5df736cd34094463c3f85dde0180bf

SHA512
62a2c329b43d186c4c602c5f63efc8d2657aa956f21184334263e4f6d0204d7c31f86bda6e85e65e3b99b891c1630d805b70997731c174f6081ecc367ccf9416

Download Submit
memory/1292-221-0x0000000005780000-0x000000000578A000-memory.dmp

Filesize
40KB

Download
memory/1292-211-0x0000000005850000-0x00000000058E2000-memory.dmp

Filesize
584KB

Download
memory/1292-209-0x00000000056A0000-0x000000000573C000-memory.dmp

Filesize
624KB

Download
memory/2552-222-0x0000000005930000-0x0000000005986000-memory.dmp

Filesize
344KB

Download
memory/2552-2080-0x0000000008C90000-0x0000000008CF6000-memory.dmp

Filesize
408KB

Download
memory/2552-208-0x0000000000D10000-0x0000000000D4C000-memory.dmp

Filesize
240KB

Download
memory/2552-210-0x0000000005DE0000-0x0000000006386000-memory.dmp

Filesize
5.6MB

Download
memory/3004-3521-0x000001D0C9700000-0x000001D0C9701000-memory.dmp

Filesize
4KB

Download
memory/3004-3522-0x000001D0C9700000-0x000001D0C9701000-memory.dmp

Filesize
4KB

Download
memory/3004-3520-0x000001D0C9700000-0x000001D0C9701000-memory.dmp

Filesize
4KB

Download
memory/3004-3519-0x000001D0C9700000-0x000001D0C9701000-memory.dmp

Filesize
4KB

Download
memory/3004-3518-0x000001D0C9700000-0x000001D0C9701000-memory.dmp

Filesize
4KB

Download
memory/3004-3517-0x000001D0C9700000-0x000001D0C9701000-memory.dmp

Filesize
4KB

Download
memory/3004-3523-0x000001D0C9700000-0x000001D0C9701000-memory.dmp

Filesize
4KB

Download
memory/3004-3511-0x000001D0C9700000-0x000001D0C9701000-memory.dmp

Filesize
4KB

Download
memory/3004-3512-0x000001D0C9700000-0x000001D0C9701000-memory.dmp

Filesize
4KB

Download
memory/3004-3513-0x000001D0C9700000-0x000001D0C9701000-memory.dmp

Filesize
4KB

Download