infinitylock | hxxps://github[.]com/Da2dalus/The-MALWARE-Repo/blob/master/Ransomware/InfinityCrypt[.]exe

Analysis

max time kernel
146s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20-01-2025 00:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Da2dalus/The-MALWARE-Repo/blob/master/Ransomware/InfinityCrypt.exe

Score

10^/10

infinitylock defense_evasion discovery persistence ransomware upx

Malware Config

Signatures

InfinityLock Ransomware
Also known as InfinityCrypt. Based on the open-source HiddenTear ransomware.
ransomware infinitylock
Infinitylock family
infinitylock

Modifies WinLogon for persistence 2 TTPs 1 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "C:\\Users\\Admin\\Downloads\\Birele.exe"	Birele.exe

Downloads MZ/PE file

Executes dropped EXE 3 IoCs

pid	Process
1624	InfinityCrypt.exe
1180	InfinityCrypt.exe
5664	Birele.exe

Impair Defenses: Safe Mode Boot 1 TTPs 6 IoCs

defense_evasion

Safe Mode Boot

T1562.009

description	ioc	Process
Key deleted	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys	Birele.exe
Key deleted	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc	Birele.exe
Key deleted	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager	Birele.exe
Key deleted	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys	Birele.exe
Key deleted	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc	Birele.exe
Key deleted	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power	Birele.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\system = "C:\\Users\\Admin\\Downloads\\Birele.exe"	Birele.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
43	raw.githubusercontent.com
44	raw.githubusercontent.com

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0004000000000731-3347.dat	upx
behavioral1/memory/5664-3383-0x0000000000400000-0x0000000000438000-memory.dmp	upx
behavioral1/memory/5664-3385-0x0000000000400000-0x0000000000438000-memory.dmp	upx
behavioral1/memory/5664-3405-0x0000000000400000-0x0000000000438000-memory.dmp	upx
behavioral1/memory/5664-3406-0x0000000000400000-0x0000000000438000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\uk-ua\ui-strings.js.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\css\main-selector.css.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\bg_pattern_RHP.png.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\lets-get-started-2x.png.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\uk-ua\ui-strings.js.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccme_base_non_fips.dll.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\dot.cur.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\pt-br\PlayStore_icon.svg.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\CompleteCheckmark2x.png.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_filter-disabled_32.svg.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_invite_18.svg.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\fillandsign.svg.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\selection-actions.png.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\zh-tw\ui-strings.js.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\SaslPrep\SaslPrepProfile_norm_bidi.spp.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\en-ae\ui-strings.js.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\msedgeupdateres_nl.dll.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\cs-cz\ui-strings.js.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\fr-ma\ui-strings.js.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\nb-no\ui-strings.js.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\nb-no\ui-strings.js.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\ja-jp\ui-strings.js.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\selector.js.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\uk-ua\ui-strings.js.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\msedgeupdateres_et.dll.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\S_IlluDCFilesEmpty_180x180.svg.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\ru-ru\ui-strings.js.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_es_135x40.svg.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\zh-cn_get.svg.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Mac\CROATIAN.TXT.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\ui-strings.js.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\123.0.6312.123\chrome_installer.exe.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Adobe.Reader.Dependencies.manifest.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\bl.gif.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\images\s_checkbox_unselected_18.svg.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\cstm_brand_preview2x.png.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons2x.png.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\s_close.png.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\MakeAccessible.api.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\themes\dark\nub.png.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\hr-hr\ui-strings.js.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.371\goopdateres_lv.dll.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\msedgeupdateres_es.dll.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\ExtExport.exe.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_CA\List.txt.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeLinguistic.dll.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\DefaultID.pdf.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\download.svg.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\ui-strings.js.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\css\main.css.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\it-it\ui-strings.js.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\sv-se\ui-strings.js.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\nl-nl\ui-strings.js.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\themes\dark\file_info.png.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\turnOffNotificationInTray.gif.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\dd_arrow_small.png.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\ca-es\ui-strings.js.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win8-scrollbar\themes\dark\arrow-up.gif.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\de-de\ui-strings.js.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\new_icons.png.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\ui-strings.js.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Download_on_the_App_Store_Badge_pt_135x40.svg.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15	InfinityCrypt.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	InfinityCrypt.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	InfinityCrypt.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Birele.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	InfinityCrypt.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	InfinityCrypt.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	InfinityCrypt.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	InfinityCrypt.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Kills process with taskkill 1 IoCs

evasion

pid	Process
5868	taskkill.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 296017.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 228922.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
2912	msedge.exe
2912	msedge.exe
1912	msedge.exe
1912	msedge.exe
2552	identity_helper.exe
2552	identity_helper.exe
3688	msedge.exe
3688	msedge.exe
5408	msedge.exe
5408	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	1180	InfinityCrypt.exe
Token: SeDebugPrivilege	1624	InfinityCrypt.exe
Token: SeDebugPrivilege	5868	taskkill.exe

Suspicious use of FindShellTrayWindow 45 IoCs

pid	Process
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1912 wrote to memory of 3184	1912	msedge.exe	83
PID 1912 wrote to memory of 3184	1912	msedge.exe	83
PID 1912 wrote to memory of 208	1912	msedge.exe	84
PID 1912 wrote to memory of 208	1912	msedge.exe	84
PID 1912 wrote to memory of 208	1912	msedge.exe	84
PID 1912 wrote to memory of 208	1912	msedge.exe	84
PID 1912 wrote to memory of 208	1912	msedge.exe	84
PID 1912 wrote to memory of 208	1912	msedge.exe	84
PID 1912 wrote to memory of 208	1912	msedge.exe	84
PID 1912 wrote to memory of 208	1912	msedge.exe	84
PID 1912 wrote to memory of 208	1912	msedge.exe	84
PID 1912 wrote to memory of 208	1912	msedge.exe	84
PID 1912 wrote to memory of 208	1912	msedge.exe	84
PID 1912 wrote to memory of 208	1912	msedge.exe	84
PID 1912 wrote to memory of 208	1912	msedge.exe	84
PID 1912 wrote to memory of 208	1912	msedge.exe	84
PID 1912 wrote to memory of 208	1912	msedge.exe	84
PID 1912 wrote to memory of 208	1912	msedge.exe	84
PID 1912 wrote to memory of 208	1912	msedge.exe	84
PID 1912 wrote to memory of 208	1912	msedge.exe	84
PID 1912 wrote to memory of 208	1912	msedge.exe	84
PID 1912 wrote to memory of 208	1912	msedge.exe	84
PID 1912 wrote to memory of 208	1912	msedge.exe	84
PID 1912 wrote to memory of 208	1912	msedge.exe	84
PID 1912 wrote to memory of 208	1912	msedge.exe	84
PID 1912 wrote to memory of 208	1912	msedge.exe	84
PID 1912 wrote to memory of 208	1912	msedge.exe	84
PID 1912 wrote to memory of 208	1912	msedge.exe	84
PID 1912 wrote to memory of 208	1912	msedge.exe	84
PID 1912 wrote to memory of 208	1912	msedge.exe	84
PID 1912 wrote to memory of 208	1912	msedge.exe	84
PID 1912 wrote to memory of 208	1912	msedge.exe	84
PID 1912 wrote to memory of 208	1912	msedge.exe	84
PID 1912 wrote to memory of 208	1912	msedge.exe	84
PID 1912 wrote to memory of 208	1912	msedge.exe	84
PID 1912 wrote to memory of 208	1912	msedge.exe	84
PID 1912 wrote to memory of 208	1912	msedge.exe	84
PID 1912 wrote to memory of 208	1912	msedge.exe	84
PID 1912 wrote to memory of 208	1912	msedge.exe	84
PID 1912 wrote to memory of 208	1912	msedge.exe	84
PID 1912 wrote to memory of 208	1912	msedge.exe	84
PID 1912 wrote to memory of 208	1912	msedge.exe	84
PID 1912 wrote to memory of 2912	1912	msedge.exe	85
PID 1912 wrote to memory of 2912	1912	msedge.exe	85
PID 1912 wrote to memory of 5056	1912	msedge.exe	86
PID 1912 wrote to memory of 5056	1912	msedge.exe	86
PID 1912 wrote to memory of 5056	1912	msedge.exe	86
PID 1912 wrote to memory of 5056	1912	msedge.exe	86
PID 1912 wrote to memory of 5056	1912	msedge.exe	86
PID 1912 wrote to memory of 5056	1912	msedge.exe	86
PID 1912 wrote to memory of 5056	1912	msedge.exe	86
PID 1912 wrote to memory of 5056	1912	msedge.exe	86
PID 1912 wrote to memory of 5056	1912	msedge.exe	86
PID 1912 wrote to memory of 5056	1912	msedge.exe	86
PID 1912 wrote to memory of 5056	1912	msedge.exe	86
PID 1912 wrote to memory of 5056	1912	msedge.exe	86
PID 1912 wrote to memory of 5056	1912	msedge.exe	86
PID 1912 wrote to memory of 5056	1912	msedge.exe	86
PID 1912 wrote to memory of 5056	1912	msedge.exe	86
PID 1912 wrote to memory of 5056	1912	msedge.exe	86
PID 1912 wrote to memory of 5056	1912	msedge.exe	86
PID 1912 wrote to memory of 5056	1912	msedge.exe	86
PID 1912 wrote to memory of 5056	1912	msedge.exe	86
PID 1912 wrote to memory of 5056	1912	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/Da2dalus/The-MALWARE-Repo/blob/master/Ransomware/InfinityCrypt.exe
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb315846f8,0x7ffb31584708,0x7ffb31584718
  2⤵
  PID:3184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,3984111574058829021,11937571568136745995,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
  2⤵
  PID:208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,3984111574058829021,11937571568136745995,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,3984111574058829021,11937571568136745995,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3044 /prefetch:8
  2⤵
  PID:5056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3984111574058829021,11937571568136745995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:2260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3984111574058829021,11937571568136745995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:3584
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,3984111574058829021,11937571568136745995,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5556 /prefetch:8
  2⤵
  PID:2296
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,3984111574058829021,11937571568136745995,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5556 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2064,3984111574058829021,11937571568136745995,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4988 /prefetch:8
  2⤵
  PID:1588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3984111574058829021,11937571568136745995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
  2⤵
  PID:2176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2064,3984111574058829021,11937571568136745995,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6100 /prefetch:8
  2⤵
  PID:4384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2064,3984111574058829021,11937571568136745995,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6180 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3688
- C:\Users\Admin\Downloads\InfinityCrypt.exe
  "C:\Users\Admin\Downloads\InfinityCrypt.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Suspicious use of AdjustPrivilegeToken
  PID:1624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3984111574058829021,11937571568136745995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:1
  2⤵
  PID:2488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3984111574058829021,11937571568136745995,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6272 /prefetch:1
  2⤵
  PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3984111574058829021,11937571568136745995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
  2⤵
  PID:5684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3984111574058829021,11937571568136745995,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
  2⤵
  PID:5692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3984111574058829021,11937571568136745995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
  2⤵
  PID:3588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2064,3984111574058829021,11937571568136745995,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6864 /prefetch:8
  2⤵
  PID:5344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2064,3984111574058829021,11937571568136745995,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1816 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5408
- C:\Users\Admin\Downloads\Birele.exe
  "C:\Users\Admin\Downloads\Birele.exe"
  2⤵
  - Modifies WinLogon for persistence
  - Executes dropped EXE
  - Impair Defenses: Safe Mode Boot
  - Adds Run key to start application
  - System Location Discovery: System Language Discovery
  PID:5664
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /F /IM explorer.exe
    3⤵
    - System Location Discovery: System Language Discovery
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:5868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,3984111574058829021,11937571568136745995,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3948 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1112

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2044

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4864

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5784

C:\Users\Admin\Downloads\InfinityCrypt.exe
"C:\Users\Admin\Downloads\InfinityCrypt.exe"
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
PID:1180

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Winlogon Helper DLL

T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Winlogon Helper DLL

T1547.004

Defense Evasion

Impair Defenses

T1562

Safe Mode Boot

T1562.009

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\icudtl.dat.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15

Filesize
16B

MD5
c80a744c09fe3bd77532ac3582cb2cd5

SHA1
2d143a087913203f885fcbfddaf0f6ee73e97d02

SHA256
8d10f9a42f4c4e14d56019d7d731dbd6c04ad1b51c8fcc20741a38fa707f259f

SHA512
5d4792d7d8ab9aa3ae6912340a314309da21d7eae94ee1efc4ad7de41da2a6c5abb3c4a0200be98ea9abd870517c5ee9a0eeb106f4621793ab9544d649a0478c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_remove_18.svg.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15

Filesize
720B

MD5
68039e28f41079f692a905fa06436460

SHA1
d42e8a0ac5a1b8ed26c9ff4d49e6573b45802fc8

SHA256
a6fe25d4daa7e6aed047073e785ebd30a07c4366ddbb2dd64ad0ef5822aad8c6

SHA512
e078d7bc8aaceafca85d2aaaf0254216c2103d5a64483e42ab2490486dade14df8078b04f3f807b9dc0dcd08690cf05eea7e78f2f83ec101cc0f7b796a8b8498

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons.png.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15

Filesize
688B

MD5
f09340506f9d46e77577c237c680215b

SHA1
6f3603a77b85a58a3ada6edb34a131cbc086144b

SHA256
2c8fd7de529690b9481dd16755fb49a22d496740e8ebaa114604be4421fe04c3

SHA512
1b66cb03ad8959b1f2b382b2afe0999a0dd160b1d2a6becaf7d4fa8f4b4545921e4e19e549c8d6e1bbf5359eee4b120e1594ac6b08923890fb1f378bed24f9f1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons2x.png.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15

Filesize
1KB

MD5
a42efa523304fc0ef70586d3812f2c7e

SHA1
e57b63309401f08d61cccffec570d7bd4d7fd37e

SHA256
d95bc63cd4afef6605b0dc2a3e147f1e071621297404701e5a48d7d53f3bb60f

SHA512
0e6fcbb8b2bb2fbcb8fdb96325feea188bfd3155a83d81e203b0c6a56fb3ca2992a5756383e35b8811a111bd03b604bc3e73c257bd0e04ba9fed8bfe7244bd77

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon.png.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15

Filesize
448B

MD5
ec36a81ff72a283895a69e4011c6f778

SHA1
dc6a44728f4a9d7052cc071a552b86de6c176fa2

SHA256
0258e7201fe5197b6b3b99fcb88c3b9cb8b13b4b2b16297321f2a5a9234cf8a9

SHA512
d2e019a5cafe33fb1fb838ba86ac3d317c12bb5911d4d52a9549b4daeca8b96fd1cda206ba019285af7bd4dc31a50065160c36c744e4b48eb192ffc2a923fd43

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_2x.png.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15

Filesize
624B

MD5
a320e6c8b36f29c8810c25d54ab2f000

SHA1
3669e33560900f96ec1c70150f434e9db67ddc21

SHA256
7a0cb77541630553ed8b020399dc8ab674395e2917843f93a13a8f9248376e2e

SHA512
6a6f808cab1bd29c51bc744f7656b12eeb7c5fdbe79ea39a831b53439c65921a5a30802db4b99cbcd436fbecae6d22fcab9720b52b2df5a586b48cb23cb32321

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover.png.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15

Filesize
400B

MD5
108a4848a6976c7539194ea1b99b094f

SHA1
ab539d1a94d8b905cd22c35c98e8ae302746639a

SHA256
343a9184cfeb77f65233c40029a5fa851a043429b2fc38bb7500053c9dfde51e

SHA512
68018af1d2fde7eb3bb675d48841b04743092ae2c0e4a50cef74e4b01e28a10628bcc2c1f0965cd66b2df205f7a748286de223ffcd842bec591c6a68c82c253d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover_2x.png.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15

Filesize
560B

MD5
058cc8d5f11a11c8f9e0ecaa977ee498

SHA1
7b7317d475e35d4d28a72eccbdd4afefac5cef39

SHA256
c53437150dab176cf658cbb053e2494b0711e8e5499034037f5559f0f6b0ff0b

SHA512
03b26194cb2a56884432472a8da93c3b6990a36bbd374bc811d5c3d179c2afa4899bd7635165a53b24bb672f45d5014f58581b290728143397f2e1fede4d2b1f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon.png.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15

Filesize
400B

MD5
ffa5cec3f10ab17d56bd83e042355a59

SHA1
51d323aff5c6c6cbb2a47f08e379b875c24a4c09

SHA256
ad40596206c5f071af8d71efb0a03c092a8269092583df175dcfd854cf729487

SHA512
36d7b27ce24fc6e56bcbcc7ea071bb03d3b213f1cc0f4a7d268e773d921f27b0d346a61d0f86668043c73bedaadeaafc746419867c27ae44f3bbbed630abcdb8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15

Filesize
560B

MD5
ce4f2aba72c6ed9a032e19f1b8ed42c0

SHA1
0d9e55ace96fff3f78cf9ed02cba7377ab29054a

SHA256
fc5e0e57e17ef307b4962b9d618530f1ea60b136e2dde27867d9852c9c62d308

SHA512
6bc56787fa9762a330fd34d33ccf38f3b12815d6f32c73c894c7d1fb337cfa6fbd1bc1cfdd210aced9b4ca7487474ca6fb1fc02a5f66d2df8dcf3d8aac32cf5f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15

Filesize
400B

MD5
f1c38bc7192cb8ca7a472ab4fe96c0c8

SHA1
107771cb2a3eba5a2b6feb75b3f99dd28b29729b

SHA256
bded7a7a5e0aa426102b307bff4cbf61842271eb37746b0d445b362859374ed2

SHA512
2b7636d2733f0b4b3da662f87d74393b46de69a3f460f988f38156b6c5c664067915ee130f814813f8a3c2666b16a135b2aaecba23589397b6dd0ef7e0855760

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15

Filesize
560B

MD5
eb3218c9480a69bdc85e43fcf2ea13ba

SHA1
c4dabab5b5db4dfd971e64f8144956c19f086990

SHA256
8b308db4229f4b4431a9d5069c99042b460c4581ad5cf5f4907acfc859ce8ba5

SHA512
e9b3d057a088c0859933cca9b979f6a0c83d7dd3f884286073fd10d7d7141dd63bd2a7cd08959b0f14e7ad783a8800d210d760f2e4c372969ac41eb0a7df314a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons.png.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15

Filesize
7KB

MD5
d6ffc1d50da45e8f9140b7e6bcee6eb1

SHA1
a6be809f4a8a6b927f8e890c38d705ae21e25050

SHA256
ab4b7c3bfaefa4ae288d19779042776f49c5bca37d2e87ca37ded66c2ee2fbf2

SHA512
f302dc683972ee615f434f9f3be7645bf1aa04fc134016ff44e0bb65476685aec5a9f9e9232a4fabd00ef5caeb59caaed255bac7048134ca313cc6608896175e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_ie8.gif.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15

Filesize
7KB

MD5
869108514195cdd6c067b72657a4c312

SHA1
433bf9efdf46543f2aae9648893a876258be50c7

SHA256
8e1887c55a713f69483d0901b93482813b00c8b162e72a2a08fcb0cc9d621d5a

SHA512
f6bac13614bdf6f0d6d160f59806165ae6dcd9f33c29a6f4e8956745aa9d8b0bf88c735d81500be70399bbb70ccaa4b0b1ff7b3366d6d3c4f44df74c840d070c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_retina.png.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15

Filesize
15KB

MD5
ddb9674038cd29b917e6d76e7cbeb407

SHA1
a1063bbdac93ea5207285100b17caa8a4d323271

SHA256
e02c5667e11853059b649d345d67a350908531e044c7fd7b12c2527a13368a03

SHA512
c916dfec13bfb4833e1eb32f1eb6dd407d6e7fbdd956a54c324cd1ebc9deeef50bdb6aeec33bc03b0554ef0571ae182bda7dfc2f017c3e9aa504c6b332bcf6d9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons.png.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15

Filesize
8KB

MD5
533acb28e766f205147db451d03cdb34

SHA1
1e806187f15303e86585fce0638cca42e7f03b4b

SHA256
f1206be647d5d124d38ee84c3ecb39a8fa387b4c1950ebcaee5349ce1b481457

SHA512
ac82ebb6af9ddeaa095bc27da77352809f25143cd4f2d85d463885edf1a6b6e8aa3aa21edd7494ef98a745339812ca6f1f7b8fa71bc25c10f52ac690b109e4f8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons_retina.png.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15

Filesize
17KB

MD5
5c5c17e434778906ef6bc520f2807d4c

SHA1
18147a11c8540c336de6fd7c58f0016052eaac27

SHA256
454da55123dfcac7904b6269b724f959807160f65123b6bb30626dafe96ca577

SHA512
94af62dc3ee01daf5fd466069fbefd651fca643ed6525fe662753a3e4481981c98b1e3e84867986b3b2f44873ed4ec963e579e71f011d32d70d20a19629ea67a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_pattern_RHP.png.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15

Filesize
192B

MD5
77effb11aaf3022e60828183402b2fd7

SHA1
1b823771c9b338ab1f18bc2fbc593dfade941d92

SHA256
700c5a3b47ced61437e7d8b3f55dc0526dec16064986f1d2c9b360f073e09249

SHA512
c155bca0619e7f2e76e0436e4b4780f149784688d8e33ec2eddd8eaaabf89f5a10007fece3977f636c48d8187d1904a5433b7cb4c5f610e0ab257985b787058e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_patterns_header.png.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15

Filesize
704B

MD5
30190221467a059e5b16c69fce659ab4

SHA1
2ff7b365c725b5e350166290872d20d901db3d16

SHA256
8e696f9d3494e167e62ce3cdd435b5bccb99b41acf38fc1e9e8d76cf64aa0658

SHA512
38b0f883219016acbfc2d1a4d1278b3d1c5fe185aa916c50486bd004c245595580c1dbe419169d1803d374300ddd151dfb04ab568311da3b96f4e670653e70d0

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations.png.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15

Filesize
8KB

MD5
6df1627ebe56846aebc4e03ea76f62e8

SHA1
e131afc4b27ee3ee4a75cb4fffcad257778ba453

SHA256
99b8068088ae4c5fbc7fd3b9ef931abb28397adad1a67784b3b1e9078a918a4e

SHA512
234da40d1d2469bd061d3b33071539fd4b07f36967e2c35c6a78d0be76498fcc78cacdb58bf99b2a9a9efd208dc87ae1dc4a7c4f9ba9023c06da642de117be7d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations_retina.png.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15

Filesize
19KB

MD5
de99758948442bfb5d36230b5a7a74d9

SHA1
9b27532a32a1cd4a6f9400c562f464d4d384fce7

SHA256
5f6614b2e8bf707d875aeb494eca1d2b278a73614845eb376478fd9c39aa467e

SHA512
70a1ca250ac2717e145b767537130643a23bf305fe47db7257dbd25b2b1884196be45f336aba201885780df0bd06535071c89aea50113a5c805ae175c0f52e80

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-gb\ui-strings.js.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15

Filesize
832B

MD5
aa7655f8c9f1e13e45641a525c3511ea

SHA1
51ead6f030b9fc31e7e0b79dca716c17a3e27f3c

SHA256
d7f5449143634415a8a4d92ea8a505c97fbc89944dd262ff31bff622d9f00c10

SHA512
fcbe0d03bff63491c29d68066742489bae6991cf2fc8fbbb1417d40e2a041b48acc7aa0ac19cd8c1bcbfa22fcd32a62fd4e6f4727faa6ee3fd266ec6a2c67ab7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ui-strings.js.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15

Filesize
1KB

MD5
8b3cf4395194dfefcd0576f773ebf186

SHA1
faf9cb3ae26199cdd8f198d2ebb101578ec3a830

SHA256
6b25010135942faeb666c9e61626f9bf69af2ba5d3901fd2973b56f9fcdec481

SHA512
837cc6800576d4679481995f584f2ed4360d2ef952269011c4190f727a28966aba448720ddf88fca7ec49688c1382502ef3dbc2e3439d732df43337790fec926

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ui-strings.js.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15

Filesize
1KB

MD5
5574d2e9190b86ebcee55823953a85d8

SHA1
412d89004070ab1029a33cf10cdf18ace6dc933b

SHA256
d5d3a695357381a41f8848c22a8c12c15b1f865e63d7191cb3e249c99179cb86

SHA512
3b163a35cbd936d160535afea6e35f95582502307bd1de4924d81625f230c459a69e95ad3980f8241a588dfee42309ad7abdde3adf6d2cb20ae037ca9838e321

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\css\main.css.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15

Filesize
816B

MD5
2f43e770d74885d34a7e3a0690d551d5

SHA1
9d9dcb310dbc57e95ed999a8ae128125c9e272a9

SHA256
9eaaa11c4f19747c7374a9a747dbaf18263333e5db1d680670baa5af813b28e0

SHA512
259b9301f2e7b70a7c4b013af179e563eeace6225da751a19f1ffa93f5065c5231ef7fdcd49b632d973f37132ccb59f74b7f7f2f59af39fd787c46e4bbc92e74

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\bun.png.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15

Filesize
2KB

MD5
14bc44ff22af9305aaeda3b577d09d30

SHA1
3d1ffa688889f62d6d81f4cc65968d7b38123063

SHA256
ccf4dc4600b27590e4415c0e86c34500778528eab70daccd8443af08dfa8f2a9

SHA512
96ce3e797165a36680ae9786b9b1574afe4113e76760dbc70a2c3f858f1d545c621428edfbc58bd2a492001376e11bed26e53b24708e4cc795c0c9a57a10b8de

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview.png.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15

Filesize
2KB

MD5
e3aeaa5dab2fe1a0b896f1e2be13238e

SHA1
662f58c9385d71eec84c8f9b246ec155a9cc36db

SHA256
7d64dab820d44094a97601f14b0d4f614171aed325c8c6110319f62d790df180

SHA512
6cf37ecc3c90a152ee6e8dd0f4987ac72701c6bf5b770f9a059496c94502e6ccd8e54846ae87093e2a4a0ea19cea7be51c56c0912c7f718ef6e77b606ea856ef

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview2x.png.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15

Filesize
4KB

MD5
144385d3a6cc12b88aca96f8d08f580f

SHA1
d538326905f21a230df86e045dbe35d41afa2adf

SHA256
45cd9447dc1458989531eb4e8b133c81644f4457cc9ce52a7e7b163c8fccfc9a

SHA512
0b74e0bb4f83b16e1c1c126e3036b717373e0106b0640f8a1661cf3813944bcdfbd1bb821dfd630883dcd5fb042832baa1c0ccc50b1d8ae0cdc21b14931dbc47

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small.png.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15

Filesize
304B

MD5
8142c3061f4c870e08c976749246cf26

SHA1
1110e2fdc922cbafe7cce2e0088e3291e76f87df

SHA256
f368c8842236955a2d0bf6a9355b989315158a4668d13b0e11c0254343364bbb

SHA512
24ebe41529387a5c1e30b56796e14225e8bf260f7f964b2ba8124335c207008ba79f0b56f7d94e494cb387e68cfde240bec59ab7fbc171e9fdfbc8c196f12a25

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small2x.png.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15

Filesize
400B

MD5
341d89d4c0e0b5c02e44052938451532

SHA1
022819a48798c9923e57d470f8573e807bae555e

SHA256
3083235baf67288a778ed7cfe54e5167884c7859c485aed87b04485302d182e9

SHA512
09ea0cbbaf630ef47fde45a799b8eb01b0b0743fe485778e8ecf138a0d237e85dda54b657ade86584b4836071475faada6b5153e86aafc0df6c614dbb5590800

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\nub.png.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15

Filesize
1008B

MD5
7d2f3cc3edcfb0058c10f77decc6d87a

SHA1
f15f5056365cf29c8181986c45d74bbbcdf0531f

SHA256
26ea3a58a8f77957e76f40c79b9619e7102dd15ee6bc10533252ce561d1113e6

SHA512
bc892739acb5b122e63380980a58441f7fccc7993bd3e188c776e3b433822edd4f1bdae8c556cfdf1fada487e83d682914a75655c59d5371ded0ad9320aafc43

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons.png.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15

Filesize
1KB

MD5
0c85ae2eed8b3cf1a833344bcd403b62

SHA1
5bb191563de5030a6e0202e0bc3d7432884b465f

SHA256
a9e2cbe018e8be35e8062c1bfdff96c2d46b759af53f9f18c291684e293e516a

SHA512
a142376c979fe158cb4b897d56b04061f0cdcc401784805559fb8c8119c5e979c68e591bbbe51b7c08dd87fee12203c1dadcca26e783d686ac6f296b6ef87d08

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons2x.png.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15

Filesize
2KB

MD5
856c369f330e9fbdc82610046cca8130

SHA1
9f0bc6d60a77cdf1d5542fbd3a68daaeb2d49dcc

SHA256
0ee3964dbaa90cf4e84442def208a96be7a2422cf73d2e9701301b22d8400e92

SHA512
380737078750e8d02075c5754a1e96beaeb0a37ec5fc7ae12ff59339c333232a793d43bd680c22713b80bc8a586527acfb78a264daf6618426c3937534d8f94f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\nl-nl\ui-strings.js.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15

Filesize
848B

MD5
76670911e3e799142a1db4aa973328da

SHA1
c629d15da1b536085212d7e28f7ce00155ea2a05

SHA256
ece804b7b1b4fed8bd7979db319171b63abba93b201a71dfc3d5ef00f277e778

SHA512
3ec8e7ca0e02e73b8bbf86e14f2629a806b4e769fa8d63f67b4c3a02838f3ed5ac7214569b0aa8e0a120f5b11280730577f62cef30af53e35898f4af3012faed

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15

Filesize
32KB

MD5
411f25c05d7467dd2a4c6eb9b028222d

SHA1
9ce225be034f04b08c9319f9e5ef62bd762c212c

SHA256
1b780590c9be309dbade00233840e9f1d2437f033b90d6ad6587a243bde4d363

SHA512
7ba5112cc544aad014218824f2f12cc70f7f64e2549b28a892f392344c6d995200db3f1bb2e5701776cfc317491736c6636725bf2374319971d3e5b9fe585aca

Download Submit
C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\dao360.dll.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15

Filesize
596KB

MD5
ef5224523c74e9e9afbca936eb2fdbca

SHA1
a98799ccaef2bc00425cf9b8b6a668a9bef655f1

SHA256
57ccb813bc871ebb9569d614eefc46fcde6e52b9a0ac2f42458d954503371473

SHA512
a9f5441007819b7684666e8548ba297bf2859dc8312f37390eb1029c2a6c644861146e66201ce1a6b0d8f7bc296d647d6dc1c4b1d8069ece0ea726e1deda48eb

Download Submit
C:\Program Files (x86)\Common Files\Microsoft Shared\Filters\tifffilt.dll.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15

Filesize
172KB

MD5
5ae13b70e5ad1f4106736240b5c403c7

SHA1
a267d09a7ff2a73c04d0cd734c7a50627722a2a2

SHA256
2c0a0b08b72d98ba50a0f507b4b14a09deb843a4952a140519bc00f005554e52

SHA512
4b3a9b91f89e062578d05def9a9483912844510e5bb375e66703dd58a3eda2af534d8e14525ff118a54fb3c34ba86d25de4d995faf39db22e6a6e8fa3b32ccad

Download Submit
C:\Program Files (x86)\Common Files\Microsoft Shared\MSInfo\msinfo32.exe.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15

Filesize
330KB

MD5
f03cd8dcceceab563146ea2d1a8a9434

SHA1
104e4efa5f1b1e7064cc291d02f75e1e813e4cc5

SHA256
4388b36270b46399f9692bfe9eba41679b93c9c6aaf53379da6bb3fe7a982a0d

SHA512
55eae42ed5c3c7aa9d19316ef9a252417d6dca57cbe41ec02b3d99abe30a46f80d7b23411ac64657f6629d34b746f22c265ea3b339772149c3165d27df264d57

Download Submit
C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15

Filesize
384KB

MD5
dbd03c5866718f2be8b5a725213b900a

SHA1
e63653fd4ecf0f94075de70e3b0b6be63d589ca9

SHA256
7e50d5dba238801fde05720f1fd015960155434cc665c4bdd0693f3b22a706f3

SHA512
dc3ba7274a4789814a1562c0900c96b0b5ba9cc360a3c47e5fdac7fa7d20e17b77c2a9051fc16b2ac0d4a2e78014a138482085b33e1afeb82cb2b96e3bf3e101

Download Submit
C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15

Filesize
801KB

MD5
3515ca0d2f67bc896bcb732703a54e4c

SHA1
e52fa7b4efe9966190605a969e59a5dcc6242c1f

SHA256
e7423544f701621b2c1a0c84be4a531ea30b0fcdd95156de47d848845bb0c838

SHA512
ebf884a654189c23de529c8f77be536f7c2cd46b5e2a5fba4c97c05adc8c6057227e4b4f5d608ed2681e0e4b2ae95c19b3061ee9ae462378f4bb4c2e9cd364a6

Download Submit
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\dicjp.dll.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15

Filesize
10KB

MD5
44de8b566dda621b7a1ccf764d4901da

SHA1
c43026629895a5ba074ae3efe6628aff36d1e30f

SHA256
a9e3643b5ababc01736436b8995f1f5d8dd67b522bf2b531b98e48b556c4b5fc

SHA512
81b556d55c4056e31de36011641c720947281de55ae4e7a089d7233f73b6ebb72429c2146a6c1a26d2250ec2e7833f704bd5e7c00a19bf435507af2801503e75

Download Submit
C:\Program Files (x86)\Common Files\System\wab32.dll.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15

Filesize
726KB

MD5
294a674490aba45882f45bafc761a8b1

SHA1
177ac14ff472128050686713df2f833e3b7de193

SHA256
ab23ab23809e77648b05f12acc8162b26e5b26c00b6b55bd2ca1f4ac3b51c7c2

SHA512
6636512a3216384fd3d839c8492d96add9d761c234f598c3f1211db04a857c24187a2a1b8d8b5e74532c72180277bbdecf93c675117b8773eeedc3f60bb992d8

Download Submit
C:\Program Files (x86)\Internet Explorer\ExtExport.exe.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15

Filesize
44KB

MD5
9821da12b4044503c4c6afe295dbf02b

SHA1
3ef59df7918ddc854c1059886415396000b4b280

SHA256
050ce39077f07a665e35d6612405abd0b75707880d8593f9c36cefb4e8b71cd7

SHA512
456e64ef40a2236c5c10b7ce2a0ebfce84844fc07d67a50b7f2ee6ffdb28122861b23555c71b22a41d31458d209ae8cb366c60d0a452819ac6defdf5bdc166e8

Download Submit
C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.Targets.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15

Filesize
7KB

MD5
5f16d135ad803fb323e3a9dab803ed5a

SHA1
7ff80280432218b5e05349af00ef3bac8d308d83

SHA256
d5db521c042e1d79b8e8a266efd7e5989da71ed4a471d265e1086ad996be325a

SHA512
e1c403519dbc102d6529f3a4f0f7e34269bfc4c9a1afc71c1b8b6661463692c525981a1617b9007ba833fd4b1fbe32d73e0b5f928b8d02ad6455ab559bf8582d

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15

Filesize
3.2MB

MD5
15eb4d9db2f32a860f89e85e8612e454

SHA1
7fce047f0e06225274f47ea1def7ec6448fd5062

SHA256
689d2938b8964ad2404c4312043cf491a017bc13c3b7dd39659667cd743b2891

SHA512
a1d4652b4d95165378bb76b3d045e76c161638a1920b2b33df61d4beca7ebb2053521a94de99e57b79aa4a035b99b03cb68b7ff364e5a8a79b924e870847d9f3

Download Submit
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\PresentationBuildTasks.dll.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15

Filesize
584KB

MD5
7d8950b39c3dede4b3097b77ba496a98

SHA1
e9f50cf7e588227186df3160d3f7ab54ce9e7aa9

SHA256
32aa8447f0fa245441ff7193d90857f26385a881f4d730a92b7b2cf14e900167

SHA512
2828607093186a51a5650a35471d410347c831631e142978a68bb6a88b723b7ee009cd260599244178c190a79067359496d72c8c6eb6a450c42fea6cccb8f444

Download Submit
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Conversion.v3.5.dll.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15

Filesize
104KB

MD5
772a2b6b32cb50d905b9825fb0652b33

SHA1
0b38aa6354de8045866d9434d6af5dc9ae8fb156

SHA256
1768e14b0925cfd09bffb6458c0c84f60c39973a62ad4905b657f6942f01f2b4

SHA512
f36d5931ce3fc13c39acc6bae2d4a325e300da31b116c519f0b8d321eaa99e61efe7038ecddc22f4e99dd239b45701a7d2475ffefa55f2da929b2e8b71b6b94a

Download Submit
C:\Program Files (x86)\Windows Defender\de-DE\EppManifest.dll.mui.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15

Filesize
2KB

MD5
e3d66c8a10c2639e04250e95c27e249b

SHA1
28bc50ef0ee2fda534edc3aecb6583aa3cb961c3

SHA256
7b93a2db0a5fc5e9f9cee7c13c7eecf15648ae22b39f38853719e7029d1bca2f

SHA512
1ef5c8ec33762b77f6cb23d1a0e9b7ec16cd79eb8964dc42e592083a838f82c1df9412dd86cb1bd3f12f9ce62702e7966dff9466adb01232df5920d0043edda6

Download Submit
C:\Program Files (x86)\Windows Defender\es-ES\EppManifest.dll.mui.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15

Filesize
3KB

MD5
954845db4fd517a84d6ff24d5022e53a

SHA1
0943145f7ce7d922dcad0927ac47365adc5785fd

SHA256
60adc208ea3e3d6fe5b7949fea44296d14d67f18ab0ff3780ad68e17c358c5bb

SHA512
c23d999e5c1270bf8ceb4cb2b6ab11c62173d8dd04538d12d88c0e04dddf40f47e0fb126b138d6da21b662b4e6c8c8a388db87638da14f6659a50644075e4056

Download Submit
C:\Program Files (x86)\Windows Defender\fr-FR\EppManifest.dll.mui.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15

Filesize
3KB

MD5
16ce3dd54a7445c4083a42ed995e8666

SHA1
7c871f30a625d7bf86bf36151586d450092552e4

SHA256
dc6f5ea2767d275af37a24ef8048ad3e4fd991d3d68984072eff1e79b00571ca

SHA512
92774bd1238641044f74d0925e5f99f3fa83287331a5db5f9f33196a24c346e78b58d0964b2a77bcc9562ceb73f6f3fdc8e20c345678ea1d108b406c428a8a24

Download Submit
C:\Program Files (x86)\Windows Defender\it-IT\EppManifest.dll.mui.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15

Filesize
2KB

MD5
e4224b7bea851bc48b26c8f04a73278f

SHA1
994ae5767ec6debbdfe134c73a952ee3d5e8d324

SHA256
18f9606232353062346afae1d88a7ab51da3f35ce05ca36cc89c39dd200b272b

SHA512
1432e324d4a3a6650a2534229dd6fb822e640279a6d85b1b38de819b3d0a2903abd9ad22d643012a5846744747fa0eb3ab127044e637ba3c9948513f5ce5dff5

Download Submit
C:\Program Files (x86)\Windows Defender\ja-JP\EppManifest.dll.mui.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15

Filesize
2KB

MD5
1fa090e0fa39a5590a5b355080012ccd

SHA1
e4a849dc7d875ddea8d02e4297ec340f47cab175

SHA256
537855676483c3a1d7a76fea7fa4f24a8fee2f0036e47c5716da0f0b1992f395

SHA512
703fed2f06efd5c515eb95428edcdcfb249b6a91d7f9229f7c9b38bbff36e474dc51b91ad76a473ae856fb75a15dafddf705f2fed30d00ee0293b031e2fed1cc

Download Submit
C:\Program Files (x86)\Windows Defender\uk-UA\EppManifest.dll.mui.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15

Filesize
3KB

MD5
791b7e69695ad0338c1e43fd42251c15

SHA1
4e6c4be1a1809ac86bd38ec71e59c2f8d846c6f3

SHA256
04a09c5bd984c03bf80ee6ac55ea17d3e7415311aad2456b83b89f3685f128d9

SHA512
f29dd3eeb26b5852f2d68b26b381f816cdd3e8615dd63abecb7494ba0d8628ce893e4d612142f4a4d1737e5a85bd372d5b314a9d5d723746ba964a96617ba215

Download Submit
C:\Program Files (x86)\Windows NT\TableTextService\TableTextService.dll.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15

Filesize
601KB

MD5
6c806df004154fc434b0ec25fcc8a145

SHA1
ac554961ba904e856428a3c7fe1aed04dfa3aa8f

SHA256
78d1893d471c01ac39cdcdd94354f8aec83f21a07dc06a5c3f26f4c4f8f12f2e

SHA512
39a588f2ba0035e0f73200958e8d25e1ad39763285dc6c5a821a52634b70a1c450cfd86f0a430fd54ba9edb63de437688068f5cfad2b8c77ca950e34be259ab2

Download Submit
C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15

Filesize
93KB

MD5
262b8b376d03f5559b7ca868155f8fcb

SHA1
4f80968049cc2a11dd8bc5a881851911ff079cb1

SHA256
693b2ec152a260a61c9ce9978b0cbf1b75c339015ccb3c169f76d889617e6449

SHA512
f6347eeedff5e3f3ddf5947ad03c936a3f496b47ff8a2485721d31ac94bddc305b06dbc5382ba2bc643a9a0e84f3ddb5839fb18a50fbc5c52d8372ccc2734e9f

Download Submit
C:\Program Files (x86)\Windows Portable Devices\sqmapi.dll.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15

Filesize
39KB

MD5
a89daa5ee5687d22278bf52953276f3d

SHA1
18b0fdca7ec2b76057422e66ee73c5987faaf8e8

SHA256
fe31f41dba67f22c5eb472455afe18848297b56dbf09014f3bd1bc7460914823

SHA512
9e89e1740645c31f0be80bac862805b4e8f7b69dffa9abe4e112b9960d995db337cf1691c92ff120109d2854d63e48ff16718502aa3688a90e1917140166f598

Download Submit
C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Microsoft.PowerShell.Operation.Validation.Format.ps1xml.C8BA96E7F375BA08A08420A9A28D1D449DB47BA8F1A1211B39617D5FB8BC5F15

Filesize
3KB

MD5
7295b4f2d3e09702e22ffff043e441d8

SHA1
0b3dfc85d40f09d2f4f5a63fd4e00f4b530f9f52

SHA256
868de1a7fad9d13ca0333ddd73dfe164d92101a2cc9de3ee5d9bdcdce3013547

SHA512
e8b3bac42ebc6c4c7658dc75f0ab2dfa5cf205941fc2c513d1edefc877f63ff3ded754ce116a703b8c28090db8bd4883e0fb16da6dd343468c8d8f7b3f0c749f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
99afa4934d1e3c56bbce114b356e8a99

SHA1
3f0e7a1a28d9d9c06b6663df5d83a65c84d52581

SHA256
08e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8

SHA512
76686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
443a627d539ca4eab732bad0cbe7332b

SHA1
86b18b906a1acd2a22f4b2c78ac3564c394a9569

SHA256
1e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9

SHA512
923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
579B

MD5
79ddd9e59c7583662a0fd5e632d8ef5b

SHA1
5fcfb09e4f28cc265d5d9ade0c977cbac10e7a34

SHA256
f2377ed36aab282b2773d36e57ca26a11b03e7e2b3f50d26faf81aa3185966b6

SHA512
871d5d255527aaef3e141c2906b1a8d49e973f4c970523a3fb294f17ca5c39a969d6195b4e8b0f3bb00b48fe8ee655cec1e2ded7bf7c739c5cd4c8c4b1d1cc59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5d016b5277488b8871a78523f9951bf6

SHA1
7b34f039d29899ac8179b3abc519366b3ba2e765

SHA256
127063ec567b237fb817919c2b95c10c2a0ab2bd74489ff7a5f495e93a5c3b30

SHA512
36cdcf8023ffe68819618f99287d66021b08da8fd849825dd499c775e799dd2cdbe47bbc337aec7059f55033701b8975ab09016d72b1fa946abcbb5217d90887

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
02af2fd394b49ea083cbdf266ed4d61e

SHA1
ea1f2ed3c3fb529e286b4eccbf589cbe3dd742cb

SHA256
5c6fdb9489377610488eeddee1a02fdd8ea9a510fd1e0de67e780117764073b3

SHA512
96a267ebe53cd31600d128a7dcb09e6b9c6bc7454dacbfc837a110f5a007bbcdf89df0d22d4f985a27723c4bbf412fceeb8c910e2e0b94612206d935b44db210

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ddad5bb1b6b4a53cd2b0b7a221cca664

SHA1
0bb08a90fadb184830f90b79be65882c867af583

SHA256
e4fe6b0faa50465f3eeffeeb8cc52849e0f0e8f99e2c80f354290202ebd83e12

SHA512
1e950f230ab08263611da5ba791db6a24c82e655ce5606fe7dc0b0dc62312607008577458a5a96dd69419c9942b8c2e5cfe757444556539d499c03bf8b8a5133

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ed057e8d46ccc365072cfaff2b582a36

SHA1
dfbce23f02a7db8b3cdf5e71b3625f41b464635b

SHA256
bbb89eb1afce80e2a3658a5f33bcda780c6e8395164fef6502506a71918bc3fd

SHA512
584312563d44ad58e21f7f087cb96a3b7f416775f8d6544c326355b225e13cc10e131fe358930de4a51613b44465b099268c2d6bf20768dc13e1c44ef3909c67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58b4a5.TMP

Filesize
1KB

MD5
ae2b7bdf67e5a3e367bfc04f90c1ac0f

SHA1
7c0d7dfdfc477c1d15f94517cb0797aac11c6b2c

SHA256
78c7f573218b3f851ef4b9164b009db3a7702736bba7b6176275b4b912038c6c

SHA512
d278c459bd8c84a7cd4741f384b9a3b5f8542dd9d0e4f0d7c7899133c8f8e3e6c05a70b61e78ae9ed208b50ab30b5fa61e48719912a9a34c886f1ad6b675b941

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\fa96e177-c319-4928-828f-b90b8ceeeeeb.tmp

Filesize
5KB

MD5
edcc96aea530c83cd32e18d20273e816

SHA1
c6a27b9e7d21c178938e577278a62aa8864396e4

SHA256
c7c5bdc03d744a333502dee83b22f3a7ddd44f78d98d4ba8185f1f4a1ad6c162

SHA512
8f30ae5880508e7b2413f8162f5d647fee03479920c45e87d83c192f64ac2f3f785b8f084d9da819b7ef5c94b664d57f9ccfc8b7c6c2d551b6596093cfc07625

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d1f7845233afe4b1f232a498debe22a5

SHA1
05843660fdb70267b567caccedddf728a73965b8

SHA256
aee43807e46b314db92aaf59a6dd7ec10d487a648bd59a8dd2efbf6c2013baf2

SHA512
e3742261fa0e1f1e16a21158f4571cec78cd15ef06a224393f1e54d9fe6395fc1386f682d2658942a20b63d7f86d4029b91f45d7f23252be7d9514da2289b764

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
5561fb04a6cbd6f2a5655e8257c0a570

SHA1
0366ae82ed7c73b105d99e983a2334cba64c00d7

SHA256
948cc6b9e490997c1cbed5ed56b0b91f783137c0b19f1da42e1b5b88f93e4423

SHA512
1291b8ddad0393274833191dfd09756430f8bb0d05bfb5978670dc555dac848c424bde98cdf32631011542b08d2d30f5ae5b2a9ba8314a496e7c66a3fdcbab03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
57208b989ef40433a6eca5be0bc9678f

SHA1
68b7204544d889a60710e75c0bad0b446fcbe28b

SHA256
0423195a2f7d1a1eb48f5681cffba7856fd574cf5f9a30db6c31b17d56fa1a9b

SHA512
e8ed92f19f186f48e0766919452ac42d9c8ef2a47c3262101799c9ed37efbc9d792aeaeff6ccab46cdf3249ad1453e9cdda7a33382d8de3cda23f4f67e813eb8

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 228922.crdownload

Filesize
116KB

MD5
41789c704a0eecfdd0048b4b4193e752

SHA1
fb1e8385691fa3293b7cbfb9b2656cf09f20e722

SHA256
b2dcfdf9e7b09f2aa5004668370e77982963ace820e7285b2e264a294441da23

SHA512
76391ac85fdc3be75441fcd6e19bed08b807d3946c7281c647f16a3be5388f7be307e6323fac8502430a4a6d800d52a88709592a49011ecc89de4f19102435ea

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 296017.crdownload

Filesize
211KB

MD5
b805db8f6a84475ef76b795b0d1ed6ae

SHA1
7711cb4873e58b7adcf2a2b047b090e78d10c75b

SHA256
f5d002bfe80b48386a6c99c41528931b7f5df736cd34094463c3f85dde0180bf

SHA512
62a2c329b43d186c4c602c5f63efc8d2657aa956f21184334263e4f6d0204d7c31f86bda6e85e65e3b99b891c1630d805b70997731c174f6081ecc367ccf9416

Download Submit
memory/1180-3298-0x00000000068B0000-0x0000000006916000-memory.dmp

Filesize
408KB

Download
memory/1624-190-0x0000000005C60000-0x0000000006204000-memory.dmp

Filesize
5.6MB

Download
memory/1624-189-0x0000000005610000-0x00000000056AC000-memory.dmp

Filesize
624KB

Download
memory/1624-188-0x0000000000CF0000-0x0000000000D2C000-memory.dmp

Filesize
240KB

Download
memory/1624-191-0x00000000056B0000-0x0000000005742000-memory.dmp

Filesize
584KB

Download
memory/1624-193-0x0000000005900000-0x0000000005956000-memory.dmp

Filesize
344KB

Download
memory/1624-192-0x00000000055E0000-0x00000000055EA000-memory.dmp

Filesize
40KB

Download
memory/5664-3383-0x0000000000400000-0x0000000000438000-memory.dmp

Filesize
224KB

Download
memory/5664-3385-0x0000000000400000-0x0000000000438000-memory.dmp

Filesize
224KB

Download
memory/5664-3405-0x0000000000400000-0x0000000000438000-memory.dmp

Filesize
224KB

Download
memory/5664-3406-0x0000000000400000-0x0000000000438000-memory.dmp

Filesize
224KB

Download