infinitylock | hxxps://github[.]com/Endermanch/MalwareDatabase

Resubmissions

01-02-2025 01:53

250201-ca5gjasrgk 10

31-01-2025 18:29

31-01-2025 18:21

24-01-2025 17:54

24-01-2025 17:41

Analysis

max time kernel
215s
max time network
220s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
31-01-2025 18:29

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

https://github.com/Endermanch/MalwareDatabase

Score

10^/10

infinitylock discovery ransomware

Malware Config

Signatures

InfinityLock Ransomware
Also known as InfinityCrypt. Based on the open-source HiddenTear ransomware.
ransomware infinitylock
Infinitylock family
infinitylock

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
2	raw.githubusercontent.com
35	raw.githubusercontent.com

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\Handler@1x.png.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\themes\dark\check_2x.png.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\MLModels\autofill_labeling_email.ort.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\nb-no\ui-strings.js.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.143.57\msedgeupdateres_ar.dll.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D	[email protected]
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagementSource\fr-FR\MSFT_PackageManagementSource.strings.psd1.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files-select\css\main-selector.css.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\UIThemes\DarkTheme.acrotheme.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\fr-ma\ui-strings.js.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\adobe_spinner_mini.gif.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\s_shared_multi_filetype.svg.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\ResiliencyLinks\Locales\devtools\pt-BR.pak.DATA.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\ResiliencyLinks\Locales\ug.pak.DATA.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\ResiliencyLinks\Trust Protection Lists\Mu\Content.DATA.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\UIThemes\LightTheme.acrotheme.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\logo_retina.png.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\S_IlluError_136x136.svg.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\bg_pattern_RHP.png.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\tr-tr\AppStore_icon.svg.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\css\main.css.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\it-it\ui-strings.js.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\ResiliencyLinks\Locales\fi.pak.DATA.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Trust Protection Lists\Sigma\Fingerprinting.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\show_third_party_software_licenses.bat.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\core_icons.png.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D	[email protected]
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.dll.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D	[email protected]
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\main-high-contrast.css.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\msedge.dll.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\ResiliencyLinks\Locales\it.pak.DATA.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-gb\ui-strings.js.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\fr-ma\ui-strings.js.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\sl-si\ui-strings.js.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\S_IlluCCFilesEmpty_180x180.svg.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\root\ui-strings.js.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\PlayReadyCdm\_platform_specific\win_x64\playreadycdm.dll.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_reportabuse-default_18.svg.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_sortedby_selected_18.svg.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\faf_field_grabber.png.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\pt-br\ui-strings.js.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Mac\CROATIAN.TXT.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.143.57\msedgeupdateres_ca.dll.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\swiftshader\libGLESv2.dll.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\themes\dark\icons_ie8.gif.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D	[email protected]
File opened for modification	C:\Program Files (x86)\Windows Mail\wab.exe.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\ro-ro\ui-strings.js.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\ru-ru\ui-strings.js.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\ro-ro\ui-strings.js.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\PFM\SY______.PFM.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\PlayReadyCdm\_platform_specific\win_x64\playreadycdm.dll.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\ResiliencyLinks\nacl_irt_x86_64.nexe.DATA.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_download_18.svg.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\tr-tr\ui-strings.js.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\lets-get-started-2x.png.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\ResiliencyLinks\Locales\pt-PT.pak.DATA.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Edit_R_Full.aapp.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\new_icons.png.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\zh-cn\ui-strings.js.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\cs-cz\ui-strings.js.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\selector.js.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\ja-jp\ui-strings.js.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\find-text-2x.png.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D	[email protected]
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D	[email protected]

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	[email protected]

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	[email protected]
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	[email protected]
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	[email protected]
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	[email protected]
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	[email protected]
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	[email protected]

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 15 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292114432"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365268"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "209"	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = 99ebff004cc2ff000091f8000078d4000067c000003e9200001a6800f7630c00	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4290799360"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292114432"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365268"	LogonUI.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings	OpenWith.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\InfinityCrypt.zip:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
2528	msedge.exe
2528	msedge.exe
3168	msedge.exe
3168	msedge.exe
4604	msedge.exe
4604	msedge.exe
2072	identity_helper.exe
2072	identity_helper.exe
1224	msedge.exe
1224	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe
3520	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	1248	[email protected]
Token: SeDebugPrivilege	4808	[email protected]
Token: SeDebugPrivilege	4880	[email protected]

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2548	OpenWith.exe
4020	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3168 wrote to memory of 3148	3168	msedge.exe	77
PID 3168 wrote to memory of 3148	3168	msedge.exe	77
PID 3168 wrote to memory of 4128	3168	msedge.exe	78
PID 3168 wrote to memory of 4128	3168	msedge.exe	78
PID 3168 wrote to memory of 4128	3168	msedge.exe	78
PID 3168 wrote to memory of 4128	3168	msedge.exe	78
PID 3168 wrote to memory of 4128	3168	msedge.exe	78
PID 3168 wrote to memory of 4128	3168	msedge.exe	78
PID 3168 wrote to memory of 4128	3168	msedge.exe	78
PID 3168 wrote to memory of 4128	3168	msedge.exe	78
PID 3168 wrote to memory of 4128	3168	msedge.exe	78
PID 3168 wrote to memory of 4128	3168	msedge.exe	78
PID 3168 wrote to memory of 4128	3168	msedge.exe	78
PID 3168 wrote to memory of 4128	3168	msedge.exe	78
PID 3168 wrote to memory of 4128	3168	msedge.exe	78
PID 3168 wrote to memory of 4128	3168	msedge.exe	78
PID 3168 wrote to memory of 4128	3168	msedge.exe	78
PID 3168 wrote to memory of 4128	3168	msedge.exe	78
PID 3168 wrote to memory of 4128	3168	msedge.exe	78
PID 3168 wrote to memory of 4128	3168	msedge.exe	78
PID 3168 wrote to memory of 4128	3168	msedge.exe	78
PID 3168 wrote to memory of 4128	3168	msedge.exe	78
PID 3168 wrote to memory of 4128	3168	msedge.exe	78
PID 3168 wrote to memory of 4128	3168	msedge.exe	78
PID 3168 wrote to memory of 4128	3168	msedge.exe	78
PID 3168 wrote to memory of 4128	3168	msedge.exe	78
PID 3168 wrote to memory of 4128	3168	msedge.exe	78
PID 3168 wrote to memory of 4128	3168	msedge.exe	78
PID 3168 wrote to memory of 4128	3168	msedge.exe	78
PID 3168 wrote to memory of 4128	3168	msedge.exe	78
PID 3168 wrote to memory of 4128	3168	msedge.exe	78
PID 3168 wrote to memory of 4128	3168	msedge.exe	78
PID 3168 wrote to memory of 4128	3168	msedge.exe	78
PID 3168 wrote to memory of 4128	3168	msedge.exe	78
PID 3168 wrote to memory of 4128	3168	msedge.exe	78
PID 3168 wrote to memory of 4128	3168	msedge.exe	78
PID 3168 wrote to memory of 4128	3168	msedge.exe	78
PID 3168 wrote to memory of 4128	3168	msedge.exe	78
PID 3168 wrote to memory of 4128	3168	msedge.exe	78
PID 3168 wrote to memory of 4128	3168	msedge.exe	78
PID 3168 wrote to memory of 4128	3168	msedge.exe	78
PID 3168 wrote to memory of 4128	3168	msedge.exe	78
PID 3168 wrote to memory of 2528	3168	msedge.exe	79
PID 3168 wrote to memory of 2528	3168	msedge.exe	79
PID 3168 wrote to memory of 2036	3168	msedge.exe	80
PID 3168 wrote to memory of 2036	3168	msedge.exe	80
PID 3168 wrote to memory of 2036	3168	msedge.exe	80
PID 3168 wrote to memory of 2036	3168	msedge.exe	80
PID 3168 wrote to memory of 2036	3168	msedge.exe	80
PID 3168 wrote to memory of 2036	3168	msedge.exe	80
PID 3168 wrote to memory of 2036	3168	msedge.exe	80
PID 3168 wrote to memory of 2036	3168	msedge.exe	80
PID 3168 wrote to memory of 2036	3168	msedge.exe	80
PID 3168 wrote to memory of 2036	3168	msedge.exe	80
PID 3168 wrote to memory of 2036	3168	msedge.exe	80
PID 3168 wrote to memory of 2036	3168	msedge.exe	80
PID 3168 wrote to memory of 2036	3168	msedge.exe	80
PID 3168 wrote to memory of 2036	3168	msedge.exe	80
PID 3168 wrote to memory of 2036	3168	msedge.exe	80
PID 3168 wrote to memory of 2036	3168	msedge.exe	80
PID 3168 wrote to memory of 2036	3168	msedge.exe	80
PID 3168 wrote to memory of 2036	3168	msedge.exe	80
PID 3168 wrote to memory of 2036	3168	msedge.exe	80
PID 3168 wrote to memory of 2036	3168	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/Endermanch/MalwareDatabase
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd0c4e3cb8,0x7ffd0c4e3cc8,0x7ffd0c4e3cd8
  2⤵
  PID:3148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,15241835508149203333,7245843494802915865,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1904 /prefetch:2
  2⤵
  PID:4128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1896,15241835508149203333,7245843494802915865,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1896,15241835508149203333,7245843494802915865,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8
  2⤵
  PID:2036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,15241835508149203333,7245843494802915865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:4108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,15241835508149203333,7245843494802915865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1896,15241835508149203333,7245843494802915865,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3740 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4604
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1896,15241835508149203333,7245843494802915865,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4960 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,15241835508149203333,7245843494802915865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
  2⤵
  PID:3596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,15241835508149203333,7245843494802915865,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
  2⤵
  PID:8
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,15241835508149203333,7245843494802915865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2168 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,15241835508149203333,7245843494802915865,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
  2⤵
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,15241835508149203333,7245843494802915865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
  2⤵
  PID:2684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1896,15241835508149203333,7245843494802915865,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5952 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:1224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,15241835508149203333,7245843494802915865,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1704 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3520

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3380

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2844

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3116

C:\Users\Admin\Downloads\InfinityCrypt\[email protected]
"C:\Users\Admin\Downloads\InfinityCrypt\[email protected]"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
PID:4808

C:\Users\Admin\Downloads\InfinityCrypt\[email protected]
"C:\Users\Admin\Downloads\InfinityCrypt\[email protected]"
1⤵
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
PID:1248

C:\Users\Admin\Downloads\InfinityCrypt\[email protected]
"C:\Users\Admin\Downloads\InfinityCrypt\[email protected]"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
PID:4880

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2548

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3a35855 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:4020

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\icudtl.dat.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D

Filesize
16B

MD5
67948a782d727d3c3c8c80423f993242

SHA1
b4beca3014f423b38d78c96ce7b9617df88070b4

SHA256
be42c563923e6043c1c7747aa01b797ce9419eafbfb099dd7fa2737aed585732

SHA512
a601b3607dd5239612f9111ec84d8f5b5d4a3ff1c065f6bd13ac9f530c0a836579abaae72838f229cfa15b6265eecd0a9248e056739257766e30847087ab8a16

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_remove_18.svg.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D

Filesize
720B

MD5
cb389cc971cfc832f181f6d6b0fcbe90

SHA1
ce91bad33ba0023f84d4ff63ccd7d7300a7e9454

SHA256
71de85f23c9a2368bb1d25af6b5320aafe2cc9ecd7c284f6b3bef247b61ca14d

SHA512
aebcbd30f3900f6d207fd872b7ee30897ffb125e3936f8a72b4127412c7fd1e3aa6abfd9b7c2592476c65aea374af80147e67cdfac7bcc1e9b6601c32d5d41ab

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons.png.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D

Filesize
688B

MD5
dd67508bb471779add7671d6f37ab70c

SHA1
10255149b9b25327c48dae8bb3f4d5293ae0f8ef

SHA256
620ac57fabd25f2faabbcb2a5653b3f6f71e980ee7d37d93879efe84e1205a75

SHA512
cd065f7f61d60a1f811c691fffb8b317c2264d7b8eb9ae688f546a47721dff32c694757543d811bca0ebce1e01828553bdcc8ecccccf1be9b1dfd1dc446fd275

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons2x.png.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D

Filesize
1KB

MD5
27972068de6e0bfa07015812f0ce57f4

SHA1
c467821f9a85258e09e873667b3b2ec82a1f8a14

SHA256
11e9d3dbc0e2979794199f23b9a272fdf8253293119320b75e8fdb02ca6b9a9e

SHA512
29858fd14cb6a99da4bd7099f2791ce25a106905d452858d1f878156977bfa5515e9869b1039715266f0b8b83516d4d3f9b41ffa1181124cde8bb66ed8e9c610

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon.png.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D

Filesize
448B

MD5
49ab3e832a681f0bbcfdee2ff858b749

SHA1
a4510e6693e93cec0cd1a463e554688f30248d7e

SHA256
ef68a64cad3a064755b0724e7fc1f83ebb6406f28d9ccd07fbdb073ab0e930ae

SHA512
58a3e634056a9b6b63b4c83b1d0959d5c30d66e645d9a773c3a036507d4eb392d76ec6f023507f4501803e876384570878671c7f4b22a5a666edb83527c8ecb6

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_2x.png.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D

Filesize
624B

MD5
3dbacd0c1adf272e69029a40c2a7566c

SHA1
342fb7378736847f73b870d81e75e05a8c2f9168

SHA256
37f4ad3c58428b2a24f414d10b6538551ba53fe09b903f4b63a2591d441ef28f

SHA512
1624006aa767a0e406a46e67ba86d17c5ba2e0d6db5295ae4f4c409541485a1e416c02f2ad9265aab52bdcaad905469c2e841b84d4a7c32bf8d9a8dd1eb0c1dc

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover.png.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D

Filesize
400B

MD5
a0f5f0428317f98254b442a60aa3b509

SHA1
0134850c2686c2635c88e9f63226cca587bf7234

SHA256
9c7cc94345136c50a645fe59f13d734bb17413b4ab6b5fc64520e387a6435806

SHA512
61dd9cd16337d4c6523ba56a5e95a95cb9b0cb229be0e0c0d861e2e817dbfeb091f9899f3f81bcf9c84a3a61ff7748da4b1769c61bda69e03aefb5617f3ad7b2

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover_2x.png.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D

Filesize
560B

MD5
709a1be3df4c155a8743402f4b44b07c

SHA1
7621e9d473c46d3e62cc9c322bca97131a4cf6fc

SHA256
1d0c0ff1322c585c7818b9dd9130622c81cb4d3cf178a51e533c7bb7281f9f33

SHA512
094f2d319ea6bef7e5552fccc9265460816f72bf3513db55f497c987d0ff21981a9d1c4818adfb19293b12b284b03d612758461aa67185a5323008612b738915

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon.png.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D

Filesize
400B

MD5
00165263803a31751b6efe1e39ffeaba

SHA1
b1039f871c39ce27092e80d1cd1676619040a853

SHA256
6ab3039fc7cf7a39417c1e6ec7a4ed3baf4d187d5fa65487191fe6fc580d4cdb

SHA512
59e84875adcc0e0317322f11e516fdb9fc666450e07361f1bfecbed4c908db6a5f01f9975fe3949ff1ea2b42b9a9ae55f9aa10102ab76567a9e7acc9715c5bad

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D

Filesize
560B

MD5
c2413e1ae83288f874eaea1dfa57d35e

SHA1
adb5a59b17964ce155876380cf98cf34bfdd2b36

SHA256
f6acda22ee25feea0334dbaed9f3a52a832a1413f883e6bc830822fefc355ea6

SHA512
6f6f9e93cb11ce07873d9c253c6af84cc682a6c62ca13c1e31f1c281e16ba5652a7b28bc3512b08dc710e3ddcf7d142c660b83d3d578f73bef959f20e9902cbf

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D

Filesize
400B

MD5
cd58ebced82ef77e6d14c8d39f43f570

SHA1
576f58c89093b06016e6e5b5c78d0473293d9288

SHA256
5becd41c33ee44cb160f943dfd97cd1cb0fb792a3794d463caceb04b8fa53b0c

SHA512
4e997eccd9be5cd09e209aefcd90411645e5d858532b3ea26de52c65cdf512f2f5977223c6f7eaa97e6b1a9a344819db01e5c6d2a8ab3baec291ac3cebde998f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D

Filesize
560B

MD5
50ab9fa6040f76f0e12696e84a1ee5e5

SHA1
20a3106028b3b62a9da5a2129f3a72ee4ef3b203

SHA256
7855cdc3dd30766f46408b965fe0dd1505d1939586fee0725f83045467ca24de

SHA512
4b4f5676b4703348b4592e18e4dbba5f128a0487ef77e1d5cfa4a632105fc24ad238e0d4bdad60a86780a814ef48483e80106ccbfa905c5055e045dbb2d4217b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons.png.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D

Filesize
7KB

MD5
227bdeba20cdc699bee98c486bdc7a38

SHA1
07bd7b0d3707d7b7419f46a47b0f8c7871e4672f

SHA256
8d351c8f2def5d803cf44361cabae11895d1d1c2d00f03b81e48a68b02ee4042

SHA512
904cc15b127bf915fefb49661bca676f918ba554b36af86b68846726111329e1ecf7d6acca080d6166589c02642750d25c2af50f12085f517eee6bd19c5d64cd

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_ie8.gif.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D

Filesize
7KB

MD5
dfa55f9d0d01170f76570043d4f13efe

SHA1
786b9f2c14ea6c2be69b4a25d7606ff6e53da963

SHA256
bbb54e5b6a005d730a07ee13449368a5d52d96f0ff39a99338fc751d51879622

SHA512
4d9dce79ff858a1190d46d72b6ad57f8fa4ba5b8a85d7ef785daf147bc9e7dd35311ef5d6d93e8a5b8d744b95576a2501309615ef17c82ec650f86a478aa7f6e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_retina.png.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D

Filesize
15KB

MD5
1f5ca763646180cc336c1182bc065e99

SHA1
5f1eb24693e8989525d1da472db708659c4e5875

SHA256
cc2ff5bfee5de315849e82313aaa2c0225460d29dcb5bcd5fdcb8abeff83cda1

SHA512
1d62e5ed0907f2d229f442310635ed4aee08401efac97e8ad52a89182a81affb7e26fdbdd28176bcbfdbe26580e87ca62c42a3f97ac2431331a563a70d5ed433

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons.png.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D

Filesize
8KB

MD5
c0108155dfd02c61d78ac72d589228c6

SHA1
88abc17dab9501d1d356710d37dfd032abd7c3df

SHA256
fecf443aa000d4ba254675c3315a7e8dd333c7f67f524e6357982e729a016baf

SHA512
bce4bf9ed2487e89905f48b186d587303f2ee1243a122120848f5d1234a6006245e7776ca5b26d5de2596215426ca9d284cefa3ebedffc55f8fcdf3b774703da

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons_retina.png.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D

Filesize
17KB

MD5
77e93a0e8ee335396553c0b663a56b1c

SHA1
6ee0f8eb711451ee2a8171fa0a2883d075b6dab7

SHA256
8bd0d201350c72401b0e0d40e0dac4b055e827588df269b533ca25fa431a34a4

SHA512
ccfd13c7fc4be5e79be58fa05b1bcb2c38feedd3bb572e66625e6f23380114fe14981416a2123a1c8e748170e024d168cc4cee834815bcd1a82be74d0d1a1e22

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_pattern_RHP.png.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D

Filesize
192B

MD5
e0f800ca78ab7a47f0e45d9af3975dc7

SHA1
99f3db9bc922195ee55e1ca25084ffaaa5c1b002

SHA256
1f8063b4dad0e774baab09391c8e1cc0a119964ea25630c443ffb6e5de4b9ae6

SHA512
47fc200063f400886d1ef20038feb270749803b65a9205f28b0ed1740f5d42c201913e83b807f0bac3caace23713e68b4c683792a8f1d83b30a76555a9f4b092

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_patterns_header.png.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D

Filesize
704B

MD5
04b07860a280ef788fae784882ed9f40

SHA1
6e9b899c4883960995beacae84b17c778199a667

SHA256
257c487a43fc7257026122cf93ac3e9008c2ae460311e1d227439e8315f7cd35

SHA512
4783e6a242fcd0d51c998124e832a2779f873fa84c6242a5feda0ea9989610735d55964f11f9d180878b3ba45451470e9cef202181a137ee42059d23891dba03

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations.png.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D

Filesize
8KB

MD5
5aa3565f0dcc3c0ba3dd431717d1ece6

SHA1
7742b0264f708636eabecbc428987b1beb3e0adc

SHA256
c64d18c86cef79a732c3501b29c47c59e22f4352c101d63b8d56226019144b25

SHA512
19539a8280a3446245950863514afa816213ca7457f4092bebe0366dda56e31b704c5913699a971c77ffdcbec4539f5b570a25b420c80244f9baec27a77580ce

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations_retina.png.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D

Filesize
19KB

MD5
6b4436c51fb6994205659d9374980e73

SHA1
79dc313908daa1bbbfae3e93e82dd0d56a86459c

SHA256
064177d1b08c6155761335003a22b394fb3cfedc3bed8168974b6b25dac5ff5b

SHA512
43b409a8fdc5f941381ec6434fbd6c105d7fc570b2c43c4c64e189523dfe23cafa73715e496f3a13b06d6be1721412bbd464fe16b8a71c0d3b89f83256749abe

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-gb\ui-strings.js.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D

Filesize
832B

MD5
1829e6d72bec5b18b84604a516db5779

SHA1
e8a4dd090e1e514f2bd26f0148cc246fb2fca07c

SHA256
5a1f8dce8227e71e38132e026ab1818ae7ec910b7d56cd5223dfe5ce0f73dfa6

SHA512
e7b5d02545dfb22c95315b2406b6f0ec382eed426eecdd655c4d6a5d8bcafdd77502532ca98dfb1cdb55dccf496a1dea056822287dc0369c3c6a5be703ac30c8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ui-strings.js.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D

Filesize
1KB

MD5
a678d8bebd2b59227bb465e446e6b760

SHA1
eb6a29e77661f2cf705cdd8daae26faf832d4a49

SHA256
c0a441c0ed85ff8e2c6196029e1a053663563e6b4aeeafe5c9d10bc21d6333ab

SHA512
da276f5e5e70801503399075e6f47d8e8622741d3fc04c72f5443d0e7d76f09ccb6aaeb00c5d3e000111ddd16ec379efea758fca54a0acdb6aac442e9459c351

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ui-strings.js.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D

Filesize
1KB

MD5
44cfb68b811b84b2b1736873e481ae3d

SHA1
7f8ef8fad1394fee1051a8aa1db280cf5926368c

SHA256
dbfc9c1d9ee6a57c68b2780f4a541c8dc83a2ba57e75a528313641da5f13b5ff

SHA512
2ee40bc81a7f79b6070799ed2f9a6a71f5f55edce59b57c367932f5b64099fb54e5dd733819c7a662c98585bacbccd5d6ab5f4c1f8e7a55b0e78d59de8ccde2d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\css\main.css.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D

Filesize
816B

MD5
597594c02e2a0337d0ae29a45f0ae006

SHA1
60e97f814f561935cd84d89deaac4b34079ca177

SHA256
6682cc05b977bdf8d70058c69426f30074b6e4d25f6070c48be99343fe249ed1

SHA512
9d6beba77c162f376316b10a8480ae67af4c7a18ac4735ec6954ce89f9f2ba901543cceb49c1928a6a61cc4a9333d1db4187f262696cf74834c1da36be3bb517

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\bun.png.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D

Filesize
2KB

MD5
7ce1fa2fdd8b48073fe39aa6f407166a

SHA1
a0cdc6e727108b9ecb4fbc80287e850001f26b2d

SHA256
db8297bc407fa5877818ba8166410391f81f1168246805418cd3a6c631300a46

SHA512
e2303c6596598c7000fc3c1918ec69d0ec514252195b5e19d51c0cc3cdef2d17f897a131ba501f1c4f41194c4d88412958ea283b28d411c67e6cc517204d39ec

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview.png.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D

Filesize
2KB

MD5
a307fef434ee4f9915f787203eef332a

SHA1
a3510574dfb990a6019ffcd112026a329904419a

SHA256
a9d2b38239b18530d6320ca9621379d8a3b39781fa612bb14cda486628e6a4a9

SHA512
af3497e2aee0dc8fbf771f7da1cb4f0c3b20fe76b906af3b1f4a4594a9a5256aa7671ad42d1d9fb2f7433119666cd634938b69f057fc3079d3aa3cb37d7c5c42

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview2x.png.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D

Filesize
4KB

MD5
641401444f4426a7b1dd4ee8f5e86d3d

SHA1
b3d849d8a802419d14de1ec9fce399fdc5ca21a7

SHA256
e945f40608c1096409d6e9a30ca53086c17231faef7010d0ef29fe23415c8c59

SHA512
786cc3d9a2514a249b886e9f2a60d2745bb21da09cea06be55bc813666dd4865db9698c8c84a20420b8bb57bed8bf4b9b3d0484e051c9c4429132868946eb101

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small.png.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D

Filesize
304B

MD5
d48ad6bfdc80ae7484eb4fb667f88692

SHA1
da8d7d6b41d1f9a53766dfb641da6dfbd6e7cb9d

SHA256
62607716787f4f97b8f7cb6941a2df44ce12b89f46505c3ad861f1cd61cdf78a

SHA512
dec9cb8ce9d8f518c3bb081af56bcbb39604a11a7b2b81495617d4d2f0b7a4a0d01c02bd4f2c37680843084ef08b2110fad46e7af20f7a43db1d60c1115e26ba

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small2x.png.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D

Filesize
400B

MD5
85052bd46946ecd43461fdbffe1e805a

SHA1
e1877265e9977a856cab4fe6a7d183d7dd08c1db

SHA256
e310a3aa2dd2d577a415fe0f9eaf3a2d0262dc4cc967cf62f2d79f0002ad0a6c

SHA512
1d2dde5506bf0a20f6b5502e422da0f6a98312ea8937ec2b864800e7009eade0b0797ad1f0bdd5099be944983e68662044bbf1bda830957f008291ff527e4434

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\nub.png.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D

Filesize
1008B

MD5
25b841b5a0cf6695c7624d4c9a4919e7

SHA1
f6828b2008a7bd447e103d49841e6d7165b29ffd

SHA256
8be8bc0804ecee050111b960f652c8fa8595c1cce5a3e4a72928863ae6baeddf

SHA512
5601ce6f7647ef9a70d46baceac77817d09846125377fde670224da5276d94e21e6dc961540eca2790da4a150e90046ba40bf33ba88158d6368e290de9282fb3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons.png.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D

Filesize
1KB

MD5
8ad3a50e90bf42a24dacde77932845aa

SHA1
ccc495554b8f2158c28fbeba6135ab95b33d5ee1

SHA256
47821f230ab6e84ea0bddbeecc05581055569574283ca3900d8551131db2036c

SHA512
a1038f56d4557662c2326f855b2b0be982c32f1c0f02acdea75a769077990beba70301b0c287f55e6d25d2cd54edbe1f25417f367172b9d6a1748af5ff23c6aa

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons2x.png.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D

Filesize
2KB

MD5
e54245954651a7e6ad21cdb56003f8cc

SHA1
88bdd582667160af5e2f49ee0e4b0c909a2684ae

SHA256
b583b1fd6cd85b4468ab8a395617160d7c310bddd2cfea2c6392e3cfb42c7e56

SHA512
29c4ebf255fe99475e0654e46dcd58d487ee3ee6410290deae2602aaa5103b670c8ff8ecd08935ce407eda23d613b2a2ca3157ad2d199e6d840665fdbdca0b12

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\nl-nl\ui-strings.js.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D

Filesize
848B

MD5
949635d120ba9bbd7d7c8c5d56cfb7f9

SHA1
6c0da290dbf03a3bae09c3ff1dc8507d59dae4c0

SHA256
3e9125134e8186b07d9ab93e2dded7013f00548a0166855e8171db3975372302

SHA512
4d84f32ceec2af3b7705c372f308048240a778a21854675a85404e0efad11e0c5316f7c095a2c49f850cfd34c02e772e427a7359dff38a9f337ac7ebb519bca5

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D

Filesize
32KB

MD5
7d4c2a6d37e2b63d2fda8b555f40b7d8

SHA1
37a6e812ca41edd2a9531e1c25a7bf311e808506

SHA256
70a8f3720d4d039121b94b0937b38e701e6bcefb42cfe218782f8b2f56ca2dbf

SHA512
870eb04be017814dc8e8681212383621f11ba9bb78f7f5d418d94e98f6fd4e9939115d45fae25f5ff9eba992858a4873bc3d8a5ddfd78ec9e8c1ca79657d4c41

Download Submit
C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\dao360.dll.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D

Filesize
596KB

MD5
afafa9f380022e3cd87d416b72926988

SHA1
fe64826a05b0a387b850d6f159c2185ddc07ce4e

SHA256
eb72626048e7cd6596fa8e2a10f4ff819198c948dad5468a27d8f08c302fa3c6

SHA512
cfcaf2adfb89936fd816f3ddc5b7818462031e2dbe6df1ad1a4ca4eeb72de35f311f967ed5179d0e4f99ecd0795b1f9d0a6f7b8aa3e772aee00645c9c4a4a934

Download Submit
C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\dao360.dll.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D

Filesize
596KB

MD5
c7c18319b2c953d3216f01d9b34ef0c9

SHA1
293db7660974ac09cc31112d501adb5677fa1124

SHA256
ac0461770db46e8f3e2d6142fe9bd5a6eef8a822a137ca031ec0bed46b0449a4

SHA512
e2e21b09ab17bcf4350264dbfb6d85fc1c26cacc4e474a35c4e370ca0146c720d2548c7920115d56031540f309c59692032ae8da7ce93e26a039eb12bbbf2f51

Download Submit
C:\Program Files (x86)\Common Files\Microsoft Shared\Filters\tifffilt.dll.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D

Filesize
184KB

MD5
1e66ad0fe432b6b4067939eab288950e

SHA1
7705fb0dd934ffbf4945562935b0933786a717ff

SHA256
8e4bf45f805fb9c9be52ba4f3ed84e18fc23c3e28d62a4752383c6dd92524cef

SHA512
46788f4de24dddd1ae8fdb080430c76182b2b92abc8147581d6fe3ad17e98c9f6b928b79b049938a3962947afe1e0780a5c3b272ce6b96a66c61802ec10fe08d

Download Submit
C:\Program Files (x86)\Common Files\Microsoft Shared\Filters\tifffilt.dll.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D

Filesize
184KB

MD5
862edab9f6bce95e1b0604d95c6a7aa5

SHA1
3967ce350103b8249f14a00ee7393f0d7b968aff

SHA256
b244c654e26f7df8c2114d0b24cf1c6443cc27171b98f22a118e9b61a2dff9f9

SHA512
a1230a52bb8e7b6badb184e38cf7a437c270f4f9482d956af856988795285b16c238108f739da49ef4dcfd73385b944956a456ca6134586f245247d6e53b6737

Download Submit
C:\Program Files (x86)\Common Files\Microsoft Shared\MSInfo\msinfo32.exe.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D

Filesize
192KB

MD5
49a130bc9b43c4fd1d98c659430c1eeb

SHA1
0b75654c50fb6d95545cd15256aa86951143fbd1

SHA256
be6f1ebe63a18535e2800c0646a5613a07eefcfeee199dc5beed7e97bbe4e439

SHA512
31581ef9e09d8f0d1993fe21dc5aa4a4262815598d24ead750553bbb7227ce69121f2004af091334b9cd940fc5ad26e95ad123bfe388c5adbc967e66821b1162

Download Submit
C:\Program Files (x86)\Common Files\Microsoft Shared\MSInfo\msinfo32.exe.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D

Filesize
267KB

MD5
9d7321d4833b4e5fbddd4bb5361c0ee1

SHA1
830cf0447caa2246532550de83b7d64b04b51358

SHA256
4fcbdf5421dcb4fbc96a792c53e9fcf8ad242fa591f2c2516624b54502a6c58a

SHA512
458d0c5c896c0c635a648653f4849a4f0e7df907209086f9d296740070e6b312c18a90a0662640115ba19da3796a01f4acee06a8e8603b5892cf711872086815

Download Submit
C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D

Filesize
802KB

MD5
91a973f4901cc4d87af462e3a3b6cfd1

SHA1
0335c8f861084f28bf45472689b2070f4c9f525c

SHA256
5ed59902d7e20d859390f1f96c3abb4bcb9ce176b685bfbdc3d9f271c0ae8c87

SHA512
8d33f88a7087b2e7365f0e1cf52101083c31c34cf492ca79a21468946469c6702ebba07dc5c3c7bae119d4b8a101387c20f079d5e3d80aafef3e7267831b481a

Download Submit
C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D

Filesize
802KB

MD5
0981bb586c1dd4986563f784cacdb7cd

SHA1
fc2367a2824f1cd5e3e8670948ccd2c3a80db33f

SHA256
3440a0b10a5b28d8ec61c42dde54f6a1b40186bcae860101ce52891e8f350535

SHA512
508011162a2b3d2892d3eb5bf989803279ed047f9f090cc387dbdec84606b5ea4aecae1daf09240614baa0a75256efa7de14f8fea0e60467f0f0868e15473f3f

Download Submit
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\InkDiv.dll.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D

Filesize
303KB

MD5
fcdb31c608ccbc7241a20ce6e231d69e

SHA1
5c7933c783468b2bbe1855bb463eae4899f3ca36

SHA256
e46ca39e52be6757c19678f219e531f0417134e4e92ec4889f9e8805c603cabc

SHA512
cdfc15a47ecd5eaf6d80fedb646b6f09565dcccb6116f85be5d9d5262bca0f0b7096c4845f2238e8610d0cb22251d0352a40953cc14e7b8d3cfa1053748380f8

Download Submit
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\InkDiv.dll.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D

Filesize
303KB

MD5
497f95649d5f80d25a64cc4deafefa05

SHA1
449a65321e670e226488d4c538f8cca0b244dfa9

SHA256
c685d0986a5c1aec104ca4a418d9fe2a429f027c6eebae31b970298200e4649d

SHA512
b2bf1e3388d848a0cb5fa231d86d922499ea17786521ce7ccb10a086f593f5b400f7f8a15019b0232e0926e9910041888c6356434f20b0c5d77d82e2e47d6b5c

Download Submit
C:\Program Files (x86)\Common Files\System\wab32.dll.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D

Filesize
740KB

MD5
a7ebeadb20fef7f68160c1b4f5f57438

SHA1
d48f21fe49e6c97776b432f5879a233d773b10c8

SHA256
ab15b1d37fb2f3724b0ede5213564546c4130d44c93d4d20136d5987b7984621

SHA512
2a7333691201fa2a0008e21d69888a68fdd503373602b22573f733692b137acc6c4ed7a1c1064c58f5578b1aa6ee7924e861d1828770e44ddc1caa9e03138f81

Download Submit
C:\Program Files (x86)\Common Files\System\wab32.dll.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D

Filesize
740KB

MD5
9d00caf8855c14608ddc52dcf8d6dbea

SHA1
d6479f606b372b2c403a5ce577602ddf476605a6

SHA256
4988a2c1ee7e7eaa524b9c5ce14b68381598dc707c703412b777aa387eee42cc

SHA512
a82a700752773e1e4aeacc9fd6744265b093d9b04b592cd82617f5590b76225cd901c8cf25b3e6a6dfb4ca7b48b29cf07951317ba78f89dde7ebde5ff5c081f4

Download Submit
C:\Program Files (x86)\Internet Explorer\ExtExport.exe.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D

Filesize
47KB

MD5
81655c781c5891d18f803d99d7129629

SHA1
e90b789a11d8c66156826baae345ee7565372c03

SHA256
4f3fdcf15b1d858f3a1f9a6465b7df699797f8a4d095e5a0c75f7ecf8b8397d7

SHA512
fc875227ae4371af77944cc451b518a3ceb8528dc64ac3958df3323e207058bea6cc8fe3af94b88f6de2be6ec5606f1cdf57934e7867daa18bccee27464ca68b

Download Submit
C:\Program Files (x86)\Internet Explorer\ExtExport.exe.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D

Filesize
47KB

MD5
2611cf377e43d2db1ca1824a320ab0c4

SHA1
1e25611fd692f0306840e8e5cb2d7ec02037181c

SHA256
b61e7418dc63f204320cd4f1686cfa0f05cb19458651e5557ecfbbd05cf591bd

SHA512
97ec0ff7685dbc8d44795de3e40c04b030430aa3485f916db98d7598be08c338c6889b1ae2defda2abeaa1737cfdc06978e66fae3da5ea0e247c75eb3063bbff

Download Submit
C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.Targets.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D

Filesize
7KB

MD5
10cdc019683d025781c7b3feee2fa38e

SHA1
ec76f1a3d4c125e2c514de963ee1f74ff365f984

SHA256
e72cbaa627b9ef40c22bf0fe80b64a3dd34ffe6e329ea4e25db1980e0d6062d1

SHA512
6a4a1bce6fffbc199b05c557e14c782d5fe810d35df7cbf95e1701828b867efb5056fcdc9f7a518ea905c1bd945b0618fae3f992b9f8538b0fad82469bcfc998

Download Submit
C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.Targets.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D

Filesize
7KB

MD5
184249acc34e95004e8ab54268c81849

SHA1
fb550902a1e940218e94545174ea16deb38a2487

SHA256
c15e35a98d1c794cf1982ba5358daf0d57e80139a81c835ddb31bde4e8a3ee1a

SHA512
b2c604c62d77895752625faef245507c9384f87f8efbcc5a26d417fc529bc795ffe40bf0dee794ee08b262adb9dd8126249ec7f8d079edd298fba8c7928b76b5

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\ResiliencyLinks\Trust Protection Lists\Mu\Other.DATA.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D

Filesize
48B

MD5
c82f1815a8a2bb3c0d17dcc70fce18a0

SHA1
c5cc49c74a26974059f9c818054e9dd0319af5ec

SHA256
9ff2367bdcad4e0efe74157702ac1093812a6eb90d031cbfe5ca70c7bbb49ad6

SHA512
232e0808dd6dbadf5d8b7120a500555d1a94e5806cde3549bf87426adf1209766016841f6f66305ca737ce3e19f6b3b2ec1cb70a4bd0fe697dbddaa74962330b

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\identity_proxy\identity_helper.Sparse.Internal.msix.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D

Filesize
55KB

MD5
f34a97514c98c41bda6e5f4433b3acd0

SHA1
4afaf3b4a3a6680a8e73983103c79f8eb4b3041d

SHA256
492ef9b25f795a240eb7638d7dd768e503b579a70904dda261164d9ea1495a45

SHA512
c411e9a2432684e8d65521d8a634cc4d3f6f8d09a36cf4b2b4380d0cb1ce2f731ce1bd587a90f6ef85ae10b5425fe5e691251957a14c36ac2d2ca7f71dadc500

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\notification_helper.exe.manifest.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D

Filesize
1KB

MD5
7df1039526a5a4f31477b43e82c359be

SHA1
81141a93c320cd6f68e4b6a93b3819f8e9251e8f

SHA256
028d10422ee02a21c09ec0902f7c722b0144a4d21dc80d7f082f8aa5cb2c6fd8

SHA512
746b9ee6861dbd0390a4e25e457bd41a0a0ce34506d4b84d36b55aadeb11595faf8e8f8c82ad4ddc8bb88f55476c9516d851d9dabf1f8e0bfcc98e44e8ab6f3d

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D

Filesize
3.2MB

MD5
ef195836db5f5c6ba6b169826facbe83

SHA1
40ffa8b8f495a392311089857545d5819fb336c1

SHA256
acce96ddbdd71b73975e1be757dff116419eddf7f3f124795fbe2b876091034c

SHA512
083439c2d3500b8fc2de4bb9d5ede6c05f34809aa18a271b5bfa4910358f0f058662ea0755a0236b2197cd6b6c3d4522d2f862eb7b36c416516e688ace8d2920

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D

Filesize
3.2MB

MD5
ff08149bf0541b8114b11f7362f07e46

SHA1
3d32e48326606d2afc1ae09ce984ddf4c2296c4a

SHA256
d5672e24bb92f3759f0699e8e7dde7ece8283be072dbd5fd35f8f65d10512db3

SHA512
2818f380eb76becc75538392d3f6fca7357440fe42b2a28c423a0b92321186875293869f437d2699b2cddb62bfccfba7520cd88b0cb214a88f7a25c300592844

Download Submit
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\PresentationBuildTasks.dll.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D

Filesize
584KB

MD5
2dea202ef287a8ba3fb7483ab194dafe

SHA1
443472ec6af46eaf8ede56cd921f2e166d6ca5fc

SHA256
ed3d051bdb52a90a7a5716be4ec1f3fff540d9f4b5a13026dd86628fa995498c

SHA512
8d776d422ca3e8b4a274bbab2933a4c2ae5466e7f27294c1bfa823cb61a6b52623fcb6f5b6182be3062aa7f2697a3d33fd71908aad59e33ab306a6b39fb6c07d

Download Submit
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\PresentationBuildTasks.dll.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D

Filesize
584KB

MD5
8a53f927487add385f59b8821bf7aea7

SHA1
9d9f9278498a6190ef8f48f97945e6cf393c4960

SHA256
395050b4d1762503df756b6d12b36b02e5a3983a8ea9f43296f2df29bf247266

SHA512
42e8e0bea29071c646a67b328325ccb36ddc6f8f7bf09f156f9ace03d0d7310e99f874c97429b1bc553b619514f9fc3d2f16d0a0a302c6745d425c51ded199c6

Download Submit
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Conversion.v3.5.dll.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D

Filesize
104KB

MD5
5d73787edf0df49f3d35c4dc9cd20eed

SHA1
fc53e0471eee805ea5d6c215d696096294b268b5

SHA256
ba3ca26c43001e807e377783ab3f404a6fd8f96c0dcc9ddf073e971cabbfba1f

SHA512
f7b650b60cff5081e07ab8ecafea17d5976b1ca60676546869f262a43334aac44817c06783189d0c436f7e6c7338ea47fc18b4dcf6ffdb5cacc44b815ebe2497

Download Submit
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Conversion.v3.5.dll.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D

Filesize
104KB

MD5
4768efd3c7bdc83cdbebb90bb1bbd3db

SHA1
33a954f303d09df1132103e00ebf401b4940bb0a

SHA256
50865b898b4709bfbd7dbbd43e3343393f313a4a3380c569546686af8166f25f

SHA512
83cffdad9c7a44d4111e79c01cd45c92561652337f5a1aa03999e53b2dded7c08badb4d420bd79e4e212b1c586b7a671a133e991009d0ee7c553c4adc2b6c115

Download Submit
C:\Program Files (x86)\Windows Defender\de-DE\EppManifest.dll.mui.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D

Filesize
2KB

MD5
d4e109326f112065fc34f12422f18650

SHA1
69af85f5f64b910f1df3d50c51566427eb34d957

SHA256
36323af349e529bf92abdedb4d012f957620f6536fdd175dc48b89530326fc66

SHA512
7a079a6b36530785e07b567a4d295f3781ea5b0cd69ffe7f951407f2fc8b2fffcf02effdef894da07eface406231ac483769be80ef927cd2376d971d3ce01c22

Download Submit
C:\Program Files (x86)\Windows Defender\de-DE\EppManifest.dll.mui.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D

Filesize
2KB

MD5
0d51d1de82eabb50982412673a274da5

SHA1
44cdcad18e25e1c3b71b42a1c06c29a5d9ef72ab

SHA256
3b650d1c6155db08b8b0e192295bb28615b860e85e8df328961382edd631aa2e

SHA512
3264a38706405dffc16b557076b485b6aaabcc8b94bd2f88520576509c1557b7566982f74af13ed9c674afe166dc0a210aa8094b2473ce1166b3b3bbbf9ef3f3

Download Submit
C:\Program Files (x86)\Windows Defender\es-ES\EppManifest.dll.mui.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D

Filesize
3KB

MD5
e04e14b9344e2c4e52518ec4f30411ae

SHA1
cc60f65baddf5332e4ad7604d6a6472cb7d0898b

SHA256
0c6a05fec012cec1e44941947a3b0f066dcab8adc2d709e8e46d9931f02a529e

SHA512
c07f3bc16315e89e931466c71a7ad86308504c8ee808e65dd8ec1250196e489669c0275c863eabe586e143ae3b223e852330e54eb912bb9b0c1bf15847e0f252

Download Submit
C:\Program Files (x86)\Windows Defender\es-ES\EppManifest.dll.mui.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D

Filesize
3KB

MD5
f5f5aca5b9077f538102fc90998fe7e0

SHA1
7c206be2045ee7787fc8f22bce23c59388acd6f5

SHA256
894e1c9b491970c3c99cdb3b13b50f9e9b14fa05cc3ded9c81c00ea2df9b36d4

SHA512
733fd72483b732cba7916e7232ae60b3cf3567a5354715545b6d8eea8437a23b606c5ab2831219b5c53f9e0601e6234fcd5ad95a491c38ba5fa2b2f2805a94cc

Download Submit
C:\Program Files (x86)\Windows Defender\fr-FR\EppManifest.dll.mui.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D

Filesize
3KB

MD5
e9acc536899f2f466efaefc4ca1aa627

SHA1
8036eccf49f31219ac36b8f48a4b848aedc4dea6

SHA256
3ba12ebecb43d88e7ab63c3dc0cd0e477f6f44157b64c16415797450e77c5759

SHA512
42a2ce4337f75589e004e456c4ed583dd3f7c724d476f47d72baf0ab1d2ffcca6778de883200aac16aa37ef6ad4426303485b515c8b1c701b8d7107f7290d889

Download Submit
C:\Program Files (x86)\Windows Defender\fr-FR\EppManifest.dll.mui.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D

Filesize
3KB

MD5
5c2f68800749d24defced570a63ceebc

SHA1
becd9c8d37cce52527b29c1afdeeec6d2d3aeda2

SHA256
5f97b71602d81f9fa2ee87e1327437787add8144e941b1188a4755f3b0b055ed

SHA512
8f00e7a77366460bc90ec323ee103f0f5a05c53910b1f32d0090f5b4f7aac6be4a752ffec4e70e8b7a3050a1f9b0f7e2420f3927836dd493a53cf1fd6a657ba5

Download Submit
C:\Program Files (x86)\Windows Defender\it-IT\EppManifest.dll.mui.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D

Filesize
2KB

MD5
9bce55143299adb1c98414f1438817f5

SHA1
64ab20651d1fd54aadef820410ed8be3412ed698

SHA256
1915347df3850868cc191cedb870c5cb1d2e51262fbd8e351f5a005906ba3b33

SHA512
2819669ab7aaea57541ae20c70bc79cefa3f3e198446f2d397d373b27138c83829ffd14389eaf3e50cc97414d9a3603f32152ef523837736d69e94812a6072b2

Download Submit
C:\Program Files (x86)\Windows Defender\it-IT\EppManifest.dll.mui.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D

Filesize
2KB

MD5
7e6a8ce329419dcd979865fff663d464

SHA1
100a07fbbdbf4d0359520d18c480121c1c71d677

SHA256
54cd3c94f80df850614b3aed71d03a3ffb13ddbbf7956bf6f8a71b45ad600cf2

SHA512
36e5d58eee9c24ed8509ccd6e461d012ded4064190497dfe0d4037ddeeaf77a8359b682a9f10b02fc7921217c27ae812e2d3a120324b325c59cdce893ba2487a

Download Submit
C:\Program Files (x86)\Windows Defender\ja-JP\EppManifest.dll.mui.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D

Filesize
2KB

MD5
9a5964897e619858555aa7a3ebe0dce4

SHA1
ce5559278dee9545eae7c74e4234c498c8735f02

SHA256
e258f2eb00369853f01f8eec659c346ae56a3cfad5d6e001904e0987adac51b7

SHA512
312091db2afa058f57127a5d982465a0538b29158cca3bd3b2a2394aa43b096ed677d7c3fb39779cff314c6796e8025494df419b9507b2fa2885fc99596e87da

Download Submit
C:\Program Files (x86)\Windows Defender\ja-JP\EppManifest.dll.mui.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D

Filesize
2KB

MD5
a3e4ab582c2b91ea5dcab4e3460b0f35

SHA1
cada2d5f8a70da58db85b5643b87e0f38c7b21f0

SHA256
88c3bcc560556e622e4e672a79107c0dfd1c3943adaef8bb3163af115ae9dc18

SHA512
992c79299765223249aa25493f07dea1327863994bc0ddc9d5237b3882f20eca1f1304941683746c16c3a294869bb82a22d1f2ff45b3d93d9bada3ce7060c331

Download Submit
C:\Program Files (x86)\Windows Defender\uk-UA\EppManifest.dll.mui.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D

Filesize
3KB

MD5
065cd2fe2de3916f80b887e8ce1e9714

SHA1
04cb4b5fcf23779479bbe7c2f2665204d357d2e6

SHA256
174ed5359743207eb1c7d6bf44e1f96528296e8eb8ebc5a73499c035d7f0cb53

SHA512
0b680ec5d7eb9669dee22af5e9bf60e0e79bf1afbc720b4de2df6a11bcc11e8939088bdc9addbdd28f1caf4c0cefb73b7a979518941c1196dee937352bb75b72

Download Submit
C:\Program Files (x86)\Windows Defender\uk-UA\EppManifest.dll.mui.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D

Filesize
3KB

MD5
6a6e4512ae902c5523f59dc2ce1e4ee0

SHA1
976473e65836c078e0ffbd914068fd10b0343a28

SHA256
90241575889e20083a210c6376e72a9446a23078c817f7afbcf6a98f4b36ccd0

SHA512
dea02de69bacfe69e5dd881a666a71bfb3af29f6f882e3cf2246e53cb7514665f667a5cf815c5d3f2ef89bb95f9b027ea0a2f09e9466b935580d85b0afb5ce04

Download Submit
C:\Program Files (x86)\Windows Mail\wab.exe.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D

Filesize
505KB

MD5
c837033e54d8889c9b01d83bbffe2eee

SHA1
1976e087a4b852401f9eede2feb20e583874c6a8

SHA256
091147bb7e7bf92190315241dddb5f49370994bbcf94148ea70242e1166ce798

SHA512
3b7469bf4b471ddfdb7d7da28c6f277d2345158519cbf92f0b6efaef70ea916e89e17df67f2546735ce58d54475e4d7b9e362daedb3aae46a9f1facfe8d5397b

Download Submit
C:\Program Files (x86)\Windows Mail\wab.exe.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D

Filesize
505KB

MD5
6788fe42f70209d23be9b9ca88522f93

SHA1
c11c16320a3385552992b3a1b0bec1bd557cb1bd

SHA256
9daab726b8c67c30d6719f47bf55528d6443617e071784579fb1b6c608db853e

SHA512
2f147463fc722afdc6565fcc0cf5562bdf80c0d6b84ee8d1fc3b6853101ec3c32e833199b6ab399920cda749b9e21ae1230c6c9a0fd8dc25f1e036a9c4488589

Download Submit
C:\Program Files (x86)\Windows Media Player\mpvis.DLL.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D

Filesize
161KB

MD5
8734e9635e15c066e732b36f359be953

SHA1
e680edfa827d061ee69de5cfaf5b51cb591abc32

SHA256
087302f0b5ef90c051370c78abf8633e3c2b26e69f533f0e4d262ed8a66aae88

SHA512
8dd6a48e85613b8c763c0ce6c412fef94ad155b85d18bbbade1e7146487c8c064b53f246dac0b5f3fa6e89239811b0f2d0ea89d946818d4627573d4d29dd30ef

Download Submit
C:\Program Files (x86)\Windows Media Player\mpvis.DLL.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D

Filesize
161KB

MD5
8a5814b98027d55bbab7ef813ff4ba43

SHA1
8fe563215f2c6db2b5f4ce0048915d281b67a8d5

SHA256
c8d689d140c0b8688268633892c5efdfefa5b66f4be1dc31c922ffe4fea39cae

SHA512
fe669826837ffb8b31e2c17bf2ccf472d484511d365015a15e2989a9c0308bb877c55cc4e37d059d329258d75b8b36cf6e625e04e91a94b4a72705cf31fd6ab3

Download Submit
C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D

Filesize
2.7MB

MD5
bb46578cdc9ed5e8ab8ff52316d2273a

SHA1
3ea2c21edb587f0e892a392582bc756401354364

SHA256
7a6c21606228dc4f35a3eaf10ff9bb1f77a08195e56ea6ab101524dcd21f7ff0

SHA512
62fe3598b1bd3a1fecc58cafdb6d4c704e7a0ffd36da68db64bc886b3616555dd9b6fe1a35c228c308d39d270569028aedcabfe72b4c8aaf30f56030ebc49efa

Download Submit
C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D

Filesize
2.7MB

MD5
fab0db85f696ef35fbba2aa98d50dbd2

SHA1
d29cd0a2d02d0ff6d9280cb86e610f45a3233650

SHA256
648abd0ea51c2ea4ba921f78aea5fbfb3d2d7728762ccc1eaf83792096ed2c90

SHA512
9db2441da05a1c98630fa5b72a7cc184c77cbd7244ce0f98286600a42a25bf36dc433e17912f45b626cab1f94d3a55a0c493d72c85aec44e1bc609018d4c8e4a

Download Submit
C:\Program Files (x86)\Windows NT\TableTextService\TableTextService.dll.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D

Filesize
622KB

MD5
fe6a7940c6023cd842c2fb17ea86be6a

SHA1
890413d338e1a5d43fe4e3558e695fb2df3e42f9

SHA256
dfc977c8867cf89b0f57682289fde3cd8588cee46f334e1cb56c30c8ce6fa4ad

SHA512
4a7e3399d8945b01c15be6e4d6342961edd15836b64506061b7bdaad8a6a7ae776e858790f23c6a44747f567334c692ec1f2566141e5f1cff5f61963b93cad6a

Download Submit
C:\Program Files (x86)\Windows NT\TableTextService\TableTextService.dll.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D

Filesize
622KB

MD5
dcf691aa9bcbce4a9ed40347e8cc31ca

SHA1
ac985ead58f46c71cc2c6eb9e05c4d144a3da8ca

SHA256
4999ead5aeeeb1241b9ee49585d21bcd6543a269c49720b5be830ee462cb42d0

SHA512
67ad596783b75732b581cf14316d04e38d1154ea76af3ed8d9f0835c86cee6653d4ebb752f4ba4a1157405a5649d5ba012646ffcbec8977ea685b0004a821826

Download Submit
C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D

Filesize
93KB

MD5
359870482ac74e6ec5c6249381a21447

SHA1
ffa20cf1f7f96ac523cc78e79c86ef6da95a8d8c

SHA256
fee21d49a7c4873b9c9402994beda76365619b5af88da5eb35b19e33442a352f

SHA512
770d4719fab668ea3695292d4b0d7e8534da3ec805bc09f3d6569f219420b9306d6e7974ee1d4696f1120d89339932104d6121debf74d742a2bbf34a223b36f6

Download Submit
C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D

Filesize
93KB

MD5
501455d0d32ca6d8e87e7f1a6ea15edf

SHA1
18effb10bd4356442ab27728d288378fdf536be0

SHA256
b79e1a64d03ba5035c90c26e60251a007a86ed67f9992952ce4f0059ed8b0fb9

SHA512
9a71df0a0253de45ca1a11c8650ed14d1594520f24d350660f628fc45b7e13e53ed98f6c464bba4922c18e103fba5f67788225ed1b66936c8a8f562163d2e373

Download Submit
C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Microsoft.PowerShell.Operation.Validation.Format.ps1xml.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D

Filesize
3KB

MD5
29c031bad45f4c8fe5fbc8f897b48029

SHA1
599261de86fb3aa1fb08b82b678a7bb28a7a2e44

SHA256
a5c368d1e99a79199887e90302da4172b83c2074c5f1cde48e8439cccfd1a380

SHA512
24283e4279e07725c2a8964846c072460c17eaf85d96a6e108aa090c31256aa90a33021bed79b33bc75a352a5bf15e3cc784817b051d9fd71e8b4ca6427248e7

Download Submit
C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Microsoft.PowerShell.Operation.Validation.Format.ps1xml.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D

Filesize
3KB

MD5
ea7bdb5e40171dbef768e827550a9923

SHA1
b9449b198d4d4284adb4dea90ff60b186725af74

SHA256
669966c2c11b3180e70c4af0f20f5e67073a0f94cdb21c3c29e54f93a9c39f0b

SHA512
6c0bf6102c93f0a4669f3efa00bd024fedb4a93a3569bc9631ca15a34b7eb86623afd9aedd1f89929be1ac427da1148d6830c930b873603fc2724f27cb8ecbc2

Download Submit
C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\Build.bat.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D

Filesize
752B

MD5
c9211027fa7b137782752f981eaef241

SHA1
a89a2564ff69b0cec85c8b344d0f29c1a46174f3

SHA256
79952d2ae5dee1835650249b5c387c82e1fe668ea796aeebad2b10390e7fc4a1

SHA512
9f228f567a1943fb2f0d3506014458e532e70cfb3df0bea5e1f6ec1279b4fb8a39c089e1d67541a86bd24d808e9af096a8a57fe2d8dc7b9471d5f33e2b6aa87f

Download Submit
C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\Build.bat.A57E6A0DEB2FB9B3A85971A85B4653C1EAC957D2248F1C8047903FAD64EFB69D

Filesize
752B

MD5
cada2e8d27a9d9d9144b5f77c78f477f

SHA1
689204bef537628c3530e26d81754fc2dc131a90

SHA256
e153c85e614cc059c8d928cbbb0f211f5a5f3cc74d6327fe92e72bee9a0593a8

SHA512
e9631fd6e614a8afef1f2911864820a3b4c9ec696f152267c428c2b8ed09728bf55e0ce5e75a17c2212a1c3676be7950a4896d90d0653660ef6f427d10e77cd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e9a2c784e6d797d91d4b8612e14d51bd

SHA1
25e2b07c396ee82e4404af09424f747fc05f04c2

SHA256
18ddbb93c981d8006071f9d26924ce3357cad212cbb65f48812d4a474c197ce6

SHA512
fc35688ae3cd448ed6b2069d39ce1219612c54f5bb0dd7b707c9e6f39450fe9fb1338cf5bd0b82a45207fac2fbab1e0eae77e5c9e6488371390eab45f76a5df1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1fc959921446fa3ab5813f75ca4d0235

SHA1
0aeef3ba7ba2aa1f725fca09432d384b06995e2a

SHA256
1b1e89d3b2f3da84cc8494d07cf0babc472c426ccb1c4ae13398243360c9d02c

SHA512
899d1e1b0feece25ac97527daddcaaeb069cb428532477849eba43a627502c590261f2c26fef31e4e20efd3d7eb0815336a784c4d2888e05afcf5477af872b06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
039f08e7791ee4854053055a079d4bc2

SHA1
4ede2e3164d8f34f5eb7b7a83efc50eeec149136

SHA256
66aa0d0c3c2a3467491f69e63c835bedf618883ad6e55a3472649b540fbcb8fa

SHA512
aedb145f397c057873684fe430e38a2cdb8a92ebb595135a2fc55a70590acb57bdf09cd590b2739aaf920e086b5480dd8ee42801b305caccd2617964242142e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
678B

MD5
5e5f8da23b74c8f7d42874888a114b72

SHA1
6e83ea363ca755b096fb118d18928a7ccf8966cd

SHA256
54bfa30f3f0296ef653b75494f09cd3120edd8d21464627d6ff1f47a236665d7

SHA512
53ee64ca50c5a42407d64cace82c4534048e133de59286d93be7d18ceac335f3df19e0a809d3871f85c8d04f253f6f031f3d194ffab26e5372ab2ce52d0b7e24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
678B

MD5
280b92f19a2240b2adbda1d878d39f14

SHA1
728448c823fed1d4926768c7bade953c0478d01c

SHA256
7270a4feedfd9a7dd1f363b99ef836b2428be8231d53296f869668b9f7cab00f

SHA512
8c6803c30ed0e73812c97c4e471137130b7bc82d4aad5df875ccd2710a402a8fb942001cbd57fe9e4531fc249248160cb6c1f0c5fe23e37537f6bed5eaf83c20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
40df1a6e5be9a6cbb6f9c93fecdf3d3d

SHA1
3c5a30bf5fff13ff194aba4dfbd360a3347dec05

SHA256
9f22016216ffcc38d31776791d2456c62eed54e5e61e2a4c59a7b32e462781d6

SHA512
421f9266180a75e5980466cfec082db21fcf36afca776102c94e413351e5d0f43febfc05ae50a9ac59c115d355de9c6aed7ecb3120a412a8de6e1b78e76c7b63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bb61eddbaf9994efe1f6c535ef9b8965

SHA1
c0d0ddb5de5e4c36910ff8b75cdbae449c7ae816

SHA256
e9d06cc2e886529ececdca0cbc1195814eb27181dce1632171ef28d542ed0bfa

SHA512
25c926a6cf8f7d294ccd3660ee72a18eeb25bbc1fadb31cfc656be433cd4fed52909929d7db64aa3060be7d21d5e520124fbf3597f856e6f1bc0b9cd44112add

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
14023a7a6d290a5ddd1877089c64d1eb

SHA1
b3013244f6b03ec70d0069b6dc069d041b6bd5e8

SHA256
e4947bc871f6f2edc5fda9cdeb2033b4147f0e279b2fe189c3769203e2123502

SHA512
5b9aacdef422768f6d9293daf19d4242f0187e2ffe102e17405712f89f328131bb60a6721aaecf7efad49dc8b28126c74aa48516b0a6589baefc24c1e7c87593

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
047ae4af7aa72c4e1cab3bcb438b8387

SHA1
f8ecd5dd542e3f50ccaaa0e2dcdc69fd3223e14a

SHA256
b7c6db638ca10fcacead83b760de529ab449e79cc34dbf090b2ba9e4e579a30e

SHA512
c4826a235b821a052311ec1f7ba90ec586c7141df680a7212385642526867c4364e1bdd0cde03a971427b7abfe569663c4e34ed3a00cc7494ea8924e02941c94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
eb5752329287165ffa8efabbeab46ff5

SHA1
3508ae5a2576fc9b237739fd49f3f0313cb0b476

SHA256
46da1cb7410414f074fed24c530a218c5f35b046c999ff163cab0ef1e23aa8c7

SHA512
4ae5e4d35de0b3ce4d5f585642fd9e6af2f710aa66bcd7590c2f4a24e6dfdb72948f2a5081108dbc374986490ca2b7944eaef4e0e32eccc075b0009da09ef498

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e32c.TMP

Filesize
1KB

MD5
b1b1cb409527c205a331214acbdf972d

SHA1
ebfcd170f66e818ccb98f6e95c1ef05d82642caa

SHA256
73b027d0307673175c9ff13847f8787ecd10555e2cff9d941de8a11b6fe09e2c

SHA512
bdf4f548dec3fb47541c94063407b1d94a195fc98099e99bef741d6151a553223d1d88cc96ca202a5efd3eaac494026c1ecf068a6aff898af3b90728bbbf582a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1e9cccda730451a60fb72b1bfeacb67d

SHA1
c6bf309dd117280f7d25fa2c89347975abc61ef5

SHA256
0d726e1a5d8eeee290365cc70eb910b5557722e2d43871d1903e15624bf67914

SHA512
4247e0390d6b561273fbd176fee2c59f2aa73e3cdba90379ea7733e28faee09ea4b405d686bf2527e04cfdbcb948ed6662b8834717d7a6fe8fdbb0f7298ffb7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0e3e05335d97fcf6f564cd9d602099f4

SHA1
8de76908d25ec9b3bbe458f357fbf4b90f499b5b

SHA256
2d4f1301ba637e598286a45b279018dbd4fcd750682900ac002bfc2efc526511

SHA512
24c524ebaae11f8cdd1c5c2685c0aa9859c064099102ef6d87b15252d8af178f99bf3f73e4eb78bcb0e7bc323f264ef77678aca63022901aa245ad63e913d475

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c5b8d2a04977c064a8b8505a25da1e27

SHA1
5ac1eec73f8257a62cb03a0cafec472bfef31ebc

SHA256
6191170b55c6870b62e88f76e40a617d9ab43325ac7ee8e9d56a78d083909fc1

SHA512
88aaf0f7dd9de42bc8aef4c4c25f6c196c9149a7f479f23d9a8bde4d0ff5dcf7e0b4615083f789baaf270d04fdb9ce1e9c29ead81cf3869526542f6466592aa0

Download Submit
C:\Users\Admin\Downloads\InfinityCrypt.zip

Filesize
33KB

MD5
5569bfe4f06724dd750c2a4690b79ba0

SHA1
05414c7d5dacf43370ab451d28d4ac27bdcabf22

SHA256
cfa4daab47e6eb546323d4c976261aefba3947b4cce1a655dde9d9d6d725b527

SHA512
775bd600625dc5d293cfebb208d7dc9b506b08dd0da22124a7a69fb435756c2a309cbd3d813fc78543fd9bae7e9b286a5bd83a956859c05f5656daa96fcc2165

Download Submit
C:\Users\Admin\Downloads\InfinityCrypt.zip:Zone.Identifier

Filesize
55B

MD5
0f98a5550abe0fb880568b1480c96a1c

SHA1
d2ce9f7057b201d31f79f3aee2225d89f36be07d

SHA256
2dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1

SHA512
dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6

Download Submit
memory/1248-4301-0x0000000008590000-0x00000000085F6000-memory.dmp

Filesize
408KB

Download
memory/4808-310-0x0000000000200000-0x000000000023C000-memory.dmp

Filesize
240KB

Download
memory/4808-311-0x0000000004D80000-0x0000000004E1C000-memory.dmp

Filesize
624KB

Download
memory/4808-312-0x00000000053D0000-0x0000000005976000-memory.dmp

Filesize
5.6MB

Download
memory/4808-313-0x0000000004E20000-0x0000000004EB2000-memory.dmp

Filesize
584KB

Download
memory/4808-314-0x0000000004CE0000-0x0000000004CEA000-memory.dmp

Filesize
40KB

Download
memory/4808-315-0x0000000004FB0000-0x0000000005006000-memory.dmp

Filesize
344KB

Download

Resubmissions

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads