infinitylock | hxxps://github[.]com/Da2dalus/The-MALWARE-Repo/blob/master/Ransomware/InfinityCrypt[.]exe

Analysis

max time kernel
129s
max time network
127s
platform
windows11-21h2_x64
resource
win11-20250217-en
resource tags

arch:x64arch:x86image:win11-20250217-enlocale:en-usos:windows11-21h2-x64system
submitted
09/03/2025, 11:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Da2dalus/The-MALWARE-Repo/blob/master/Ransomware/InfinityCrypt.exe

Score

10^/10

infinitylock defense_evasion discovery ransomware

Malware Config

Signatures

InfinityLock Ransomware
Also known as InfinityCrypt. Based on the open-source HiddenTear ransomware.
ransomware infinitylock
Infinitylock family
infinitylock

Downloads MZ/PE file 1 IoCs

flow	pid	Process
35	5624	msedge.exe

Executes dropped EXE 1 IoCs

pid	Process
5412	InfinityCrypt.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
2	raw.githubusercontent.com
35	raw.githubusercontent.com

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\ui-strings.js.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\hu-hu\ui-strings.js.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\Trust Protection Lists\Sigma\Cryptomining.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\drvDX9.x3d.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\A12_Spinner_int.gif.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\es-es\ui-strings.js.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\ResiliencyLinks\Trust Protection Lists\Sigma\Entities.DATA.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\2d.x3d.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_gridview.svg.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\da-dk\ui-strings.js.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\uk-ua\ui-strings.js.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\S_IlluNoSearchResults_180x160.svg.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\en-il\ui-strings.js.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_patterns_header.png.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-il\ui-strings.js.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\en-us\AppStore_icon.svg.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\ResiliencyLinks\Locales\mk.pak.DATA.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\fr-ma\ui-strings.js.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons.png.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\help.svg.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.140\Locales\ar.pak.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\Locales\lt.pak.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\logo_retina.png.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\microsoft_shell_integration.dll.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\VisualElements\SmallLogoDev.png.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\BIBUtils.dll.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\RHP_icons.png.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\S_IlluNoInternetConnection_120x80.svg.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\show_third_party_software_licenses.bat.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\devtools\ko.pak.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\Locales\fi.pak.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\en-ae\ui-strings.js.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\@1x\themes\dark\A12_TypeTextFields_White@1x.png.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.140\Trust Protection Lists\Sigma\Cryptomining.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.143.57\msedgeupdateres_zh-CN.dll.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_folder-down_32.svg.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\fullscreen-exit.svg.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\ru-ru\ui-strings.js.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\bun.png.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\ResiliencyLinks\Locales\kok.pak.DATA.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagement\uk-UA\MSFT_PackageManagement.strings.psd1.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\en_GB\affDescription.txt.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Checkers.api.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\themes\dark\new_icons_retina.png.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\js\nls\da-dk\ui-strings.js.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.140\Locales\ca-Es-VALENCIA.pak.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\variant.js.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\misc\altDekstopCopyPasteHelper.js.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\illustrations_retina.png.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\css\main-selector.css.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\images\checkmark-2x.png.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.140\Edge.dat.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Office.Excel.AddInAdapter.v9.0.dll.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\ru-ru\ui-strings.js.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\bg_get.svg.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\themes\dark\dd_arrow_small2x.png.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.140\Locales\ta.pak.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.Targets.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\ko-kr\ui-strings.js.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\sk-sk\ui-strings.js.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\file_icons.png.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39	InfinityCrypt.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\InfinityCrypt.exe:Zone.Identifier	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	InfinityCrypt.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	InfinityCrypt.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	InfinityCrypt.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\InfinityCrypt.exe:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
5624	msedge.exe
5624	msedge.exe
5992	msedge.exe
5992	msedge.exe
4024	identity_helper.exe
4024	identity_helper.exe
3616	msedge.exe
3616	msedge.exe
1556	msedge.exe
1556	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	5412	InfinityCrypt.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5992 wrote to memory of 1472	5992	msedge.exe	80
PID 5992 wrote to memory of 1472	5992	msedge.exe	80
PID 5992 wrote to memory of 4796	5992	msedge.exe	82
PID 5992 wrote to memory of 4796	5992	msedge.exe	82
PID 5992 wrote to memory of 4796	5992	msedge.exe	82
PID 5992 wrote to memory of 4796	5992	msedge.exe	82
PID 5992 wrote to memory of 4796	5992	msedge.exe	82
PID 5992 wrote to memory of 4796	5992	msedge.exe	82
PID 5992 wrote to memory of 4796	5992	msedge.exe	82
PID 5992 wrote to memory of 4796	5992	msedge.exe	82
PID 5992 wrote to memory of 4796	5992	msedge.exe	82
PID 5992 wrote to memory of 4796	5992	msedge.exe	82
PID 5992 wrote to memory of 4796	5992	msedge.exe	82
PID 5992 wrote to memory of 4796	5992	msedge.exe	82
PID 5992 wrote to memory of 4796	5992	msedge.exe	82
PID 5992 wrote to memory of 4796	5992	msedge.exe	82
PID 5992 wrote to memory of 4796	5992	msedge.exe	82
PID 5992 wrote to memory of 4796	5992	msedge.exe	82
PID 5992 wrote to memory of 4796	5992	msedge.exe	82
PID 5992 wrote to memory of 4796	5992	msedge.exe	82
PID 5992 wrote to memory of 4796	5992	msedge.exe	82
PID 5992 wrote to memory of 4796	5992	msedge.exe	82
PID 5992 wrote to memory of 4796	5992	msedge.exe	82
PID 5992 wrote to memory of 4796	5992	msedge.exe	82
PID 5992 wrote to memory of 4796	5992	msedge.exe	82
PID 5992 wrote to memory of 4796	5992	msedge.exe	82
PID 5992 wrote to memory of 4796	5992	msedge.exe	82
PID 5992 wrote to memory of 4796	5992	msedge.exe	82
PID 5992 wrote to memory of 4796	5992	msedge.exe	82
PID 5992 wrote to memory of 4796	5992	msedge.exe	82
PID 5992 wrote to memory of 4796	5992	msedge.exe	82
PID 5992 wrote to memory of 4796	5992	msedge.exe	82
PID 5992 wrote to memory of 4796	5992	msedge.exe	82
PID 5992 wrote to memory of 4796	5992	msedge.exe	82
PID 5992 wrote to memory of 4796	5992	msedge.exe	82
PID 5992 wrote to memory of 4796	5992	msedge.exe	82
PID 5992 wrote to memory of 4796	5992	msedge.exe	82
PID 5992 wrote to memory of 4796	5992	msedge.exe	82
PID 5992 wrote to memory of 4796	5992	msedge.exe	82
PID 5992 wrote to memory of 4796	5992	msedge.exe	82
PID 5992 wrote to memory of 4796	5992	msedge.exe	82
PID 5992 wrote to memory of 4796	5992	msedge.exe	82
PID 5992 wrote to memory of 5624	5992	msedge.exe	83
PID 5992 wrote to memory of 5624	5992	msedge.exe	83
PID 5992 wrote to memory of 5500	5992	msedge.exe	84
PID 5992 wrote to memory of 5500	5992	msedge.exe	84
PID 5992 wrote to memory of 5500	5992	msedge.exe	84
PID 5992 wrote to memory of 5500	5992	msedge.exe	84
PID 5992 wrote to memory of 5500	5992	msedge.exe	84
PID 5992 wrote to memory of 5500	5992	msedge.exe	84
PID 5992 wrote to memory of 5500	5992	msedge.exe	84
PID 5992 wrote to memory of 5500	5992	msedge.exe	84
PID 5992 wrote to memory of 5500	5992	msedge.exe	84
PID 5992 wrote to memory of 5500	5992	msedge.exe	84
PID 5992 wrote to memory of 5500	5992	msedge.exe	84
PID 5992 wrote to memory of 5500	5992	msedge.exe	84
PID 5992 wrote to memory of 5500	5992	msedge.exe	84
PID 5992 wrote to memory of 5500	5992	msedge.exe	84
PID 5992 wrote to memory of 5500	5992	msedge.exe	84
PID 5992 wrote to memory of 5500	5992	msedge.exe	84
PID 5992 wrote to memory of 5500	5992	msedge.exe	84
PID 5992 wrote to memory of 5500	5992	msedge.exe	84
PID 5992 wrote to memory of 5500	5992	msedge.exe	84
PID 5992 wrote to memory of 5500	5992	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/Da2dalus/The-MALWARE-Repo/blob/master/Ransomware/InfinityCrypt.exe
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff955223cb8,0x7ff955223cc8,0x7ff955223cd8
  2⤵
  PID:1472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1880,10624260624299446469,18069581990963606835,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1936 /prefetch:2
  2⤵
  PID:4796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1880,10624260624299446469,18069581990963606835,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Downloads MZ/PE file
  - Suspicious behavior: EnumeratesProcesses
  PID:5624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1880,10624260624299446469,18069581990963606835,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2656 /prefetch:8
  2⤵
  PID:5500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10624260624299446469,18069581990963606835,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10624260624299446469,18069581990963606835,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:4292
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1880,10624260624299446469,18069581990963606835,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5576 /prefetch:8
  2⤵
  PID:5204
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1880,10624260624299446469,18069581990963606835,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5576 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1880,10624260624299446469,18069581990963606835,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5572 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10624260624299446469,18069581990963606835,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
  2⤵
  PID:4772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10624260624299446469,18069581990963606835,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4556 /prefetch:1
  2⤵
  PID:3752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10624260624299446469,18069581990963606835,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1
  2⤵
  PID:3904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10624260624299446469,18069581990963606835,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
  2⤵
  PID:2056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10624260624299446469,18069581990963606835,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:1
  2⤵
  PID:1340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1880,10624260624299446469,18069581990963606835,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6132 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:1556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1880,10624260624299446469,18069581990963606835,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5784 /prefetch:8
  2⤵
  PID:5280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1880,10624260624299446469,18069581990963606835,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3008 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1400

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2600

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2952

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2232

C:\Users\Admin\Downloads\InfinityCrypt.exe
"C:\Users\Admin\Downloads\InfinityCrypt.exe"
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
PID:5412

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\icudtl.dat.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39

Filesize
16B

MD5
16fbc70d151e4af52cc15470ce710db6

SHA1
c59950c7c91da6fa200b44c18194d479c6fde888

SHA256
6327b5da0f068a3c906f4d018e8de230d55b60145c2d4eaaff7e7395b279a874

SHA512
5967ce9594ffaa65cc6b50af4648ab686c1b4dd7b7d2678b2bd1a70ba3ae195f42d11d10363c8ed4664f9f42c4b995236db989deb3eb1203a95591740fc9189e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_remove_18.svg.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39

Filesize
720B

MD5
41995251dc456aa3df92e3548c1415a3

SHA1
decd9d62e4b81f0ef6f32d68b84ed94daf85b71c

SHA256
e6969feba839a97948bca25291348161c75010c44bca3f006722bb104bc6ef81

SHA512
69d57ab6d1407043f073ee80a129878348256c71da590d1d9290e7b25362419a614dfec54a497461b132a36301d001026f8954ba9067a1a197fda5376a59daa4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons.png.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39

Filesize
688B

MD5
f33c3f3ccad1cdf682095bd9e45ded4c

SHA1
975e13629a2ae20ba83270c1c722cb87d3c9e380

SHA256
8cb5280d5d7840630284ac672e14a4e825663ab41a85045426e4307b1991db6d

SHA512
2a0270348670a6c132bca08c1648572724a0f5b9afc5639997b8a7248fbdf32df2fd74b4ec81338e99c4b188312bdcb4186a77a0b7a3debed2d6c3f471bfe95b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons2x.png.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39

Filesize
1KB

MD5
368280a08f6e5efc7f5fc40a241f8221

SHA1
ddc265c812063e78a19341ba47511d5c8b3f1195

SHA256
4b7b1f9436b5a61c009b75de38b2de51489f28ba87c8f69f601cd822a007e714

SHA512
d67a30bc5dfcfd683a13a9b459ca51dc75519a14ee3ec1aefec70a75e3a1a2681e28bd33733902ea29dae3f56b334906d4a78b3c5bdd670b2a111bfbff0760e3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon.png.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39

Filesize
448B

MD5
8f32f3bf4c49e40d650bedf47f1cf785

SHA1
4e3ba5b89d8cbf4f193fd15a9883e489eadb538f

SHA256
5f271f61edb092ca4d89e93b31a35876c51bb9eb3d3e1630d6e68b6506ddea54

SHA512
42451017ebcf6eecc4e3af0d57ae8530b2146d916d11f6cc78b9edd9fc56e9747470cabf0b57e91a3ddb240e167abed710cd0834978268e92400b226e973841c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_2x.png.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39

Filesize
624B

MD5
55fea8711fd8ea8214a91f54e0b33ae8

SHA1
3f63aa958e7ae025dc234874c2a911a5f2207116

SHA256
14e5dc5b36bbee67d292914bf3a870e0760ee80a0aeb32001c27bc367885bbca

SHA512
a9f2c2476dbb33d8fc4ac976916a9f2a1c056e0a72bf7f7c92b05f94701a3acf3954a7140701dea235425cbe100e242cc9bbcc8c9ef7d2723af67865445cc785

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover.png.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39

Filesize
400B

MD5
1d63568ed2a566eb7d0b32ba7680c84b

SHA1
55c0ce0e3932abfe4b5b2c20da600e7e26b623a0

SHA256
717e162a92cb44bea458886800f23fbe959370dd6b03e67e41638494f2b7b23a

SHA512
2e61624defe3b5c29c8f912def4f93826fe8e30aecf48fa81aa59cd9752e09a8bdc10512aa9e6b9f0510f6893615dc27434e8c63ac47e14c1db84aafa95e2d8a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover_2x.png.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39

Filesize
560B

MD5
4e83d54c7d22aa5ef9bcaf635b724afd

SHA1
79dccbd9c8d37816aa717ec086e26380da233ac8

SHA256
15c42ac36338186818e7b6c38f3f70b0a2beb0cce803b93139e95e04e39c235a

SHA512
38bd114526b5bcdac1600866ffa39a9e60f3dcb1ec8d564284abc3efd7cf17b798dc7cb54d68759365b94d28f0666de993dab1c839e66f9bca7bcd4f4ff49ce8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon.png.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39

Filesize
400B

MD5
17537f18fc7192a8d391a5e7763a15b8

SHA1
00d639cf93b138360b09057b0fabc4d36d4f2ae6

SHA256
eafdd49f3fc63fa7e6167487469b219f39b5a862bad1bf2d11448d74010e809b

SHA512
729574800f40f1e36e57c984be0808da6f8b865a7cf7a85233d5dfbd8c2e802d5f0454019eec962383a7c36c5a24bb6534a55503b6e2fa4e2579cd00bf487c75

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39

Filesize
560B

MD5
02f981ea0a47a3771d72d8725de0a028

SHA1
8526332494d0cc5997eda16acb543f4497ffef99

SHA256
4a4913ae551fb2666a789f7fcaca5baa279bc3207478ff2c3310b79b5208cc65

SHA512
188176e08894f449afc5ffd47f03420762cf071c064aba5ee606d2592dbca943e2def66b3d79fac3ba8742be7bde58d27f8119b20765dd252e2120f7b71c7a52

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39

Filesize
400B

MD5
daa4389f46c9d0f01f801ae0fa6f01b5

SHA1
ae88649225f77e3b74817d18b022e350ae9f0001

SHA256
160ca73f7f55bb0f648c8797501801d60eb371bf4a0f5cca3a41456c79ef7e57

SHA512
5d9c6cadc7c7059ce3dcc7f0596f8c62be8cee017656d2c735d63d61cb58ec7710505040dcc320977730bbb93973ab6d5471f1982c26391df98a64b62cec9324

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39

Filesize
560B

MD5
18108e11c729b90b442f741b527ae562

SHA1
c7d3d34f1f5f2179759f538fee4fe566a67a1271

SHA256
50a75a677691f38557e46a412f3211bf32bb44dc215c2b8ec5f5373950c206b1

SHA512
6e43dfd675b78054a61c608c1df6776fbef84714fab6ffba8de926360f3ad895ec1e75dbabaa4ce467421674ee3fb06ae77ccd6381ab00484d8dadbd2785c575

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons.png.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39

Filesize
7KB

MD5
ef6f5ad09e152fe6788e4d156479359d

SHA1
1a4156ad1a9a63e8d95e8acf5b26026c9ccaa20d

SHA256
c720f63362bfff9203ee36c0d7fda2b33da1e792864d23a4036d4728506b4c0a

SHA512
1e231105bb6ea1e40ecfaa57fad9512f37391c7636b30c935fba14b6e552ca2603bbdfa2f43f1406ccb0725e25a686aa202b8712fa4f7b99da0d1853a3040d9d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_ie8.gif.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39

Filesize
7KB

MD5
1a56000ec37cb5378f76e3a4a02ba5aa

SHA1
70a7c1e71fe581b6d7887b07f830367f4633b510

SHA256
7020ffc043dec26ae00af7c42ad57362f96a1d5841c30445f68adc07d600f548

SHA512
5b5072ec2ffe0f9646f02dae02ca8bd74a3081bb6035d5b79289f045c361f4e4010e205ecc6bd1ad22aa751b0f224b10756c61aa802372aa5c22c6a53bdcd886

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_retina.png.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39

Filesize
15KB

MD5
e0d8c3ebdf4fb1d01c9ec926fff9e2c8

SHA1
9d3bc2ca81cbe3658d1ca8b9804da97a428bdc32

SHA256
8f843712d47e7ff2b5284d74664727a488ac2c2aaed066e3c55aa4a71130830c

SHA512
aa130af7f1c4322e85f988899abff2a5cad8a730f4ddab39356c6978ed3d711d9f97c77e3d1e234d7107b9c057006197fa7edd5d4b1c1cda7d2a7fa0a82bcd92

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons.png.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39

Filesize
8KB

MD5
76000e214e8baaecec49aa7f850c2c1d

SHA1
96e6f946313a2ce5f0a169f667d37f0ca708c8c7

SHA256
1bd1c0006b39d059ccd52209a05d38a010415e76e935ecb8a3783ac2d9742d20

SHA512
d0e77a222a91da6f0a5b03a102a018630d7807c7639c05901968301231437ba3e750b4cf191a2cd70d39b338051d9138a5e04c86f4951e0bd15a54140d7735ff

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons_retina.png.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39

Filesize
17KB

MD5
3c666bb99c4bce99d53c797527db6fb6

SHA1
2b74bcd1825ea912339069622c5c3eb7fdf75813

SHA256
160e81a224493141531fca5c150b2bb2a7626b8a15e92a1e977699f1d581cb2d

SHA512
317479648c24dbca3e9aac2e04768b1cf21e85f4f43e075fcc9046d1eb0db0421becf6e01b388b6e9c570bcf450866587c4d5c53b617004c5c52476147db6773

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_pattern_RHP.png.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39

Filesize
192B

MD5
76892ed171802473a36dd2e4501299e0

SHA1
247939c5b2e169608073f6aa872b96f93c4fe014

SHA256
15d9361b06f2c0e604f7c3a5bd320fb13b22bfc5a58a92892c16282160d7eab5

SHA512
8b404604ea1b32830122d792dc0ef065baaa3dfd73b0b8b3b0327012379b471fa57f02de1b19fe5a7ed832125dffbf9c4d5478dcff5201e4795ffc4dbf84d3b5

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_patterns_header.png.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39

Filesize
704B

MD5
4514b412ccaaee2237f41e861e39cf8e

SHA1
bce2b62dbab665c8e2a5156ed23f3152e8977361

SHA256
42530d2cac429dcb30bd7e12654c413bb2311c8844cde4c934900f1aa13d84a9

SHA512
ae04086fa1bf17374a0e1576cda069e97fe17cb173e93a2840cd01bf4b4f8c4f157a4065de1b72e6035ce78b40f7b734c002d3f023fdfbc395c3f9a694482060

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations.png.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39

Filesize
8KB

MD5
dbcd1c1328a71f324d7e6daa52e8643a

SHA1
7f075c21be9c9fa7eecbb50845ef2c1489e7f60b

SHA256
c8cf764d9e67376a4e6f6aafd9776f4ae65a57d73c7c8b61a61362858c288cdb

SHA512
e32762effa3e1f6f1a4a279cdf44a876414e1a06a1808b3eb4407dd8be392b76ff864bccbb3d3a4d87f628e5b29ab6b8472581d4fad3e4e8485453e3a8344603

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations_retina.png.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39

Filesize
19KB

MD5
2167a16d695bfcd8484b119190d6d0d7

SHA1
e5e1bfc2b7ba6d6003c3c5cf1e1dc84c61d61195

SHA256
10d6b432118672140b38bef20406e8bd919092293679dbd15ab0b1aef0f6c931

SHA512
5ed51ee7b587cf17c2ead943bfde45f3c5d9adc2fa7668bd0a6f1f8547f00a12897d1acdb0638367a4d31babee63f512d31202c1cc7778cac136e8299d1ffeef

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-gb\ui-strings.js.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39

Filesize
832B

MD5
c0ad99c2ceb422c19d4ed25d0e1be9f8

SHA1
3463908d2667c1c48ca92d07081bca2f1f4fdde7

SHA256
f566a43ddfe7860463a46df0dacaaa00d6cfa4388c901071380d34407dfb53fd

SHA512
734a39bd873619ec21ac4c4156c1fab32ae77f2a33143cab15e279b89665fe476c8e513b41754b6bab2b1a39fc96686dc4a571110ff92ceb057ffa56997f1557

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ui-strings.js.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39

Filesize
1KB

MD5
96a7f4a16d769c4c43d5424a4dd78373

SHA1
6924bdba9c897f14edfd4ac1be44d6e278862745

SHA256
bfbbb200d98732efeac0b913e7c9e5c1b4041c5a4894778e45826a5e3a45c766

SHA512
67478432d38f52266bde0c1155041dad08e55ed6307524cd321cf8d52a948c5c8019f45badb9c1c49fa258935d244b4228ad50149b20c696bd2ad4950326d55b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ui-strings.js.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39

Filesize
1KB

MD5
9824e50b27a51b43cd8f8371faf60a1e

SHA1
898bcfd7d7f8c301c2b90b2081d59f9842750c65

SHA256
13fd90e7bac909982ff1bfc7530f80770c7d620b6607c5cf2440f0c663d67d68

SHA512
bd3683078f5ec2dcddabbce556b8ba320bcb1f16b5c5133fc4d72110fc49641e1b35a1968001b6ba038a6532f3b52b021c8a02f3fcf3aee485116f038bf338f5

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\css\main.css.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39

Filesize
816B

MD5
f1ae0902bf821349328ab3869eaa4e4f

SHA1
000d5bf4c593c63e40953e94cd301aa9e30805e2

SHA256
a98d8b3f5c39c416b3400674c4bcd53a8e2eee3693a754a9de6b9d7c4cb05a87

SHA512
2e864ff51652953e851983ef3fd4d74f39ab564edc8659ede3418dbbf9cf102bccf372faee99cd42bf001d20a51dba196b0d11c3c829559c8bb2d21b8df42942

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\bun.png.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39

Filesize
2KB

MD5
a492b1e4c0eeb3103af51ad532641a01

SHA1
cb3d524c45833721c1d4ba8c1cbf397837fcaf22

SHA256
2c170d35aa7d53414cbca45427868513dc74a916f5a4c8cb34c404b97dc1760f

SHA512
f454aa6d2c0027209bd4f4bf3d39080619034fec5a6ece97115cd77454db660a285ac354cd42efa6a2661f8ed83c6783ea0eaf691503f65f0692fce173174b5c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview.png.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39

Filesize
2KB

MD5
16480d410c0fa857ffae13b8eef84902

SHA1
b0483b9e8400b8cd4cb06c02a9c6fe45e7c67285

SHA256
c704e22e31f7e6c11031a4763352ff5361865e35b49d5f2effcf7c0a91b89da8

SHA512
fccb5f5fee108557f5f0f1d3f52baef89d63cb31c9a4d6ff822ac0bd9c567f9bebbe1ef515202027885c0d47af095d48d69dad6007f6d4e48b4460129ffc8f24

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview2x.png.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39

Filesize
4KB

MD5
36f40e62ae95bafea930c98527cc48db

SHA1
9926544b960809101a6633d5a8f296354a1eaebf

SHA256
9895c3aebd4b9a7e5484c88ab4b036c902544f1f44c89a74cd651dcd0153e340

SHA512
9ef2c74a935ec10bbbf773129578146100d793902cbd5729b4eae6435224d721b8f9eedeb6521cf36e65fadeae6fe86298b3292e3e1c6509b478e14c4e13adde

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small.png.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39

Filesize
304B

MD5
730fd4edb6cfd51c0df2e6ba28eee316

SHA1
c3527d327648db2fa408f9eae86baf4415b327f7

SHA256
961c09b555a8948d66d20a6c4d6f591cf072126de2d7f594635359e63f4f27c5

SHA512
8770a4b2e001c1de3f4013fafe005040f52c0b09b2f6b2bc977d3ea79787c4811de1ddda41cdba8e8587938d86d722b2f7b9ded801ee1cca305c96599bb01e89

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small2x.png.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39

Filesize
400B

MD5
d28349801806d49dd3f875cf61116dfd

SHA1
21c6db228ba86cf98e104d1ffa9b0b9ffbe6cf6c

SHA256
aa635b1cd86228661e1105eb37ba42910809b085374e6b2e9bea65af21ca4729

SHA512
505fdfa0ad5d81ff00a42104a522c07f6ee7825e9b02dfa8ba5b4a1d6df7ea64c2050d0779f2c5fea999cecfa130646fcc422943ca7a3c2e93653ec85f16e4d3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\nub.png.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39

Filesize
1008B

MD5
1ed0bc44ff2aafd35961f0fe5b1fa13f

SHA1
f2d6a3a6c5c47ebe42dd4a2013dbe3adf3459103

SHA256
89f6f7c2b8268255d556697d3f7943c3c52352200000100129970d77abc42cb6

SHA512
f9a46c9231e6cd18548a69340c7de4027ec8d0a45ca71193c196694ea729422a6901768102fdf5b61062b1eb67f845fd4645482b39d6d394166d6794341512d8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons.png.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39

Filesize
1KB

MD5
48fbcb16a6a2f9e428ad10ea005b1582

SHA1
4da4cf3de6b4afdf674ff62caeaa18b9715f5cd6

SHA256
d3a5b7ba2895ccf68c041f18776dfe02bdc324f5b2a1b932452b69ffe6b379a8

SHA512
659c2369f97da4fa6ea5bb0bbe5949ece30490167a9a8efed4cc1cc74cef3fb97cb08e073872925942fef7a1581c444906bb6193051678f766ac4fc5ae0c79bb

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons2x.png.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39

Filesize
2KB

MD5
7103f4729c598f67d537a9b1bc8a68ff

SHA1
954b9cb12b530cb94c6115ca384a10fcc1f72376

SHA256
9f38caa7913d0cabbfe64f94e292c212479c9c770ac3a189384d20c1ea096e0f

SHA512
d6a15c38e1d2cc3ae7b3079f8cea724ba4c84b8ba1e311eb4b45f35f9b47fde5aa13b98988c3fc759c65d105cf375266718e063ff7e0fbaa1bcc768653a6eebd

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\nl-nl\ui-strings.js.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39

Filesize
848B

MD5
0ea1db553ffc9bc8f4824f2f862448c7

SHA1
9411507129aa481faedb7f356b9d62f6f70f8a5d

SHA256
b328f007ccca6995216d6ce0ab64da0f9cda8c90df8666db3718a15e49d519f7

SHA512
76319cbec267b06000c1fe8723325c2d84c03894b4dfca8e6eab5f794dd75d3b3c92ce073256e203e069ef47e7449372bdfc09357e3652fc12f02fa8800ca9be

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39

Filesize
32KB

MD5
6df4523d4cb9bb56b096a00afaf6cd23

SHA1
0a5115850d9dd898e6e559a19be4cf5e699ab708

SHA256
e1620fe1700eed8c9e1d2b508aaffa9bd718a9fa7bfe8417cd15b41c0f1464e0

SHA512
12c7895b621dab5bec91c0f9ce8124792f35408d97df16564a88ee315384932538eb5ecb4c2731c28bbb9b4309481d70fd4aea16c11865cec4f4bf8673ebbeed

Download Submit
C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Trust Protection Lists\Sigma\Other.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39

Filesize
48B

MD5
8a532f115d75506eab99c969df11e75a

SHA1
bd0676e2926947063c568cc6c3389eb13a894358

SHA256
6b007213e5786c95eff944d57eebdec60c2b15fc5426d70bd8286d90df25268c

SHA512
666ea6a34c7b9ff6604ba6e3fd79ec10de516a0ac0177d9b6e5058746157669e2383fe431153a13a8c74325feed6d2eddfc13c0d9e59c09bcf6ad51e2a4532b1

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\ResiliencyLinks\Edge.dat.DATA.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39

Filesize
12KB

MD5
b9fd717f1aea7255d84b6525b6311870

SHA1
372d35f3359f113ab33398c69f704fb88a332fcb

SHA256
1d69e997894b6a7ca3720dd0cf4d337dea39aa9c026b75f972b6599408f829ee

SHA512
1d49a97011e404aaf2de1b9b793c09c249d2549a34adbdded890e751e5f78536ce8b3c5b76df221f4dba22436833db6a01ec6b245a3e2296a665cfacc14abd61

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\ResiliencyLinks\EdgeWebView.dat.DATA.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39

Filesize
8KB

MD5
004512fca4c171a31e0108cf51de01a2

SHA1
e983334f4a914d16a3777a9f91d722bb52aa09cb

SHA256
e3a861b0fcca10a37604a32fcf4dc767e026222f664c205b61ae89d4d8e36e76

SHA512
e13b5fc136c87a682e96df829fbcfd4cb350feaff47cdf80f735552850f4d345d9dd4fae025a8c5611a738115a412ec20848f2a191214586e7845a3581964d86

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\ResiliencyLinks\Extensions\external_extensions.json.DATA.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39

Filesize
112B

MD5
8928bcff1e94ff1fddbeb6ed6cb1cc87

SHA1
7ef9f729fcaa04acb6bc652952fa4a2c3a0c0bec

SHA256
306b573ce9a92f2c9ec6cf75e23a1bdae5a729e2b3c18df7210f34c872181928

SHA512
cb4167edef73aebaf8792b025a64f52822ce520fff9cd1b511deaafcb74e2861d42e3f5d02c87984962baec4d110c2a6cb3edca88eeda993640a5044386c61f8

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\ResiliencyLinks\identity_proxy\win10\identity_helper.Sparse.Beta.msix.DATA.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39

Filesize
53KB

MD5
8f4085ad28abf49f8789b993bc4a020d

SHA1
3a75ed09ddada4d384790ab546360c57c799dde6

SHA256
1f17ee60cf00b6d039eb1298a23e09a246c68f52f68b4dd3c0e211c97ca86e6a

SHA512
7e1310e2676c2a580ffe3f87a3706682b81f05a97273a420908226b2bb3267744cffed88c74dd6d51e92807a6591afe21d217505dee317ea33a0d2e311a46b2d

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\ResiliencyLinks\identity_proxy\win10\identity_helper.Sparse.Canary.msix.DATA.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39

Filesize
53KB

MD5
596b0365ae0b7b7c22cbdd9bec890003

SHA1
5fb271c3414e1a22d723240a157003e723a1b689

SHA256
872c171264584118b5c49ae1d78d2d53e345f92b7357fd0aa5bf88ee2f1121f6

SHA512
d3c0fc0d18467c1f34cae08ebd7ad7228f7fc8c831f976cc7a3e38f3b4c9d53b5c636ce13b5c15359710f158f059bbae260ecd3f40fd4d2181c07ccd1616b36c

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\ResiliencyLinks\identity_proxy\win10\identity_helper.Sparse.Dev.msix.DATA.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39

Filesize
52KB

MD5
4e23c07d04f641cdff4e55ff192440ca

SHA1
44151f99767059547e0fb3c13acc0b57dab2c92c

SHA256
4ae471228ed6836c1e244c5e101e3bfea9f3e4bd3a0792488eceba839c2642a6

SHA512
e620ee8672294c9233b582b782a7ce18e34a5ab8260291b43e9ee84a33cdecd5dc592e6e20df09deadc517cdb0f892c55c9225f812379c6637f9dcc0e7a58989

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\Trust Protection Lists\Mu\LICENSE.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39

Filesize
34KB

MD5
46f754e97607a07d64a7facc95a833b9

SHA1
f113f3538c1c8bf74c72003b3e5cfa58c662e147

SHA256
0a1c2d69ea0ca1568f4b5f2b21d237ed9db09f361b0fb91b111cdd7a6d103611

SHA512
8d250eafa066c949cbcf0ef1233226620db3fc787db2f76cc6cb75985176d866680ba5babaa5bfbd585b2292d9e836b835f0e5bfefb95e0c4590a6d7ade1f164

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\Trust Protection Lists\Sigma\Cryptomining.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39

Filesize
48B

MD5
dc1c89692d2c8822db43ee00732a8934

SHA1
5bd6b62c6bcb5fe4d305aa2510e7b2e2f9e28478

SHA256
992a47ff6781a72b98939a09bd581e234cbe03946381311fb144f2331906b952

SHA512
01b5f3f87ef123e1ceced77234aee3218e07336b34a5fd5a1c74d917daa014908477312cdaf932f10cade9e2736348f4fd12234a76bfa6fd573fe6e1fcee72e1

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\Trust Protection Lists\Sigma\LICENSE.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39

Filesize
80B

MD5
9e5da30b89c85e34eaedb7583860706f

SHA1
58c5832003d10cdf0feb6afb367bb3c5b0674f2b

SHA256
bf7e129e9de93deee0fd381a6cbf3ff5bdc19e2889af4f9e3c2e1aa5ca576037

SHA512
1e1c4cc77ebd3c3238a2639aca8941fc552edf0ce67f27d4f79ef8ec144f52cbe9468689a17cfe7aa68ccc6f273dd59fc97ecb38e4c2d97edae23905a7980612

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\VisualElements\Logo.png.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39

Filesize
31KB

MD5
a4b3ac6669da17c56f176b749727ae0e

SHA1
da85eb7546d4e579abc9e3fed72ca670bdc33c5d

SHA256
06a9063485d0980b75cda2710b8a5c92767ad483144c1a9db4a3132fbd306268

SHA512
a5fa4a0d285fb5858d9d1363a52305153b383d1785afe045efb753376e8db502cf2765901ab04eebaa1a50bd6ea4a8456f76bfdf5b38a2b765bd9127738d8885

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\VisualElements\LogoBeta.png.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39

Filesize
29KB

MD5
7eb7e219ef50019f23ab2a18e354de5c

SHA1
6723ad8cbc41f23ad0fcdbd9704f4399a519caba

SHA256
5554783b8bb7889bd9df4954f7406d3137b9b0104a89c2fe0f67941491eef51f

SHA512
a0f317f32d27326678979640d72d6d01d08dd1ff75cd315319fd9e78b7c650de34f7de05899ec837f4944d3118661a41449e5c1846a4540e0d47683c470915c9

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\VisualElements\LogoCanary.png.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39

Filesize
29KB

MD5
beba0a4f70772e9280d5f02492bc66e1

SHA1
c3a5fc24647cd83333667ea45d4859d26dfd67b7

SHA256
f63a312fc63dbfa0fbbf2f4a5dfe00ac79ab5698e0f00454d335096f27645ea6

SHA512
1cd59adb019f1fcefa55b3ce839c442d1e00a6891cef97f9da43fa36e916a438ac4b0aa32b9acf700f17701c0abff938bdfeba3d3c54aab92ee77450c75ce54e

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\VisualElements\LogoDev.png.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39

Filesize
29KB

MD5
7e9fd5676f916106535ee2708c641106

SHA1
698d07018487f2fbc0a369e9aab10261026d69b4

SHA256
9e799696a42045c9be0d32c390f778b2f35327d233d19d092bd87abf23ab5bc6

SHA512
297ad9c31a6c467d0ca43b63d752ffdfefab454bfeccb05b53d6b55243eaad21806b3a9332bba61825e2779d9502a9ddb9aea192364f6c46cfabcebd9205294b

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\VisualElements\SmallLogo.png.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39

Filesize
15KB

MD5
da4b0929dea02dc8f69ed217f252907b

SHA1
be136d3e2d88fec70b7414de79b4c89451a7f89b

SHA256
1b5289a61009fce06b3a11e5faa4648f23d9968c803c064fec1772607384d1cc

SHA512
c7293169a33831a61c76c5faf65ad543426e3075a655e20d3992eb8bff864d47321eb0ec9db5124a55e1f0c10d0c4056d2d63abb5cbeb1bfd6de48b68f3235d3

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\VisualElements\SmallLogoBeta.png.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39

Filesize
14KB

MD5
8c30a22641d1a33fa4151ff60c10ad97

SHA1
8fd1a0418b7a3fbec26b3c323b8c06a93f92bbb6

SHA256
63fd491f469dbe77e6e6706b63c2c9201a7c8a3d1ead9a7a6e435d2aec527dd1

SHA512
1323dff8600155f943ad3083acf5b420edbfd4bda53adb865436bbd11893ec76ac16207b2d36b906bb577b2453885e48dc3e5dca394b038f7d4fa90942d53448

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\VisualElements\SmallLogoCanary.png.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39

Filesize
14KB

MD5
8c49fc564b9ae28ab00f52fda10af22c

SHA1
76c504b5ebdb5dc03cc6744d8326aaee0964605e

SHA256
c0cdc6f095501a0b1abff919afe8d6c25dbac017c75eb35bd57585efa5ed07e2

SHA512
ae3596cbfdd50782c11689b9d7e9431172b876ca6d92de654e2356089b961fbea5c3649f76e4c281a33e2c93a4ddaf11101b3dbf795b72aa258604382ffe6b7b

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\VisualElements\SmallLogoDev.png.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39

Filesize
14KB

MD5
3cc9267476977ccbf4f193b6a7799c11

SHA1
218c2e7ae8f15277a972471bd3a8e8f7e37f038d

SHA256
0cac2bfa60ba37764fc36f34b18143add0c61897a58c7d688fecbddaf5547a6c

SHA512
8e8ebfaabcc5404ea6e2149902f7a79826823552f42881302ff09a0c978586c2070b9d5e4cc60f964327ba17628b09f044a0a1362b0ab63b5ab1ba3747e3a3eb

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\identity_proxy\stable.identity_helper.exe.manifest.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39

Filesize
1KB

MD5
04ad3cbc66b54851c31a442933e93d0e

SHA1
c4d007473193a525ddeaea730ed8db3cf351fddf

SHA256
e8fdecab4a1bb667f564bd81b93fec6ef0aa0afd1ff1e4579148e33cf93a72f0

SHA512
83181df0d14a3abe0c4b19a30ed0df3b1e97d85e5f688450b18eeee89dd6d75aae70173d0f9c8955c7598353c54ffb385a271f3c30aefd2f8839735c857e8e08

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\identity_proxy\win10\identity_helper.Sparse.Internal.msix.317E6DB7F6301F8047FB673324D0911F527B24E86C0F929E7C8752982A2DED39

Filesize
56KB

MD5
352a162e50c5811e56090c81cae71b68

SHA1
eb94c09619b2ef9fd9e801ff342fa32336bcf76b

SHA256
31ed06955669b81acc2d7795f4a2a3b38d46a155b4b097153d27c3588bc54c00

SHA512
c2820db4182d57656107f2bfe88bbb7172b9d9a3407af49fd557452a5a0556f757859c9305673185d4ef2490730c320576436109bc541235cce2a60fe7aed206

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
825fb95a70bf7b56cfcda1f118800f98

SHA1
15f1e212c1fb567c70ff4f716a4bba81f2857e0a

SHA256
2280c42f8ca4302a1d37d63532e3e981e33b596e3b2e930ce40b390dc0f09104

SHA512
987189b84f58e5d64b662f80f47ae797bcf46aeba86584cc17afabd2f25885a4cf48d80400154ba22eeee1131b84f882cd1998d1686ee12013218f52049bc6d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e45a14e89fdf82756edc65c97e606e63

SHA1
42ce594393a4ce3b4e1c79dbe424841bd3f434c8

SHA256
49af9d716c69fb93ebee18e708f4ceaab99abf505abcbad1bd46c60ace03da9f

SHA512
6af0cabb253026d7613065e7274f8be114fc2cbd0134e8d518a417bf4b2b94ffc8b9c05be4e47685ac6d7246e28c11a86852ee4b6e934bf6c6d56b6c97428425

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
3bfaa6aecf2e344c83beeca7290c84a4

SHA1
933cd8ab156228ff42c69339c3b5f6305ca1a804

SHA256
151b9bbd35598d8ff5655b79ccc6c24e3771786f32a939ac5f5b33ecb30c1870

SHA512
2db739d925c733a98cfa3868cf1a602ac67a89659f7ebcb1c03bb03eaa48889d599d4f87f89147ec2204717227897bfab38eecbce049ba1f34d554e16bdd7899

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
579B

MD5
46fa4f5f7344089589d117bd7599b3a9

SHA1
b6cc1fe19e527d4a372c97e4d195ed94eee40030

SHA256
223280d95a13f1af6af06459bbf230874500c212a2e16f63914eff3f22e8b57a

SHA512
6b680aedde7e806802652aab9ab31cb21438bc8756b063955e6f03bbbdf1273f7d47c40ec1a19fe27537afeb8d6cc219a246d31f7c6822b481649fe296e2a45c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9a0cae452a435712dd1fd3f32ad89c0a

SHA1
0b5f9ac262b38d49eed79ee57f6d790b1b99b638

SHA256
d8aabec90853d7b1e9a3c90483642e609bf310d8e50e656c39802bf6c261722c

SHA512
e9aba4d72a1cf7badae23906f2f08f7bf01e25917473439f736d515bfc969711f85af61e1c19b1333ba0dce24a4dec78237b27ea32abfdfcd34d3ce2eb2500bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
db2d35d9888ac4d3f70a1dc88a5d39c6

SHA1
cd01d3ebaa8a56fbd7e828f51c29afd1e7e01b1c

SHA256
346648c53b80b1889c04f0ff182c5479f39cbc33249d23a9ea1e7e6e2dfce543

SHA512
ce91860822707f60138e52751129da0ab1dc1623c13279947d22f978a8479cff3760cdedd1313af609658b278c415ce9677fe9d15ba2137312f5caf16cfc8f12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c948354b2654a863b11b6abd40387e5f

SHA1
741e11429886c1c9e1473ba806d11cd11bfb19e6

SHA256
a2b71f9dfc8ac1b5a8da65996a334d1b97afb600d42cf7349d9c259dd5c8c4a7

SHA512
9e40696e5bc4076088d503e306e73701a4229d463142b12f47cee8927006b3fc94ab3292a1f53c164a0129676dbe85b5b8d020d7d6d6cebd13cf853f3edce282

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3fafad774eb34613e1572fe6320c5f0f

SHA1
5926dadaabeb739d7462ee0bf0e3f57be9ba1dd5

SHA256
198beec217e9b139513cf27fdf17609780d74f173beb87fa0663d5ac12fff635

SHA512
e49392631fab7a1e7c2212cee2cd5a6673f63390c2f97bb965800acc9d604d60c7ae26f9c0ea8c75e2fe23fa34dea2ee97a2d62b87667fb4ac0721144a961e48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f6a4.TMP

Filesize
1KB

MD5
eb15c2dde6835b92ad02cae56761c291

SHA1
9ca205fe306c662bf0ec634333e8354228cab067

SHA256
4365528b8178f5cb1e008a7016846debb5b0d4b79772e293b09ae107d8747234

SHA512
3b2cd7c91f5d4d0fde9380949b9672ca88361936e3c4a07edcfb1e71e046dd4d5930d2df6a7cb0a3079d7815d3983ad98b6b9cfe6eb8742b7d083a4489d47e7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
74dd6c261e38e68b6de4b71a665cefbc

SHA1
55783a2378215a0a0eb7b5179a05ee413986f5c0

SHA256
91f7f8683df42f451f1dc0de11ff2a00c69589415c3354fa53d2b446d1de3fb6

SHA512
647fdede009d74360796ec53dcef801fe82f48cdd0e381c3d405ac31cfc48134404be20630ecc01fd7ecd7720c0944efd72dcf06b38d54af52d6c2a933609f95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b1da87095ce0daf99e8ad7b9d1b80c0d

SHA1
7897ac627bebee9456dbba702d3aa4d52879dae2

SHA256
5862b9128f49c39a97ab23ace2140912d63bb263156375ee70085f421daebbd4

SHA512
1405c2b2c80bf5c024cc4dc5732a6592cb2e99835987904e12a67fb1b617973ceb2db93995586fc87b5fbdd90600318a17e62d93db8d73d92131a82f61053c75

Download Submit
C:\Users\Admin\Downloads\InfinityCrypt.exe:Zone.Identifier

Filesize
55B

MD5
0f98a5550abe0fb880568b1480c96a1c

SHA1
d2ce9f7057b201d31f79f3aee2225d89f36be07d

SHA256
2dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1

SHA512
dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 233800.crdownload

Filesize
211KB

MD5
b805db8f6a84475ef76b795b0d1ed6ae

SHA1
7711cb4873e58b7adcf2a2b047b090e78d10c75b

SHA256
f5d002bfe80b48386a6c99c41528931b7f5df736cd34094463c3f85dde0180bf

SHA512
62a2c329b43d186c4c602c5f63efc8d2657aa956f21184334263e4f6d0204d7c31f86bda6e85e65e3b99b891c1630d805b70997731c174f6081ecc367ccf9416

Download Submit
memory/5412-233-0x00000000006C0000-0x00000000006FC000-memory.dmp

Filesize
240KB

Download
memory/5412-234-0x0000000005280000-0x000000000531C000-memory.dmp

Filesize
624KB

Download
memory/5412-238-0x0000000005500000-0x0000000005556000-memory.dmp

Filesize
344KB

Download
memory/5412-235-0x00000000058D0000-0x0000000005E76000-memory.dmp

Filesize
5.6MB

Download
memory/5412-236-0x0000000005320000-0x00000000053B2000-memory.dmp

Filesize
584KB

Download
memory/5412-237-0x0000000005190000-0x000000000519A000-memory.dmp

Filesize
40KB

Download
memory/5412-4368-0x00000000069A0000-0x0000000006A06000-memory.dmp

Filesize
408KB

Download