infinitylock | cfa4daab47e6eb546323d4c976261aefba3947b4cce1a655dde9d9d6d725b527

Analysis

max time kernel
136s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
09-04-2023 06:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

[email protected]
Size

211KB
MD5

b805db8f6a84475ef76b795b0d1ed6ae
SHA1

7711cb4873e58b7adcf2a2b047b090e78d10c75b
SHA256

f5d002bfe80b48386a6c99c41528931b7f5df736cd34094463c3f85dde0180bf
SHA512

62a2c329b43d186c4c602c5f63efc8d2657aa956f21184334263e4f6d0204d7c31f86bda6e85e65e3b99b891c1630d805b70997731c174f6081ecc367ccf9416
SSDEEP

1536:YoCFfC303p22fkZrRQpnqjoi7l832fbu9ZXILwVENbM:rCVC303p22sZrRQpnviB832Du9WMON

Score

10^/10

infinitylock ransomware

Malware Config

Signatures

InfinityLock Ransomware
Also known as InfinityCrypt. Based on the open-source HiddenTear ransomware.
ransomware infinitylock

Modifies extensions of user files 2 IoCs

Ransomware generally changes the extension on encrypted files.

ransomware

Processes:

[email protected]

description	ioc	process
File opened for modification	C:\Users\Admin\Pictures\AssertSubmit.crw.3D033B43285AB23C82E305945FDBD2B974125E854FFE05AEEA69F5D675F30267	[email protected]
File opened for modification	C:\Users\Admin\Pictures\PushComplete.tiff.3D033B43285AB23C82E305945FDBD2B974125E854FFE05AEEA69F5D675F30267	[email protected]

Drops file in Program Files directory 64 IoCs

Processes:

[email protected]

description	ioc	process
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.173.45\msedgeupdateres_it.dll.3D033B43285AB23C82E305945FDBD2B974125E854FFE05AEEA69F5D675F30267	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\back-arrow-disabled.svg.3D033B43285AB23C82E305945FDBD2B974125E854FFE05AEEA69F5D675F30267	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\fr-ma\ui-strings.js.3D033B43285AB23C82E305945FDBD2B974125E854FFE05AEEA69F5D675F30267	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\nb-no\ui-strings.js.3D033B43285AB23C82E305945FDBD2B974125E854FFE05AEEA69F5D675F30267	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Download_on_the_App_Store_Badge_nl_135x40.svg.3D033B43285AB23C82E305945FDBD2B974125E854FFE05AEEA69F5D675F30267	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\ro-ro\ui-strings.js.3D033B43285AB23C82E305945FDBD2B974125E854FFE05AEEA69F5D675F30267	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Locales\hi.pak.3D033B43285AB23C82E305945FDBD2B974125E854FFE05AEEA69F5D675F30267	[email protected]
File opened for modification	C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Office.Contract.v9.0.dll.3D033B43285AB23C82E305945FDBD2B974125E854FFE05AEEA69F5D675F30267	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\pt-br\ui-strings.js.3D033B43285AB23C82E305945FDBD2B974125E854FFE05AEEA69F5D675F30267	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\themes\dark\s_close2x.png.3D033B43285AB23C82E305945FDBD2B974125E854FFE05AEEA69F5D675F30267	[email protected]
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\goopdateres_en-GB.dll.3D033B43285AB23C82E305945FDBD2B974125E854FFE05AEEA69F5D675F30267	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\Locales\it.pak.DATA.3D033B43285AB23C82E305945FDBD2B974125E854FFE05AEEA69F5D675F30267	[email protected]
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\ja-JP\PSGet.Resource.psd1.3D033B43285AB23C82E305945FDBD2B974125E854FFE05AEEA69F5D675F30267	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\S_IlluNoInternetConnection_120x80.svg.3D033B43285AB23C82E305945FDBD2B974125E854FFE05AEEA69F5D675F30267	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app-api\dev\app-api.js.3D033B43285AB23C82E305945FDBD2B974125E854FFE05AEEA69F5D675F30267	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\images\themes\dark\s_radio_unselected_18.svg.3D033B43285AB23C82E305945FDBD2B974125E854FFE05AEEA69F5D675F30267	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Acrobat_visual.svg.3D033B43285AB23C82E305945FDBD2B974125E854FFE05AEEA69F5D675F30267	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.173.45\MicrosoftEdgeUpdate.exe.3D033B43285AB23C82E305945FDBD2B974125E854FFE05AEEA69F5D675F30267	[email protected]
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\it-IT\PackageManagementDscUtilities.strings.psd1.3D033B43285AB23C82E305945FDBD2B974125E854FFE05AEEA69F5D675F30267	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\fr-fr\ui-strings.js.3D033B43285AB23C82E305945FDBD2B974125E854FFE05AEEA69F5D675F30267	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themeless\compare_poster.jpg.3D033B43285AB23C82E305945FDBD2B974125E854FFE05AEEA69F5D675F30267	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\themes\dark\Close.png.3D033B43285AB23C82E305945FDBD2B974125E854FFE05AEEA69F5D675F30267	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\MinionPro-Regular.otf.3D033B43285AB23C82E305945FDBD2B974125E854FFE05AEEA69F5D675F30267	[email protected]
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\goopdateres_sk.dll.3D033B43285AB23C82E305945FDBD2B974125E854FFE05AEEA69F5D675F30267	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\themes\dark\s_close_h2x.png.3D033B43285AB23C82E305945FDBD2B974125E854FFE05AEEA69F5D675F30267	[email protected]
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\en_CA\README_en_CA.txt.3D033B43285AB23C82E305945FDBD2B974125E854FFE05AEEA69F5D675F30267	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\forms_distributed.gif.3D033B43285AB23C82E305945FDBD2B974125E854FFE05AEEA69F5D675F30267	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\rename.svg.3D033B43285AB23C82E305945FDBD2B974125E854FFE05AEEA69F5D675F30267	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\images\bell_empty.png.3D033B43285AB23C82E305945FDBD2B974125E854FFE05AEEA69F5D675F30267	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\es-419_get.svg.3D033B43285AB23C82E305945FDBD2B974125E854FFE05AEEA69F5D675F30267	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\zh-cn_get.svg.3D033B43285AB23C82E305945FDBD2B974125E854FFE05AEEA69F5D675F30267	[email protected]
File opened for modification	C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0.dll.3D033B43285AB23C82E305945FDBD2B974125E854FFE05AEEA69F5D675F30267	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeLinguistic.dll.3D033B43285AB23C82E305945FDBD2B974125E854FFE05AEEA69F5D675F30267	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_sortedby_up_selected_18.svg.3D033B43285AB23C82E305945FDBD2B974125E854FFE05AEEA69F5D675F30267	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\de-de\ui-strings.js.3D033B43285AB23C82E305945FDBD2B974125E854FFE05AEEA69F5D675F30267	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\themes\dark\adobe_sign_tag.png.3D033B43285AB23C82E305945FDBD2B974125E854FFE05AEEA69F5D675F30267	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\new_icons.png.3D033B43285AB23C82E305945FDBD2B974125E854FFE05AEEA69F5D675F30267	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\acrobat_pdf.svg.3D033B43285AB23C82E305945FDBD2B974125E854FFE05AEEA69F5D675F30267	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\zh-cn\ui-strings.js.3D033B43285AB23C82E305945FDBD2B974125E854FFE05AEEA69F5D675F30267	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\themes\dark\check.cur.3D033B43285AB23C82E305945FDBD2B974125E854FFE05AEEA69F5D675F30267	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\ja-jp\ui-strings.js.3D033B43285AB23C82E305945FDBD2B974125E854FFE05AEEA69F5D675F30267	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\faf_icons.png.3D033B43285AB23C82E305945FDBD2B974125E854FFE05AEEA69F5D675F30267	[email protected]
File opened for modification	C:\Program Files (x86)\Windows Multimedia Platform\sqmapi.dll.3D033B43285AB23C82E305945FDBD2B974125E854FFE05AEEA69F5D675F30267	[email protected]
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\goopdateres_mr.dll.3D033B43285AB23C82E305945FDBD2B974125E854FFE05AEEA69F5D675F30267	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\Locales\de.pak.DATA.3D033B43285AB23C82E305945FDBD2B974125E854FFE05AEEA69F5D675F30267	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\pt-br\ui-strings.js.3D033B43285AB23C82E305945FDBD2B974125E854FFE05AEEA69F5D675F30267	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\css\main-selector.css.3D033B43285AB23C82E305945FDBD2B974125E854FFE05AEEA69F5D675F30267	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\de_get.svg.3D033B43285AB23C82E305945FDBD2B974125E854FFE05AEEA69F5D675F30267	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\sk_get.svg.3D033B43285AB23C82E305945FDBD2B974125E854FFE05AEEA69F5D675F30267	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\ui-strings.js.3D033B43285AB23C82E305945FDBD2B974125E854FFE05AEEA69F5D675F30267	[email protected]
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\goopdateres_hi.dll.3D033B43285AB23C82E305945FDBD2B974125E854FFE05AEEA69F5D675F30267	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\Locales\gu.pak.DATA.3D033B43285AB23C82E305945FDBD2B974125E854FFE05AEEA69F5D675F30267	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\pl-pl\ui-strings.js.3D033B43285AB23C82E305945FDBD2B974125E854FFE05AEEA69F5D675F30267	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\ENUtxt.pdf.3D033B43285AB23C82E305945FDBD2B974125E854FFE05AEEA69F5D675F30267	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\SearchEmail.png.3D033B43285AB23C82E305945FDBD2B974125E854FFE05AEEA69F5D675F30267	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\illustrations.png.3D033B43285AB23C82E305945FDBD2B974125E854FFE05AEEA69F5D675F30267	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\sl-sl\ui-strings.js.3D033B43285AB23C82E305945FDBD2B974125E854FFE05AEEA69F5D675F30267	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\en-gb\ui-strings.js.3D033B43285AB23C82E305945FDBD2B974125E854FFE05AEEA69F5D675F30267	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\ja-jp\ui-strings.js.3D033B43285AB23C82E305945FDBD2B974125E854FFE05AEEA69F5D675F30267	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\ru-ru\ui-strings.js.3D033B43285AB23C82E305945FDBD2B974125E854FFE05AEEA69F5D675F30267	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Locales\pt-PT.pak.3D033B43285AB23C82E305945FDBD2B974125E854FFE05AEEA69F5D675F30267	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\Locales\hr.pak.DATA.3D033B43285AB23C82E305945FDBD2B974125E854FFE05AEEA69F5D675F30267	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Trust Protection Lists\Mu\Content.3D033B43285AB23C82E305945FDBD2B974125E854FFE05AEEA69F5D675F30267	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.173.45\MicrosoftEdgeUpdateOnDemand.exe.3D033B43285AB23C82E305945FDBD2B974125E854FFE05AEEA69F5D675F30267	[email protected]

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

taskmgr.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

[email protected]

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	[email protected]
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	[email protected]

Modifies registry class 1 IoCs

Processes:

OpenWith.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings OpenWith.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

taskmgr.exe

pid	process
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

Processes:

taskmgr.exe[email protected]

description	pid	process
Token: SeDebugPrivilege	2236	taskmgr.exe
Token: SeSystemProfilePrivilege	2236	taskmgr.exe
Token: SeCreateGlobalPrivilege	2236	taskmgr.exe
Token: SeDebugPrivilege	1576	[email protected]
Token: 33	2236	taskmgr.exe
Token: SeIncBasePriorityPrivilege	2236	taskmgr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

taskmgr.exe

pid	process
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

taskmgr.exe

pid	process
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe
2236	taskmgr.exe

Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

OpenWith.exe

pid process

2176 OpenWith.exe
2176 OpenWith.exe
2176 OpenWith.exe

pid	process
2176	OpenWith.exe
2176	OpenWith.exe
2176	OpenWith.exe

C:\Users\Admin\AppData\Local\Temp\[email protected]
"C:\Users\Admin\AppData\Local\Temp\[email protected]"
1⤵
- Modifies extensions of user files
- Drops file in Program Files directory
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
PID:1576

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2236

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2176

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\icudtl.dat.3D033B43285AB23C82E305945FDBD2B974125E854FFE05AEEA69F5D675F30267
Filesize
16B

MD5
30be2b7237ad8fc44cf7367f50f66fd5

SHA1
8f8b7e70245fd57d08f646d5d3ae801e62270fff

SHA256
eedf4a9c12c05cea558f44d4ebc0df43f9107e99946b956e73281f4d91272999

SHA512
5a1779105ee7613b5fa8cb00324cb962ea9a2b9b01cc0e738edf93b6c025f45ced187439ef39fe33b04bf4b722c54869f94f378bc7e3a808553e84f962d034ee

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_remove_18.svg.3D033B43285AB23C82E305945FDBD2B974125E854FFE05AEEA69F5D675F30267
Filesize
720B

MD5
a3a738b478c7295e29689caa795a0223

SHA1
c823b1ac092981809b6a5d115f4a36e819034b8d

SHA256
9c6d7c3b300bb6dfdc09dc0b7d0ff4e30814206f47c06a6e4add22b7a8f371b9

SHA512
c01dfb22eecaa767189fb41b5b017f2527f001d9265002e1ac6f97112a3bf65627a528c90c7e7a79d5a46979f458740dee0e76d5b841200b523aac8281eab1ef

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons.png.3D033B43285AB23C82E305945FDBD2B974125E854FFE05AEEA69F5D675F30267
Filesize
688B

MD5
5ccb462c7ee635dd30ed2be713207095

SHA1
899a9fdc268493c35d7b53f2ca8f2b63a12a13a4

SHA256
aa25b8742e31f76496631e2e76650572e3b51fb92c2e8ad975d5015ab3b4fa26

SHA512
c751d809fcfede82f1fbeccc88c048552d7c0834e384d1c12f4972670836cb67ba51b9185544220ec207e0d9d5f848dc8f72f509fd2ce8dba90d268083a077af

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons2x.png.3D033B43285AB23C82E305945FDBD2B974125E854FFE05AEEA69F5D675F30267
Filesize
1KB

MD5
a81c3f606e6e5eea4a8190e664161238

SHA1
642f412e05bb3411b4c3aab18eac1b688d8d12fb

SHA256
3084a6705b1d671f65bb00ebe05af35ef25b2371e4b57bc0f01eba9a8ada820d

SHA512
e0187194420fe01fd500e9656c918401ef1e29d3862504261f87fb4b9bfe63116f1f0e6e93f67cc85f6063a0f3c9152ed6ca526b853d62499e218259d9ffc36d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon.png.3D033B43285AB23C82E305945FDBD2B974125E854FFE05AEEA69F5D675F30267
Filesize
448B

MD5
36f0b2195a743cf0258d777c0fe36dc7

SHA1
25856d4981c859d05cefc5f545a0c2f58f7146d6

SHA256
b58f88a92f5936e8e1596f682dbc0b8409fbaba422a27f8e5bb72c7e5be2fda5

SHA512
ac496d54a6bde78cfd38c996f7528866ae53cd9d77ab43f35f47f333be37cd1654eca8992f75788f91290d4eb62c19b67f41102bade0ef52604bded1f2948421

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_2x.png.3D033B43285AB23C82E305945FDBD2B974125E854FFE05AEEA69F5D675F30267
Filesize
624B

MD5
0ddae3de96bc43cc1d9b228610dda32d

SHA1
cf7e8fc9dacecee2676c635a8e522be846d4bed4

SHA256
ab036a9fb13e1b7895b287d5427c926e93f88596948651b76e484a2f463cd0cf

SHA512
dd5cbd3c9ece6a97dc429caabc2939cdaf685432e28758eb904b067b521012d1c58aef0400e8bc2bd4c0cafc028a0b035fcb92db8b0f878503fe0b4a08133377

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover.png.3D033B43285AB23C82E305945FDBD2B974125E854FFE05AEEA69F5D675F30267
Filesize
400B

MD5
d2c1dfe26eed53a9df5176c6cb0e03a8

SHA1
f743ddd82460d88cbc4471c4fb20b6026ae84b08

SHA256
4683ddbe952bf7e5ce64171ee05803bf93ca69a7b1288d2000b3e1192e2d973b

SHA512
df35173ef22f018d3fc24d1ab0f9bbacfabcccbd4b38b4c0144baec2733adb5b9ab4b2200210537b1791caac681ce03fb8514b43020eeed298bf15d52de47d6c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover_2x.png.3D033B43285AB23C82E305945FDBD2B974125E854FFE05AEEA69F5D675F30267
Filesize
560B

MD5
c253070e6919d511e34e0a889a413df7

SHA1
5d5d0564f602d29647f6a80b63f7f1cfcbf0c470

SHA256
710c53ceb89b62742deeb7e6bed73bd8d00392385b1a1aef61f6d6c45cb70c96

SHA512
30c7213af2bd05c9b079235d4548e6eec96b17e001b5b24e0186983b1c445f75eec55949af8cbc509dab906cf114f0f0e821fd77e7336378e22bfa31095557a7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon.png.3D033B43285AB23C82E305945FDBD2B974125E854FFE05AEEA69F5D675F30267
Filesize
400B

MD5
e6d7ee7df87506ce3f2f72aa4c98d2e7

SHA1
effe04a1ea12c2f6f3d8b425417ee1b3ed58bd45

SHA256
958b2f3be37ac65bb32e75eb98d8bcb9abe00671597e24f7643e9e14f879e2b0

SHA512
ad4caabd19c1ae3ff0ff5adaaaceb95abdf1eb8401b6f38e96b97230ed353921475c9a5b9456fec90084c932b7ddabb074fd62fb61cab487af7d4c751073be06

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png.3D033B43285AB23C82E305945FDBD2B974125E854FFE05AEEA69F5D675F30267
Filesize
560B

MD5
247bde43f5cc91afac0cf53f1ce9b484

SHA1
452f306c6eca724fb572b5a3eb711453b7e31626

SHA256
060027b9d08f234bb30c91103dd9a5bba9bd8e032030fbd52410f052d190d1cd

SHA512
ece600a495e1235e13057808f93e0c8dd46bd3f239dc89a8ed7883ff165956a965c4cfb2600231b1755d08248db57657dd699bebaf54734bd143e07335b6f005

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png.3D033B43285AB23C82E305945FDBD2B974125E854FFE05AEEA69F5D675F30267
Filesize
400B

MD5
8f28ac92e3773b0edbc82c0152d4c8e8

SHA1
c82c26f9667798251f99e8a1d5b8a4e3233a65c4

SHA256
ddd5b687d235edfe6c614c1bf397902f32088bc0e8b0e1f3f1194696c5b9d649

SHA512
b3dc0187b5c9be8a11b8d49a0c6efa5e748009534133d01d1999cf61fcd4dabe23af9d911afdab9ee821768f1db72edb0cf788220edad63734f246365e8ac518

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png.3D033B43285AB23C82E305945FDBD2B974125E854FFE05AEEA69F5D675F30267
Filesize
560B

MD5
74a29992c9377055ce9f605cd016471c

SHA1
d7df59f3e1287695f287115806eec493bff73742

SHA256
4b942a468d92c68ad89f8c1e90137cb9791b94a7ad5afb4081d14c31f974a6ea

SHA512
d47b8966cc9eef8a842bc2ed950511c8e96fd99dd7c86c7ed4b2f6602e35f5104d40c361d04e4db1eb7765bd2f9b9052060e73167c3e6609cbdfe977f271950a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons.png.3D033B43285AB23C82E305945FDBD2B974125E854FFE05AEEA69F5D675F30267
Filesize
7KB

MD5
20d1497b0ec803dc2cc24b653cf57808

SHA1
e8c67a781aece01e9e491c8e32df38bf3f1524fe

SHA256
eebf4873b880aceaadb64076316e796ff4c5b37ac8ef0db2ea4378fd91ff6b8d

SHA512
c39f9411b07bfe04eed042e26037cfebcd17ede47d4b01c537594375a28aeed32d2e896348fd25531986cf81a1bc74c9c40b0ab3a0ab84191033198cb9667362

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_ie8.gif.3D033B43285AB23C82E305945FDBD2B974125E854FFE05AEEA69F5D675F30267
Filesize
7KB

MD5
0154bfc7503132d1f547f8d1e2d7c653

SHA1
7dcf340cff6b3070a28aa023922123c833a9ce1c

SHA256
5e8badb6f7ad414e79195573cf5d15dfb3bf57ef97a85c00a7ba5ea4cc8097a9

SHA512
11652cfe06e5d4ed630667da4591c177d173e6f632b8a236c6af3424593438035e4bec894cc6fc1cd21a6e25205dc712e2cc1ffba19522fbb845cdb64c2add32

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_retina.png.3D033B43285AB23C82E305945FDBD2B974125E854FFE05AEEA69F5D675F30267
Filesize
15KB

MD5
77a05a143d37e93b3f2fb69bd3a1febc

SHA1
07382ddc0405e5c8e439441130819257d47b44ab

SHA256
4ad721c802e6684a857de9fce48b4b79dacc35fec11661676a69c1c7921213a2

SHA512
dbc2d7c07ba76b418da00c8fcdce0bdfd74eb00a66641f69a1d9e91bbcb0f0af1a9b61550d7ec04b67a08b0598dcea20a1ad33f87285d305cba4f2051252630d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons.png.3D033B43285AB23C82E305945FDBD2B974125E854FFE05AEEA69F5D675F30267
Filesize
8KB

MD5
0c15460e6d668f1641e4717082c92d2f

SHA1
0d803ab6e3e8006182fd53bf667489115afa64a3

SHA256
a654df2c4e7cb7ac0d83fe7bffce3d03171cabd4e8a98a78188d1130697debfd

SHA512
d2b7cecbde9980903a8b64fb7241ceebe6e32a8b4911776b98b3c04976b45f697cf997a991b3dcfdc8615e1285fa0201219747795708e1ba6fd3553ead44e4b1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons_retina.png.3D033B43285AB23C82E305945FDBD2B974125E854FFE05AEEA69F5D675F30267
Filesize
17KB

MD5
6a7f42f696b74e7df3a1fc4823c87662

SHA1
78c7b51277bebb45aad170695d47f84a13144efc

SHA256
94f707565cef3585a5090fcf02ff53164f1cb16e058b3e2bbb3a9fbff628f5b5

SHA512
4293b91c4a27037fff8e66226717e79b6226705891737c8780cc33820539fee9e87cdde289397469a3b65b4cd4ff6c09e411ad87f3b01ecedf4cb9ac6492472a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_pattern_RHP.png.3D033B43285AB23C82E305945FDBD2B974125E854FFE05AEEA69F5D675F30267
Filesize
192B

MD5
3b115042bb5d4b0c2d9323c7d25382e6

SHA1
9f9a66595992ee2a0b6710dcdb94ea558ef2aca5

SHA256
dffad029b0bb88b353941e6fdb6bd5f8b2c9c671f3e72bf22775fe2677a711c9

SHA512
778a3c96bc920a342619d527d4f1e4391379bee149d4c2c194f8638720214a4589d2ff34801fc0be7adb80c276a2e4f046dfb23fd58350c875713ed214366dbd

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_patterns_header.png.3D033B43285AB23C82E305945FDBD2B974125E854FFE05AEEA69F5D675F30267
Filesize
704B

MD5
adca08c0005806917f1adf82b25d79f1

SHA1
b4c1673cd0c3adac1479cf38ae0bd5330185e264

SHA256
7b00622c7324cfbe471966f9d83fa2a5fdb901a14362df0dd38b38c99577a21d

SHA512
da8277706a237d0f814417c5659087bcb5d6e59c02be127e07a1905d2dcc6ff7548d59d4c6631a0d010103e73e0f6b95f2f551744ccb5fbbed1addfc0bf3fbd0

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations.png.3D033B43285AB23C82E305945FDBD2B974125E854FFE05AEEA69F5D675F30267
Filesize
8KB

MD5
9a37d6dff3df131f11f96407e3ccacbb

SHA1
09dce18b5f3deeca2f241a2628763821b7634ef5

SHA256
c352ac2d1b8a28a1c9ff3be8ecbd1722e60b13bf0d2f004adb7c7f5f2c48b4ac

SHA512
9820f02a2e4f3239114891b7e26b23d94aff63055a1ee239b1273b303134cb0c10c4b1d394c69c1556c494d442204c782771dfdf8d169e95f92079907aeea9bd

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations_retina.png.3D033B43285AB23C82E305945FDBD2B974125E854FFE05AEEA69F5D675F30267
Filesize
19KB

MD5
96e228bd0c01548eadcd459ba1eaf5dc

SHA1
d68aa58d3c8f65642b6e010159b124a27dd0f242

SHA256
1215e118758436c3a961ef221a99b915bde4fa59c066b978ef225245d31fbdc5

SHA512
16ff3510f8d39c52d10c3f71971c97232c281ffab252da3500cb698d952acb430619759e1f07a31d13021bb0eb94bf36337a655ff3915aaa77ec056d02c6df27

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-gb\ui-strings.js.3D033B43285AB23C82E305945FDBD2B974125E854FFE05AEEA69F5D675F30267
Filesize
832B

MD5
0b87a8bc993d2a6273882657e39c2841

SHA1
2290f0d5d751a43486b2e3ad37402513676666b1

SHA256
0dd6e6b22f09a13dc49889948516a2c5eb9da93a1b7003d1ee11ceb011739517

SHA512
52bff6683edd671ab081bef187a3235450c71143ab82f171eb8e2ecc83da985987588ebe2d18bf2dd8f1d81ea821454587357ee89a0b0cbed91a6ffcbcc116fb

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ui-strings.js.3D033B43285AB23C82E305945FDBD2B974125E854FFE05AEEA69F5D675F30267
Filesize
1KB

MD5
6a83f1f6b1c19458ff190f9b082c488f

SHA1
2dc8141acc3dd773d712efa0d60d568910e8226d

SHA256
f1b890e6f158852f77ca7de39166108a08fa4f8af32286e6167cea58450e0a13

SHA512
1d969175840a28b38e93384fd030ebc33c1ef2d167468a5b1dc477e2fc52d407dae2b0aac3362ca9f7c76f76ef94729ed3ed3abc3d54c13a178f01ec67581db7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ui-strings.js.3D033B43285AB23C82E305945FDBD2B974125E854FFE05AEEA69F5D675F30267
Filesize
1KB

MD5
6568aa7d01d15dd45ef41b5a28fc64ce

SHA1
8d73b507947613b40b985574215a84318ed237c2

SHA256
b49eb8ae2d0115f2e124fa663944237227680378905509d88922886fe8daa21a

SHA512
0ab1e9b3d398c99489cdd190083bc31470454294f2cf7773a65aab9ddbc737e511afa7605b330bc227aeea57089e1dce097bb4b12c959b3ce5130b2dd65a20ae

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\css\main.css.3D033B43285AB23C82E305945FDBD2B974125E854FFE05AEEA69F5D675F30267
Filesize
816B

MD5
f9e03b505e168afe2d338d304b68d233

SHA1
11f0f41734ef21623e24d925c32f5585208e0e46

SHA256
51dbbf2fcaf8b3e92b418fb6a4561675707198352c3b7b779652ea41c5bf94fc

SHA512
bb25c4afb3067ac4e323066e25ea843b5d9048e0fb1ad7a76785260a1e39bcbe6b26d873b15dc1f0682c1a00a92ef00a8028146c127e55890279c2f41aca787b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\bun.png.3D033B43285AB23C82E305945FDBD2B974125E854FFE05AEEA69F5D675F30267
Filesize
2KB

MD5
caf8a28062125add58583f5c7a200a3e

SHA1
174216f24b0c5486ad8395c6a6665ec2858a5d97

SHA256
78c07ac41165b3552ce9f0a9f4d850ea30cf9d5d4bcd8a22beac61df239b8c19

SHA512
9dd17e10f18b0bbc76040a622c93fa50cd6be490fade5a503a5d185100e21ee2a473012efbc23f41aec829479f29d6b717911ca859368ed2bb2b956b79e96111

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview.png.3D033B43285AB23C82E305945FDBD2B974125E854FFE05AEEA69F5D675F30267
Filesize
2KB

MD5
074662fa967c3aa475108c27455f1c60

SHA1
3eab158bf364a41b2fb4cb57e9b14fd75e2e46c9

SHA256
2d52808c325e1c0436f013a391f721faeec01e1957a2a9e8a93a5d4133259f6b

SHA512
089b1f8e5547549c03e3165ce9d7216609e144d49afbf427762695058ec0814ea5cf828073a4e0ddacb7fd26ebc12eb85dd19d7146e1740dbb0df019f8255338

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview2x.png.3D033B43285AB23C82E305945FDBD2B974125E854FFE05AEEA69F5D675F30267
Filesize
4KB

MD5
8bd9e0c6ffb8622c0b694e3ff728bc15

SHA1
28bb1ab17d74a5f5bda7a62db986aa1f0e8ea953

SHA256
b7c4ffd758effc0563557be2711967c2b87e2ff2730f5aa1e681f6a9f647946a

SHA512
b79f049080c8ecfb01b39694bbfa5355353adee72738d6cd08279152b2580beff07874108c7abd9fdbdafa05950f3f2c74d94ad9cf31785bf8f1d8e174ed36a1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small.png.3D033B43285AB23C82E305945FDBD2B974125E854FFE05AEEA69F5D675F30267
Filesize
304B

MD5
5cebf5cb3d68c671fa5dd2dbf05a31a2

SHA1
d78ab7ca7095edd857691c91ac0a63395c486531

SHA256
3a7c797c4745c0d711d3706caa3357d4a0eddc1e7f02114d07e2f4ba5fe3e940

SHA512
32dcfe97bb4eb83bfde7416cf0c61246eead7b4fafa9df48d8185c25422ded0b5be13c699959aff3f8de9a88c2f925266fe45cb508e719ecc484632af1eb5990

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small2x.png.3D033B43285AB23C82E305945FDBD2B974125E854FFE05AEEA69F5D675F30267
Filesize
400B

MD5
71f550a99fa98c0a7b3fe58ffe1b26a3

SHA1
7cf92b488335207a81a19781417fc4d8790e915a

SHA256
458e134df210758bdaf2856cbeb48cb7c23c795f3876b65eb89fe41898e59b63

SHA512
9f4165c69dc5d86822c050c38cd61fd1a4a87ff26952c38c9dd3aca691861fcd3271816d1f565486dd129e4e1fed5e93a65f8a6534cfa484b5b949811d195275

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\nub.png.3D033B43285AB23C82E305945FDBD2B974125E854FFE05AEEA69F5D675F30267
Filesize
1008B

MD5
483697bc87a7ca4bbbd362c89f5f7792

SHA1
c92153c5f1ee4720b2729ca9b98572f6c2014f11

SHA256
84d8379a3797d7e3a81398c226c41e519c188c96d655c707499283c81ed0fd2c

SHA512
29866912d0713d6a0ab45dcb307eec46f9d494a20f4e3fbd2d21108bf64b45004c5a852c69e1188d47f4c76f0d82523b88699326623b928940602dd2f947ac2c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons.png.3D033B43285AB23C82E305945FDBD2B974125E854FFE05AEEA69F5D675F30267
Filesize
1KB

MD5
8254ff0ad90d12c8dc758fedb1765ae5

SHA1
a668c256ac2d72853c1edf85045c9d29342e2a7c

SHA256
aa952ad17b226b52e0191e133e5d282976813219126537be8d669fae96d9a25c

SHA512
55f28592114c50996bf2f1ac8738a62819eb0a9aa9b53739db60e6c99f251c1c68610f5801a9bf62a412c150de098467aa0d6e40e0309ce7b197033f9a48babc

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons2x.png.3D033B43285AB23C82E305945FDBD2B974125E854FFE05AEEA69F5D675F30267
Filesize
2KB

MD5
0afc6e9ea9ec6f11f31b95910b4b50b0

SHA1
fff17a799078dc6bd0070ddf65c020a87a5528dd

SHA256
f66332db85ad2ba6738698bc4703871f3884414c780864da381245d4dfca261f

SHA512
7d229b22b50780694309adaaf7c82f7387748996136c00db9e40d541fc17028588338b81cd1ba5b1feb6a3d274d0f5a7466606a7ebbffaf4e6be02c769badd4a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\nl-nl\ui-strings.js.3D033B43285AB23C82E305945FDBD2B974125E854FFE05AEEA69F5D675F30267
Filesize
848B

MD5
f12e341f235808be213640bd011594df

SHA1
35e6114c5435358bf1d04d681976b56d5be7169c

SHA256
afd414ec0bdee5ddddb459be6ff5e7b33854a4eb9cc8a39a22126e8f128d0130

SHA512
245e621bfc773c312c70af629e23b549c3ba3803d1aaf2f6f95cedf947be7906fcfcd7b964167a0fd8d5371e3f566e7d037afb7742095239a8a54e592cd01f10

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.3D033B43285AB23C82E305945FDBD2B974125E854FFE05AEEA69F5D675F30267
Filesize
32KB

MD5
92a1eb3cd3be647cd210bf328fb03bc6

SHA1
687e78af75b17a16d9a6479f016074579d083a25

SHA256
6055658843b28a4d5a9aa220e0eef6bed6667f1a08df09f1f567bc9f9bacf76d

SHA512
960ce50c01799b7939801eee12d45fe39bfd090b23a2037535f3e763a89707751630f86b1fb88dbd054d9f0890beb527927b8399b5b54ddcfd098c53b4d82323

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db
Filesize
28KB

MD5
e6b5ec0cd160ff06cd9cc9c67489de5c

SHA1
b3c21b5fc5e56be1e458e0d49e82c25d25879fa2

SHA256
88935f64509e6c37f88f191e95fec69b1ccac2bdf218367dbedda79bbb2d8734

SHA512
46f65341834835c80e051726173a715a7eaeba9176c5e939e99fc64b6ea2c27f1c485e74e0124ab1398b20616fdda66fa34b5ed6b2407569604793eddc49146c

Download Submit
memory/1576-135-0x0000000005D70000-0x0000000006314000-memory.dmp

Filesize
5.6MB

Download
memory/1576-3546-0x0000000001730000-0x0000000001796000-memory.dmp

Filesize
408KB

Download
memory/1576-136-0x00000000057C0000-0x0000000005852000-memory.dmp

Filesize
584KB

Download
memory/1576-137-0x00000000056B0000-0x00000000056BA000-memory.dmp

Filesize
40KB

Download
memory/1576-138-0x00000000059D0000-0x0000000005A26000-memory.dmp

Filesize
344KB

Download
memory/1576-139-0x00000000056C0000-0x00000000056D0000-memory.dmp

Filesize
64KB

Download
memory/1576-331-0x00000000056C0000-0x00000000056D0000-memory.dmp

Filesize
64KB

Download
memory/1576-134-0x0000000005720000-0x00000000057BC000-memory.dmp

Filesize
624KB

Download
memory/1576-133-0x0000000000E00000-0x0000000000E3C000-memory.dmp

Filesize
240KB

Download
memory/1576-3549-0x00000000056C0000-0x00000000056D0000-memory.dmp

Filesize
64KB

Download
memory/1576-3547-0x00000000056C0000-0x00000000056D0000-memory.dmp

Filesize
64KB

Download
memory/2236-2775-0x0000027DE3580000-0x0000027DE3581000-memory.dmp

Filesize
4KB

Download
memory/2236-2782-0x0000027DE3580000-0x0000027DE3581000-memory.dmp

Filesize
4KB

Download
memory/2236-2783-0x0000027DE3580000-0x0000027DE3581000-memory.dmp

Filesize
4KB

Download
memory/2236-2784-0x0000027DE3580000-0x0000027DE3581000-memory.dmp

Filesize
4KB

Download
memory/2236-2785-0x0000027DE3580000-0x0000027DE3581000-memory.dmp

Filesize
4KB

Download
memory/2236-2786-0x0000027DE3580000-0x0000027DE3581000-memory.dmp

Filesize
4KB

Download
memory/2236-2781-0x0000027DE3580000-0x0000027DE3581000-memory.dmp

Filesize
4KB

Download
memory/2236-2780-0x0000027DE3580000-0x0000027DE3581000-memory.dmp

Filesize
4KB

Download
memory/2236-2776-0x0000027DE3580000-0x0000027DE3581000-memory.dmp

Filesize
4KB

Download
memory/2236-2774-0x0000027DE3580000-0x0000027DE3581000-memory.dmp

Filesize
4KB

Download