infinitylock | f5d002bfe80b48386a6c99c41528931b7f5df736cd34094463c3f85dde0180bf

Resubmissions

07-08-2023 11:21

230807-nghrwsfa46 10

06-08-2023 18:45

230806-xd334adc4s 10

Analysis

max time kernel
446s
max time network
1161s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
07-08-2023 11:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

InfinityCrypt.exe
Size

211KB
MD5

b805db8f6a84475ef76b795b0d1ed6ae
SHA1

7711cb4873e58b7adcf2a2b047b090e78d10c75b
SHA256

f5d002bfe80b48386a6c99c41528931b7f5df736cd34094463c3f85dde0180bf
SHA512

62a2c329b43d186c4c602c5f63efc8d2657aa956f21184334263e4f6d0204d7c31f86bda6e85e65e3b99b891c1630d805b70997731c174f6081ecc367ccf9416
SSDEEP

1536:YoCFfC303p22fkZrRQpnqjoi7l832fbu9ZXILwVENbM:rCVC303p22sZrRQpnviB832Du9WMON

Score

10^/10

infinitylock ransomware

Malware Config

Signatures

InfinityLock Ransomware
Also known as InfinityCrypt. Based on the open-source HiddenTear ransomware.
ransomware infinitylock

Drops file in Program Files directory 64 IoCs

Processes:

InfinityCrypt.exe

description	ioc	process
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\sl-si\ui-strings.js.44F249845542F7994405B5A7D207CCE7732253826D4C014C77C0FEC7C5B63C96	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons_ie8.gif.44F249845542F7994405B5A7D207CCE7732253826D4C014C77C0FEC7C5B63C96	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\hu-hu\ui-strings.js.44F249845542F7994405B5A7D207CCE7732253826D4C014C77C0FEC7C5B63C96	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\es-es\ui-strings.js.44F249845542F7994405B5A7D207CCE7732253826D4C014C77C0FEC7C5B63C96	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\ui-strings.js.44F249845542F7994405B5A7D207CCE7732253826D4C014C77C0FEC7C5B63C96	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\fr\Microsoft.PackageManagement.resources.dll.44F249845542F7994405B5A7D207CCE7732253826D4C014C77C0FEC7C5B63C96	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\reflow.api.44F249845542F7994405B5A7D207CCE7732253826D4C014C77C0FEC7C5B63C96	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\rna-main.js.44F249845542F7994405B5A7D207CCE7732253826D4C014C77C0FEC7C5B63C96	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\goopdateres_lt.dll.44F249845542F7994405B5A7D207CCE7732253826D4C014C77C0FEC7C5B63C96	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\fr-ma\ui-strings.js.44F249845542F7994405B5A7D207CCE7732253826D4C014C77C0FEC7C5B63C96	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\ja-jp\ui-strings.js.44F249845542F7994405B5A7D207CCE7732253826D4C014C77C0FEC7C5B63C96	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\cs-cz\ui-strings.js.44F249845542F7994405B5A7D207CCE7732253826D4C014C77C0FEC7C5B63C96	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\Trust Protection Lists\Sigma\Fingerprinting.DATA.44F249845542F7994405B5A7D207CCE7732253826D4C014C77C0FEC7C5B63C96	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\sqlite.dll.44F249845542F7994405B5A7D207CCE7732253826D4C014C77C0FEC7C5B63C96	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\lets-get-started-2x.png.44F249845542F7994405B5A7D207CCE7732253826D4C014C77C0FEC7C5B63C96	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\dot_2x.png.44F249845542F7994405B5A7D207CCE7732253826D4C014C77C0FEC7C5B63C96	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\js\plugins\rhp\generic-rhp-app-tool-view.js.44F249845542F7994405B5A7D207CCE7732253826D4C014C77C0FEC7C5B63C96	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\sk_get.svg.44F249845542F7994405B5A7D207CCE7732253826D4C014C77C0FEC7C5B63C96	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.175.29\msedgeupdateres_gu.dll.44F249845542F7994405B5A7D207CCE7732253826D4C014C77C0FEC7C5B63C96	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagement\de-DE\MSFT_PackageManagement.schema.mfl.44F249845542F7994405B5A7D207CCE7732253826D4C014C77C0FEC7C5B63C96	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ahclient.dll.44F249845542F7994405B5A7D207CCE7732253826D4C014C77C0FEC7C5B63C96	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_filterselected-focus_32.svg.44F249845542F7994405B5A7D207CCE7732253826D4C014C77C0FEC7C5B63C96	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\images\digsig_icons_2x.png.44F249845542F7994405B5A7D207CCE7732253826D4C014C77C0FEC7C5B63C96	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\uk-ua\ui-strings.js.44F249845542F7994405B5A7D207CCE7732253826D4C014C77C0FEC7C5B63C96	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\zh-tw\ui-strings.js.44F249845542F7994405B5A7D207CCE7732253826D4C014C77C0FEC7C5B63C96	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\themes\dark\check_2x.png.44F249845542F7994405B5A7D207CCE7732253826D4C014C77C0FEC7C5B63C96	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\fr_get.svg.44F249845542F7994405B5A7D207CCE7732253826D4C014C77C0FEC7C5B63C96	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\goopdateres_zh-CN.dll.44F249845542F7994405B5A7D207CCE7732253826D4C014C77C0FEC7C5B63C96	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\pl-pl\ui-strings.js.44F249845542F7994405B5A7D207CCE7732253826D4C014C77C0FEC7C5B63C96	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\zh-cn\ui-strings.js.44F249845542F7994405B5A7D207CCE7732253826D4C014C77C0FEC7C5B63C96	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Locales\eu.pak.44F249845542F7994405B5A7D207CCE7732253826D4C014C77C0FEC7C5B63C96	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_download_audit_report_18.svg.44F249845542F7994405B5A7D207CCE7732253826D4C014C77C0FEC7C5B63C96	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\en-il\ui-strings.js.44F249845542F7994405B5A7D207CCE7732253826D4C014C77C0FEC7C5B63C96	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\FillnSign_visual.svg.44F249845542F7994405B5A7D207CCE7732253826D4C014C77C0FEC7C5B63C96	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\images\themes\dark\example_icons.png.44F249845542F7994405B5A7D207CCE7732253826D4C014C77C0FEC7C5B63C96	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\ca-es\ui-strings.js.44F249845542F7994405B5A7D207CCE7732253826D4C014C77C0FEC7C5B63C96	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\da-dk\ui-strings.js.44F249845542F7994405B5A7D207CCE7732253826D4C014C77C0FEC7C5B63C96	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\icudt.dll.44F249845542F7994405B5A7D207CCE7732253826D4C014C77C0FEC7C5B63C96	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Multimedia\MPP\Flash.mpp.44F249845542F7994405B5A7D207CCE7732253826D4C014C77C0FEC7C5B63C96	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Locales\as.pak.44F249845542F7994405B5A7D207CCE7732253826D4C014C77C0FEC7C5B63C96	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Locales\zh-TW.pak.44F249845542F7994405B5A7D207CCE7732253826D4C014C77C0FEC7C5B63C96	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\da-dk\ui-strings.js.44F249845542F7994405B5A7D207CCE7732253826D4C014C77C0FEC7C5B63C96	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\AppStore_icon.svg.44F249845542F7994405B5A7D207CCE7732253826D4C014C77C0FEC7C5B63C96	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\ro-ro\ui-strings.js.44F249845542F7994405B5A7D207CCE7732253826D4C014C77C0FEC7C5B63C96	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\root\ui-strings.js.44F249845542F7994405B5A7D207CCE7732253826D4C014C77C0FEC7C5B63C96	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Locales\de.pak.44F249845542F7994405B5A7D207CCE7732253826D4C014C77C0FEC7C5B63C96	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.175.29\msedgeupdateres_as.dll.44F249845542F7994405B5A7D207CCE7732253826D4C014C77C0FEC7C5B63C96	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\virgo-new-folder.svg.44F249845542F7994405B5A7D207CCE7732253826D4C014C77C0FEC7C5B63C96	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_listview.svg.44F249845542F7994405B5A7D207CCE7732253826D4C014C77C0FEC7C5B63C96	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\de-de\ui-strings.js.44F249845542F7994405B5A7D207CCE7732253826D4C014C77C0FEC7C5B63C96	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\sfs_icons.png.44F249845542F7994405B5A7D207CCE7732253826D4C014C77C0FEC7C5B63C96	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\root\ui-strings.js.44F249845542F7994405B5A7D207CCE7732253826D4C014C77C0FEC7C5B63C96	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\VisualElements\LogoCanary.png.DATA.44F249845542F7994405B5A7D207CCE7732253826D4C014C77C0FEC7C5B63C96	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\next-arrow-hover.svg.44F249845542F7994405B5A7D207CCE7732253826D4C014C77C0FEC7C5B63C96	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\nb-no\ui-strings.js.44F249845542F7994405B5A7D207CCE7732253826D4C014C77C0FEC7C5B63C96	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateSetup.exe.44F249845542F7994405B5A7D207CCE7732253826D4C014C77C0FEC7C5B63C96	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\psmachine_64.dll.44F249845542F7994405B5A7D207CCE7732253826D4C014C77C0FEC7C5B63C96	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\spectrum_spinner_process.svg.44F249845542F7994405B5A7D207CCE7732253826D4C014C77C0FEC7C5B63C96	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons.png.44F249845542F7994405B5A7D207CCE7732253826D4C014C77C0FEC7C5B63C96	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\pt-br\ui-strings.js.44F249845542F7994405B5A7D207CCE7732253826D4C014C77C0FEC7C5B63C96	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\Locales\lv.pak.DATA.44F249845542F7994405B5A7D207CCE7732253826D4C014C77C0FEC7C5B63C96	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_selectlist_checkmark_18.svg.44F249845542F7994405B5A7D207CCE7732253826D4C014C77C0FEC7C5B63C96	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\Locales\eu.pak.DATA.44F249845542F7994405B5A7D207CCE7732253826D4C014C77C0FEC7C5B63C96	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\zh-cn\ui-strings.js.44F249845542F7994405B5A7D207CCE7732253826D4C014C77C0FEC7C5B63C96	InfinityCrypt.exe

Modifies registry class 1 IoCs

Processes:

OpenWith.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings OpenWith.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 41 IoCs

Processes:

taskmgr.exetaskmgr.exetaskmgr.exe

pid	process
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
3740	taskmgr.exe
3740	taskmgr.exe
3740	taskmgr.exe
3740	taskmgr.exe
3740	taskmgr.exe
3740	taskmgr.exe
3740	taskmgr.exe
3740	taskmgr.exe
3740	taskmgr.exe
3740	taskmgr.exe
3740	taskmgr.exe
3740	taskmgr.exe
3740	taskmgr.exe
2628	taskmgr.exe
2628	taskmgr.exe
2628	taskmgr.exe
2628	taskmgr.exe
2628	taskmgr.exe
2628	taskmgr.exe
2628	taskmgr.exe
2628	taskmgr.exe
2628	taskmgr.exe

Suspicious use of AdjustPrivilegeToken 16 IoCs

Processes:

taskmgr.exeInfinityCrypt.exetaskmgr.exetaskmgr.exe

description	pid	process
Token: SeDebugPrivilege	4376	taskmgr.exe
Token: SeSystemProfilePrivilege	4376	taskmgr.exe
Token: SeCreateGlobalPrivilege	4376	taskmgr.exe
Token: 33	4376	taskmgr.exe
Token: SeIncBasePriorityPrivilege	4376	taskmgr.exe
Token: SeDebugPrivilege	1204	InfinityCrypt.exe
Token: SeDebugPrivilege	3740	taskmgr.exe
Token: SeSystemProfilePrivilege	3740	taskmgr.exe
Token: SeCreateGlobalPrivilege	3740	taskmgr.exe
Token: 33	3740	taskmgr.exe
Token: SeIncBasePriorityPrivilege	3740	taskmgr.exe
Token: SeDebugPrivilege	2628	taskmgr.exe
Token: SeSystemProfilePrivilege	2628	taskmgr.exe
Token: SeCreateGlobalPrivilege	2628	taskmgr.exe
Token: 33	2628	taskmgr.exe
Token: SeIncBasePriorityPrivilege	2628	taskmgr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

taskmgr.exetaskmgr.exe

pid	process
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
3740	taskmgr.exe
3740	taskmgr.exe
3740	taskmgr.exe
3740	taskmgr.exe
3740	taskmgr.exe
3740	taskmgr.exe
3740	taskmgr.exe
3740	taskmgr.exe
3740	taskmgr.exe
3740	taskmgr.exe
3740	taskmgr.exe
3740	taskmgr.exe
3740	taskmgr.exe
3740	taskmgr.exe
3740	taskmgr.exe
3740	taskmgr.exe
3740	taskmgr.exe
3740	taskmgr.exe
3740	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

taskmgr.exetaskmgr.exe

pid	process
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
4376	taskmgr.exe
3740	taskmgr.exe
3740	taskmgr.exe
3740	taskmgr.exe
3740	taskmgr.exe
3740	taskmgr.exe
3740	taskmgr.exe
3740	taskmgr.exe
3740	taskmgr.exe
3740	taskmgr.exe
3740	taskmgr.exe
3740	taskmgr.exe
3740	taskmgr.exe
3740	taskmgr.exe
3740	taskmgr.exe
3740	taskmgr.exe
3740	taskmgr.exe
3740	taskmgr.exe
3740	taskmgr.exe
3740	taskmgr.exe

Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

OpenWith.exe

pid process

3572 OpenWith.exe
3572 OpenWith.exe
3572 OpenWith.exe

pid	process
3572	OpenWith.exe
3572	OpenWith.exe
3572	OpenWith.exe

C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe
"C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of AdjustPrivilegeToken
PID:1204

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4376

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3740

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2628

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3572

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2888

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\icudtl.dat.44F249845542F7994405B5A7D207CCE7732253826D4C014C77C0FEC7C5B63C96
Filesize
16B

MD5
75b5c7eb7f11a8a13d1b630987ade635

SHA1
44aa1df27121c6f6b15632a049f4b4a508679db4

SHA256
1737f6a29735e25294594608e7f0ae0e1256f3601abffa93a0beca584b14ad9c

SHA512
32d3f18252f7dc5cec109e2ad00b0defcdf81ac029f1d0ca92fef7daca42fe833fe271a89a85bde709536cc3e17cdb60849e30ba1e627ef16cf8576b1e69221b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_remove_18.svg.44F249845542F7994405B5A7D207CCE7732253826D4C014C77C0FEC7C5B63C96
Filesize
720B

MD5
bf33ee9e3c6d678437320fb558ac8558

SHA1
9336844954d418a8ae2167c0b4220752201b2e9d

SHA256
c635b94469d0b564bdce341b1489d3c7b45e39ef6c39e86ed50a69031979ef93

SHA512
37dfa0639375bac32f279da43dc54a87acfbd77d0de1a0f2892a12ddb5b77b18d80bc35e9b75f1f795aa2f2ab642d45f025a2039120d4d7662d006a0a37a2173

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons.png.44F249845542F7994405B5A7D207CCE7732253826D4C014C77C0FEC7C5B63C96
Filesize
688B

MD5
ccd275ce0b406bcf11449424c261b55e

SHA1
6a5303756aedafa82ead0eb85d522f4ac2287051

SHA256
9c1c7a3ae4f954873476d0ec937be55fb5e09eb977845473650c0b4a4e2621e2

SHA512
0b70e49db223c1184f564744cb45fa485294b38075917a3815a9383907cf0ec1e6b97c06ae63fd7f5e5a1c1b3f41e9c3a9b0f8aed3578efc288057467a6d7d89

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons2x.png.44F249845542F7994405B5A7D207CCE7732253826D4C014C77C0FEC7C5B63C96
Filesize
1KB

MD5
07094acc93002ea04a359a7e2fa5720b

SHA1
ea21388e0161700e8b4ef85fbed54f3476188f33

SHA256
18bb09830851c2ea0fdaf654da68d31f10347a97626558fc635a3e0dc26d15f1

SHA512
b6625715c0c74bae97322542facf3f3318a9691773da2aaa9cb3d5bdc928b1aae2441464c44c7202355d90df84366046bd6896e29e0c2e1485ab633dc3de5686

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon.png.44F249845542F7994405B5A7D207CCE7732253826D4C014C77C0FEC7C5B63C96
Filesize
448B

MD5
af435d5f55f4f8264bd3a96323634b39

SHA1
e4973f9499fb211682bccfda04e80b860b9896d4

SHA256
be0ef852584d3d20ebf139a4d77b81f6952ac2c0509d516b6a27422da9aac1af

SHA512
ce4e6560d78b6b286c040ecfd55a1d77d8473369cb38238eac82de3678a417fa91bf9180fdf03eb047e5fad02d083edd1fa7b1ccdb758047b326be8618ee42b1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_2x.png.44F249845542F7994405B5A7D207CCE7732253826D4C014C77C0FEC7C5B63C96
Filesize
624B

MD5
4265bb465d0e5d0113e73cbe7a6b1dae

SHA1
70f670d2c868b70a6bf0543e7f2086e6d872a700

SHA256
2378d5ee990f05c2e4852c04e57648df567bec4583dab27ae304495f3604336f

SHA512
d9da756008039ec4a0100f74550c06f0d28e13c7ca3f847b37f28fbefb54c5fbaa0a9d51e967d0e2db8130ec55e88248e2a665e60a6077518ed389048e5fc012

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover.png.44F249845542F7994405B5A7D207CCE7732253826D4C014C77C0FEC7C5B63C96
Filesize
400B

MD5
fcb1e65c9147e7df75676e133b455654

SHA1
ee1ce73e55ce94a229844e0130aee0a3399d563f

SHA256
aa9a7923dbb681dc12c865423392dc0c38d0c42f646654c84c77ab340dc02aba

SHA512
eb71f30803477cf27a480648bbdfdce73b48bb9c7c3b05c164940853db2e97880c8c13149ef5dcfcadf1c8c0891a3082f3eac2171f161d8fa28a5b61d66aca50

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover_2x.png.44F249845542F7994405B5A7D207CCE7732253826D4C014C77C0FEC7C5B63C96
Filesize
560B

MD5
64723cefba7c1d5a5b44002f0c43bbb5

SHA1
a573959939d41b90e33794f4b438d9b7d8f20cc1

SHA256
13b3ee959f423233bf03df8b38a1083b3d059e04c89e558da79c8598c80d85c1

SHA512
7465ea0c66b3967910289c57240d906d86cf8e76eede394a433e887c2234efbe3e5df8214ee668065df8afd2e53e787e09d908f6cd54492928828d4446e3ba2a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon.png.44F249845542F7994405B5A7D207CCE7732253826D4C014C77C0FEC7C5B63C96
Filesize
400B

MD5
f8e0e21da1e992bac5277819a69f381b

SHA1
fced7a29c911737bab6b7a90d561ab56501669e3

SHA256
aad612f41102bc07466fd2c1d075505c4d6b6f50cc62e534d9d3037aa7a3a7ff

SHA512
0269904479a638eb705a31881c41dec1913b6e0e268a395cbcfd42b312f9c953daea2163c2baa1b7a1bcbf52cbdf1b1b54da39fc01bb9537de5f3d7cb74b4343

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png.44F249845542F7994405B5A7D207CCE7732253826D4C014C77C0FEC7C5B63C96
Filesize
560B

MD5
c3bd3f1726e83ad099aebf4aef54f66a

SHA1
d86f2d5a64aeb9fca39ca8a70bbec7226fe78973

SHA256
32b05598a79231cc95cb68a09a081cffca75606e19cd89280920689ea85b362d

SHA512
2a36eb00021ec2d079810a8c58e6fb3cc49a3d8d1aabd6e3e7b39565015c3e0eeefbd632282380d054f13d71d9f13197724183387134b51a15d6a44329dfed85

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png.44F249845542F7994405B5A7D207CCE7732253826D4C014C77C0FEC7C5B63C96
Filesize
400B

MD5
ee09b679d13460e3ba2ad0daefe7b2e6

SHA1
1e9f1127084df2f25dffe6a1972577dbb104d4aa

SHA256
e36301286d4d6a889ef3ddd80ab636a64f96db3d7a9718907bcdc815b0461845

SHA512
d4d0cf46a8e5ebf683b5aa7dcf11012dd24cc388d92f5932a949ed0e7b43975b67a31e094470714d753f4e6ab28b65a216e7942a6b2624da0f65e756c48df222

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png.44F249845542F7994405B5A7D207CCE7732253826D4C014C77C0FEC7C5B63C96
Filesize
560B

MD5
5b86702177197e9843c5d7e8936e118e

SHA1
006f5940ed168cf02718bcac136c2fad0ccc62ee

SHA256
7f9713e4aa56cdeafede5087382d01c9aba60f80020ef89bd347e71895c1d8f9

SHA512
87939a18b1729042ba44a30049ed0d3ee3fda3ef285d7f103f5d15e65c4ed82aaedf9145caf7c7d0d4e88cf109aa3caac6d6e15664bee9a461d6204f02c89ce7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons.png.44F249845542F7994405B5A7D207CCE7732253826D4C014C77C0FEC7C5B63C96
Filesize
7KB

MD5
278e4cef4933b7fb8868639804fc97f0

SHA1
66572ae9f8025d42fedb3c8058cab11975be5a12

SHA256
a9c3b1bbee1d97b255ed6e045c12441a6211d65ef9163afa2f1331ed6c2397dd

SHA512
7c1935617556e2120f3f47f2ca078733df0bee317342e92f81f4540e69b855133b38e3f50479cdaa113e5c45198ff91394872f89d60941ccaa2925b3d5d6ea29

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_ie8.gif.44F249845542F7994405B5A7D207CCE7732253826D4C014C77C0FEC7C5B63C96
Filesize
7KB

MD5
0179b1557d6e125f55e642733f8e9277

SHA1
51f179d7c568c49fe8c66d209e938105f45584f2

SHA256
d4b5dfe21a9a72089082327eafe8f263e9868072567067d2426d14642187f2ec

SHA512
5a4d7c99d44d50d23d0dac874e71efed01794fea8e33fa2468393d45089756b8ac639c7bf71196990d460e8d541dfcf6a577eb8d0b2148145fc15f372afec4e9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_retina.png.44F249845542F7994405B5A7D207CCE7732253826D4C014C77C0FEC7C5B63C96
Filesize
15KB

MD5
a81fde056212b1f8780a669940ee25bf

SHA1
eb3795fca70799dc405de0c4f5cb5846b994e52b

SHA256
66e8b93ec5f9f596ebd3da1d7b532583ca08916545b8fb3b290f847fdaecf5ca

SHA512
6e239cb36864969d1cbd423173c3e38e4e15fc6bc624abca2e87c1b435bbba1cb2e228324ec40b11283b42dbde5d547e1d053cb1f70f5f287c32fdcdfae6a7a0

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons.png.44F249845542F7994405B5A7D207CCE7732253826D4C014C77C0FEC7C5B63C96
Filesize
8KB

MD5
b7fa43394f41ddaaa88982141bfd9f9c

SHA1
757d49f998b3d8dcfc982cce7bcec713361e26d9

SHA256
15eff3583eb6af47726144dd3c9388b4ce61546487f52fb6a65e89e105296a47

SHA512
f3eb67f7145a82675cb66eba91af0d3fd258feb5ec7cf48b4cdf74645743da06e645455e6344468193560e3f356a6fb1577194f9c67b84fda4b9f57b05a18380

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons_retina.png.44F249845542F7994405B5A7D207CCE7732253826D4C014C77C0FEC7C5B63C96
Filesize
17KB

MD5
f64e7cb9c458e78828023a09c5018856

SHA1
28a952a29f0e0e22677d7a0688863beb39f4f805

SHA256
a3cba6745db1812fa54ce52e966a9f52685506f760d0ad82a4441a6209ffcf11

SHA512
eaa3bc639c59db64348be9f92854af98eee5bf4be3df19fb9cc83435e9be3fcefa54dd12f530558e808c57ff8a6981a878befd014b4e3c849746a6217cd4b928

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_pattern_RHP.png.44F249845542F7994405B5A7D207CCE7732253826D4C014C77C0FEC7C5B63C96
Filesize
192B

MD5
5a4b38d36026ae632ebe8a68628aa7df

SHA1
12cd036665610c5729a7f9dbf24f8ff0dd349181

SHA256
e9df22c650b3c4cd37920823ca860ff3766b9b1e33c8fbc7d01e4738f92a8e47

SHA512
e34a3d86a242f4f0462d0b48559f8e63ef282e0c1d30bf8d4cb07b4876c25511d841cd329cb8545392d8dc8e035aa5d417c04ab3373f43521366c4ed4603a22c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_patterns_header.png.44F249845542F7994405B5A7D207CCE7732253826D4C014C77C0FEC7C5B63C96
Filesize
704B

MD5
e812c70a18f3bcea6f2e43fac03619d2

SHA1
18b501c82b2ab7a1e3721656e5a73c39a02abbc5

SHA256
47fe365fadef502597a7a5d22077f5c72ee6f79675b19e3ab3f2eec560f44aa9

SHA512
b052d60cf232b9ab6e30b5cb7c4c2861bef753c5e7343d61f8f74075a17ea97359defb0c4ec8c1344268f976c67a5c50bdcdfd9e913ccccb53ddcdc21b449f45

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations.png.44F249845542F7994405B5A7D207CCE7732253826D4C014C77C0FEC7C5B63C96
Filesize
8KB

MD5
9f5abcaec0850171f2ff8a7c68908ba8

SHA1
6a8e2fca8e0e9c1a9ac5e403221ec4e87611cd1b

SHA256
e89ccef126e1e38faae95dcfa373aa56dd896d5c284c574b89c1a684a0d61f4a

SHA512
21dd13c907b0716ead56a25e9fb70852e28b44a182e835c3ad63a6becd150e025f67ccb05cc0595441da1d777fcff66e0f54ab4ab4038b7f6a481023913c7b38

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations_retina.png.44F249845542F7994405B5A7D207CCE7732253826D4C014C77C0FEC7C5B63C96
Filesize
19KB

MD5
42826c9feddb072aa09e51652edc4dbb

SHA1
605a3715ea3df800abf18ac205cf7bece024b4ee

SHA256
82bed7d58c824cc3bd2554f9790e7405078db384275b1ccfb36310434539eb38

SHA512
4a2ac3e9ca2c0da7518779d1061dc5abbbd62ed1631f98efbeb5d7bd060b728018f3c741b3c5d51f7120950d30fcbdc2a6ecc317fb06d1dc5bb9a1d4d530a7cc

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-gb\ui-strings.js.44F249845542F7994405B5A7D207CCE7732253826D4C014C77C0FEC7C5B63C96
Filesize
832B

MD5
e1d8092873e5497bda3fc66442703a01

SHA1
12f21b3ba6caa7f28da7e6809f0dd388b24c6802

SHA256
c57ac2b3447e2235aa59621d54dc406518d0a560acf9e5c4207bb8352376c40e

SHA512
4bb66227e2d3ef287dd397160b5d9e6db271bc2677ea2f5af5330453825cbe54fe0bddfa6dc28f7d4751acf577a35fbe593622dd262dc8860814cc70ca507161

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ui-strings.js.44F249845542F7994405B5A7D207CCE7732253826D4C014C77C0FEC7C5B63C96
Filesize
1KB

MD5
53fd4f748400bd1a133a7a6dc79c818a

SHA1
ab6dad5c282b6b1aff8de439e8f6fd9ce79a96de

SHA256
00932ea0916c64771284fe8f54095c6db5e43c204c4a547d360327f583fd7890

SHA512
6fff8f87afb7f83c2ae6e1534d4cfa95b7528204e95f3af08f912c30cf888a9ac994949010a62b0df658ccbd439eb4313d60fbc572c31892091f6929fd0564da

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ui-strings.js.44F249845542F7994405B5A7D207CCE7732253826D4C014C77C0FEC7C5B63C96
Filesize
1KB

MD5
7f1cf9f532655f96f7bc157737d9a03c

SHA1
44f14b195f00550ddb953ad3b048e8c2b35f6d5e

SHA256
feb564059fee2e1d55a1758160eef05998f09356ecfa3c895d5d8caff173c2aa

SHA512
e25c04a9d3581bb26d09eefa3ad781906983310060d2af1e5c94b77e11bbaef23d2bd3f0f9144486f3ee37ad618dee44b70775f77fc9adfc630d6c3b33c05fc2

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\css\main.css.44F249845542F7994405B5A7D207CCE7732253826D4C014C77C0FEC7C5B63C96
Filesize
816B

MD5
4fcea4da6a08284831db661d39a55a6b

SHA1
de101516462cf2372d02b4f804f99fc4c4987602

SHA256
dd7f6da448042d69661fe70f0e22391e9a6f401fdddbd80f83a4040e19994ff8

SHA512
30efc280650bba9425289831823fe85c12ed7c39b79033ecd1607b8f6b49cc598d80e86ed8e0859e9a59b2dd5c1218a8640a8f4f3cf24d70b1aa7633e899cb70

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\bun.png.44F249845542F7994405B5A7D207CCE7732253826D4C014C77C0FEC7C5B63C96
Filesize
2KB

MD5
bc21f210f63ba8aaf5076542fa53d28e

SHA1
49f90ea42be8f278de0074e074c0cdacb37dbbb4

SHA256
d9c27a13dfc59572555d123508bee342bc4628527b279a33100ba85e058e155c

SHA512
c73fdf3afeb3dc5c1262fdea654c27260226a67d3f4a5c9d5807a6d54f4a5a02691c3216f7520ab2806cd9bcccb20e91cacebf088e5b9d4e20207f1a8c82711d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview.png.44F249845542F7994405B5A7D207CCE7732253826D4C014C77C0FEC7C5B63C96
Filesize
2KB

MD5
b0d191151a95cf41419109054bc950bf

SHA1
3c8e1e631534cd395962a9a647e7453102e3f679

SHA256
928383c4afe5e8625c21949fc8bdfad3c4431f959a58240ff0cb886661b593bf

SHA512
818ac138bd7a601e1ced917ce598af61d4456cca89c05222ec95ffdce196c4a9a3d47460593562e587b99783de1b590f5cc4251b1290d29f4a82ff531d7c6073

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview2x.png.44F249845542F7994405B5A7D207CCE7732253826D4C014C77C0FEC7C5B63C96
Filesize
4KB

MD5
9d78d0bf15a2b6225ee4a7f87a6a20dc

SHA1
b90d22cb5678dec9546f0b431c643e121ac560f9

SHA256
81db6d4069875cbaa65500b0ae80554ac46903d22c6de83a82a79afdb2585ef2

SHA512
2e3bfc8922c01a3f88bfbb6f9339775ab66d8fb92799f24e71a916cc693513838db2c62c513637f8aba6c280d23004aca9e7df55fc13b53f0b966aba37c7afc5

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small.png.44F249845542F7994405B5A7D207CCE7732253826D4C014C77C0FEC7C5B63C96
Filesize
304B

MD5
1a3fe8f8cc4e0a2761ff3d3f7bf8f160

SHA1
972bee3beb5c08703d60d97634a444c005500f88

SHA256
12169d963b6ef4f700d4796760f02c8b56f2c4bb1554b9b5733c44d1795f6831

SHA512
dad06cde0a3ac496c73a369cfbe2f847b33516b5b78a92b9ebe2c0f77c79466ecc3cba1deabfb351f10e016c4f8419a4c56b3c317717e98ef4ae5e04a01f9f3e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small2x.png.44F249845542F7994405B5A7D207CCE7732253826D4C014C77C0FEC7C5B63C96
Filesize
400B

MD5
83ee74fe8eecc61fa238ad424ccc5506

SHA1
a4054c08ded2af33bbd90edb5a95be2e28d590f9

SHA256
6878043cc8259d94a11af41b0179bcdb8704892b23aca1b7e186bc8014225b4a

SHA512
e76d523331b441707d66941c3bb92f169027c2b7ff104fe6a613715019a8e0f07a05b92a410e6cc4e6017b055cf84928ac7155881ab78183eced15a9f40f6b47

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\nub.png.44F249845542F7994405B5A7D207CCE7732253826D4C014C77C0FEC7C5B63C96
Filesize
1008B

MD5
9f2806dcebc051bb3c20bafef678c6c5

SHA1
236fe570440bc447ba94e7e871e73e8ec6cfe628

SHA256
f0ba93b35786673b178279326a64778f16919658b9557e6a3bcab1ced9a31a1f

SHA512
34eab4448fe522b983bab85a95e4117af295d15989a19f60561e55aef2f97fd9ddd7f0bdeaf4764f54c42b3b3947b96d7accc469c92bfc412465a15ee20779d5

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons.png.44F249845542F7994405B5A7D207CCE7732253826D4C014C77C0FEC7C5B63C96
Filesize
1KB

MD5
84b6635baa91680fa320626ccd44ad00

SHA1
6f33229588a76c8a4f6f729717a99d551285606a

SHA256
a78fd5a721701a82454cd8d9fe61893dc14d7c1844eef25a2b9c01b8be76c015

SHA512
c494a5428c4bb4683d1ed5bb126066ce77981318b21e15393578912ff340a5354bb5a12e5a181a4b431ee31cd7e0c06a4f8d50fac39e65f75ea0fbed923d55f4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons2x.png.44F249845542F7994405B5A7D207CCE7732253826D4C014C77C0FEC7C5B63C96
Filesize
2KB

MD5
062be82bca3baa2a6933fceb13f8f258

SHA1
249189be6164e529c8346900c35d618563cfbead

SHA256
f8a5598612d5944268aff388db3248d83f9906fc197c343f11545ae67663fd11

SHA512
8a2917c148cff6be541377a4bbcaab9714c7e9fd5ed344dcdfa579c8c709965e87c2536843cedbc43edc2cf8248902d36231d3e8c7a417a919b9ebaff7aa9f4f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\nl-nl\ui-strings.js.44F249845542F7994405B5A7D207CCE7732253826D4C014C77C0FEC7C5B63C96
Filesize
848B

MD5
d5ee7421b92c128adb05003b2e7e27c2

SHA1
f8d63a11027f11b2e65566b60c2baeec55d95f64

SHA256
08b53950291d562eb1b63bbaf577ee2687d19f5c64c84430857c2b5be96e9b6c

SHA512
82c32649c2bad4aa8414e1e8d8b785c9c39426e0302584cc35921713d8ad94c3d9b854648301df1f6bb496abc311175827953f06e3a11fb76e40535e3e730e07

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.44F249845542F7994405B5A7D207CCE7732253826D4C014C77C0FEC7C5B63C96
Filesize
32KB

MD5
e28d11a04ae414c1da6a806e162bc134

SHA1
0b9e940f19fcbba3f8d374046794b04d9bf93003

SHA256
d65816a782fc73cf741ab52d114d8be968b48476db60d5fe6563a72f1a185fb9

SHA512
f671d8871af3d9d2861dbd281426add45fb6f38c455b565d9960feb33427fe298a3ee528f2decdd692b00df09c3e3c2f8eef524dbb396cf3b12c8bb41ebbea33

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx
Filesize
64KB

MD5
d2fb266b97caff2086bf0fa74eddb6b2

SHA1
2f0061ce9c51b5b4fbab76b37fc6a540be7f805d

SHA256
b09f68b61d9ff5a7c7c8b10eee9447d4813ee0e866346e629e788cd4adecb66a

SHA512
c3ba95a538c1d266beb83334af755c34ce642a4178ab0f2e5f7822fd6821d3b68862a8b58f167a9294e6d913b08c1054a69b5d7aec2efdb3cf9796ed84de21a8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val
Filesize
944B

MD5
6bd369f7c74a28194c991ed1404da30f

SHA1
0f8e3f8ab822c9374409fe399b6bfe5d68cbd643

SHA256
878947d0ec814fe7c343cdebc05eebf00eb14f3023bdb3809a559e17f399fe5d

SHA512
8fc5f073dc9fa1e1ae47c60a5f06e0a48709fd6a4302dffaa721858409e7bde64bc6856d3fb28891090516d1a7afc542579de287778b5755eafe75cc67d45d93

Download Submit
memory/1204-3582-0x0000000005BE0000-0x0000000005BF0000-memory.dmp

Filesize
64KB

Download
memory/1204-3580-0x00000000017C0000-0x0000000001826000-memory.dmp

Filesize
408KB

Download
memory/1204-134-0x0000000074D60000-0x0000000075510000-memory.dmp

Filesize
7.7MB

Download
memory/1204-135-0x0000000005890000-0x000000000592C000-memory.dmp

Filesize
624KB

Download
memory/1204-136-0x0000000005F80000-0x0000000006524000-memory.dmp

Filesize
5.6MB

Download
memory/1204-137-0x0000000005A70000-0x0000000005B02000-memory.dmp

Filesize
584KB

Download
memory/1204-287-0x0000000074D60000-0x0000000075510000-memory.dmp

Filesize
7.7MB

Download
memory/1204-333-0x0000000005BE0000-0x0000000005BF0000-memory.dmp

Filesize
64KB

Download
memory/1204-133-0x0000000000F10000-0x0000000000F4C000-memory.dmp

Filesize
240KB

Download
memory/1204-3581-0x0000000005BE0000-0x0000000005BF0000-memory.dmp

Filesize
64KB

Download
memory/1204-138-0x0000000005BE0000-0x0000000005BF0000-memory.dmp

Filesize
64KB

Download
memory/1204-139-0x0000000005990000-0x000000000599A000-memory.dmp

Filesize
40KB

Download
memory/1204-140-0x0000000005B10000-0x0000000005B66000-memory.dmp

Filesize
344KB

Download
memory/3740-3590-0x0000024664990000-0x0000024664991000-memory.dmp

Filesize
4KB

Download
memory/3740-3595-0x0000024664990000-0x0000024664991000-memory.dmp

Filesize
4KB

Download
memory/3740-3594-0x0000024664990000-0x0000024664991000-memory.dmp

Filesize
4KB

Download
memory/3740-3593-0x0000024664990000-0x0000024664991000-memory.dmp

Filesize
4KB

Download
memory/3740-3592-0x0000024664990000-0x0000024664991000-memory.dmp

Filesize
4KB

Download
memory/3740-3591-0x0000024664990000-0x0000024664991000-memory.dmp

Filesize
4KB

Download
memory/3740-3583-0x0000024664990000-0x0000024664991000-memory.dmp

Filesize
4KB

Download
memory/3740-3584-0x0000024664990000-0x0000024664991000-memory.dmp

Filesize
4KB

Download
memory/3740-3585-0x0000024664990000-0x0000024664991000-memory.dmp

Filesize
4KB

Download
memory/4376-2840-0x000001677F6D0000-0x000001677F6D1000-memory.dmp

Filesize
4KB

Download
memory/4376-2847-0x000001677F6D0000-0x000001677F6D1000-memory.dmp

Filesize
4KB

Download
memory/4376-2850-0x000001677F6D0000-0x000001677F6D1000-memory.dmp

Filesize
4KB

Download
memory/4376-2849-0x000001677F6D0000-0x000001677F6D1000-memory.dmp

Filesize
4KB

Download
memory/4376-2848-0x000001677F6D0000-0x000001677F6D1000-memory.dmp

Filesize
4KB

Download
memory/4376-2846-0x000001677F6D0000-0x000001677F6D1000-memory.dmp

Filesize
4KB

Download
memory/4376-2844-0x000001677F6D0000-0x000001677F6D1000-memory.dmp

Filesize
4KB

Download
memory/4376-2845-0x000001677F6D0000-0x000001677F6D1000-memory.dmp

Filesize
4KB

Download
memory/4376-2839-0x000001677F6D0000-0x000001677F6D1000-memory.dmp

Filesize
4KB

Download
memory/4376-2838-0x000001677F6D0000-0x000001677F6D1000-memory.dmp

Filesize
4KB

Download