infinitylock | cfa4daab47e6eb546323d4c976261aefba3947b4cce1a655dde9d9d6d725b527

Analysis

max time kernel
455s
max time network
456s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
05-03-2024 01:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

[email protected]
Size

211KB
MD5

b805db8f6a84475ef76b795b0d1ed6ae
SHA1

7711cb4873e58b7adcf2a2b047b090e78d10c75b
SHA256

f5d002bfe80b48386a6c99c41528931b7f5df736cd34094463c3f85dde0180bf
SHA512

62a2c329b43d186c4c602c5f63efc8d2657aa956f21184334263e4f6d0204d7c31f86bda6e85e65e3b99b891c1630d805b70997731c174f6081ecc367ccf9416
SSDEEP

1536:YoCFfC303p22fkZrRQpnqjoi7l832fbu9ZXILwVENbM:rCVC303p22sZrRQpnviB832Du9WMON

Score

10^/10

infinitylock ransomware

Malware Config

Signatures

InfinityLock Ransomware
Also known as InfinityCrypt. Based on the open-source HiddenTear ransomware.
ransomware infinitylock

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\it-it\ui-strings.js.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\en-gb\ui-strings.js.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\js\nls\de-de\ui-strings.js.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	[email protected]
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\goopdateres_es-419.dll.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.185.17\msedgeupdateres_fil.dll.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	[email protected]
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagement\es-ES\MSFT_PackageManagement.strings.psd1.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\hi_contrast\aic_file_icons_highcontrast.png.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\illustrations.png.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\eu-es\ui-strings.js.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\hu-hu\ui-strings.js.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Locales\fil.pak.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\@1x\A12_Checkmark_White@1x.png.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	[email protected]
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\goopdateres_ur.dll.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\Locales\hr.pak.DATA.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\it-it\ui-strings.js.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\HighBeamCardLogo.png.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\ru-ru\ui-strings.js.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\de-de\ui-strings.js.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\uk-ua\ui-strings.js.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\themes\dark\example_icons.png.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\Locales\pl.pak.DATA.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	[email protected]
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\SupplementalDictionaries\en_GB\excluded.txt.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\pl-pl\ui-strings.js.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\hr-hr\ui-strings.js.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\VisualElements\SmallLogo.png.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.185.17\msedgeupdateres_ka.dll.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_folder-disabled_32.svg.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\fr-ma\ui-strings.js.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\home-view\plugin.js.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	[email protected]
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\goopdateres_bn.dll.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	[email protected]
File opened for modification	C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0.dll.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_filterselected-focus_32.svg.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\sv-se\ui-strings.js.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\ko-kr\ui-strings.js.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\bg_get.svg.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	[email protected]
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\fr-FR\PSGet.Resource.psd1.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\nl-nl\ui-strings.js.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\css\main.css.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\close_dark.svg.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\uk-ua\ui-strings.js.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\pt-br_get.svg.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\next-arrow-disabled.svg.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\rhp\exportpdf-rna-selector.js.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	[email protected]
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagement\de-DE\MSFT_PackageManagement.strings.psd1.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_folder-hover_32.svg.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	[email protected]
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateSetup.exe.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\FillnSign_visual.svg.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\plugins\rhp\createpdfupsell-app-tool-view.js.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\pt-br\ui-strings.js.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\themes\dark\AddressBook2x.png.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	[email protected]
File opened for modification	C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\106.0.5249.119\chrome_installer.exe.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\swiftshader\libEGL.dll.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	[email protected]
File opened for modification	C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0.dll.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\da-dk\ui-strings.js.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.185.17\msedgeupdateres_af.dll.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_fillandsign_18.svg.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\selector.js.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\hr-hr\ui-strings.js.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\themes\dark\rhp_world_icon_hover.png.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\pdf-ownership-rdr-ja_jp.gif.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Trust Protection Lists\Sigma\LICENSE.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.185.17\msedgeupdateres_pt-PT.dll.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_newfolder_18.svg.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4	[email protected]

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	[email protected]
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	[email protected]

Modifies registry class 56 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{94D6DDCC-4A68-4175-A374-BD584A510B78}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000050000001800000030f125b7ef471a10a5f102608c9eebac0a000000a00000002e37a3569cced2119f0e006097c686f60700000028000000e0859ff2f94f6810ab9108002b27b3d902000000a00000002e37a3569cced2119f0e006097c686f602000000780000002e37a3569cced2119f0e006097c686f60400000088000000	vlc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	vlc.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616193"	vlc.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{94D6DDCC-4A68-4175-A374-BD584A510B78}\GroupByKey:PID = "0"	vlc.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{94D6DDCC-4A68-4175-A374-BD584A510B78}\GroupByDirection = "1"	vlc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents"	vlc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Music"	vlc.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{94D6DDCC-4A68-4175-A374-BD584A510B78}\Mode = "4"	vlc.exe
Key created	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\Local Settings	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	vlc.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1"	vlc.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1"	vlc.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{94D6DDCC-4A68-4175-A374-BD584A510B78}\IconSize = "16"	vlc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	vlc.exe
Key created	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	vlc.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\NodeSlot = "2"	vlc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	vlc.exe
Key created	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	vlc.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1"	vlc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = ffffffff	vlc.exe
Key created	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	vlc.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16"	vlc.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	vlc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	vlc.exe
Key created	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}	vlc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{94D6DDCC-4A68-4175-A374-BD584A510B78}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	vlc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	vlc.exe
Key created	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	vlc.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0"	vlc.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{94D6DDCC-4A68-4175-A374-BD584A510B78}\FFlags = "1092616193"	vlc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{94D6DDCC-4A68-4175-A374-BD584A510B78}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	vlc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	vlc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	vlc.exe
Key created	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{94D6DDCC-4A68-4175-A374-BD584A510B78}	vlc.exe
Key created	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	vlc.exe
Key created	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	vlc.exe
Key created	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	vlc.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0"	vlc.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{94D6DDCC-4A68-4175-A374-BD584A510B78}\GroupView = "0"	vlc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e80922b16d365937a46956b92703aca08af0000	vlc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	vlc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	vlc.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{94D6DDCC-4A68-4175-A374-BD584A510B78}\LogicalViewMode = "1"	vlc.exe
Key created	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	vlc.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4"	vlc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff	vlc.exe
Key created	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	vlc.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{94D6DDCC-4A68-4175-A374-BD584A510B78}\FFlags = "1"	vlc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	vlc.exe
Key created	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	vlc.exe
Key created	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	vlc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	vlc.exe
Key created	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1	vlc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 3a002e8096f2fd3decdbb44f81d16a3438bcf4de260001002600efbe110000009d9b7ff9bc68da010c794f4c996eda010c794f4c996eda0114000000	vlc.exe
Key created	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\Local Settings	vlc.exe
Key created	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	vlc.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
1836	vlc.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1836	vlc.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	3212	[email protected]
Token: SeManageVolumePrivilege	4508	svchost.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
1836	vlc.exe
1836	vlc.exe
1836	vlc.exe
1836	vlc.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
1836	vlc.exe
1836	vlc.exe
1836	vlc.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
2000	OpenWith.exe
2000	OpenWith.exe
2000	OpenWith.exe
2000	OpenWith.exe
2000	OpenWith.exe
1836	vlc.exe
1836	vlc.exe

C:\Users\Admin\AppData\Local\Temp\[email protected]
"C:\Users\Admin\AppData\Local\Temp\[email protected]"
1⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
PID:3212

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2000

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe"
1⤵
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1836

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:2756

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4508

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\icudtl.dat.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4

Filesize
16B

MD5
3079b2e62775b720398bb07780336957

SHA1
9a9ae42549f32223592eaf462d4067bf6e5f206a

SHA256
09c9c9218a417092db357361e7731d83bfaf50a101a616122ad94fa251fc07bc

SHA512
4f7608595bb454585e6b3949e717de964e8f11702ce6cf9c621c7efcb6b199504933d7ea8d13dd6f75f988afafad04214f020d0dd46a89ddfae4a721b63d1788

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_remove_18.svg.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4

Filesize
720B

MD5
cbea83508863ccfd8f066cb932341c5f

SHA1
ceb62fff4d153a010bc0c18d401ccd983bf86d63

SHA256
b625860e799280435970438f1532b3eac0f27305ff58d91fcf8a594c8d8da434

SHA512
34ef12e90b20f82554eeb3e49d27151651d0edf8588f2931c31e158a3f169391a8f655802ce74f6a57356eba92416091f40190ccf3e25d94657b3ff388c58f9b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons.png.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4

Filesize
688B

MD5
ecf68eee5f92505b8eb901940e8b00df

SHA1
4aa275911f95d1b6697c38baf82757f6fac87ae2

SHA256
a6d38fe13fbbe0576f2a30fe3cb892aabe8c48a00f6896227e404e62eb642384

SHA512
dc82a406067a3e7518c971984a4959da013e13d0d329aebf7d865336daf4f058bfa13bd729f09233ae6da585e123591e85b067527458c1c33f570823b9b20ea3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons2x.png.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4

Filesize
1KB

MD5
bcf001c17828964668fd26fb232a54e0

SHA1
02fa2d09365b75cbad4e3c097ae6c1cfe8e6ee08

SHA256
8bdbadea40b882ae43684cbe5659cdce528a327bbe6080e9ab3d035ab2d4da92

SHA512
a78efc38386c54aee60d293313ac4b7d81e0b7ab3707d022dae46664e50a884bfdac05096f746373f90cc073a44f6b15a137d1cbcc0ca00222f8078187b7e664

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon.png.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4

Filesize
448B

MD5
10da7dd141cd070b67e83badcf2257e8

SHA1
20da06cbb9785edc0e28b25ef5f4e80d87d511d3

SHA256
194d442a3020fafef449f19797f1b1a35b331cc52ecb4dc08ed4604ea59f3b65

SHA512
b5f88880a0e890e02f20a4061e25c4087ea5613b6a0d716c7ca6984a3f24779c55e1ed3df5e7dc482fabb3ad6836eea916a672fcaffa1a57b84c618d3bc44f2d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_2x.png.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4

Filesize
624B

MD5
8b0d007e2e5a60a431d4025a6eb92df3

SHA1
c3ac640d264bcca2717e764ac87c57bd72355478

SHA256
eda8c9c8966ba19316bb75751b7bb3155cafa11d1cac80e32c490097346c64fc

SHA512
53430486f40637112aec06f8cc45842dcbdde16bfe5213cb79e47263044c7dae680b32652186221a8667a16d40e5956632bbf20cdf7df9a7e6f83b669618e416

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover.png.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4

Filesize
400B

MD5
b983bf5e615c16ed9d16d3615b80801d

SHA1
d7b2d4dd9b464f1a4d223985d2f177288f9303e3

SHA256
7f02956fac2d699f601b5e745f87a95c41e7e802b963bdd29a8e430fa8fef6a5

SHA512
3ce8f8de2d609825700b41bb082bcbe4da43a5395d29293cb80ae56f2ee1ba9cd37f9129695e39e05f9603ed983335b14bdcb493af1aea9c67937a9386dd0525

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover_2x.png.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4

Filesize
560B

MD5
e14b493c7720651aebd4627fe344346a

SHA1
62af9ffd7e0568e4e964f5ee14bccbce40fc84bd

SHA256
53b7258bd592de664c06b1e7f0d5c49ac9cf6ec22002eb74e677695efbf4a358

SHA512
a8f362e37456f3128bb4956c652657d08cccb91f8ebf61733345d556ce05647de44bfc4793562b670fa5c97ca1a92406942fc90ed1f731fa9bf02f76b8c2bd47

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon.png.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4

Filesize
400B

MD5
d511dd8c3a48846487c08b501d453b48

SHA1
b245d7ce87137f35e4fba1db4578bf3c028c3d12

SHA256
a385e884726f0367493c5331ba074d831b187e5efe0007f3a9069917be91f4e6

SHA512
95052e08e8640836e6bbbd4f5fe5f045f71415bd7a5b4e480ffaa69333aa65b262d35ab7e2261e1af03e3919f73502906b08928dcd541eb36b16510121e23760

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4

Filesize
560B

MD5
a2df10aecc973307bb62bbde913a45b9

SHA1
31b34ea190b6b52ce065959466d188d74fdb61c7

SHA256
eb7db4112951dc9d81aebff0100cc1f25f70c9f2ef2f51059ca5a4e2f85743d0

SHA512
de366eb0f8db83a1055c8640eb6ce484b69b80a9b0d156c9b740f1ff50728e40df023ca3e0a13c317fa141fc9edae2f008851404156d20c5b857143bacf41625

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4

Filesize
400B

MD5
27098c2f9617d9d436e094b544af2b38

SHA1
1a6e3d55d87addf05825f07aa5af6e95a4902fc2

SHA256
18e42b79b7ccb1d4c7af300d4256d6c7dddef4bf8c642334b5d1082082554f79

SHA512
ca037ca79e9baa201776d5bdf32d4285181224c22ed91d1360c524773bdb711d584aaa47f563970e50bed794e9fd0e2437262d21c1f218781d8dd21b1d2eb575

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4

Filesize
560B

MD5
dc12e0ff367b88f541d3bd9f319a503a

SHA1
fd0301cc53d61551ec385f15d22c207802cadc56

SHA256
e5c862a6e1ed98d73afac37eb34383d413d1d4c0600279df2d116a9d3711a41d

SHA512
f91866b6cd6715f5a40f8984d286b490b62b6e5441113b2e7fc259821adba04895843cd517a94ffb9d3b2082dea02733f544c6fda173119cd58f1e22a9f3b6d8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons.png.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4

Filesize
7KB

MD5
b6a8a98c34c8d71bf81aad4926b14aa5

SHA1
653c1d48c6c9a2abfb257b71e0acaa4e04e0eae4

SHA256
c0d25ac97ff6395d76d4e987b8ff402c3b529ab36486f37135cc58970ae18600

SHA512
0899a026e497d20632a26314071c25a6e291def064dfe60f114d4ab43ca56c18e6b8bd27741027d60b0791349e635683ccb0fe1be85e38a5cb6f03ca2d4098e1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_ie8.gif.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4

Filesize
7KB

MD5
ca44b991a1f36291ac9bd4c2d85e0e03

SHA1
bb2d5c831b9e5c3748bce97a3ea6e5acabfdffb8

SHA256
81a804cd408ad95a567108c33663d38416d775da6795240911386c0b2abaf2c3

SHA512
4b8df91c65ab9cd04dca14e7d552476be8301e7b52c5a7eb247fd0800ef59476e02da2cb128183fa19994dd7433386cdc4610523aaec6f9c62f287fb19e83414

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_retina.png.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4

Filesize
15KB

MD5
2e650e2fd98f08b67f5818b10ac4f36c

SHA1
6f3dfdfdbdfad7ec811fcdeac5d0f1f0a73be5d4

SHA256
e0ded910b88e3e2075a29e7c2302ac5e317c03a6859a25534c89c055c11dc64d

SHA512
8ffe3359bbf946a6cc192575e6a58f585a5fd27256ddcda472daf766aed2f98dc14351b57a05c8552de113749c7eb6393a8c1b5cf72dd0ebf4088c4e9a548b53

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons.png.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4

Filesize
8KB

MD5
1e0766d9752bbd59971d67ffd38e1667

SHA1
72e94ff9c2b38ff63563a83719eb2db063a79338

SHA256
1bbc4ba3e1af16afca63315ec93ce4c90470c0655b44e0f4894f5e702499e1bd

SHA512
bc6b81eb3159b0f930310b64dd0b51e87a0a25d23a5807151a059e71266aa75a448156015b41d2996b7a6e1906e6359579d25d5f4e5ceabab2118f136136b763

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons_retina.png.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4

Filesize
17KB

MD5
0471b49b0f06b044ee256e3aa4baa170

SHA1
72e4bf07bbf5e1b2f912862bd2cc106ad66e3dc9

SHA256
a8677d6d9af0223301ff49393a0db2950091861551bd549f5243e4a9990aa5f1

SHA512
22bbcdad44031f6823a5f6bcedbcb1e6479285fe35be30cfeca540d65a84506d5f2d6b6f83a1d219bbeeb3ce417111df71ed0ed4ea1505e8e21f216f2fcbab54

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_pattern_RHP.png.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4

Filesize
192B

MD5
97fb3798d2bc6e0d5cbb4b6f941cd897

SHA1
0d69b30b3cea6887097cab6d407d03e15d6d9faf

SHA256
61697388427a7e6a73eb07d3a6d9425084264f2bf8e6e08fe54bc72d86efcc7a

SHA512
55db1540d9d9a10677c49561a42c81b065259bc9a56dfa99a557b116a6d1817fc93f2accb3655e448d0dd324724168c206b4719fc440e684f72293e10a522c27

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_patterns_header.png.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4

Filesize
704B

MD5
0d55373e1d7cac21c99680a3af9170f5

SHA1
d1b3afcbc0dba8bd9271e8153c1d48babbd8101f

SHA256
a0c67dd9754abcd056887f2f086864b880ec167d0f7c1feab2176a04a9c766ec

SHA512
7b1d0978f766641d5fbad5638d96a19d2e424cbde40e2c96d6a7b12efbe1419e74407b66843ab91333ed5fa1e377b62d65058c1f26c34703943812507ad85f0a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations.png.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4

Filesize
8KB

MD5
0a97bbda87d45714f9b01c489d28054f

SHA1
c407284f86d5f2323cbc7b51886423f4ae39dfa5

SHA256
b01f7bd46017bad13dddd767d9fa87f7b2e374bbc1b909034ce3e2d27dd011d3

SHA512
7ae4a861c9f7817f87ddab73b3033ad0966a21dd6b93632e7a69b45a8eca0d978e0ee7fb8dc1aaf69d7ffdf2c5ff87ce32be90db7a67c9cfb3835b238d3f707b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations_retina.png.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4

Filesize
19KB

MD5
4e0614d635d6c0697fa77578a76fcf03

SHA1
38b03d17d50633fe288998b4d3473adb467b7a28

SHA256
5695d7472373699fcb8ce34aac36288ba3e588212ad6f7e5407421488de14cee

SHA512
cf28f4a6ba71bd9e9fa78304046ed4a8ae2bdd19327a364230ca1093f3897acf07864082151b192519f772370ff33424cb49873dd54a9e20e183ba2df2bc4260

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-gb\ui-strings.js.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4

Filesize
832B

MD5
794d5f8c71a4484e5117cfbe7ef6fc9b

SHA1
ad1bb8e6f0deda3e48f9b44f09f901e7f23a701e

SHA256
20121c93299a15c703b3c2dfc7a65099211ed725956133e0925639f94a440f6e

SHA512
2556a968499ac2c59336b22990660824437dd9be7f0642e000b8c748ee45a2fdda6ed6d1329946638cc3474325632e15f97afe0ba40aa27f37562aadf101cd46

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ui-strings.js.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4

Filesize
1KB

MD5
b0857a5ef07c518586152cce51324b9d

SHA1
bafd14442e8644921065cd643bf73bb01008c775

SHA256
4bde2f16204da168c09987447c6beada25483f3f865aebe1a17f064fc23d5113

SHA512
5de5e7778bf07fedbea396f07325e8e41ccd6b9cd9b6df726f7596eb033178d9ca1db07c4be90b50fa0406b716cf529cb0908b96c03ca53a2a2a0bfb580c2eba

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ui-strings.js.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4

Filesize
1KB

MD5
9760b0b0813923a44972170ea3d78369

SHA1
a14a2d2c68f96712985adf243469a6d874f020a3

SHA256
e8e0fdf644e8b26c930289dd2bc1dc084804cd5b072b982586fba22f02c9509e

SHA512
c5293392b08a7aef0fc8ce68e5b886a335e4f21cf2ea0344e492acc5d8172254af3c8f1f665ef83c1d9c27bd486f8e2c6a545c4955317411b392b14607e0b44e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\css\main.css.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4

Filesize
816B

MD5
60e216f1d98e42957c35b3264f6940cd

SHA1
d8285ad0fef6597628906fc7ffee2974cf57e41a

SHA256
ac22e6ad21289cbceb08e5e15f7ac528ef23781cf07050a733d2c18661b061df

SHA512
50923677737a9bff2a1f20a35a504b101854f99b88c5684d7d3d2c95ed656996c5c878b0c00eb2fb082a7748ecc8f9e1f4aea8c76a2d6e2fe42c89182c69b268

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\bun.png.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4

Filesize
2KB

MD5
a7c19be06ef4745c8190c64b6dd02295

SHA1
b57ee6eb8d0fcb1f54827112a68c5cb01f9f1ee9

SHA256
d1fb1b001ee283709e184d1627faa1c955d00588191a7f40d2f200765ff2b636

SHA512
1d456dd8c8028119b413e03d669eab69009192946fbe24e97ae4b49be92724a312e454baf4689b276eeb5cb356010c693b9f3695c616292743d4bca966b96057

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview.png.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4

Filesize
2KB

MD5
1ffce99cf0dbe4632f71f794f40a3110

SHA1
8606496d7f5bb9c734f8483d67c3505a8c71c92c

SHA256
30bd0c0c8a20af3947406fc17e7f1ed9430ce679a2a6e5592e1848733a8319b0

SHA512
e6a9e1cd21ad60d5fa71f95ce3ddc5db6d65e551d11f6ddf430eee139ad739d86601dc9e510f3d05beaddc75993e8ee26ad47e746acc4de8ed464cf72c9c7ab8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview2x.png.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4

Filesize
4KB

MD5
25fb1d57dc7a690a95be4b760f8bdc67

SHA1
22b433c22f992cde5fa942ae3fe9ef0df6a23c1f

SHA256
230546a87b67c2e6a561634dc42fa10b7eaaf487e58ce56e6942b99790f134a3

SHA512
4c93911824f137113d1c7c5a33b4d24d6f20a84255a1d8a93b2d3c2872c4ad82949eb637183a63c4a57eec8e4a303ed83ab0f4ad8cc0271f985ff1c6297e2b36

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small.png.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4

Filesize
304B

MD5
c2b6dacb7b356480ce24a9ed0c5ade46

SHA1
545ed0fa3e3cb60071b82cfbbeeb24085a464fb1

SHA256
6d5c3e301c3a3d20dc16693cf372c91a56d7aa1d1c9c1a8ad6df954b7c00e7d0

SHA512
9a7df053ce193adea8e0137bf0605254ce35a7e8d4773aff5e6662c3ebb4b1d094b4fa215e4d486fba15a926ca7dc93962a98f7c6dec01ce69ce246bbcfeb711

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small2x.png.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4

Filesize
400B

MD5
b444ba528d3b83ab031667bb81b6ac9e

SHA1
220d26f2cf19537947d838da7c6761cb85771be6

SHA256
49d4de48b8b47cada2cf6026a3b7b0e035e56d03dafcdff70d6530f9a9d382cb

SHA512
bc8a615ba248dfb4ecc04f79c3031dd29c47007bc171d691dc0ebf8f98e014123267705f2020911a838a1867bd92c0dd0ef06a07468233067b8839ad8db764d6

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\nub.png.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4

Filesize
1008B

MD5
8614f3e6ee30d919ee9067e8600945ba

SHA1
cb0726fafd5af1772ffdf56e48c3bcc73c11cbc6

SHA256
9d535552311d7cfc8e5efd5596ee6a2940b45cb6b1b3e2918f333a870e9d88e9

SHA512
17594755c1f8056d9ea40c38f5460b20a0b69709d73123846aa2147df98c73bf6864c77a32a95ef777baa9e4a75d22305c92ecfb4f03c8b41ac602410c77e838

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons.png.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4

Filesize
1KB

MD5
ab84c0a1fa592c4adefd6c539f80ce8f

SHA1
daa51dcf65cd5249a7ffc2efef48d677c102ab9a

SHA256
e04893ff7c8d5403ee193b8ccedb8fa1359307ebc6c4a4e2b6cc29691f599bb7

SHA512
3b584107d66a4fbbe6f6f47d8099943c95904c08071cc6dd5ae362d9895b59f9de42ecdc44414541948518c15268f294bd56fb0579de528c884e6ca78c58184c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons2x.png.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4

Filesize
2KB

MD5
9ca9e8c0543157dd6d0fd19b4a826713

SHA1
3d6be37512da119c428b004ab51fee1928d86243

SHA256
dd419bdff67fd22e89d0cba8c5e26d01899cd62a6044c4e644ec9dabfdd9c001

SHA512
10e05d070e12004e5e39b93f96976d1e69941d5bc58eb3f3a9b702d5eed0b24eeb6ec7c701b3e2e1ab79c53469f5be75f6b9b112a7e234cd9b680d15e51543eb

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\nl-nl\ui-strings.js.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4

Filesize
848B

MD5
49af3c8f721117646b5a0664a7884f9c

SHA1
beb66430a5aa7cb2cc1f464d9a47c6a9fc67cb6e

SHA256
1057e1aeaa39b7543de9fb6d94731b76e49df3b6c8820a477b689d3afc36837e

SHA512
2d7db2d0c28c7530ea0bafa6d52e65d229d7b825fe3a7e38cfb38f29a773bc236dcdf9cfad1319dd783e37daf9645f08bf5e778393f296ba3211bef81b7a176c

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.E99F1BA924953849D5AC7561E2F3068100A4011A5B3B0313C334F59CB1AEE5A4

Filesize
32KB

MD5
9a4bc32cbad647380ce5546b4f3a0983

SHA1
7d08e7821fcaa4b5691a430a2f4e04ba0bc6e2a1

SHA256
eac8987fddd3216f1ff823da475197fdbf9d1d09c923db9a372a304c2e2fa6af

SHA512
c1523ffca43d7f41de4c7107cf22fb128ecefbbc28a283ce23dfa6d43791ae8612e48183edc270628edc3eeb6c2c551baa413f3cc98e1508ddd7979685a3dc36

Download Submit
memory/1836-3471-0x00007FF678070000-0x00007FF678168000-memory.dmp

Filesize
992KB

Download
memory/1836-3473-0x00007FF8321D0000-0x00007FF832484000-memory.dmp

Filesize
2.7MB

Download
memory/1836-3460-0x00007FF832AE0000-0x00007FF832B47000-memory.dmp

Filesize
412KB

Download
memory/1836-3459-0x00007FF82F5A0000-0x00007FF83064B000-memory.dmp

Filesize
16.7MB

Download
memory/1836-3453-0x00007FF845BE0000-0x00007FF845BF8000-memory.dmp

Filesize
96KB

Download
memory/1836-3454-0x00007FF8430B0000-0x00007FF8430C7000-memory.dmp

Filesize
92KB

Download
memory/1836-3472-0x00007FF832EF0000-0x00007FF832F24000-memory.dmp

Filesize
208KB

Download
memory/1836-3452-0x00007FF8321D0000-0x00007FF832484000-memory.dmp

Filesize
2.7MB

Download
memory/1836-3455-0x00007FF842850000-0x00007FF842861000-memory.dmp

Filesize
68KB

Download
memory/1836-3474-0x00007FF82F5A0000-0x00007FF83064B000-memory.dmp

Filesize
16.7MB

Download
memory/1836-3456-0x00007FF841BB0000-0x00007FF841BC7000-memory.dmp

Filesize
92KB

Download
memory/1836-3457-0x00007FF838CE0000-0x00007FF838CFD000-memory.dmp

Filesize
116KB

Download
memory/1836-3458-0x00007FF832ED0000-0x00007FF832EE1000-memory.dmp

Filesize
68KB

Download
memory/1836-3450-0x00007FF678070000-0x00007FF678168000-memory.dmp

Filesize
992KB

Download
memory/1836-3451-0x00007FF832EF0000-0x00007FF832F24000-memory.dmp

Filesize
208KB

Download
memory/3212-2930-0x0000000005620000-0x0000000005630000-memory.dmp

Filesize
64KB

Download
memory/3212-3447-0x00000000750E0000-0x0000000075890000-memory.dmp

Filesize
7.7MB

Download
memory/3212-3445-0x0000000005620000-0x0000000005630000-memory.dmp

Filesize
64KB

Download
memory/3212-3444-0x00000000066B0000-0x0000000006716000-memory.dmp

Filesize
408KB

Download
memory/3212-2765-0x00000000750E0000-0x0000000075890000-memory.dmp

Filesize
7.7MB

Download
memory/3212-0-0x00000000008C0000-0x00000000008FC000-memory.dmp

Filesize
240KB

Download
memory/3212-1-0x00000000750E0000-0x0000000075890000-memory.dmp

Filesize
7.7MB

Download
memory/3212-2-0x0000000005340000-0x00000000053DC000-memory.dmp

Filesize
624KB

Download
memory/3212-3-0x0000000005990000-0x0000000005F34000-memory.dmp

Filesize
5.6MB

Download
memory/3212-4-0x00000000053E0000-0x0000000005472000-memory.dmp

Filesize
584KB

Download
memory/3212-5-0x0000000005620000-0x0000000005630000-memory.dmp

Filesize
64KB

Download
memory/3212-6-0x00000000052F0000-0x00000000052FA000-memory.dmp

Filesize
40KB

Download
memory/3212-7-0x0000000005630000-0x0000000005686000-memory.dmp

Filesize
344KB

Download
memory/4508-3507-0x000001F3BBC20000-0x000001F3BBC21000-memory.dmp

Filesize
4KB

Download
memory/4508-3514-0x000001F3BBC50000-0x000001F3BBC51000-memory.dmp

Filesize
4KB

Download
memory/4508-3475-0x000001F3B3540000-0x000001F3B3550000-memory.dmp

Filesize
64KB

Download
memory/4508-3508-0x000001F3BBC50000-0x000001F3BBC51000-memory.dmp

Filesize
4KB

Download
memory/4508-3509-0x000001F3BBC50000-0x000001F3BBC51000-memory.dmp

Filesize
4KB

Download
memory/4508-3510-0x000001F3BBC50000-0x000001F3BBC51000-memory.dmp

Filesize
4KB

Download
memory/4508-3511-0x000001F3BBC50000-0x000001F3BBC51000-memory.dmp

Filesize
4KB

Download
memory/4508-3512-0x000001F3BBC50000-0x000001F3BBC51000-memory.dmp

Filesize
4KB

Download
memory/4508-3513-0x000001F3BBC50000-0x000001F3BBC51000-memory.dmp

Filesize
4KB

Download
memory/4508-3491-0x000001F3B3640000-0x000001F3B3650000-memory.dmp

Filesize
64KB

Download
memory/4508-3515-0x000001F3BBC50000-0x000001F3BBC51000-memory.dmp

Filesize
4KB

Download
memory/4508-3516-0x000001F3BBC50000-0x000001F3BBC51000-memory.dmp

Filesize
4KB

Download
memory/4508-3517-0x000001F3BBC50000-0x000001F3BBC51000-memory.dmp

Filesize
4KB

Download
memory/4508-3518-0x000001F3BB870000-0x000001F3BB871000-memory.dmp

Filesize
4KB

Download
memory/4508-3519-0x000001F3BB860000-0x000001F3BB861000-memory.dmp

Filesize
4KB

Download
memory/4508-3521-0x000001F3BB870000-0x000001F3BB871000-memory.dmp

Filesize
4KB

Download
memory/4508-3524-0x000001F3BB860000-0x000001F3BB861000-memory.dmp

Filesize
4KB

Download
memory/4508-3527-0x000001F3BB7A0000-0x000001F3BB7A1000-memory.dmp

Filesize
4KB

Download