infinitylock | hxxps://github[.]com/Endermanch/MalwareDatabase

Analysis

max time kernel
261s
max time network
295s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
10-04-2024 15:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Endermanch/MalwareDatabase

Score

10^/10

infinitylock troldesh bootkit persistence ransomware trojan upx

Malware Config

Signatures

InfinityLock Ransomware
Also known as InfinityCrypt. Based on the open-source HiddenTear ransomware.
ransomware infinitylock
Troldesh, Shade, Encoder.858
Troldesh is a ransomware spread by malspam.
ransomware trojan troldesh

UPX packed file 7 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3124-4376-0x0000000000400000-0x00000000005DE000-memory.dmp	upx
behavioral1/memory/3124-4375-0x0000000000400000-0x00000000005DE000-memory.dmp	upx
behavioral1/memory/3124-4377-0x0000000000400000-0x00000000005DE000-memory.dmp	upx
behavioral1/memory/3124-4378-0x0000000000400000-0x00000000005DE000-memory.dmp	upx
behavioral1/memory/3124-4379-0x0000000000400000-0x00000000005DE000-memory.dmp	upx
behavioral1/memory/3124-4395-0x0000000000400000-0x00000000005DE000-memory.dmp	upx
behavioral1/memory/3124-4440-0x0000000000400000-0x00000000005DE000-memory.dmp	upx

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AntiVirus Pro 2017 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Temp1_Antivirus Pro 2017.zip\\[email protected]"	[email protected]
Set value (str)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Client Server Runtime Subsystem = "\"C:\\ProgramData\\Windows\\csrss.exe\""	[email protected]

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\N:	[email protected]
File opened (read-only)	\??\O:	[email protected]
File opened (read-only)	\??\E:	[email protected]
File opened (read-only)	\??\I:	[email protected]
File opened (read-only)	\??\L:	[email protected]
File opened (read-only)	\??\Q:	[email protected]
File opened (read-only)	\??\U:	[email protected]
File opened (read-only)	\??\H:	[email protected]
File opened (read-only)	\??\J:	[email protected]
File opened (read-only)	\??\M:	[email protected]
File opened (read-only)	\??\P:	[email protected]
File opened (read-only)	\??\V:	[email protected]
File opened (read-only)	\??\W:	[email protected]
File opened (read-only)	\??\X:	[email protected]
File opened (read-only)	\??\Z:	[email protected]
File opened (read-only)	\??\G:	[email protected]
File opened (read-only)	\??\R:	[email protected]
File opened (read-only)	\??\S:	[email protected]
File opened (read-only)	\??\T:	[email protected]
File opened (read-only)	\??\Y:	[email protected]
File opened (read-only)	\??\K:	[email protected]

Legitimate hosting services abused for malware hosting/C2 1 TTPs 10 IoCs

Web Service

T1102

flow	ioc
65	raw.githubusercontent.com
166	camo.githubusercontent.com
168	camo.githubusercontent.com
187	raw.githubusercontent.com
189	raw.githubusercontent.com
27	camo.githubusercontent.com
64	raw.githubusercontent.com
169	camo.githubusercontent.com
188	raw.githubusercontent.com
190	raw.githubusercontent.com

Writes to the Master Boot Record (MBR) 1 TTPs 2 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	[email protected]
File opened for modification	\??\PhysicalDrive0	[email protected]

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_folder-hover_32.svg.98B680B3D6399B0B71161AFCF614B21DE7B5651522E0BDDEF7B4DEA44E433028	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\en-us\PlayStore_icon.svg.98B680B3D6399B0B71161AFCF614B21DE7B5651522E0BDDEF7B4DEA44E433028	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\CourierStd.otf.98B680B3D6399B0B71161AFCF614B21DE7B5651522E0BDDEF7B4DEA44E433028	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\msvcp140.dll.98B680B3D6399B0B71161AFCF614B21DE7B5651522E0BDDEF7B4DEA44E433028	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\en-ae\ui-strings.js.98B680B3D6399B0B71161AFCF614B21DE7B5651522E0BDDEF7B4DEA44E433028	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\ui-strings.js.98B680B3D6399B0B71161AFCF614B21DE7B5651522E0BDDEF7B4DEA44E433028	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_folder-disabled_32.svg.98B680B3D6399B0B71161AFCF614B21DE7B5651522E0BDDEF7B4DEA44E433028	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\ja-jp\ui-strings.js.98B680B3D6399B0B71161AFCF614B21DE7B5651522E0BDDEF7B4DEA44E433028	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\css\main.css.98B680B3D6399B0B71161AFCF614B21DE7B5651522E0BDDEF7B4DEA44E433028	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\rna-main.js.98B680B3D6399B0B71161AFCF614B21DE7B5651522E0BDDEF7B4DEA44E433028	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\plugins\rhp\combinepdf-tool-view.js.98B680B3D6399B0B71161AFCF614B21DE7B5651522E0BDDEF7B4DEA44E433028	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\SearchEmail2x.png.98B680B3D6399B0B71161AFCF614B21DE7B5651522E0BDDEF7B4DEA44E433028	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\es-es\ui-strings.js.98B680B3D6399B0B71161AFCF614B21DE7B5651522E0BDDEF7B4DEA44E433028	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Trust Protection Lists\Mu\Other.98B680B3D6399B0B71161AFCF614B21DE7B5651522E0BDDEF7B4DEA44E433028	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.181.5\msedgeupdateres_sr-Latn-RS.dll.98B680B3D6399B0B71161AFCF614B21DE7B5651522E0BDDEF7B4DEA44E433028	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\IA32.api.98B680B3D6399B0B71161AFCF614B21DE7B5651522E0BDDEF7B4DEA44E433028	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\ui-strings.js.98B680B3D6399B0B71161AFCF614B21DE7B5651522E0BDDEF7B4DEA44E433028	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\sv-se\ui-strings.js.98B680B3D6399B0B71161AFCF614B21DE7B5651522E0BDDEF7B4DEA44E433028	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\zh-cn\ui-strings.js.98B680B3D6399B0B71161AFCF614B21DE7B5651522E0BDDEF7B4DEA44E433028	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\email\themes\dark\adobe_logo.png.98B680B3D6399B0B71161AFCF614B21DE7B5651522E0BDDEF7B4DEA44E433028	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\s_radio_selected_18.svg.98B680B3D6399B0B71161AFCF614B21DE7B5651522E0BDDEF7B4DEA44E433028	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\css\main.css.98B680B3D6399B0B71161AFCF614B21DE7B5651522E0BDDEF7B4DEA44E433028	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\fr-fr\ui-strings.js.98B680B3D6399B0B71161AFCF614B21DE7B5651522E0BDDEF7B4DEA44E433028	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win8-scrollbar\themes\dark\arrow-up.gif.98B680B3D6399B0B71161AFCF614B21DE7B5651522E0BDDEF7B4DEA44E433028	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\tool\selector.js.98B680B3D6399B0B71161AFCF614B21DE7B5651522E0BDDEF7B4DEA44E433028	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\files_icons.png.98B680B3D6399B0B71161AFCF614B21DE7B5651522E0BDDEF7B4DEA44E433028	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\Locales\pl.pak.DATA.98B680B3D6399B0B71161AFCF614B21DE7B5651522E0BDDEF7B4DEA44E433028	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\images\s_radio_unselected_18.svg.98B680B3D6399B0B71161AFCF614B21DE7B5651522E0BDDEF7B4DEA44E433028	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\example_icons.png.98B680B3D6399B0B71161AFCF614B21DE7B5651522E0BDDEF7B4DEA44E433028	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\themes\dark\share_icons.png.98B680B3D6399B0B71161AFCF614B21DE7B5651522E0BDDEF7B4DEA44E433028	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\zh-cn\ui-strings.js.98B680B3D6399B0B71161AFCF614B21DE7B5651522E0BDDEF7B4DEA44E433028	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\uk-ua\ui-strings.js.98B680B3D6399B0B71161AFCF614B21DE7B5651522E0BDDEF7B4DEA44E433028	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\pt-br\ui-strings.js.98B680B3D6399B0B71161AFCF614B21DE7B5651522E0BDDEF7B4DEA44E433028	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Trust Protection Lists\Sigma\Other.98B680B3D6399B0B71161AFCF614B21DE7B5651522E0BDDEF7B4DEA44E433028	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\VisualElements\SmallLogoCanary.png.98B680B3D6399B0B71161AFCF614B21DE7B5651522E0BDDEF7B4DEA44E433028	[email protected]
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagement\ja-JP\MSFT_PackageManagement.schema.mfl.98B680B3D6399B0B71161AFCF614B21DE7B5651522E0BDDEF7B4DEA44E433028	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\es-es\ui-strings.js.98B680B3D6399B0B71161AFCF614B21DE7B5651522E0BDDEF7B4DEA44E433028	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\images\themes\dark\checkmark-2x.png.98B680B3D6399B0B71161AFCF614B21DE7B5651522E0BDDEF7B4DEA44E433028	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\base_uris.js.98B680B3D6399B0B71161AFCF614B21DE7B5651522E0BDDEF7B4DEA44E433028	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\ja-jp\ui-strings.js.98B680B3D6399B0B71161AFCF614B21DE7B5651522E0BDDEF7B4DEA44E433028	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\add-comment-2x.png.98B680B3D6399B0B71161AFCF614B21DE7B5651522E0BDDEF7B4DEA44E433028	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\en-ae\ui-strings.js.98B680B3D6399B0B71161AFCF614B21DE7B5651522E0BDDEF7B4DEA44E433028	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Locales\nb.pak.98B680B3D6399B0B71161AFCF614B21DE7B5651522E0BDDEF7B4DEA44E433028	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\manifest.json.98B680B3D6399B0B71161AFCF614B21DE7B5651522E0BDDEF7B4DEA44E433028	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.181.5\msedgeupdateres_kn.dll.98B680B3D6399B0B71161AFCF614B21DE7B5651522E0BDDEF7B4DEA44E433028	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\main-cef-ui-theme.css.98B680B3D6399B0B71161AFCF614B21DE7B5651522E0BDDEF7B4DEA44E433028	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_proxy\internal.identity_helper.exe.manifest.98B680B3D6399B0B71161AFCF614B21DE7B5651522E0BDDEF7B4DEA44E433028	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\da-dk\ui-strings.js.98B680B3D6399B0B71161AFCF614B21DE7B5651522E0BDDEF7B4DEA44E433028	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\es-es\ui-strings.js.98B680B3D6399B0B71161AFCF614B21DE7B5651522E0BDDEF7B4DEA44E433028	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\zh-tw\ui-strings.js.98B680B3D6399B0B71161AFCF614B21DE7B5651522E0BDDEF7B4DEA44E433028	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\ui-strings.js.98B680B3D6399B0B71161AFCF614B21DE7B5651522E0BDDEF7B4DEA44E433028	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\fr-fr\ui-strings.js.98B680B3D6399B0B71161AFCF614B21DE7B5651522E0BDDEF7B4DEA44E433028	[email protected]
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\goopdate.dll.98B680B3D6399B0B71161AFCF614B21DE7B5651522E0BDDEF7B4DEA44E433028	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.181.5\msedgeupdateres_km.dll.98B680B3D6399B0B71161AFCF614B21DE7B5651522E0BDDEF7B4DEA44E433028	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\selection-actions2x.png.98B680B3D6399B0B71161AFCF614B21DE7B5651522E0BDDEF7B4DEA44E433028	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\nl-nl\ui-strings.js.98B680B3D6399B0B71161AFCF614B21DE7B5651522E0BDDEF7B4DEA44E433028	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\images\rhp_world_icon_hover_2x.png.98B680B3D6399B0B71161AFCF614B21DE7B5651522E0BDDEF7B4DEA44E433028	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\selector.js.98B680B3D6399B0B71161AFCF614B21DE7B5651522E0BDDEF7B4DEA44E433028	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\notification_helper.exe.98B680B3D6399B0B71161AFCF614B21DE7B5651522E0BDDEF7B4DEA44E433028	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\caution.svg.98B680B3D6399B0B71161AFCF614B21DE7B5651522E0BDDEF7B4DEA44E433028	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\MLModels\autofill_labeling_email.ort.98B680B3D6399B0B71161AFCF614B21DE7B5651522E0BDDEF7B4DEA44E433028	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\end_review.gif.98B680B3D6399B0B71161AFCF614B21DE7B5651522E0BDDEF7B4DEA44E433028	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_gridview_selected.svg.98B680B3D6399B0B71161AFCF614B21DE7B5651522E0BDDEF7B4DEA44E433028	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win8-scrollbar\themes\dark\arrow-right-pressed.gif.98B680B3D6399B0B71161AFCF614B21DE7B5651522E0BDDEF7B4DEA44E433028	[email protected]

Checks processor information in registry 2 TTPs 7 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	[email protected]
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	[email protected]

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133572371199305178"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings	chrome.exe

NTFS ADS 4 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\InfinityCrypt.zip:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\Krotten.zip:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\NoMoreRansom.zip:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\Petya.A.zip:Zone.Identifier	firefox.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2244	chrome.exe
2244	chrome.exe
3124	[email protected]
3124	[email protected]
3124	[email protected]
3124	[email protected]

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2244	chrome.exe
2244	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe

Suspicious use of FindShellTrayWindow 50 IoCs

pid	Process
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
1908	[email protected]
1908	[email protected]
1908	[email protected]
2244	chrome.exe
1908	[email protected]
1908	[email protected]
1908	[email protected]
1908	[email protected]
1908	[email protected]
2488	firefox.exe
2488	firefox.exe
2488	firefox.exe
2488	firefox.exe
2488	firefox.exe
2488	firefox.exe
2488	firefox.exe
2488	firefox.exe

Suspicious use of SendNotifyMessage 38 IoCs

pid	Process
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
1908	[email protected]
1908	[email protected]
1908	[email protected]
1908	[email protected]
1908	[email protected]
1908	[email protected]
1908	[email protected]
2488	firefox.exe
2488	firefox.exe
2488	firefox.exe
2488	firefox.exe
2488	firefox.exe
2488	firefox.exe
2488	firefox.exe

Suspicious use of SetWindowsHookEx 19 IoCs

pid	Process
1908	[email protected]
1908	[email protected]
2488	firefox.exe
2488	firefox.exe
2488	firefox.exe
2488	firefox.exe
2488	firefox.exe
2488	firefox.exe
2488	firefox.exe
2488	firefox.exe
2488	firefox.exe
2488	firefox.exe
2488	firefox.exe
2488	firefox.exe
2488	firefox.exe
2488	firefox.exe
2488	firefox.exe
2488	firefox.exe
3936	[email protected]

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2244 wrote to memory of 424	2244	chrome.exe	84
PID 2244 wrote to memory of 424	2244	chrome.exe	84
PID 2244 wrote to memory of 2404	2244	chrome.exe	86
PID 2244 wrote to memory of 2404	2244	chrome.exe	86
PID 2244 wrote to memory of 2404	2244	chrome.exe	86
PID 2244 wrote to memory of 2404	2244	chrome.exe	86
PID 2244 wrote to memory of 2404	2244	chrome.exe	86
PID 2244 wrote to memory of 2404	2244	chrome.exe	86
PID 2244 wrote to memory of 2404	2244	chrome.exe	86
PID 2244 wrote to memory of 2404	2244	chrome.exe	86
PID 2244 wrote to memory of 2404	2244	chrome.exe	86
PID 2244 wrote to memory of 2404	2244	chrome.exe	86
PID 2244 wrote to memory of 2404	2244	chrome.exe	86
PID 2244 wrote to memory of 2404	2244	chrome.exe	86
PID 2244 wrote to memory of 2404	2244	chrome.exe	86
PID 2244 wrote to memory of 2404	2244	chrome.exe	86
PID 2244 wrote to memory of 2404	2244	chrome.exe	86
PID 2244 wrote to memory of 2404	2244	chrome.exe	86
PID 2244 wrote to memory of 2404	2244	chrome.exe	86
PID 2244 wrote to memory of 2404	2244	chrome.exe	86
PID 2244 wrote to memory of 2404	2244	chrome.exe	86
PID 2244 wrote to memory of 2404	2244	chrome.exe	86
PID 2244 wrote to memory of 2404	2244	chrome.exe	86
PID 2244 wrote to memory of 2404	2244	chrome.exe	86
PID 2244 wrote to memory of 2404	2244	chrome.exe	86
PID 2244 wrote to memory of 2404	2244	chrome.exe	86
PID 2244 wrote to memory of 2404	2244	chrome.exe	86
PID 2244 wrote to memory of 2404	2244	chrome.exe	86
PID 2244 wrote to memory of 2404	2244	chrome.exe	86
PID 2244 wrote to memory of 2404	2244	chrome.exe	86
PID 2244 wrote to memory of 2404	2244	chrome.exe	86
PID 2244 wrote to memory of 2404	2244	chrome.exe	86
PID 2244 wrote to memory of 2404	2244	chrome.exe	86
PID 2244 wrote to memory of 2404	2244	chrome.exe	86
PID 2244 wrote to memory of 2404	2244	chrome.exe	86
PID 2244 wrote to memory of 2404	2244	chrome.exe	86
PID 2244 wrote to memory of 2404	2244	chrome.exe	86
PID 2244 wrote to memory of 2404	2244	chrome.exe	86
PID 2244 wrote to memory of 2404	2244	chrome.exe	86
PID 2244 wrote to memory of 2404	2244	chrome.exe	86
PID 2244 wrote to memory of 2684	2244	chrome.exe	87
PID 2244 wrote to memory of 2684	2244	chrome.exe	87
PID 2244 wrote to memory of 1272	2244	chrome.exe	88
PID 2244 wrote to memory of 1272	2244	chrome.exe	88
PID 2244 wrote to memory of 1272	2244	chrome.exe	88
PID 2244 wrote to memory of 1272	2244	chrome.exe	88
PID 2244 wrote to memory of 1272	2244	chrome.exe	88
PID 2244 wrote to memory of 1272	2244	chrome.exe	88
PID 2244 wrote to memory of 1272	2244	chrome.exe	88
PID 2244 wrote to memory of 1272	2244	chrome.exe	88
PID 2244 wrote to memory of 1272	2244	chrome.exe	88
PID 2244 wrote to memory of 1272	2244	chrome.exe	88
PID 2244 wrote to memory of 1272	2244	chrome.exe	88
PID 2244 wrote to memory of 1272	2244	chrome.exe	88
PID 2244 wrote to memory of 1272	2244	chrome.exe	88
PID 2244 wrote to memory of 1272	2244	chrome.exe	88
PID 2244 wrote to memory of 1272	2244	chrome.exe	88
PID 2244 wrote to memory of 1272	2244	chrome.exe	88
PID 2244 wrote to memory of 1272	2244	chrome.exe	88
PID 2244 wrote to memory of 1272	2244	chrome.exe	88
PID 2244 wrote to memory of 1272	2244	chrome.exe	88
PID 2244 wrote to memory of 1272	2244	chrome.exe	88
PID 2244 wrote to memory of 1272	2244	chrome.exe	88
PID 2244 wrote to memory of 1272	2244	chrome.exe	88

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/Endermanch/MalwareDatabase
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe96389758,0x7ffe96389768,0x7ffe96389778
  2⤵
  PID:424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1752 --field-trial-handle=1880,i,5373956723008407141,6177185630831935626,131072 /prefetch:2
  2⤵
  PID:2404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1880,i,5373956723008407141,6177185630831935626,131072 /prefetch:8
  2⤵
  PID:2684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2240 --field-trial-handle=1880,i,5373956723008407141,6177185630831935626,131072 /prefetch:8
  2⤵
  PID:1272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2768 --field-trial-handle=1880,i,5373956723008407141,6177185630831935626,131072 /prefetch:1
  2⤵
  PID:4996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2776 --field-trial-handle=1880,i,5373956723008407141,6177185630831935626,131072 /prefetch:1
  2⤵
  PID:4624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5368 --field-trial-handle=1880,i,5373956723008407141,6177185630831935626,131072 /prefetch:8
  2⤵
  PID:2444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4644 --field-trial-handle=1880,i,5373956723008407141,6177185630831935626,131072 /prefetch:8
  2⤵
  PID:4612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4040 --field-trial-handle=1880,i,5373956723008407141,6177185630831935626,131072 /prefetch:8
  2⤵
  PID:1728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5540 --field-trial-handle=1880,i,5373956723008407141,6177185630831935626,131072 /prefetch:8
  2⤵
  PID:1356

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4604

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5040

C:\Users\Admin\AppData\Local\Temp\Temp1_Antivirus Pro 2017.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp1_Antivirus Pro 2017.zip\[email protected]"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Writes to the Master Boot Record (MBR)
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1908

C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\2a212afc0ff44a1fa8a71c3e0d56992c /t 4404 /p 1908
1⤵
PID:2800

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:864
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:2488
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2488.0.125854233\649150770" -parentBuildID 20221007134813 -prefsHandle 1900 -prefMapHandle 1892 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0a402287-0b0a-464d-b82b-1988c1610d26} 2488 "\\.\pipe\gecko-crash-server-pipe.2488" 1980 2116a8f1b58 gpu
    3⤵
    PID:3876
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2488.1.2018983097\1263917148" -parentBuildID 20221007134813 -prefsHandle 2368 -prefMapHandle 2364 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f7816275-9f85-4477-922a-6b0b8e26c86a} 2488 "\\.\pipe\gecko-crash-server-pipe.2488" 2380 2116a5fa558 socket
    3⤵
    PID:4860
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2488.2.1800608514\851881157" -childID 1 -isForBrowser -prefsHandle 3164 -prefMapHandle 3000 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {49d95547-c075-4f09-a509-74afb154cbe1} 2488 "\\.\pipe\gecko-crash-server-pipe.2488" 3388 2116e8a4d58 tab
    3⤵
    PID:4196
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2488.3.981990169\1901733418" -childID 2 -isForBrowser -prefsHandle 3640 -prefMapHandle 3636 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {84161942-54d9-4f0c-8dd8-cacb4b7b870a} 2488 "\\.\pipe\gecko-crash-server-pipe.2488" 3652 2115dd62558 tab
    3⤵
    PID:968
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2488.4.86680264\1187458349" -childID 3 -isForBrowser -prefsHandle 4172 -prefMapHandle 4152 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ec0e7900-f17a-4051-9f21-ee4f3bbd4529} 2488 "\\.\pipe\gecko-crash-server-pipe.2488" 3636 211706dab58 tab
    3⤵
    PID:4032
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2488.5.926057966\2079139431" -childID 4 -isForBrowser -prefsHandle 5204 -prefMapHandle 5200 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cd71159f-35bb-4387-aebc-9e893e9c45c1} 2488 "\\.\pipe\gecko-crash-server-pipe.2488" 5220 21170c8ff58 tab
    3⤵
    PID:3752
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2488.6.1680396748\1912598743" -childID 5 -isForBrowser -prefsHandle 5308 -prefMapHandle 5312 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c566afff-ae1f-46d7-b910-f656d12b52ee} 2488 "\\.\pipe\gecko-crash-server-pipe.2488" 5300 21170f8a558 tab
    3⤵
    PID:1564
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2488.7.595147648\102774719" -childID 6 -isForBrowser -prefsHandle 5500 -prefMapHandle 5504 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a6914e19-ddbe-4969-a84e-698470778ad4} 2488 "\\.\pipe\gecko-crash-server-pipe.2488" 5584 21170f8cc58 tab
    3⤵
    PID:2948
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2488.8.744644725\1400804776" -childID 7 -isForBrowser -prefsHandle 5968 -prefMapHandle 5960 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6e6f2e20-4624-4c60-8078-03c72ece95f8} 2488 "\\.\pipe\gecko-crash-server-pipe.2488" 5988 21172977c58 tab
    3⤵
    PID:3708
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2488.9.135754300\837509787" -childID 8 -isForBrowser -prefsHandle 4908 -prefMapHandle 5920 -prefsLen 26646 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8838e73d-727e-4a32-ada9-4efacd7b6a5a} 2488 "\\.\pipe\gecko-crash-server-pipe.2488" 5064 21172d98c58 tab
    3⤵
    PID:4232

C:\Users\Admin\AppData\Local\Temp\Temp1_InfinityCrypt.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp1_InfinityCrypt.zip\[email protected]"
1⤵
- Drops file in Program Files directory
- Checks processor information in registry
PID:664

C:\Users\Admin\AppData\Local\Temp\Temp1_NoMoreRansom.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp1_NoMoreRansom.zip\[email protected]"
1⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
PID:3124

C:\Users\Admin\AppData\Local\Temp\Temp1_Petya.A.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp1_Petya.A.zip\[email protected]"
1⤵
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx
PID:3936

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\icudtl.dat.98B680B3D6399B0B71161AFCF614B21DE7B5651522E0BDDEF7B4DEA44E433028

Filesize
16B

MD5
de7da3ecec26515e5bcac07bbcbb95f2

SHA1
d6d78281919d78939f480a2996db376ae6fa29bb

SHA256
310dbf3eac37f156ef29929fa8ae9a91e02b6b285846f63d8b9aa7b8c5050f1b

SHA512
941bba64ece20cbf0723a2ad43052b44a25921be9d4468c74db46a59098b9896e9c952acbd0bdeb7bb1a48bd64a8e8a5bc3ee2077a1b2a623d3ce7d292b1073e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_remove_18.svg.98B680B3D6399B0B71161AFCF614B21DE7B5651522E0BDDEF7B4DEA44E433028

Filesize
720B

MD5
c2596ab7941e77fa9cb40aba0e2e6db8

SHA1
97c887b40ee3250a85e8f253bf388b010870d06c

SHA256
eea9eb41391403bedac54ba2d2e62f97526cbdd5a0da9368ed11e7e989ac61a3

SHA512
f0bb2e94259102be3a60463e055aa5a31fbb418cc8b25428c555d7c4091c3adc165ba5c5788583b8bffe4ac42d70178b1359853530e9b6235a8043f3af5d0d5b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons.png.98B680B3D6399B0B71161AFCF614B21DE7B5651522E0BDDEF7B4DEA44E433028

Filesize
688B

MD5
f79de0d2602f17a41d7d7a57ce8a4622

SHA1
24ca9dbc0b4408e3d67acb735c4134639c86baf4

SHA256
0495740606f1c0b814422ddbe55e7825c84e92d2896737d8cbe40c09a07f76b5

SHA512
d3de5b73cf40aaf245fe08bef3c64d3492d1c9cd1be4807d3ba4d2300c252c9d7297ac7d330299aae50411833955219c2b25a1fcf26acfb49de9685e5011c2e0

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons2x.png.98B680B3D6399B0B71161AFCF614B21DE7B5651522E0BDDEF7B4DEA44E433028

Filesize
1KB

MD5
93960373c846d8cc3a77cdb9937df7de

SHA1
9326361d8676887dd93b043694665980d30224ea

SHA256
cf7eb24736ed6bef01d915c4f57115b480fb74641c9a26ce21995113e6df2a11

SHA512
a8312109bfd1cf8a7dce43df988f47b6d84427954ae7e90dd92dee069fed736e5dd3d86fb5dea2425acb2792bf71c3d1f4dd9d141704b60aca69853b008d55fe

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon.png.98B680B3D6399B0B71161AFCF614B21DE7B5651522E0BDDEF7B4DEA44E433028

Filesize
448B

MD5
8da2e42418a35decffc2c8195dd24eba

SHA1
fc39e9ce9162a3e05dc642872f0c5331247abd71

SHA256
85999ba351e916cccd160289582f51911fc4edf44c3e1dabd394b6c8964e03ef

SHA512
94672b8ee93dff0510d940ba101f8ea2f4f07975444c69c7f96d5b50d1e33fffa24b34ab79df68b596abfdb24a240d9c19c98051e1837c016eabe10805da4842

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_2x.png.98B680B3D6399B0B71161AFCF614B21DE7B5651522E0BDDEF7B4DEA44E433028

Filesize
624B

MD5
e35740d30d9edd9060b5a999bc07a0b3

SHA1
8b505ce0fbc2ee10594d3332b1aac277cc3307b9

SHA256
d0d7aa2fc3cffffa0aab75187c9e2c85005a587eadf8aadecbd92eeca7cf889d

SHA512
7649bf00b539c72e0de0510eb7e6f3cf74e1e34328c9661575f6117355a69d5b5105890463ce6f665ca775968c9d92991acce679351d46998bfc36c7dee24b01

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover.png.98B680B3D6399B0B71161AFCF614B21DE7B5651522E0BDDEF7B4DEA44E433028

Filesize
400B

MD5
362ec6b1bba84571967cd20d15c8bc7b

SHA1
d3cb9a0168f766fc97d38537c041b6919000b441

SHA256
8fd6b4c40d4dc0915bd2ac9aadb974b438b9adbb540ba27446f4ddf7d3e930b3

SHA512
e933036664603e8247b19880fd2c37bb125b6ea5efb9a9e01d0bfa3408fc7bff86c007756129e96a9cb0d98809435e769b5d92af12dc1f82d731b2a5efc6e36c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover_2x.png.98B680B3D6399B0B71161AFCF614B21DE7B5651522E0BDDEF7B4DEA44E433028

Filesize
560B

MD5
deeb5ce9e53ea7c5cdefccf03bb2ec22

SHA1
299556465baca8c6f5a0fb5f4e6530aa4e53eafe

SHA256
559bc23f651015acc078722cf4b8e47aad2bc5c8d34560c5e26a3f9872d6a87a

SHA512
9e7f801774eb25ec58194268c7b81f00a076bb6f79d46e270f7a995b4abc860583d0ea88e5ef7f27aafbf983c0569b6a411f65815ba91d71b34ca2ca7a901333

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon.png.98B680B3D6399B0B71161AFCF614B21DE7B5651522E0BDDEF7B4DEA44E433028

Filesize
400B

MD5
84a4b7c7c044766ffa7cfddf881bf521

SHA1
26ce37cce77d626f59f58ebcd094df17f677a27e

SHA256
83b702cf755fe4fc123ef74957745c13ca2c1fb48ebb69965d65ad19161f7cc4

SHA512
059187e2fbea34dce99d6352e82324d3714130e1e7ec7c61fc59266d157efc02fa5a68093e194209a289d744dfdb32bf166e83fd5e59a56f55c48a1fd9e0faec

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png.98B680B3D6399B0B71161AFCF614B21DE7B5651522E0BDDEF7B4DEA44E433028

Filesize
560B

MD5
1be78ea70922921a17fc03464afa185e

SHA1
26c691ea5948f56b9e7cf3f52de5786961736353

SHA256
feb20a8bf32fbcf7c70e50bb68d449a505cd213943e304c440d758a6f5013573

SHA512
00c9fa695ce42c5907adc5ded5bfd02fbe550f8fad709a5d52d44b76d44cfa61019ca7bb109478f5c13ad1254f34ed7dd8a9135e5790af258e00d370e682500b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png.98B680B3D6399B0B71161AFCF614B21DE7B5651522E0BDDEF7B4DEA44E433028

Filesize
400B

MD5
98b517d17cfa83d0bc05b1f78ed9ecf5

SHA1
4e9759b901a89994130c4f2aed9c35d630c996cf

SHA256
b128df16bdc09d417a76b550917d4adfa3cb36d04185c939b3563218e13accc0

SHA512
6d21ecd95a056a1fb21b83dacfa23bf9f964734e95476dbe37583a4bc1e51fcb4be34f6095f6f16212c04dfd58b75e8d2461b5312b50c9ef73c5f1de54ef3c66

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png.98B680B3D6399B0B71161AFCF614B21DE7B5651522E0BDDEF7B4DEA44E433028

Filesize
560B

MD5
750e97fb90228e01ba49aa8834d5faee

SHA1
9a1dc5f2b73f192af510570b8591b67aafc40aeb

SHA256
46738ac8eedd1c6cfc8a5097cdc4325bcaf2e8197e9b6b162792c417fe999b63

SHA512
d329d5fbc3993c2cad03f0ca6bc00336bddea54c5c5bffece2838168454a060b9f1fdd0e3baf745c127567f5f35d77b723993faadebad7265ad3194bd41e910c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons.png.98B680B3D6399B0B71161AFCF614B21DE7B5651522E0BDDEF7B4DEA44E433028

Filesize
7KB

MD5
e18e0b41d61569167b814577702d7060

SHA1
0af77fd6388a543dadf9fca8553c937b30837c89

SHA256
06ee7d9bc93e831a112bc8e22519a5a7352da44319f7dd7cb36b7b98dc345740

SHA512
37364eb0fc3c358688c8688184fab0025c6d1a74fdad6a6a35b7fbc28b32d32bc5ae6a3d66e23dca88ec4ea763612d3d90afc10f3e83d9db8431dbf22b3d4407

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_ie8.gif.98B680B3D6399B0B71161AFCF614B21DE7B5651522E0BDDEF7B4DEA44E433028

Filesize
7KB

MD5
9b796b7958adcb686f513a444202259d

SHA1
8edf21728d14faa6869f5e52e0e27263451bce0b

SHA256
5baaa0686c6ed6cf3ed47ae026196910b1f9b9f82940d7db1716e20bde259d87

SHA512
b41ae08197eacfc56fa2b09416d0a92d19f414892b71e5be2fb5a4454624deb8ffff415147c92078d938ebb5772b4e81388672fb7df7a83257c74430fc4aeefe

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_retina.png.98B680B3D6399B0B71161AFCF614B21DE7B5651522E0BDDEF7B4DEA44E433028

Filesize
15KB

MD5
1516ca3e0795faefba88c69789a5e90f

SHA1
289958eef3c68b5b0c838fc94c4542fd1409ca42

SHA256
197d3628c833631d728a615b7dafc657380888bfeed194ac9f557a849510e3d1

SHA512
563e0e5df769e1df6c459eff5465ed209875756424303194bcb4f41c699e13b89630f2f26695c3e35d6fd0fb71dbdef99e732fa0c0056ef53538e81e7585e601

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons.png.98B680B3D6399B0B71161AFCF614B21DE7B5651522E0BDDEF7B4DEA44E433028

Filesize
8KB

MD5
01029788bb4a41dfd46f53efeb96acbf

SHA1
4257d6c6f409d1867596efd2f5ef4b386f04ed55

SHA256
f89a6980a0bfac69aa61b3ae1e9c8b455d4b1fbdc09bcaaca47894decf7eda40

SHA512
30c308b5c43a6d7cc25b6a2094a498a10f37bc4a5883fea9c05eba5ee9bfdec0fbd28ec2b86a967a94979fea811c098f1197ef538709609142a369492059f96a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons_retina.png.98B680B3D6399B0B71161AFCF614B21DE7B5651522E0BDDEF7B4DEA44E433028

Filesize
17KB

MD5
40294e2dffc29adab1e6f727188b95b9

SHA1
d107e6218847eda82547c40b7b338b37a7b4bfe7

SHA256
6f9fc8149a81c1505494e868b0bebdec701c50436a2ec4c5f96f663ad96aea55

SHA512
269bca86c9309fe8dceee9bdfebe422cecc0dbe1bd6f8ba614c980c8c39d547b6899956858cf6448592e5911fae3686d04f9bcd4312198f668b31268a37d1a6c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_pattern_RHP.png.98B680B3D6399B0B71161AFCF614B21DE7B5651522E0BDDEF7B4DEA44E433028

Filesize
192B

MD5
5ddbfa12cf284fa0b3a57a818f4f8ec0

SHA1
f4e5d7d2bf1f7474d88048baa7a3f70e990019bf

SHA256
58699d1247d3ba6cf7dd3f8433a1100fffb0fe12fd8a56c57e9c5e57fb4e7cca

SHA512
bfd39e4d86091e8740ad698e5a1bfa17d004b32a923d1b3ce951a7c6979806349fc01ef7327f61933a77ba106245ac875b2aa6569237c450c8b343dc13780a8b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_patterns_header.png.98B680B3D6399B0B71161AFCF614B21DE7B5651522E0BDDEF7B4DEA44E433028

Filesize
704B

MD5
2f174dd34faf1e0bcde2c18bbde12702

SHA1
c0130ae2e6b2c6a7e2895ecf1ff7b68cb7aa5fce

SHA256
0df4b1929689bfe196c8362cae68458fc251f7329a6f22f8112c5a3859218fdf

SHA512
695f8751a59382aaf4fe2b8098972a6efff4f91f70010f8b020e4370acf87f6b17cbad2dd4fd35db9b5b49cc19178cbd62719149e2fcda576bc00f95ab6579e6

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations.png.98B680B3D6399B0B71161AFCF614B21DE7B5651522E0BDDEF7B4DEA44E433028

Filesize
8KB

MD5
88ffc392ca227fdb445c371ffe579921

SHA1
3a6902fa69e370ee6fe5a0e41c5f7f96194dfc46

SHA256
b7c272646a7e20f5b6d1021ac5507ee2491662826e132cbe2bcc234fb0bd39fb

SHA512
08a50356a2c3856a75dc4f47cc8e7b7a6d5e528ff16db19084cd7b9864371be1b4063352090433f578a21f81477a9abfd70b5cb4625b2ca7f4854ea979f3d422

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations_retina.png.98B680B3D6399B0B71161AFCF614B21DE7B5651522E0BDDEF7B4DEA44E433028

Filesize
19KB

MD5
f9455361674e9075fe51821a5ca9718d

SHA1
f5b58bb0bccecf8872a4724c92f0b7975a225798

SHA256
650403d602300d6d9cca8fe23514934ca6d0ae2719e94bbc5a824fa73924bf24

SHA512
52194710bbc21694d78b35df5b894ddca0ec47232c368e603cde2c05571fd1acef53ce0329ed7b5cb150f064f984ea72ac094ebfe200c047e65a471d9030cd73

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-gb\ui-strings.js.98B680B3D6399B0B71161AFCF614B21DE7B5651522E0BDDEF7B4DEA44E433028

Filesize
832B

MD5
7db23e818a47abde19ad4ce52cd9f1fc

SHA1
0d903a8b8bf96aa6ffb9a2ae438aad017e9fa039

SHA256
067565c17250f192a3c84a7120130936b66ea5cc05fe31488179d054a58309e3

SHA512
616e9587c9f91b00067a95f1237302847c0a413d45380ad25d60bc432e3102bc532460fb7f2150510c4569359c9816fb30a9df959cf150ed214afb6cc4ac9684

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ui-strings.js.98B680B3D6399B0B71161AFCF614B21DE7B5651522E0BDDEF7B4DEA44E433028

Filesize
1KB

MD5
725e75ed9c3d13a93ed34f6c92c9b823

SHA1
6b408d95541662c7f66c397e247fb4a5d0734785

SHA256
7f4b7b610f5992ffb46cc6d5bfefbd380e8bebff61cd20c7aed8743a965890e2

SHA512
8aeb214e8f71b1bd6609d8182112470d0e7c55de4a65ed6a0e8b7adab15288ccec003e326cadc8d723b577ae9ca185f7654e3b0364375c7c05ad7a64641e515a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ui-strings.js.98B680B3D6399B0B71161AFCF614B21DE7B5651522E0BDDEF7B4DEA44E433028

Filesize
1KB

MD5
27a88deee504f3ce7aee3d626dd70281

SHA1
8513f5bf50bbd647511a1484377a11ad22e5d754

SHA256
48e556b383c88dd5b06e4ea671ce317f5b83573fc0360a5947f768d36567546c

SHA512
d0903264793f8220f793bcf2ef98322873990eec8c9b4f1d8dc797794213252112b50a5ab2376f42faa7e1d892d99581e82e335bc64b150b6183d06252ca9aed

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\css\main.css.98B680B3D6399B0B71161AFCF614B21DE7B5651522E0BDDEF7B4DEA44E433028

Filesize
816B

MD5
1269a63f920de3f83c1cbd9d807cf587

SHA1
6a1596ce16b2f40befcad24b1eafe6005da4e110

SHA256
bb64f6d013a7460b6fb52f624ddd9e8a81916442dd5231f8e146d54096d2ef3f

SHA512
dbca88c8cab75c21ffe1e379ba3938287ccb84a807c7525e33e3d6883a661d1801a26b8036feb1e1514aa1baff17e7c81ca1dcd9dbc19a86558b100b5dbc0719

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\bun.png.98B680B3D6399B0B71161AFCF614B21DE7B5651522E0BDDEF7B4DEA44E433028

Filesize
2KB

MD5
b2fbe0544f997e7c826571f97fcb0020

SHA1
002cefc9c944729f446c2448c2d10dace583776d

SHA256
a493ff711bb875d998fa9228614912dd413d7efe8d0e98ad6ad2fc49fae7620d

SHA512
5d0ffbdacde4d4ee82008da1a3801fb2d28ee41dc7815b30e5448734bd633b6b000b9c6fc9422510d38e211798d0571977a91f457151bd22ce4d6bb557095989

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview.png.98B680B3D6399B0B71161AFCF614B21DE7B5651522E0BDDEF7B4DEA44E433028

Filesize
2KB

MD5
d6dec1d93d540463bdc8cbda68d41d52

SHA1
fd2706b34e876b9c3901f343a23520e2df9d29ab

SHA256
f4c6789c93acfb4e471a2ebebe5fe1a0c65297d7ad7b823e94261c156f9e84ef

SHA512
0df45213a26cbb71396ae1ba7a8a1c42bf7824069c712433e122073c1b1c980259adb1dbe69c99b876a995a6e6ff368e299bda697f41eaa4377db66c802c9a2d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview2x.png.98B680B3D6399B0B71161AFCF614B21DE7B5651522E0BDDEF7B4DEA44E433028

Filesize
4KB

MD5
71e19a7c53d00f592ea806f11688e372

SHA1
eab75ca86715ae3468adbffcc7d59170eb47a14e

SHA256
4a79024bebe82a31213207a079fd1a66945ee88545f4951a7d29c66d760e097d

SHA512
5c3bdf6b659d00d425b7967cfba4e7bd9633805f3be24f300a235dbe86ba4dfbbafca79da979525a15f01b139cac11747c495560b2e7e555606a679b13187c1a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small.png.98B680B3D6399B0B71161AFCF614B21DE7B5651522E0BDDEF7B4DEA44E433028

Filesize
304B

MD5
c29c9d99063a211248524b8b5b8b168d

SHA1
1e58bd926feff22a4856c19fc35b10437b567b45

SHA256
3b8ffa0b409a4eb53f77f461c47b5d86a4d1d93d9318f330d7986c537af361e3

SHA512
cf258ab63d09091381891518178b3d4c68f378e8254d36fbd98a8bd6fbe86648c27a410a625d351ce2f0ef34c4872692caa49febde08c4faf57b4591c9881c03

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small2x.png.98B680B3D6399B0B71161AFCF614B21DE7B5651522E0BDDEF7B4DEA44E433028

Filesize
400B

MD5
0efe7be7a217f480e65b26524f1f73ed

SHA1
f5faac87b768b0bf91788e281c78c6a500000d9e

SHA256
a46dd47c79d6829e3a0061ece4875bdfd0fc93ec73580fcd63c88a8a8f5eb763

SHA512
a706c71814b9c3b2d78c7aea56da14131ad5d5d0fce2ab843f6f2a52e0759287920de0c7722b3de0d70dfca747def36b6e0fef25de5f3d2d8f643033d6132f7c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\nub.png.98B680B3D6399B0B71161AFCF614B21DE7B5651522E0BDDEF7B4DEA44E433028

Filesize
1008B

MD5
54f4fd6e7c50a57c077852711de6979f

SHA1
da646c8b0eedacf9da08b2babe7ea2abe2ab2f99

SHA256
fbf67d2f501a2612447d5185eb1eac0d8e50fa10a58998b0f3a04bb12bad8f10

SHA512
5836fcc517130364174bafac20b8e1eb413607dce72cb6b150bcc09d2e60d97e6d8db1688b63086a724c485e7d31c068e1910dcb1cd263576ab9fed5e73a4fbb

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons.png.98B680B3D6399B0B71161AFCF614B21DE7B5651522E0BDDEF7B4DEA44E433028

Filesize
1KB

MD5
4d6807bdd6af0de2648418bfdcf64b5f

SHA1
0fb52ed1ca8cba50d376d304b51196c84a2fb7bc

SHA256
3a5d61da0277c334dd96e551b314d9eedaf4bb9c66abac591fc563be681a4854

SHA512
97b8661da100a315a132a201e7f57338bb1292faff8fc295aa689f9044a42c8fb491893e1380e865ac1933583a06a55d6522578770b7d7b0086510d8f89d91e2

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons2x.png.98B680B3D6399B0B71161AFCF614B21DE7B5651522E0BDDEF7B4DEA44E433028

Filesize
2KB

MD5
639e7b88a550e497ed0665525aeeb33b

SHA1
21074d19b95981d8d07cfc440c83e96e9d4f0877

SHA256
f1101116c9d1e03dd2857a428ea10b6463cb64cf415c9c4f8547175e0741ffe6

SHA512
21527655a849a86867574fd4ed59d12c2dec74073d8bcdec4d0c219d3656e27dc1022c825fa28f1ffd721f678cfa1aef167b162fafc2848270846a3601be2e4a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\nl-nl\ui-strings.js.98B680B3D6399B0B71161AFCF614B21DE7B5651522E0BDDEF7B4DEA44E433028

Filesize
848B

MD5
a8f582645930f9f2511a6d03281d453a

SHA1
a797de329a69fbb66196c0e4932219498bc413cc

SHA256
e920041040df6fcde773d3e97c5bba9bf7046b68be0951b63d7afb498cdbdb4d

SHA512
461465425c40129741646bbf8d4901316c59019240311cdde91a13e4fc69b2cb8ee62b5e3fffade27f261fb9db1dae65ada18400beb4e370ced002e2cd1dfc7d

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.98B680B3D6399B0B71161AFCF614B21DE7B5651522E0BDDEF7B4DEA44E433028

Filesize
32KB

MD5
df0628f54524157b0465fd32bf6e1aec

SHA1
72b16f52990055ce6fe34338cd18fc8a83d49c94

SHA256
ecdce63a7b3c946f7010495ea6744a1edfd3ff5fc53f294dfcc0f558a40f6096

SHA512
cdb02194bffc613d2f7a554497366b72e081e95ce01fe10b9be375c64a5284d64f3e5199025e300e7fb87be4a68d5c7c1d1a2f578f2ce089b896a2994bf8432c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
aff76136ae11708947f61a2342fedb81

SHA1
75956a7c0dbc1abd6966523fa54d0eb69c060f12

SHA256
d0059f16d2cb98e4aa663a0f55781da3b9a88db43af6dacd9432acdae2a009b1

SHA512
06dc2260b570c4de43b62100f6711bdf1165b7431570e434f5aeae3d062c6f5a644feee660a2201a8a6c1a1e38c74d7b5df8cb8fcbbb3cbcf7d6a2739d8d2374

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
49f5b53c64f35290667298a35d17cda7

SHA1
c72ed4130710b80919ed623a413c24bc45bed72b

SHA256
c5a92cf477027698e75fb05eaf3abc0ba11d34dce8f4e36e13adab49e3aee07d

SHA512
18a3074cefee5a8595fc9304a1eba9027e7ddc7306fb9be1da50fa9c29afb4e1eab1626f933e32ff3853870214c0ef2e02c3b99c97fa1f1b0c9ae9667fef649e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
d87b352188363cc3edbf31209d533e51

SHA1
e71e9f9117cc64e3a1e18d9b01c6d8b073f573cd

SHA256
0d2ad70dde06c6f0eb73454f6cea07a1a2f2ca6ad7a19e73fb5b17038c463d18

SHA512
254b3e8c553ef0fb2e4791ad87e7f9f4c1605d97b83abc9845868043f66f33d301b371f17f63cddd733cceb6726c6e1e0c53406551bc7ec70b871c3130c5a053

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
3d049e002c4779c22867aef5dfe80056

SHA1
ac7b05c2812623ff2f06563404c2ea2737e3c88e

SHA256
945c4e51f58ab89f21a6c24b0c14ac45baed0a1c07ac67f3c17abb5e10133e2a

SHA512
a605a12dd54d9a173f07d7e5174587cbabaa8d5089674b1d38cffd4f2052463405726edacfc1aca6f120e6f2ae5f783f47482bdddf304426c48b35aa8127ba93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
64d43b6b4159c87d4b790648147c9dba

SHA1
a16f61999d4240da5f2ac64b35bae5594de63f66

SHA256
4d8278e59963833403fa0b26fade54a6b7d0ead1bf47cec3b7b8ca8e74b0bb72

SHA512
a950d88de8785820825d523d67ff2ef27436072274bd1a1f3d66898d4a1fd2b278a28fddf844eeaee09f7c8bdfb9d3ad554154437631716eee32f060e1607ba3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\c2a27c30-0560-4da2-8396-240f9f1f0bff.tmp

Filesize
1KB

MD5
dd319605b18f32949976818dd05e73e2

SHA1
e00743436561133e0b765dc2d643b2dc3551af36

SHA256
99dec1e0399687454fabe9a0d7a7277ff3e2d83beec48f426b5cd25985934869

SHA512
234fa5c8d746667420177756256dfb184b7010de96bb91a58d870cdeac6ae9ff1f05755488d3670bb848138c3e29976d346d501b8573e0e8b5ea1dd92c159b37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
c7c74678f1f418e6df8c2092456edce6

SHA1
a371d621264d16cb45d9e07a750bd1844af16705

SHA256
86ba4e39ead0d4fe6bd88fe1c7c5ef853380a6cb86b4eee03a41582587ce0603

SHA512
ec6cd8330d8ad0220700cc53134e6e86b1f1db15579071f1f715dc22034144a100857a339497a2a1638e757c8d5f2efe82e8db387c898f1c0ae3cf2f92973697

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
cab7597f4376d81d8f0dc7e2271297c4

SHA1
a306aff127e325a4e5f3ba5c3e6c01330a4cee60

SHA256
4d5760848d2ad054d1dbc22b68a63a64f691b0124fcd334ca9c298e2ae64a0ae

SHA512
561f8cbed9e87924851d9d1b370025cb523261f71aba62fecd05efa140495931046e31eceed6a7615fe2f0d8d025a8f97b13b1ca85c8559abf1bebcafc84d500

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
222f724bf7f69f20e4f543aba4c3fa05

SHA1
6e17abbd83e506e125790af84461cc4611846b9f

SHA256
7934a1723595122e50abbc9ba15d6921707e6dd3a3f362013479ad00cc85b1a5

SHA512
f11b881bb1060a4a4357e2ed18d0362961948eed9cf35be549d89aeaa7de3f7d7d99d28c6993b035c22171b4a812c909f4edb4bc2718a48462dcdbb2c9ce109c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b1ae8681f41640e89f6d0c34ee563b03

SHA1
14b6411d86eac2386ddb86c2d54b5c38120dc8c0

SHA256
c09cbed26657826d9ab78e959f470ae277af682ca61f8a23b400728b6fe9312f

SHA512
62b9489bceecd5f20d82502e6b440ebe90e6e65c8a2eef494b7e721896553c630339dc0b43d7ffe3900971ce93162cc23585dc11250500c7e9132c055cc11a1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
b47601c06a533839aa76278ba1467c62

SHA1
52970fc64820165206df751fc387c5c5822f2983

SHA256
be8fac958b257e4550213a99550c38b940510e673a04535acfafb4d0692abc3b

SHA512
e11567c872064566c90f6f4e680371c00595305f8d08228249d9dc1f966590f8a645ff39ccfed2772b996c07011e56227dadd0d777b2330270479199a341893f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
8dbd49b6a00d826a34308b289d3ecf5a

SHA1
7328b86fcca26c7ddb1767c318bbd470e056a056

SHA256
fe14cac92efb0c080c110a9f41e9e106b23cdfdc57c43d2596a1f215f4ac177d

SHA512
40a378bfb8cfbd2d73942277bf9f28b4d3cc9af06c17847e4e302bae3b9ef028d6bc7badd878cd5786d60d06536002dbeb1f1543b437cc696da8f95bef37ffd3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\92qyi9k9.default-release\cache2\doomed\1490

Filesize
10KB

MD5
742ca4ae424886cfe834d4c0033d0b91

SHA1
8af1c0e3a3e71937f21802d93bb1acd462d31817

SHA256
ce3bc143d97b3235a982a10e0a3e15b5fdaf465d7d399913599f851eab5479d0

SHA512
bb1ccb8def9b5314bc053fa14de94b64a7d968982f695d0eb9daf1d3ea304d318dc2a5f2a23bf66a772d43e3cc8884f058c78582be0aa12609da6aeb14902ac2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\92qyi9k9.default-release\jumpListCache\hu0eqrAc6GTuBBpTnyqd9g==.ico

Filesize
25KB

MD5
6b120367fa9e50d6f91f30601ee58bb3

SHA1
9a32726e2496f78ef54f91954836b31b9a0faa50

SHA256
92c62d192e956e966fd01a0c1f721d241b9b6f256b308a2be06187a7b925f9e0

SHA512
c8d55a2c10a2ef484dedded911b8f3c2f5ecb996be6f6f425c5bd4b4f53eb620a2baccd48bac1915a81da9a792971d95ff36c3f216075d93e5fd7a462ecd784f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
a93a4a0a0ef35d8bbd1a7aebc3f046a8

SHA1
e6204a32e78ce329f15c3beedddbeb138ed7936d

SHA256
8be6aed5af823857cdff0da66f007246e5e961460a60790e441dad38179956fd

SHA512
505db00256c20a984d74f079774deb3ac8bbf302e8d5b09c06dead1194e62184fd96857a399b0bf1fa564b1e4a1f5062acb476c8e282ecba48639fb12e4f6742

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\datareporting\glean\pending_pings\b3722b9d-3163-410e-a9f4-1852638c3dbb

Filesize
746B

MD5
8bed05167d980d90ced856c2085686aa

SHA1
fff02d1c0431612643f395e3cf8c17b86733bf30

SHA256
34e18035e1f63a658823f91bf223c9dacf34a703be9f2830d231f0613c9a2bc2

SHA512
6364befc743ed18b10b58759a8dd8b79e2b64a3850c7ebe0a97e9b10a2bdef089284d8de1ecda43dcc25ae138797e9e83562cd1e58621da495527e38d8f46595

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\datareporting\glean\pending_pings\d7953a69-fc4d-4077-8b47-95baf5c23713

Filesize
11KB

MD5
4ba98a8c48e108cce93832c628463f26

SHA1
507900d08348dc0029f1965e042fd5f064358638

SHA256
4bea12b8ce71a6c47f1c8bd905a11148376a779c8d4248a63e1b7479895efd57

SHA512
5bb4201b2be59c6c93ac7f47aec38d12509c1d62f6b55bb89a749e5bb786ad3e6ed488820b48ee355a74acc0cdfd1c77077dea4a228a3ac78e7a3feb9b4befa2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\prefs-1.js

Filesize
6KB

MD5
a8efb75a7039501b71f93387d1b6d6d6

SHA1
98c368f5f777a4a2fac1121e2658a65e449232ff

SHA256
299aa90ac5c5b284e9944f5736d94bce9e81e9bc892def1abb9b46239c062581

SHA512
f84b1bd83ba25523bdd43850eed7ce98f6be697abeaecb908886b135200de3bcafdb13b477bfb37ae83a9bf59cbf2836dc560b29e00d6e924d996656d7fb742e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\prefs-1.js

Filesize
6KB

MD5
eef71bc6e5dcf8c8f543769930515fd3

SHA1
c5b9e3d6bb34b308fbcffacd327d14fbd724f090

SHA256
fafdb29eba98b7cc5fc44a18d4cdc77de95fcb15ab1de8c839568d38682d189b

SHA512
1ee6128995862ebaaefb360a7f54e5e782d513863d18e97fbfd9c65251fe27a38679b5d24e5af2625f3970a39c919ec7bb7aad5a89420ea0928a5cf8302ede99

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\prefs.js

Filesize
6KB

MD5
287f5c0104980cf96125ff642a1eee29

SHA1
01f8d20219d4dd29cd2689f02e73171d39cc1308

SHA256
198b4e1d2c7d185e11d105f1b0622303f392540b0ee08457b544cc45250bf484

SHA512
2c3ac1ddf2b9a9653f7209da6ecf9788484c87381ec4ffd7809cc2e96a3dae80d38e3ac1e78d6cc44f765415d9ad8db2361d1cf7e9f959a2db1fe8c8153112cb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
b2700caf5aba4a64a43896cfa15f5e67

SHA1
8bfce203d3ae0a55a42ae86bdf6e585e61fad9cf

SHA256
c90461ce254bce3ea1b0156b2050dff535ed079c30598cee0b1d99cd95738e39

SHA512
17baa411bbfc0610fa404b3faea3774af20e345403a5775a82b9a529f6b558d6ac5339efa768fd88cd36a4e0c5dec74ef0ef02ff499066bf5a7c59b4523c9ef2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
73bbe815947e011a77886a0a56758c68

SHA1
fcf25cc5db55969485b76ca493ded91b5ddbf9db

SHA256
7c6989953677cb95106af67df9a325a24a6a8c0df7784b06384dbbd3afafd383

SHA512
0c58ce6c2446f027a296ab6834208f7fbbe51eabf8359d6c55b156b80d21697cf62a5547aca6e02b98e24828e6f5d56882167dd17b230be80a69ccb2dde818de

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
6KB

MD5
67806e6cf4dcfcf8ff8d0d724d1d21f9

SHA1
350be5acd0599d90c18563a635fd3fd9ebd1f9bc

SHA256
dc9b3186999d46c134f4e721511069a3e811ba85d0976221c0b7a0180e4a1506

SHA512
0732d4ee96f8a3f0731a3e0716c4e7c56578868ff5c165727dce92c116f779ac970335105f661b8a859cf0242ae2c301e2bb4b1a0d8c2ef77216bc2868b62c68

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
6KB

MD5
1f4a4fd81903154197aacf072976e156

SHA1
f4c6ecc4a021c1b00e47c0d9965fbab55adb3e90

SHA256
c673e6c935bfd13a6bd4ad106ade4c806b9cc86e047b50640b0bfc02822f7a7a

SHA512
9a2f89a88c92918631ca30fc165b73c24e851181bc1d15018a719dc55424f28b4f6d3d5a0622b489834a028ebe833a3861dd85d80831531441cab56228204ac8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
5a6f9a320b514f80099e0690f54e889a

SHA1
39207236fe1658a835d4602d80b608c9ea176396

SHA256
b7f5af7d06356eb37ab74d3215abd1fee3429dfa1be8c899a10aae92e7c50da9

SHA512
6873929b877bc033e3e57dd7f9f1f7bdae3885eb8302f3f8d61f88ec2e42c469845b6e8b116704cff9f699864aae374088aa8beda6640c11222eef90d5e8afa9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
b92fd9ac1d71f70822a8e0d3a131f1a4

SHA1
41abd0ed4f4ad17523eabad0d79241df340e8343

SHA256
31a0106ff0c5b1ed056e444e33292a157be8e79fcbcbfdeb278779c0eb698eff

SHA512
2198c277a9b241a1e51e1c52c5e57e6ee7950a8d789c518c9117a6b59112dfd17797098d3abe06f7ef666df377d111c08f99e44e14f3122af1f0b3f2c5349c18

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
6KB

MD5
428a003c18725d6e9c45d1e540ccc4ff

SHA1
e349d48167b6e09a977624d79f123a30c0737e2a

SHA256
4cfb5d6204472eabd5224f31a898f276d97ed986634e5f6670a05a13d56755cc

SHA512
37aacfdcdcfdc4b3ffa58b22740094886dbfa657fd3a549873f298bd2143062f08d7a05670faaef7ab84cb19ab4ef421e17d7c481fcede3a38dea70d46fa1bf8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
6KB

MD5
675c8595873bc9d243b16a5688905b5f

SHA1
ea28359ccfed122381659da2791d3400e416e37d

SHA256
028c0b3498df274a96f2bb999e81b216c463b3c589081188a89ef65e15e92eef

SHA512
4872d74f45f96ac2acc6e53215e3db06d3075862b711c97ffc9597dae903696992c1393f9247dae41faaae81d4315376e24fb67ddbebb45e1b703d5815537464

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
feacfeaa6370d0dd460a0609e1e1435e

SHA1
1463da69f34d0efa56e61d9dd55ac1f435237b5b

SHA256
d57b87db93a487d521c52be8e0d599fcfb17e8012f6066c303f4e48e92c3f439

SHA512
61097d4419f67e7b364a5f0f3a248d801e0bbff2283ffce8cb89a5d43309145288c20ce1a6620217c81256db7da81de7d184a0c7eb769ea237902a5abbe5782b

Download Submit
C:\Users\Admin\Downloads\3mPG7auF.zip.part

Filesize
128KB

MD5
1559522c34054e5144fe68ee98c29e61

SHA1
ff80eeb6bcf4498c9ff38c252be2726e65c10c34

SHA256
e99651aa5c5dcf9128adc8da685f1295b959f640a173098d07018b030d529509

SHA512
6dab1f391ab1bea12b799fcfb56d70cfbdbde05ad350b53fcb782418495fad1c275fe1a40f9edd238473c3d532b4d87948bddd140e5912f14aff4293be6e4b4c

Download Submit
C:\Users\Admin\Downloads\7l7H8gE-.zip.part

Filesize
916KB

MD5
f315e49d46914e3989a160bbcfc5de85

SHA1
99654bfeaad090d95deef3a2e9d5d021d2dc5f63

SHA256
5cbb6442c47708558da29588e0d8ef0b34c4716be4a47e7c715ea844fbcf60d7

SHA512
224747b15d0713afcb2641f8f3aa1687516d42e045d456b3ed096a42757a6c10c6626672366c9b632349cf6ffe41011724e6f4b684837de9b719d0f351dfd22e

Download Submit
C:\Users\Admin\Downloads\Antivirus Pro 2017.zip

Filesize
794KB

MD5
ab1187f7c6ac5a5d9c45020c8b7492fe

SHA1
0d765ed785ac662ac13fb9428840911fb0cb3c8f

SHA256
8203f1de1fa5ab346580681f6a4c405930d66e391fc8d2da665ac515fd9c430a

SHA512
bbc6594001a2802ed654fe730211c75178b0910c2d1e657399de75a95e9ce28a87b38611e30642baeae6e110825599e182d40f8e940156607a40f4baa8aeddf2

Download Submit
C:\Users\Admin\Downloads\WQsYHDJe.zip.part

Filesize
33KB

MD5
5569bfe4f06724dd750c2a4690b79ba0

SHA1
05414c7d5dacf43370ab451d28d4ac27bdcabf22

SHA256
cfa4daab47e6eb546323d4c976261aefba3947b4cce1a655dde9d9d6d725b527

SHA512
775bd600625dc5d293cfebb208d7dc9b506b08dd0da22124a7a69fb435756c2a309cbd3d813fc78543fd9bae7e9b286a5bd83a956859c05f5656daa96fcc2165

Download Submit
C:\Users\Admin\Downloads\oX16NmyW.zip.part

Filesize
25KB

MD5
1aea5ad85df3b14e216cc0200c708673

SHA1
e3ee16e93ba7c3d7286dc9ebbaf940f0bcb6cad3

SHA256
8dfa496c93680adc10e77c0946c7927d3e58d79900013c95dfca3411d766bd16

SHA512
06faa190350e4558c6d4f1f201dc0698587495897593aaeac16f3ea3d8c1c7f81d65beea6bc7e730ca1df9bdfdf3cd2bcc84bf50f64787e0b1dbd21492796f36

Download Submit
memory/664-4345-0x0000000005170000-0x0000000005180000-memory.dmp

Filesize
64KB

Download
memory/664-4396-0x0000000005170000-0x0000000005180000-memory.dmp

Filesize
64KB

Download
memory/664-881-0x0000000004ED0000-0x0000000004F6C000-memory.dmp

Filesize
624KB

Download
memory/664-880-0x0000000075250000-0x0000000075A00000-memory.dmp

Filesize
7.7MB

Download
memory/664-882-0x0000000005520000-0x0000000005AC4000-memory.dmp

Filesize
5.6MB

Download
memory/664-886-0x0000000005100000-0x0000000005156000-memory.dmp

Filesize
344KB

Download
memory/664-4344-0x0000000006140000-0x00000000061A6000-memory.dmp

Filesize
408KB

Download
memory/664-4337-0x0000000005170000-0x0000000005180000-memory.dmp

Filesize
64KB

Download
memory/664-3870-0x0000000075250000-0x0000000075A00000-memory.dmp

Filesize
7.7MB

Download
memory/664-883-0x0000000004F70000-0x0000000005002000-memory.dmp

Filesize
584KB

Download
memory/664-884-0x0000000005170000-0x0000000005180000-memory.dmp

Filesize
64KB

Download
memory/664-885-0x0000000004E40000-0x0000000004E4A000-memory.dmp

Filesize
40KB

Download
memory/664-879-0x0000000000410000-0x000000000044C000-memory.dmp

Filesize
240KB

Download
memory/1908-363-0x0000000000400000-0x0000000000A06000-memory.dmp

Filesize
6.0MB

Download
memory/1908-236-0x0000000000400000-0x0000000000A06000-memory.dmp

Filesize
6.0MB

Download
memory/1908-361-0x0000000000400000-0x0000000000A06000-memory.dmp

Filesize
6.0MB

Download
memory/1908-360-0x0000000000400000-0x0000000000A06000-memory.dmp

Filesize
6.0MB

Download
memory/1908-359-0x00000000027F0000-0x00000000027F1000-memory.dmp

Filesize
4KB

Download
memory/1908-358-0x0000000000400000-0x0000000000A06000-memory.dmp

Filesize
6.0MB

Download
memory/1908-354-0x0000000000400000-0x0000000000A06000-memory.dmp

Filesize
6.0MB

Download
memory/1908-357-0x0000000000400000-0x0000000000A06000-memory.dmp

Filesize
6.0MB

Download
memory/1908-356-0x0000000000400000-0x0000000000A06000-memory.dmp

Filesize
6.0MB

Download
memory/1908-231-0x0000000000400000-0x0000000000A06000-memory.dmp

Filesize
6.0MB

Download
memory/1908-232-0x0000000000400000-0x0000000000A06000-memory.dmp

Filesize
6.0MB

Download
memory/1908-234-0x0000000000BB0000-0x0000000000BB1000-memory.dmp

Filesize
4KB

Download
memory/1908-235-0x0000000000400000-0x0000000000A06000-memory.dmp

Filesize
6.0MB

Download
memory/1908-364-0x0000000000400000-0x0000000000A06000-memory.dmp

Filesize
6.0MB

Download
memory/1908-367-0x0000000000400000-0x0000000000A06000-memory.dmp

Filesize
6.0MB

Download
memory/1908-355-0x0000000000400000-0x0000000000A06000-memory.dmp

Filesize
6.0MB

Download
memory/1908-237-0x00000000027F0000-0x00000000027F1000-memory.dmp

Filesize
4KB

Download
memory/1908-362-0x0000000000400000-0x0000000000A06000-memory.dmp

Filesize
6.0MB

Download
memory/3124-4379-0x0000000000400000-0x00000000005DE000-memory.dmp

Filesize
1.9MB

Download
memory/3124-4378-0x0000000000400000-0x00000000005DE000-memory.dmp

Filesize
1.9MB

Download
memory/3124-4395-0x0000000000400000-0x00000000005DE000-memory.dmp

Filesize
1.9MB

Download
memory/3124-4377-0x0000000000400000-0x00000000005DE000-memory.dmp

Filesize
1.9MB

Download
memory/3124-4375-0x0000000000400000-0x00000000005DE000-memory.dmp

Filesize
1.9MB

Download
memory/3124-4376-0x0000000000400000-0x00000000005DE000-memory.dmp

Filesize
1.9MB

Download
memory/3124-4374-0x0000000002280000-0x000000000234E000-memory.dmp

Filesize
824KB

Download
memory/3124-4440-0x0000000000400000-0x00000000005DE000-memory.dmp

Filesize
1.9MB

Download
memory/3936-4441-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/3936-4442-0x0000000000450000-0x0000000000462000-memory.dmp

Filesize
72KB

Download