infinitylock | hxxps://github[.]com/Endermanch/MalwareDatabase/blob/master/ransomwares/InfinityCrypt[.]zip

Analysis

max time kernel
126s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
12-07-2024 08:48

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

https://github.com/Endermanch/MalwareDatabase/blob/master/ransomwares/InfinityCrypt.zip

Score

10^/10

infinitylock ransomware

Malware Config

Signatures

InfinityLock Ransomware
Also known as InfinityCrypt. Based on the open-source HiddenTear ransomware.
ransomware infinitylock

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
49	raw.githubusercontent.com
50	raw.githubusercontent.com

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\plugin.X.manifest.93266A5068B44E9E6E5DEA8E39F05410B62971A7126EFB1DD804CAB3B791EEFA	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\back-arrow-focus.svg.93266A5068B44E9E6E5DEA8E39F05410B62971A7126EFB1DD804CAB3B791EEFA	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-il\ui-strings.js.93266A5068B44E9E6E5DEA8E39F05410B62971A7126EFB1DD804CAB3B791EEFA	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\iw_get.svg.93266A5068B44E9E6E5DEA8E39F05410B62971A7126EFB1DD804CAB3B791EEFA	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\tr-tr\PlayStore_icon.svg.93266A5068B44E9E6E5DEA8E39F05410B62971A7126EFB1DD804CAB3B791EEFA	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png.93266A5068B44E9E6E5DEA8E39F05410B62971A7126EFB1DD804CAB3B791EEFA	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\images\themeless\close.svg.93266A5068B44E9E6E5DEA8E39F05410B62971A7126EFB1DD804CAB3B791EEFA	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\themes\dark\core_icons_retina.png.93266A5068B44E9E6E5DEA8E39F05410B62971A7126EFB1DD804CAB3B791EEFA	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\apple-touch-icon-114x114-precomposed.png.93266A5068B44E9E6E5DEA8E39F05410B62971A7126EFB1DD804CAB3B791EEFA	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png.93266A5068B44E9E6E5DEA8E39F05410B62971A7126EFB1DD804CAB3B791EEFA	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons.png.93266A5068B44E9E6E5DEA8E39F05410B62971A7126EFB1DD804CAB3B791EEFA	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\themes\dark\sample-thumb.png.93266A5068B44E9E6E5DEA8E39F05410B62971A7126EFB1DD804CAB3B791EEFA	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\new_icons.png.93266A5068B44E9E6E5DEA8E39F05410B62971A7126EFB1DD804CAB3B791EEFA	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\ru-ru\PlayStore_icon.svg.93266A5068B44E9E6E5DEA8E39F05410B62971A7126EFB1DD804CAB3B791EEFA	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\themes\dark\share_icons.png.93266A5068B44E9E6E5DEA8E39F05410B62971A7126EFB1DD804CAB3B791EEFA	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\nl-nl\ui-strings.js.93266A5068B44E9E6E5DEA8E39F05410B62971A7126EFB1DD804CAB3B791EEFA	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\win\CP1251.TXT.93266A5068B44E9E6E5DEA8E39F05410B62971A7126EFB1DD804CAB3B791EEFA	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Multimedia\MPP\Flash.mpp.93266A5068B44E9E6E5DEA8E39F05410B62971A7126EFB1DD804CAB3B791EEFA	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themeless\edit_pdf_poster.jpg.93266A5068B44E9E6E5DEA8E39F05410B62971A7126EFB1DD804CAB3B791EEFA	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\images\themes\dark\checkmark.png.93266A5068B44E9E6E5DEA8E39F05410B62971A7126EFB1DD804CAB3B791EEFA	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\reviews_sent.gif.93266A5068B44E9E6E5DEA8E39F05410B62971A7126EFB1DD804CAB3B791EEFA	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\progress-indeterminate.gif.93266A5068B44E9E6E5DEA8E39F05410B62971A7126EFB1DD804CAB3B791EEFA	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_checkbox_partialselected-default_18.svg.93266A5068B44E9E6E5DEA8E39F05410B62971A7126EFB1DD804CAB3B791EEFA	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\zh-tw\ui-strings.js.93266A5068B44E9E6E5DEA8E39F05410B62971A7126EFB1DD804CAB3B791EEFA	[email protected]
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.371\goopdateres_en-GB.dll.93266A5068B44E9E6E5DEA8E39F05410B62971A7126EFB1DD804CAB3B791EEFA	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\nb-no\ui-strings.js.93266A5068B44E9E6E5DEA8E39F05410B62971A7126EFB1DD804CAB3B791EEFA	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\en-il\ui-strings.js.93266A5068B44E9E6E5DEA8E39F05410B62971A7126EFB1DD804CAB3B791EEFA	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\uk-ua\ui-strings.js.93266A5068B44E9E6E5DEA8E39F05410B62971A7126EFB1DD804CAB3B791EEFA	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\zh-cn\ui-strings.js.93266A5068B44E9E6E5DEA8E39F05410B62971A7126EFB1DD804CAB3B791EEFA	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\cs-cz\ui-strings.js.93266A5068B44E9E6E5DEA8E39F05410B62971A7126EFB1DD804CAB3B791EEFA	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.187.41\psmachine_64.dll.93266A5068B44E9E6E5DEA8E39F05410B62971A7126EFB1DD804CAB3B791EEFA	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\version.js.93266A5068B44E9E6E5DEA8E39F05410B62971A7126EFB1DD804CAB3B791EEFA	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\en-gb\ui-strings.js.93266A5068B44E9E6E5DEA8E39F05410B62971A7126EFB1DD804CAB3B791EEFA	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\illustrations.png.93266A5068B44E9E6E5DEA8E39F05410B62971A7126EFB1DD804CAB3B791EEFA	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\plugin.js.93266A5068B44E9E6E5DEA8E39F05410B62971A7126EFB1DD804CAB3B791EEFA	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\selector.js.93266A5068B44E9E6E5DEA8E39F05410B62971A7126EFB1DD804CAB3B791EEFA	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\sv-se\PlayStore_icon.svg.93266A5068B44E9E6E5DEA8E39F05410B62971A7126EFB1DD804CAB3B791EEFA	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroSup64.dll.93266A5068B44E9E6E5DEA8E39F05410B62971A7126EFB1DD804CAB3B791EEFA	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\manifest.json.93266A5068B44E9E6E5DEA8E39F05410B62971A7126EFB1DD804CAB3B791EEFA	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe.93266A5068B44E9E6E5DEA8E39F05410B62971A7126EFB1DD804CAB3B791EEFA	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\turnOffNotificationInAcrobat.gif.93266A5068B44E9E6E5DEA8E39F05410B62971A7126EFB1DD804CAB3B791EEFA	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png.93266A5068B44E9E6E5DEA8E39F05410B62971A7126EFB1DD804CAB3B791EEFA	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\scan.png.93266A5068B44E9E6E5DEA8E39F05410B62971A7126EFB1DD804CAB3B791EEFA	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\fr-ma\ui-strings.js.93266A5068B44E9E6E5DEA8E39F05410B62971A7126EFB1DD804CAB3B791EEFA	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\UIThemes\DarkTheme.acrotheme.93266A5068B44E9E6E5DEA8E39F05410B62971A7126EFB1DD804CAB3B791EEFA	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\fr-fr\ui-strings.js.93266A5068B44E9E6E5DEA8E39F05410B62971A7126EFB1DD804CAB3B791EEFA	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Mac\SYMBOL.TXT.93266A5068B44E9E6E5DEA8E39F05410B62971A7126EFB1DD804CAB3B791EEFA	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.187.41\msedgeupdateres_en.dll.93266A5068B44E9E6E5DEA8E39F05410B62971A7126EFB1DD804CAB3B791EEFA	[email protected]
File opened for modification	C:\Program Files (x86)\Mozilla Maintenance Service\logs\maintenanceservice-install.log.93266A5068B44E9E6E5DEA8E39F05410B62971A7126EFB1DD804CAB3B791EEFA	[email protected]
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt.93266A5068B44E9E6E5DEA8E39F05410B62971A7126EFB1DD804CAB3B791EEFA	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\css\main-selector.css.93266A5068B44E9E6E5DEA8E39F05410B62971A7126EFB1DD804CAB3B791EEFA	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\de-de\ui-strings.js.93266A5068B44E9E6E5DEA8E39F05410B62971A7126EFB1DD804CAB3B791EEFA	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\ru-ru\ui-strings.js.93266A5068B44E9E6E5DEA8E39F05410B62971A7126EFB1DD804CAB3B791EEFA	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\fr-fr\ui-strings.js.93266A5068B44E9E6E5DEA8E39F05410B62971A7126EFB1DD804CAB3B791EEFA	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\nb-no\ui-strings.js.93266A5068B44E9E6E5DEA8E39F05410B62971A7126EFB1DD804CAB3B791EEFA	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_gridview-hover.svg.93266A5068B44E9E6E5DEA8E39F05410B62971A7126EFB1DD804CAB3B791EEFA	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\themes\dark\check_2x.png.93266A5068B44E9E6E5DEA8E39F05410B62971A7126EFB1DD804CAB3B791EEFA	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\images\rhp_world_icon_hover.png.93266A5068B44E9E6E5DEA8E39F05410B62971A7126EFB1DD804CAB3B791EEFA	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\themes\dark\sat_logo.png.93266A5068B44E9E6E5DEA8E39F05410B62971A7126EFB1DD804CAB3B791EEFA	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\cs-cz\ui-strings.js.93266A5068B44E9E6E5DEA8E39F05410B62971A7126EFB1DD804CAB3B791EEFA	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\ind_prog.gif.93266A5068B44E9E6E5DEA8E39F05410B62971A7126EFB1DD804CAB3B791EEFA	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_delete_18.svg.93266A5068B44E9E6E5DEA8E39F05410B62971A7126EFB1DD804CAB3B791EEFA	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\tr-tr\ui-strings.js.93266A5068B44E9E6E5DEA8E39F05410B62971A7126EFB1DD804CAB3B791EEFA	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\images\themeless\mobile_scan_logo.svg.93266A5068B44E9E6E5DEA8E39F05410B62971A7126EFB1DD804CAB3B791EEFA	[email protected]

Checks processor information in registry 2 TTPs 10 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	[email protected]
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	[email protected]
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 15 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "70"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4712	msedge.exe
4712	msedge.exe
4752	msedge.exe
4752	msedge.exe
3212	identity_helper.exe
3212	identity_helper.exe
4524	msedge.exe
4524	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	3956	[email protected]
Token: SeDebugPrivilege	2208	firefox.exe
Token: SeDebugPrivilege	2208	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
2208	firefox.exe
2208	firefox.exe
2208	firefox.exe
2208	firefox.exe
2208	firefox.exe
2208	firefox.exe
2208	firefox.exe
2208	firefox.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
2872	OpenWith.exe
2872	OpenWith.exe
2872	OpenWith.exe
2872	OpenWith.exe
2872	OpenWith.exe
2208	firefox.exe
1136	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4752 wrote to memory of 1672	4752	msedge.exe	83
PID 4752 wrote to memory of 1672	4752	msedge.exe	83
PID 4752 wrote to memory of 2740	4752	msedge.exe	85
PID 4752 wrote to memory of 2740	4752	msedge.exe	85
PID 4752 wrote to memory of 2740	4752	msedge.exe	85
PID 4752 wrote to memory of 2740	4752	msedge.exe	85
PID 4752 wrote to memory of 2740	4752	msedge.exe	85
PID 4752 wrote to memory of 2740	4752	msedge.exe	85
PID 4752 wrote to memory of 2740	4752	msedge.exe	85
PID 4752 wrote to memory of 2740	4752	msedge.exe	85
PID 4752 wrote to memory of 2740	4752	msedge.exe	85
PID 4752 wrote to memory of 2740	4752	msedge.exe	85
PID 4752 wrote to memory of 2740	4752	msedge.exe	85
PID 4752 wrote to memory of 2740	4752	msedge.exe	85
PID 4752 wrote to memory of 2740	4752	msedge.exe	85
PID 4752 wrote to memory of 2740	4752	msedge.exe	85
PID 4752 wrote to memory of 2740	4752	msedge.exe	85
PID 4752 wrote to memory of 2740	4752	msedge.exe	85
PID 4752 wrote to memory of 2740	4752	msedge.exe	85
PID 4752 wrote to memory of 2740	4752	msedge.exe	85
PID 4752 wrote to memory of 2740	4752	msedge.exe	85
PID 4752 wrote to memory of 2740	4752	msedge.exe	85
PID 4752 wrote to memory of 2740	4752	msedge.exe	85
PID 4752 wrote to memory of 2740	4752	msedge.exe	85
PID 4752 wrote to memory of 2740	4752	msedge.exe	85
PID 4752 wrote to memory of 2740	4752	msedge.exe	85
PID 4752 wrote to memory of 2740	4752	msedge.exe	85
PID 4752 wrote to memory of 2740	4752	msedge.exe	85
PID 4752 wrote to memory of 2740	4752	msedge.exe	85
PID 4752 wrote to memory of 2740	4752	msedge.exe	85
PID 4752 wrote to memory of 2740	4752	msedge.exe	85
PID 4752 wrote to memory of 2740	4752	msedge.exe	85
PID 4752 wrote to memory of 2740	4752	msedge.exe	85
PID 4752 wrote to memory of 2740	4752	msedge.exe	85
PID 4752 wrote to memory of 2740	4752	msedge.exe	85
PID 4752 wrote to memory of 2740	4752	msedge.exe	85
PID 4752 wrote to memory of 2740	4752	msedge.exe	85
PID 4752 wrote to memory of 2740	4752	msedge.exe	85
PID 4752 wrote to memory of 2740	4752	msedge.exe	85
PID 4752 wrote to memory of 2740	4752	msedge.exe	85
PID 4752 wrote to memory of 2740	4752	msedge.exe	85
PID 4752 wrote to memory of 2740	4752	msedge.exe	85
PID 4752 wrote to memory of 4712	4752	msedge.exe	86
PID 4752 wrote to memory of 4712	4752	msedge.exe	86
PID 4752 wrote to memory of 2220	4752	msedge.exe	87
PID 4752 wrote to memory of 2220	4752	msedge.exe	87
PID 4752 wrote to memory of 2220	4752	msedge.exe	87
PID 4752 wrote to memory of 2220	4752	msedge.exe	87
PID 4752 wrote to memory of 2220	4752	msedge.exe	87
PID 4752 wrote to memory of 2220	4752	msedge.exe	87
PID 4752 wrote to memory of 2220	4752	msedge.exe	87
PID 4752 wrote to memory of 2220	4752	msedge.exe	87
PID 4752 wrote to memory of 2220	4752	msedge.exe	87
PID 4752 wrote to memory of 2220	4752	msedge.exe	87
PID 4752 wrote to memory of 2220	4752	msedge.exe	87
PID 4752 wrote to memory of 2220	4752	msedge.exe	87
PID 4752 wrote to memory of 2220	4752	msedge.exe	87
PID 4752 wrote to memory of 2220	4752	msedge.exe	87
PID 4752 wrote to memory of 2220	4752	msedge.exe	87
PID 4752 wrote to memory of 2220	4752	msedge.exe	87
PID 4752 wrote to memory of 2220	4752	msedge.exe	87
PID 4752 wrote to memory of 2220	4752	msedge.exe	87
PID 4752 wrote to memory of 2220	4752	msedge.exe	87
PID 4752 wrote to memory of 2220	4752	msedge.exe	87

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/Endermanch/MalwareDatabase/blob/master/ransomwares/InfinityCrypt.zip
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbbb6d46f8,0x7ffbbb6d4708,0x7ffbbb6d4718
  2⤵
  PID:1672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,6393752809080075156,1473447043555298398,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
  2⤵
  PID:2740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,6393752809080075156,1473447043555298398,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,6393752809080075156,1473447043555298398,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:8
  2⤵
  PID:2220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6393752809080075156,1473447043555298398,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6393752809080075156,1473447043555298398,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:2356
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,6393752809080075156,1473447043555298398,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5368 /prefetch:8
  2⤵
  PID:2576
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,6393752809080075156,1473447043555298398,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5368 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2148,6393752809080075156,1473447043555298398,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5584 /prefetch:8
  2⤵
  PID:2832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6393752809080075156,1473447043555298398,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
  2⤵
  PID:2532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2148,6393752809080075156,1473447043555298398,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6393752809080075156,1473447043555298398,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
  2⤵
  PID:4836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6393752809080075156,1473447043555298398,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6264 /prefetch:1
  2⤵
  PID:4452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6393752809080075156,1473447043555298398,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
  2⤵
  PID:1680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6393752809080075156,1473447043555298398,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
  2⤵
  PID:4740

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4800

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2604

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3044

C:\Users\Admin\AppData\Local\Temp\Temp1_InfinityCrypt.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp1_InfinityCrypt.zip\[email protected]"
1⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
PID:3956

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2872

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:4976
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:2208
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1988 -parentBuildID 20240401114208 -prefsHandle 1904 -prefMapHandle 1896 -prefsLen 25757 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {05d35f6f-9dc5-4f5e-b51c-0d51d7a205d1} 2208 "\\.\pipe\gecko-crash-server-pipe.2208" gpu
    3⤵
    PID:4676
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2392 -parentBuildID 20240401114208 -prefsHandle 2368 -prefMapHandle 2356 -prefsLen 25793 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3fa9cf1b-2153-4ece-8163-dd001e70bde6} 2208 "\\.\pipe\gecko-crash-server-pipe.2208" socket
    3⤵
    PID:3700
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2928 -childID 1 -isForBrowser -prefsHandle 3068 -prefMapHandle 3004 -prefsLen 25934 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8a6c73cc-290b-410c-b365-04505f370a09} 2208 "\\.\pipe\gecko-crash-server-pipe.2208" tab
    3⤵
    PID:4524
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4184 -childID 2 -isForBrowser -prefsHandle 4176 -prefMapHandle 4172 -prefsLen 31167 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4eb789fe-2f31-4d94-98ee-234f356bd96d} 2208 "\\.\pipe\gecko-crash-server-pipe.2208" tab
    3⤵
    PID:4328
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4832 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4816 -prefMapHandle 4788 -prefsLen 31167 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {603590ca-fa59-4f7c-8a4f-afd67ec758e9} 2208 "\\.\pipe\gecko-crash-server-pipe.2208" utility
    3⤵
    - Checks processor information in registry
    PID:1052
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5176 -childID 3 -isForBrowser -prefsHandle 5168 -prefMapHandle 5148 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f45ed343-bebe-4ac4-ba55-cd8e37ad4237} 2208 "\\.\pipe\gecko-crash-server-pipe.2208" tab
    3⤵
    PID:3404
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5336 -childID 4 -isForBrowser -prefsHandle 5292 -prefMapHandle 5188 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f80af27d-c2c1-48ed-977e-cd37ee16ce0b} 2208 "\\.\pipe\gecko-crash-server-pipe.2208" tab
    3⤵
    PID:1480
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5512 -childID 5 -isForBrowser -prefsHandle 5592 -prefMapHandle 5588 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {63a04840-a8a4-4c88-b946-ded01b2090ad} 2208 "\\.\pipe\gecko-crash-server-pipe.2208" tab
    3⤵
    PID:4404

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3960055 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:1136

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\icudtl.dat.93266A5068B44E9E6E5DEA8E39F05410B62971A7126EFB1DD804CAB3B791EEFA

Filesize
16B

MD5
dc5bea236aefdc219de0f41d25b7502f

SHA1
d1b8530fda9c8ad96a2698e7ef288313f80c4373

SHA256
1280582d50de335c4d640e2be45d9776bf2299396df4b260b750b6870ceffbaf

SHA512
c6da71dde50aa6664bd12d7ea403fd12e7c24d020a70464d4b49673135a28614099a40713a17f9d1dfe8634485fe060a85e84d7029021d2217f61985c0840064

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_remove_18.svg.93266A5068B44E9E6E5DEA8E39F05410B62971A7126EFB1DD804CAB3B791EEFA

Filesize
720B

MD5
d1c589ad74a5678ca9a7048841dcbccb

SHA1
4d83cd3c2c40154a566a8e6dea32c699be3c8330

SHA256
3ddc6b12f678d473ea4afd030d157202dccb24a2a9f3c4a9ecc53af21e534d9b

SHA512
79b17ff0288bcae7798c80cba07f867f9fba7aad6b40f8329783ae8f438b8d81a6dc39dc97753b9bbd95c961b4786ab4188a8c1d20b726998101e7fdcbfa3589

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons.png.93266A5068B44E9E6E5DEA8E39F05410B62971A7126EFB1DD804CAB3B791EEFA

Filesize
688B

MD5
37ee5de5d40669bc662ae200166d1afa

SHA1
86a5ef1b55de12b9cd150b4fd871ebbdb0fed482

SHA256
f9554e522b12d91d344898121217d999423661868cd0def862c5cff78a0a0f22

SHA512
8d32f66222b57e1598702c925b86db4100bd2a30ea664316740a2a2e63d63312c60b402faeb0c739fb49f5cdfcf9f5158e1c3b021d5e20d9ccc779c8a2fad209

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons2x.png.93266A5068B44E9E6E5DEA8E39F05410B62971A7126EFB1DD804CAB3B791EEFA

Filesize
1KB

MD5
37376a5cefce86c09796f24ddb30eff5

SHA1
a64319de605e523f70e74db6932d0643c90e2f5e

SHA256
6c2deaab0df0f0f011f1eda2cf421a70835dc0f749cf1f9d048977e55248b7d9

SHA512
d957ffb37048872e66c80b81bb7881535817f84640348dfcaec56a0de8b1089e1db92e679f01b617f8ce538836895b6382ea1ff461b9e0f236627df7eb9993c4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon.png.93266A5068B44E9E6E5DEA8E39F05410B62971A7126EFB1DD804CAB3B791EEFA

Filesize
448B

MD5
d9a5dbb82876d2263b9119b8dcfde566

SHA1
1358466289df0c3fff4e932d6252d7364fdebee0

SHA256
d04ffa9ef5001e11401a4a4fee7f3572d9f8c513dff8f82d03501b727828922d

SHA512
6dc00c5c1183e82e27b65696a9b462dec8d2ea2608cff549a72897070ff3f37bb640cc187f50345518755dfb77c6dd68c0749913e9ea12d4d7c9fbb05a9aff1b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_2x.png.93266A5068B44E9E6E5DEA8E39F05410B62971A7126EFB1DD804CAB3B791EEFA

Filesize
624B

MD5
911559459423473b2b6cf1dd810e9ced

SHA1
cb6ccaf529b9cf7578d0e5c263400508c2dca94d

SHA256
ae2224b5f59f50b7a48e799823b31447774bf457639b6f6bfde809035a08b394

SHA512
86a55aae964ed60293e05ad6f91430bf4c0ba97ff415e858c581e3f77216fbed60ce5d2a5950e256db85594a0ce77da76e10000c19df9102024e61a4cf91ff0c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover.png.93266A5068B44E9E6E5DEA8E39F05410B62971A7126EFB1DD804CAB3B791EEFA

Filesize
400B

MD5
c58be64c4fd421e72a7bbbc3a4ac4c7f

SHA1
117edff85324ab4cb7b7f997aeee55949ae2310f

SHA256
a939955ce61d5f35c2096f3717c9e5166472db28921ff6725572a1f5492c9c2a

SHA512
cdbd1781428bfb25668f86d1670e48c649ace3c7e1aee85ab27d55f8cad85d54d75ad6f9baa610d265af1f8aefb9342bb390aa15ac258b130014e45ac09023c4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover_2x.png.93266A5068B44E9E6E5DEA8E39F05410B62971A7126EFB1DD804CAB3B791EEFA

Filesize
560B

MD5
04bb7cd29fb08386550e24b26b8d62e9

SHA1
bb6649249f8e1b6d8d8732d3ef9554587ab96fb0

SHA256
9d8ba379e55b987422d7894a99fbc3561d59bc2948377980c5a58fd6a8796aff

SHA512
3143a12f1cdeeba26d4ddf77c4085e7d8f94ef3ca260341bbb42424f8e32725f7d9351898cfa9f414bf3ca59e42046223afcb76ba4f3c20c02e8a68d1a5fe25c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon.png.93266A5068B44E9E6E5DEA8E39F05410B62971A7126EFB1DD804CAB3B791EEFA

Filesize
400B

MD5
81853038bb8b09bd0cd524d878f47f41

SHA1
3f4a37f28165023f94c80025c4b9536dcc6425dd

SHA256
c272ee2b22e6818b0e9c2427330f0093e7b48cbd1b60b72ef3d3f8f9e6d78727

SHA512
a4811418c29a5f2d8a0178aca6c7d6be4eb1bc16c86020f3eb86747d9d279014c94ca32036ac825036a5ede821458a3f2325655dbb03bf7d09382b542673f517

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png.93266A5068B44E9E6E5DEA8E39F05410B62971A7126EFB1DD804CAB3B791EEFA

Filesize
560B

MD5
a6dfac3bfe89c8eff7d01bc399e69d2b

SHA1
ae1dd96a895ac89032f5743e92fea1704413f483

SHA256
3fdd83b799abc679fd72af830a957157d01995540718d3788af854b6686c8c77

SHA512
18ec980395213cef0f92ab19b21749be3f6376052d38db902254704bdcee849283f7811a85b5d258354497e4615afcc1b1c066c429b93852aa3b44af33ae333a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png.93266A5068B44E9E6E5DEA8E39F05410B62971A7126EFB1DD804CAB3B791EEFA

Filesize
400B

MD5
cdc2b6271940613a1047590891e72005

SHA1
0f73a60d1fa1af5b2822ca4e724f621fef17a97d

SHA256
23ef71bc7f4406f0b1eb8412ee39b81bf9fbbf9ea2a4c324f7416eb2d2f5b1d1

SHA512
d825c71f6cd2cb94f084a59a83b0342e6773243838a8413df31fa2a791c048897f10e5af83181c0b9f42c38d2d3cb75deb86229dcacac228c2194ee12c5e8e5d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png.93266A5068B44E9E6E5DEA8E39F05410B62971A7126EFB1DD804CAB3B791EEFA

Filesize
560B

MD5
c4e6719dc9a1fa90302b7d5d66ff4c95

SHA1
e1d00cf8cce129372a5f9b70a7281aee9c897f09

SHA256
36bda3df09123df2e7d553d8a0bdc2eca0585430476ec36f4d44718918a19a09

SHA512
6376b167d4bc11c0c1158fa78a31cc7f647591e8cbeeb2737ff750c3e6cf9bbd854d38f3fa1f45df170576c5dfc5184c5953aed3642005b7c2ce604fb8c2cb8e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons.png.93266A5068B44E9E6E5DEA8E39F05410B62971A7126EFB1DD804CAB3B791EEFA

Filesize
7KB

MD5
017ef3651f6e1e250145e027530b5dfa

SHA1
b283ff8b0b7cd8c701155ccf14247a8c021a898b

SHA256
ba86358cf83fc9d211d170c6a7bf169454b3e605f6484273ab5a44613d9da9f9

SHA512
ee3561d8356a5cbc37bbdf7e9c5d449c7de34660de8e9cf0f1694d7f826f9e62eca1851998ad988f094026e443fe8b5eb14a0735f791b3a2321ee8902f7cbdf6

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_ie8.gif.93266A5068B44E9E6E5DEA8E39F05410B62971A7126EFB1DD804CAB3B791EEFA

Filesize
7KB

MD5
22c6f7f53915fb235d09994630e77cd3

SHA1
9767cec6c8f6113ba67c86fb2f81ba5cc108fabd

SHA256
ab71764915d0a163eef63b8ac0754746c3961f72458d96cc7b0d2866c3f2447b

SHA512
b2d3423136c81e78e6b7963f07c1516d1f99fee16e3d5a86772c9e2abf163d17aa9baa8f827be29b42a1e89b8db27713931881317f0a5521e182f9ecde3acee4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_retina.png.93266A5068B44E9E6E5DEA8E39F05410B62971A7126EFB1DD804CAB3B791EEFA

Filesize
15KB

MD5
080ced011eab72146bad069365657a03

SHA1
90db0e905e59c3e370a192650ae657c5ea78a1da

SHA256
cfafa740d5f1b5cc7b87a256c528836f9cccc4e54a1af8ecb8eff2d97de66cf5

SHA512
f14247c5139b5b02929da23e952475b3101a2d87f3faef081369270245424471183881dd2e208c1ebff6bcce1329cefe0751b4b66390eca547fbe409848675f3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons.png.93266A5068B44E9E6E5DEA8E39F05410B62971A7126EFB1DD804CAB3B791EEFA

Filesize
8KB

MD5
6c4dccc5b92286742bd0ed12db4f613f

SHA1
36ae6e2a4296153b6860d0dc3ee756b60264dc4e

SHA256
39467cbd7f35f490f8c7d970c58f118c2cd1695ba1ccba7eb27da3716ba1b5c9

SHA512
d182b6b865d53f7c73809c826586365d4d63ccd3b348818ea906437bf234ff3fed5cc2d7fc88d1ef1019fc78815e85f604cab5f1b7ffbeb24a6458614a6fea66

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons_retina.png.93266A5068B44E9E6E5DEA8E39F05410B62971A7126EFB1DD804CAB3B791EEFA

Filesize
17KB

MD5
b35577f4d0ea590c869fc02f80550ae9

SHA1
a2222c6cfe75f039c0459abf9e6e61600de0ddc6

SHA256
20487d26ecb6bae9ee1a0cf62b6e7dfbc1aa1e758de8170c0040ab7a06557283

SHA512
6a778b8cf1f0892feb5418976c427622248f03b24ae360a2351ccd63bbd6300420d6960201ebf3f0be3ad22e5c012bcacafc63ce47ffe515f4236c37211081df

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_pattern_RHP.png.93266A5068B44E9E6E5DEA8E39F05410B62971A7126EFB1DD804CAB3B791EEFA

Filesize
192B

MD5
01940e2b3a5be3d5cd92117530bce971

SHA1
8bb7e5dfc44753bda0d562934a6351dd2fc046d0

SHA256
8f9f31fb2d2892ce1bfa7dcabe290b7e25493359bba957daf7ee9254424415f4

SHA512
471ded0660d2bd2fa324ca0a80bc44a65b3d08755107bf721c53ab409f14b70daace43fb3cb178483779d8bba47ffcca232c545deccd21e5966a3e740ba52848

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_patterns_header.png.93266A5068B44E9E6E5DEA8E39F05410B62971A7126EFB1DD804CAB3B791EEFA

Filesize
704B

MD5
db0812025ef3a470e29662dbb9af8f2e

SHA1
cbf2c42a642392f32bd64443aa47ea557c8f1c5d

SHA256
e6f3af23957105ee255df9b663b0d999f6cda8af6eca9a7941a9c14eec48c4bd

SHA512
f560d3d376f9685b74ed4980d754cd8d9c8f92c61aabb5441ce71e5ebfd506777176a7f6176f9a93b382120633466ab21c15cfe6d3965becc7b637c54592a89c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations.png.93266A5068B44E9E6E5DEA8E39F05410B62971A7126EFB1DD804CAB3B791EEFA

Filesize
8KB

MD5
b30accfdc401bdf93f0844bbc0c87f0d

SHA1
6df31c5bb093b2b8261fdbe2d450ac69e6373580

SHA256
4540a971c15e62bccdc3351360158442d015107b36495acea676f62efab53d13

SHA512
7204782223a094dbce57fd215a8a6cf70cc0405cea436c77913c441542e80f8630ad75e62a87c7c715e0cbe62f35a705b2300b8d698d428d9f4a34801b075b4f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations_retina.png.93266A5068B44E9E6E5DEA8E39F05410B62971A7126EFB1DD804CAB3B791EEFA

Filesize
19KB

MD5
3a36766b44511c6fef93d24878bde425

SHA1
e15d40df78d46ad4a76dbf4bfc9c70c7098a7f6d

SHA256
2a5d33d1fb70e99bf9eda3c04696b9411a5f1b79f9b542dc18dd97dfa328495c

SHA512
b201a6a995f09186501f9cf64549a51a3de6f4c2d2eb4b629b64924b81b7aaa1f5a93d2f6da0fa24460732b76fdd35d2f2e259f7f29323c12168b0a2f1f523f5

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-gb\ui-strings.js.93266A5068B44E9E6E5DEA8E39F05410B62971A7126EFB1DD804CAB3B791EEFA

Filesize
832B

MD5
40f2d60e8c19dc1b51dd90a6f6e4f896

SHA1
9319cff8dad4d92e1fd43d1405398c5aad065a25

SHA256
eeb3ffc75635ca187c80cef8e791a4d9850334983e18a61b03a965e4448cac11

SHA512
4a175b79a7916406492fda699f1b2abe68d2be00dd61d9b608bc2e6f281992d440fe26a82ed78d1f5c75b159de6a6c095b133cadcc5fb68a67eec422a20a6f0d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ui-strings.js.93266A5068B44E9E6E5DEA8E39F05410B62971A7126EFB1DD804CAB3B791EEFA

Filesize
1KB

MD5
ff092122d782f695a9bb3ed51263d02f

SHA1
b282069ad02a4eda4bb1e43cde0cb1f8c32eec57

SHA256
61eb1b635d9570dcc5293dbbdafabfbfbe08f073d7a163efe750a9184b4cdc9c

SHA512
dc0b3fd16e125099db297917df2f2fb7edb8f77da9857ba96aee8f629f500bf65ad300a619cbaf06cc93b216427950ea21750efb79783c2af2898baea99ca1b0

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ui-strings.js.93266A5068B44E9E6E5DEA8E39F05410B62971A7126EFB1DD804CAB3B791EEFA

Filesize
1KB

MD5
49142fb885c8d258fa5cef8eb1e53497

SHA1
7f313ec385c62965be24b9a6a010ac5d8504102b

SHA256
5eb7f1bcc2f3693e15a977d6d235d844ff72e8dd407ed364014466b4801f6ab8

SHA512
a7a603a69153e48f3b39910d4f26ac0332a67a5475dd9053419eef017a5a06af515b98e618ba48a2195221acc528b4e868ba129a32f3e037194a39d913d0a932

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\css\main.css.93266A5068B44E9E6E5DEA8E39F05410B62971A7126EFB1DD804CAB3B791EEFA

Filesize
816B

MD5
ca994a8d7f065addd72899e0f0766f8b

SHA1
f1c432233f21cabd21551b5706df1620871b6553

SHA256
3d6273ecc79191f70f4e712be205e4813c1f3e698bcc27f739fbc9c4e55e24d1

SHA512
dde6fbc50e6188964eab66b3e5bd72aefca95d66cff5f9f9667bb0968743ae2be2069fb772d8909d01e7d0b30d340040fcd4a6d3be6783aec2f5fdce5076d6af

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\bun.png.93266A5068B44E9E6E5DEA8E39F05410B62971A7126EFB1DD804CAB3B791EEFA

Filesize
2KB

MD5
62b548d7ad4e653ec68e83ee4fb71887

SHA1
4cba47e0ac0230edbc0236e542f68e931059cd6f

SHA256
3a3e61fb596168547eb1157dc1633e7728578eeae1f79e3d6cc1e0b96be53077

SHA512
eb3f7abdc9c5bebf0625338659f47a010577eb61a57d877868d469518245d08c62e0fca4af3da7dd5ae661ed536bea730f23c7f47b2dce6e088529290b4047ae

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview.png.93266A5068B44E9E6E5DEA8E39F05410B62971A7126EFB1DD804CAB3B791EEFA

Filesize
2KB

MD5
e6d0858f80f94e22c3a99dde4f323cca

SHA1
f28e47de97bcff5b2f6b997188626704d285977a

SHA256
5c1d7efb577b984fc9314479f61a1eeadf14a7970ef5fc9845610e8d6ec0fec3

SHA512
d1e24f8498261419091fb5b65f8fc8327e6544d036ee66350b46686bb961106935fed292f198893b03b86cdd903f11d783a3a21d9be8bece7adb62f298fa485d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview2x.png.93266A5068B44E9E6E5DEA8E39F05410B62971A7126EFB1DD804CAB3B791EEFA

Filesize
4KB

MD5
74d4d52ebe9e3f0f55bbef3dcec1c5e6

SHA1
69112f510ddc5bba33c5a18105d76572267f2788

SHA256
c333aae69fbd44b311a28c25ccac56bb3daf48a18d2481725904c8f0c4dc3692

SHA512
8f984b4465f3442bfc5a752afe539fdd8a208bfd21bee73435222feffb527688b4dda0db3b5b92785a4c8064dd1f18d918c01773f03e18465f1bb519ae936b4b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small.png.93266A5068B44E9E6E5DEA8E39F05410B62971A7126EFB1DD804CAB3B791EEFA

Filesize
304B

MD5
4e8a12fddb92172c6670366d0738b77a

SHA1
f7eed1af51dd097a5b18784cac4c99af4c0154d9

SHA256
b2218ae259f534e9e0117e81f8ffa7fa99972027a602e17928c9f76b14ecfd29

SHA512
63b9e34604aecb7cead7592838ffbe705a69880ccc59194e05caa0c02b20fb505483f75cb425db81b170d90176ba12315973a42fc4261090156c99b7f95c39a7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small2x.png.93266A5068B44E9E6E5DEA8E39F05410B62971A7126EFB1DD804CAB3B791EEFA

Filesize
400B

MD5
855b0a894e4399ac4a64bfb519522571

SHA1
d666bedd31a4371d71f5c694f561d7aa5f60167c

SHA256
3f87c5538e3a561af2f65e390c3dc478e5c5351f25ea7ee1f8c9af52dc553511

SHA512
c3411b6649912fdb4cfd40800d1fe9e9fff5c81daa23ac6f9279bea0ec9c4510d8900baf3b2e7e6cdda2ee9d4ea845db93a4393b90cb8c705b84d777552a6888

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\nub.png.93266A5068B44E9E6E5DEA8E39F05410B62971A7126EFB1DD804CAB3B791EEFA

Filesize
1008B

MD5
16517735f2f2ae0b2ea3437e39a15047

SHA1
a3da6ec253273c9eef65da5649d6b5e84aa1e207

SHA256
f0815932ca39472155e94afa6b69dc8c7ebf5ee90cad2c1a7b36cbdd107100aa

SHA512
bc1a5f6dd0a3050cc20b5408994339e6ed40061a2380a4fc41330c34ea917a41253f408420aa4a668342e8904285a4e68dc50ed02d83967fc556be9ad04e796a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons.png.93266A5068B44E9E6E5DEA8E39F05410B62971A7126EFB1DD804CAB3B791EEFA

Filesize
1KB

MD5
cde0acbf5d49fc466afceac54ced9949

SHA1
be819f3b32ad1997ed24382bfdcc1bbbe7c3517b

SHA256
725374ab3aa2760d6fc810f93679898567ea5205b822757e7564721c68860eff

SHA512
6283cdfb5e2410031e5d864ba617808d9b1079ccdc0f8b1e0b0985af66f36c423f7bebcb73cfa019f388cb9379ee86279186a4eddbeb9b93573d35b65e62bd24

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons2x.png.93266A5068B44E9E6E5DEA8E39F05410B62971A7126EFB1DD804CAB3B791EEFA

Filesize
2KB

MD5
779fb1eecd20f5e58fcdfb1ae29a1a7d

SHA1
8e2e7e00aa356a2db39fc39cd99a7bb12b19f534

SHA256
b24effdc6d3e4d418cb4bb7a7f7f181daf19e0c3fa1c5bd5c95c4164692e16db

SHA512
64f6d08ce6d9b704a78662387330ecf4c6bb841771cd04e99210bba3d8e453b175a8c512bacc635b1c26493749a10cc1d1fc6efb7d085ea02f4dc8e7c12a54c3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\nl-nl\ui-strings.js.93266A5068B44E9E6E5DEA8E39F05410B62971A7126EFB1DD804CAB3B791EEFA

Filesize
848B

MD5
42ecc7cce7428b32a7500f54ab0135c7

SHA1
db4a5bb1d642af6dc164446619f6a30db8ff7450

SHA256
71a71fabca736a472dcf5128bc7dc376fb7a6247c13d044b72c239ed045d66ed

SHA512
a1aad556fa0900638c809c66eed6d4a9e6d0af5a9ad8af7136d39e36cf4277629dbf7172ba45cd0526f183496c7e06f1ebc5cdd83a182193504c3860758d86ec

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.93266A5068B44E9E6E5DEA8E39F05410B62971A7126EFB1DD804CAB3B791EEFA

Filesize
32KB

MD5
1d49b5f0e61faa0ac13f9f690c9ccef0

SHA1
66a3af9535e47099479fe03f21c6d58a41ad37db

SHA256
9905c12c89fdfea3500dc413b1547619de2091b9a7183b7158d18ecb625ee71e

SHA512
3f93b54af4bc72269d4e38bb659fcb8d8e124b07568697c94445b54c6a669b11ce3c31e1645d7758683b62dbf4ab2f71b4ddb8d45f1f000a03f079eb5f3ad12f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
04b60a51907d399f3685e03094b603cb

SHA1
228d18888782f4e66ca207c1a073560e0a4cc6e7

SHA256
87a9d9f1bd99313295b2ce703580b9d37c3a68b9b33026fdda4c2530f562e6a3

SHA512
2a8e3da94eaf0a6c4a2f29da6fec2796ba6a13cad6425bb650349a60eb3204643fc2fd1ab425f0251610cb9cce65e7dba459388b4e00c12ba3434a1798855c91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9622e603d436ca747f3a4407a6ca952e

SHA1
297d9aed5337a8a7290ea436b61458c372b1d497

SHA256
ace0e47e358fba0831b508cd23949a503ae0e6a5c857859e720d1b6479ff2261

SHA512
f774c5c44f0fcdfb45847626f6808076dccabfbcb8a37d00329ec792e2901dc59636ef15c95d84d0080272571542d43b473ce11c2209ac251bee13bd611b200a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
954e223095984f9e462039e05440197e

SHA1
d07aae40fedd82b4a2da0e92a1e2dc2aa780316b

SHA256
377337afeee60172102c8c81bed57c8d7262c53c43e66a0e50c42ffc84f56751

SHA512
3ab8d4c105378903badb3e409535eda776a6ba24650c320d0a0c1519bdc8141357551cf3a16513717bdf3f157117c16275ecfd455338463b2ba4fa1dc824fe32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
492B

MD5
9a6ce27b8d0b8451401204291e83d579

SHA1
0a94eaae0e37289b3ab5c634d886579f01f8cbab

SHA256
475dd5afca6828b19833bdabdc3d287a2a147dd8d6e8abeb42f5927e3ed903af

SHA512
bcc5cb6b95208daf67402adbab62269fa29f6406d88c5759344887c109285ab59625f94f139fe92fa4dcea2151d7e3d2455484272ed6399370e4452724497785

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
492B

MD5
392c73f0893e4c4fe44eedd724381397

SHA1
9d3e95a68a39650e373440d32b38a24d27ae916b

SHA256
b417db679e3db11abf3b8a72b66585984e7dca985e4220257b2f331781bb9c1f

SHA512
6412e2f951ea12617053eb38432f192b36b6319a020774758a99147eb7d63bf92b4834f389eb1282ee7f252d3f8ac383b8785e3a56138a986e535a07af1876df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2346df93b011714bbd96de6f3fd377ee

SHA1
d3ad8f33a646ae4e753e59b534f6e8f0c215dcc8

SHA256
daade1c0087947378c9e4a91faa714a2559eb080060d262ff7e23eee3b3d69cc

SHA512
83d2649c9fd83b8ceb8f1353af76f033e603831ec8429078c489fb65724f1c4c39f2c122f74c3dd61f43e3008261cbb5410b71362b36d72af9fe89ef49abd6e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f98e389549801c171c767ca28f4a7956

SHA1
05b8499cd6c992fd4032369036a49dc737448416

SHA256
918a2df02790ee7e8d3623765ce2e3d85d135445fdb71fcc0beef9f6aae7bb14

SHA512
187753d4e5024a96470ed7dd1935e1d53aac86a63f8aed765aaa81115f166f8d499518f47b72fb928667fb363a24f4cb6766c42e8d67c03932263470b9f42fbf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5068f5e772fa4c6547752c160bf3a385

SHA1
7c6b931a1b332a55127019df4a0b69a43b85495b

SHA256
eae239fd68a8edb6004fc7614fe9257c5c08116236c3d5d2ab46b01e0a72ad21

SHA512
3b7197b361a3dfcc8042eec72e8d599cd4b56cb452bdb5cc7b33ddf8a23f9278a9e2aa40992ec9e9a335c6731e3219676797c758ad46651a0b0a0d18a908c89f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2e2a967e03134cc31b1ff6f920c9b458

SHA1
dd5cd6dddd5c6c50d9ee7d8b5bfee53931f540f2

SHA256
5f3e32741414d43380933547fa1360ad46ae1c100c7a036e6b73dcf89a8f9400

SHA512
70d99e7dfe4d204dafda51be8eee891532c398c1b1cacf4dc4e44c283a28cc84ec80eff3db1f287b3934c3359684c38ba5d9b8b15225e9a3ad750b05973ac211

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
741f18e5c96eee8c97de8c02c9296fb3

SHA1
cbfd661508bfb3b7d76f2fe89aa8a9441f20aeb8

SHA256
3d95c25450c111a70932311bbe3da8c219db857bcaf9fd4e0cc3774a51ba63ba

SHA512
fbb238080a86de357627739f055d45eb867ab0b7e8baebef346c9e587e9519ee6add037a39c403c2966b49ffe4789d78722b41c34e4b43366443452e40024f6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
fb26528d9b7e9bec73bdb10db3595f3e

SHA1
bd52f02494b9d3430b5a5e3adc12a974e252485e

SHA256
37f6c7f82d613d086951f01e1a17e5711a9e977d9dcd3384e1330a36d583ee0f

SHA512
f59b2a1ac4ef95d8f3066b39e8b2278ba042bcea6b88daa1c760385208f8f4efa71cfee4279fd4d4299e964c9257119b487b62635f92ab148aeb3bb35d0d74c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
8f8a04d63b5aaf98599291373c4c5251

SHA1
2c38e354373a9de4fc3d9784809b30ed1e9bbf69

SHA256
d44be545765b354bb05ff22421519a373a7c40d4c20dfff84a5ead8d0caaab63

SHA512
582a4a99b1fdc03b99d7784baefac195818326d97b9a34088eebd3b5bd7eb03e97eec9b998b38660f440ae4b6967fd82b1f823a75ec64c997f4152040ded4766

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58122b.TMP

Filesize
874B

MD5
c31ce1100a787b36be180a3cfb2b3f71

SHA1
a0cb32eae9813c40eb8dd1291569afa20bc9a679

SHA256
eb877b67b12060af2e6c9a0863a056708680460bf589fc0df58aff08d2bb3448

SHA512
9b6c7a8de4a3a309d905dd2233e73bc8da791eadbfea1e131ccea6321036d09ddf9edf1615e6cec827529a3bd7d993e3604d6a414ac03b53ad7a9146b6a037be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c1021bff-907d-48d3-aecd-30415cd4aebc.tmp

Filesize
874B

MD5
4f05fad5c592e67aaac9ed00ecfa53fc

SHA1
a90d8f3001df9c2894f9f98da10bbc2431998434

SHA256
2190aad3db2e97d5cde7e1a2dbe172d19964733c28f9758fbefd326215911eda

SHA512
d318d6d828142db78e7311f3d8952de500d8314bbd96325e4ecc6265a1b16a7ad567291136ad292943eb2570ff75307c57e2bff99ac629231e5b93c452915a99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
0faeaac573f642bd5acfd5eba2c4a630

SHA1
7b2065ed872c13c27b5ae687ee508e3892f4dd10

SHA256
bb7c24ab6893f57639812ed1bd82f4ddedeb6c44588a158d287272cad3c50c97

SHA512
aeeecb561a4c8aa910da72ca09369906085787a2bee34aebbaeb331c0f287650440753099f3c3d0a5a3034b5b9468642a0ad125a57f77520720864260145d006

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8c33d6cb70e45fee55ee273cc365f35e

SHA1
5bdbda882bce315538651c9ab4bf5efe2a69e6f8

SHA256
11d29f8c69247317160dadc17e0d1d3783996e5ff780403c8feee8c8d5d7a03c

SHA512
fd580415c7ce3d5d043faaa3d5ff495434bea4bbd93a573f1ab6282e491b734203aff5e43f0f9d795560cb2a0c0acbfccc88118ae2b1dc772b112ef4779b8e08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
56dd5dace840c2a51fdc94ee07eb5e46

SHA1
4605186775ca3fe25af64df56c95eec61e6da72d

SHA256
61f8c99a3932a717b08511807169aa1eb989b1f40b924c7608138a91cf749d9d

SHA512
3b21d41f82688eb76b36e6fe0d2df1e80db553c2585404d463a0ad02c58d8b09b58bd4791d9a3f0a6d02d4a704b6915276d8d900f7e11e6a17a74d57cf8e123e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1l89xtkq.default-release\activity-stream.discovery_stream.json.tmp

Filesize
21KB

MD5
02e460e26214c8d2440b6aef4ffa224c

SHA1
d8c42e10a10422284d518f23df10defabb6f919f

SHA256
1582d323500e1b6eb7a469dece052c1131da96227d8a975bc7841cd7dee150a8

SHA512
01df7c7fbd77ac0eaf1e0c67038ad1c366d11011e388a7bc5ed5daa2820bd975c0a2434c0ac7c894cbd3274391a465320e864bc43da597f2d48ae19fcd6f16d6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1l89xtkq.default-release\cache2\entries\5CD1EBDF6B57F13C7E783CE5E6D8E9C44014FE1A

Filesize
13KB

MD5
445f1371475d839ab47ec471706ace8c

SHA1
814325694d2d44789582cec88f12625b0329704f

SHA256
b016f7b7c9cacb3cd10cfef0e21696bb80368c2e929654f976271ca1a8a10d47

SHA512
06baebb81008ad61b645920205ca08d84e1db8da203d36953cac8d0cdfd22245de521c57773aac61fab4bf42a3bddaef0e36787ce6ef12537941c9b620e5253b

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1l89xtkq.default-release\AlternateServices.bin

Filesize
8KB

MD5
e809aef27da8f2b47ca828f269253f2b

SHA1
b1de6bbcf263344ed205475f631a4795025ced06

SHA256
6eef86c8c09878b4fd617812479879e5ff5a0a6d9f259d4a8d3715b0aa5a4119

SHA512
c93297d2342755d694d3d9a32e4a5bf8e6b5919173f815cbe268441bf352bbab29b5824d3340d6eb5f7994231043edd676635cecc0e851aa93563b1eb4d51c85

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1l89xtkq.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
d709f01a3c4073ecf2fd66c943baa1b1

SHA1
f1bd61b5056705f5b549421c9d0f0a9102353ae5

SHA256
d4be3244a80bd2897994f2b8fd175815c51655855ca11e4aa98c69aeca149aad

SHA512
2189f9fa1478801da606a06984aa32ff5058bb8bc584068410f74c7250732265da88824f49f041f2c1d7aa8855081d0099759b6b29e53a90e94a222e2d695bd0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1l89xtkq.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
05a036b37f10570ed78ba009df0c7797

SHA1
9b393140afc11403265722773aaf3061da559f41

SHA256
2b1c587f905261771829b66617741258baa344759779e5f05f1d8757543c84b8

SHA512
984e53c11f6b46a6ccd7c71081ec6eb384881293ac89b3d1a5f6bb786b8d7b7a9479f02b168b406f46d87535b9860dbeb027b5b9774b656abd4c9f3fb23fe085

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1l89xtkq.default-release\datareporting\glean\db\data.safe.tmp

Filesize
21KB

MD5
810edf30f06f950b6fd957da5439e684

SHA1
ca5f9834a4936c3d58e14e31afeebbb119e7d25f

SHA256
48d0d0e7deeb6ab58c7165950f1b51afa2819e3e7172b180c3a88b3e8fa0afc9

SHA512
fc33872a68122660b9e1bcf0ead6a50451d7d33888c37dc1b620d695d97c7dee909708d119d4ef05d65f410709cbe29ab622a3aece749cbcd4a924457e3500ab

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1l89xtkq.default-release\datareporting\glean\pending_pings\1edca875-2abb-4e49-885e-78e615623547

Filesize
982B

MD5
fee21077f3c7a830b27bdd3a8da44f6e

SHA1
c2a8a1939f794dacfaad59e6854987933a4cb648

SHA256
3a8d92950baece0e61390c1f3d3a4e3e4bc1c8a911cf290beb17e7b4d2f60377

SHA512
f3984c7bc8d896b0ecc5d3b575d52d478f1d3eb2b2fd5bea571bbcf0f98b9b9cd3f67ee3599a2c24400aafee3e611fbeb42fce6080970b5268879049d8c7da9d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1l89xtkq.default-release\datareporting\glean\pending_pings\9e6d443b-c335-4ac9-b40f-3287319c4814

Filesize
27KB

MD5
d96e2ea3df1e5384d7a3e834e8ab64d5

SHA1
21319725372e558943c0b2a1be6e10f81d1a9774

SHA256
3135b5d8ed415532db0005e88a7744d309f84a5cb6b381a0fc0f64133783efe7

SHA512
6bd0af6bbf19a70f61b44f9410421b3ea0f47b914675347de5bcc258df02a5a29e3d0d6887d263feadd620b4760a7b984d44cee1d29f1dc5e3e34f9fc5d3fd6f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1l89xtkq.default-release\datareporting\glean\pending_pings\e9ff2afb-259a-4b1f-b4d3-e5f65d97c933

Filesize
671B

MD5
c61bfa565df07e8349dab4c7d498b39f

SHA1
b09f0c5688bc00af9e08e20410955e86bea5d146

SHA256
66e16b5f92be1dc599f46576505262af1e43ff7d29dcbeab1f7b5df88c14e5f0

SHA512
e006423e133706a748b4cea5524ff3bbb5794870e8b558391541cabff67afe43acf746077342c0e7df14088b8ab6496421a84a695f57141d36ecc88ab06e8e10

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1l89xtkq.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1l89xtkq.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1l89xtkq.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1l89xtkq.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1l89xtkq.default-release\prefs-1.js

Filesize
12KB

MD5
27d46ed0ab0799298ea120c2368b1ea5

SHA1
619fcc3d5e84cf4a8773486535708100f985431c

SHA256
2d988a958f07826649990e078cf30960db02124930a6b4648a4d103353e29bec

SHA512
3a5f54d2e23db3879fcba16b7a01f11bbb89815497c4a72184b11d4e7f244d8f48e5514f0d818ac5c442b4c828eb3033f1fb0e024723d2806d88066c250fb502

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1l89xtkq.default-release\prefs-1.js

Filesize
16KB

MD5
6f0dee76fab83e563ceef6a0bab03dc0

SHA1
cf92d48242e5b52d412986575bfae3c1c8eb0c20

SHA256
40cd46ea3e43083a38691e640ea473f3227c3992da813dfb22318684b7441696

SHA512
a1d6dd596c909cfb530ffdde293aa3c22d8dfc6497fafe7ad5ece9fa492e618b1b7f2384872c923fe40b6a30b80da8392cd3461fe4cb7ecab1068acf9950cc10

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1l89xtkq.default-release\prefs-1.js

Filesize
16KB

MD5
bf089e04e3763c3157b8fa908bf34bbe

SHA1
b783347c13f4c8118e55fd8fbc3f7eec76fc7311

SHA256
81def1e99b81ad80630c4d6213fbb221169a8a62c5ef44fe2e3c8576bf8bb4f8

SHA512
3b26322dcdeb249ce49f42d365d38c7b1e550c9df872c99d012387887669a6d3fc78d7dc7e4c747677bbf59081d225392fe7a1da7e3cb143c80360380d76bcd7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1l89xtkq.default-release\sessionCheckpoints.json.tmp

Filesize
228B

MD5
66bdbb6de2094027600e5df8fbbf28f4

SHA1
ce033f719ebce89ac8e5c6f0c9fed58c52eca985

SHA256
df49028535e3efe4ed524570624866cca8152de6b0069ebb25580fce27dccebc

SHA512
18782069ef647653df0b91cb13ba13174a09ce2a201e8f4adfb7b145baf6c3a9246ef74bdad0774a3023ec5b8b67aba320641e11dd4b8a195e1c2b448202a660

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1l89xtkq.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
1.9MB

MD5
69549f8366e9321a42f9b0655e5b88a3

SHA1
433a453a83d36957a3b66599efaa2b81b88c2149

SHA256
b2dc10748c494b54f712094b59de644721a5aac676a7d9b93a470594f334c915

SHA512
3f4c03765e3c33713b88623a542194a36412ffeb8f0a0b91936ce53767567790b21bdb4ed188f1d5eb0d4921e82485d9727277f02f8fcb6761a88a2f2ad2f579

Download Submit
C:\Users\Admin\Downloads\InfinityCrypt.zip

Filesize
33KB

MD5
5569bfe4f06724dd750c2a4690b79ba0

SHA1
05414c7d5dacf43370ab451d28d4ac27bdcabf22

SHA256
cfa4daab47e6eb546323d4c976261aefba3947b4cce1a655dde9d9d6d725b527

SHA512
775bd600625dc5d293cfebb208d7dc9b506b08dd0da22124a7a69fb435756c2a309cbd3d813fc78543fd9bae7e9b286a5bd83a956859c05f5656daa96fcc2165

Download Submit
memory/3956-223-0x0000000004F70000-0x000000000500C000-memory.dmp

Filesize
624KB

Download
memory/3956-227-0x0000000005230000-0x0000000005286000-memory.dmp

Filesize
344KB

Download
memory/3956-226-0x0000000004F30000-0x0000000004F3A000-memory.dmp

Filesize
40KB

Download
memory/3956-225-0x0000000005010000-0x00000000050A2000-memory.dmp

Filesize
584KB

Download
memory/3956-224-0x00000000055C0000-0x0000000005B64000-memory.dmp

Filesize
5.6MB

Download
memory/3956-3343-0x00000000062E0000-0x0000000006346000-memory.dmp

Filesize
408KB

Download
memory/3956-222-0x0000000000510000-0x000000000054C000-memory.dmp

Filesize
240KB

Download

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads