infinitylock | cfa4daab47e6eb546323d4c976261aefba3947b4cce1a655dde9d9d6d725b527

Analysis

max time kernel
91s
max time network
87s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
29-08-2024 08:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

[email protected]
Size

211KB
MD5

b805db8f6a84475ef76b795b0d1ed6ae
SHA1

7711cb4873e58b7adcf2a2b047b090e78d10c75b
SHA256

f5d002bfe80b48386a6c99c41528931b7f5df736cd34094463c3f85dde0180bf
SHA512

62a2c329b43d186c4c602c5f63efc8d2657aa956f21184334263e4f6d0204d7c31f86bda6e85e65e3b99b891c1630d805b70997731c174f6081ecc367ccf9416
SSDEEP

1536:YoCFfC303p22fkZrRQpnqjoi7l832fbu9ZXILwVENbM:rCVC303p22sZrRQpnviB832Du9WMON

Score

10^/10

infinitylock discovery ransomware

Malware Config

Signatures

InfinityLock Ransomware
Also known as InfinityCrypt. Based on the open-source HiddenTear ransomware.
ransomware infinitylock

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\ar-ae\ui-strings.js.B858D5729410049B1864F879778307A80EF77CA24C5ACFBFF9D5E2D28356B62A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win8-scrollbar\arrow-down-pressed.gif.B858D5729410049B1864F879778307A80EF77CA24C5ACFBFF9D5E2D28356B62A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\zh-tw\ui-strings.js.B858D5729410049B1864F879778307A80EF77CA24C5ACFBFF9D5E2D28356B62A	[email protected]
File opened for modification	C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\vstoee90.tlb.B858D5729410049B1864F879778307A80EF77CA24C5ACFBFF9D5E2D28356B62A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Protect_R_RHP.aapp.B858D5729410049B1864F879778307A80EF77CA24C5ACFBFF9D5E2D28356B62A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\pdf.gif.B858D5729410049B1864F879778307A80EF77CA24C5ACFBFF9D5E2D28356B62A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\fr-ma\ui-strings.js.B858D5729410049B1864F879778307A80EF77CA24C5ACFBFF9D5E2D28356B62A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\themes\dark\new_icons.png.B858D5729410049B1864F879778307A80EF77CA24C5ACFBFF9D5E2D28356B62A	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.195.15\msedgeupdateres_bg.dll.B858D5729410049B1864F879778307A80EF77CA24C5ACFBFF9D5E2D28356B62A	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.195.15\msedgeupdateres_es.dll.B858D5729410049B1864F879778307A80EF77CA24C5ACFBFF9D5E2D28356B62A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\it-it\ui-strings.js.B858D5729410049B1864F879778307A80EF77CA24C5ACFBFF9D5E2D28356B62A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\zh-tw\ui-strings.js.B858D5729410049B1864F879778307A80EF77CA24C5ACFBFF9D5E2D28356B62A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\themes\dark\dd_arrow_small.png.B858D5729410049B1864F879778307A80EF77CA24C5ACFBFF9D5E2D28356B62A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\js\nls\fi-fi\ui-strings.js.B858D5729410049B1864F879778307A80EF77CA24C5ACFBFF9D5E2D28356B62A	[email protected]
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_GB\List.txt.B858D5729410049B1864F879778307A80EF77CA24C5ACFBFF9D5E2D28356B62A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe.B858D5729410049B1864F879778307A80EF77CA24C5ACFBFF9D5E2D28356B62A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files-select\css\main-selector.css.B858D5729410049B1864F879778307A80EF77CA24C5ACFBFF9D5E2D28356B62A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\images\themeless\S_ThumbDownOutline_22_N.svg.B858D5729410049B1864F879778307A80EF77CA24C5ACFBFF9D5E2D28356B62A	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\VisualElements\LogoDev.png.DATA.B858D5729410049B1864F879778307A80EF77CA24C5ACFBFF9D5E2D28356B62A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\nb-no\ui-strings.js.B858D5729410049B1864F879778307A80EF77CA24C5ACFBFF9D5E2D28356B62A	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\mip_core.dll.B858D5729410049B1864F879778307A80EF77CA24C5ACFBFF9D5E2D28356B62A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\it-it\ui-strings.js.B858D5729410049B1864F879778307A80EF77CA24C5ACFBFF9D5E2D28356B62A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\themes\dark\CompleteCheckmark2x.png.B858D5729410049B1864F879778307A80EF77CA24C5ACFBFF9D5E2D28356B62A	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\Locales\ga.pak.DATA.B858D5729410049B1864F879778307A80EF77CA24C5ACFBFF9D5E2D28356B62A	[email protected]
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\en-US\PackageManagementDscUtilities.strings.psd1.B858D5729410049B1864F879778307A80EF77CA24C5ACFBFF9D5E2D28356B62A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\tr-tr\ui-strings.js.B858D5729410049B1864F879778307A80EF77CA24C5ACFBFF9D5E2D28356B62A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\fr-fr\ui-strings.js.B858D5729410049B1864F879778307A80EF77CA24C5ACFBFF9D5E2D28356B62A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\root\ui-strings.js.B858D5729410049B1864F879778307A80EF77CA24C5ACFBFF9D5E2D28356B62A	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\VisualElements\SmallLogoCanary.png.DATA.B858D5729410049B1864F879778307A80EF77CA24C5ACFBFF9D5E2D28356B62A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\chrome_elf.dll.B858D5729410049B1864F879778307A80EF77CA24C5ACFBFF9D5E2D28356B62A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\main-high-contrast.css.B858D5729410049B1864F879778307A80EF77CA24C5ACFBFF9D5E2D28356B62A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\Info.png.B858D5729410049B1864F879778307A80EF77CA24C5ACFBFF9D5E2D28356B62A	[email protected]
File opened for modification	C:\Program Files (x86)\Windows Defender\uk-UA\EppManifest.dll.mui.B858D5729410049B1864F879778307A80EF77CA24C5ACFBFF9D5E2D28356B62A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\sk-sk\ui-strings.js.B858D5729410049B1864F879778307A80EF77CA24C5ACFBFF9D5E2D28356B62A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\themes\dark\icons.png.B858D5729410049B1864F879778307A80EF77CA24C5ACFBFF9D5E2D28356B62A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\da-dk\ui-strings.js.B858D5729410049B1864F879778307A80EF77CA24C5ACFBFF9D5E2D28356B62A	[email protected]
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.371\goopdateres_iw.dll.B858D5729410049B1864F879778307A80EF77CA24C5ACFBFF9D5E2D28356B62A	[email protected]
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagement\de-DE\MSFT_PackageManagement.schema.mfl.B858D5729410049B1864F879778307A80EF77CA24C5ACFBFF9D5E2D28356B62A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\back-arrow-focus.svg.B858D5729410049B1864F879778307A80EF77CA24C5ACFBFF9D5E2D28356B62A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\css\main-selector.css.B858D5729410049B1864F879778307A80EF77CA24C5ACFBFF9D5E2D28356B62A	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\VisualElements\LogoCanary.png.DATA.B858D5729410049B1864F879778307A80EF77CA24C5ACFBFF9D5E2D28356B62A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\en_US\stopwords.ENU.B858D5729410049B1864F879778307A80EF77CA24C5ACFBFF9D5E2D28356B62A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\rhp_world_icon_hover.png.B858D5729410049B1864F879778307A80EF77CA24C5ACFBFF9D5E2D28356B62A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\tr-tr\ui-strings.js.B858D5729410049B1864F879778307A80EF77CA24C5ACFBFF9D5E2D28356B62A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\ko-kr\ui-strings.js.B858D5729410049B1864F879778307A80EF77CA24C5ACFBFF9D5E2D28356B62A	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\wns_push_client.dll.B858D5729410049B1864F879778307A80EF77CA24C5ACFBFF9D5E2D28356B62A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_gridview.svg.B858D5729410049B1864F879778307A80EF77CA24C5ACFBFF9D5E2D28356B62A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\en-gb\ui-strings.js.B858D5729410049B1864F879778307A80EF77CA24C5ACFBFF9D5E2D28356B62A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-il\ui-strings.js.B858D5729410049B1864F879778307A80EF77CA24C5ACFBFF9D5E2D28356B62A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\sv_get.svg.B858D5729410049B1864F879778307A80EF77CA24C5ACFBFF9D5E2D28356B62A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\es-es\ui-strings.js.B858D5729410049B1864F879778307A80EF77CA24C5ACFBFF9D5E2D28356B62A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Adobe\zdingbat.txt.B858D5729410049B1864F879778307A80EF77CA24C5ACFBFF9D5E2D28356B62A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_selectlist_checkmark_18.svg.B858D5729410049B1864F879778307A80EF77CA24C5ACFBFF9D5E2D28356B62A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app-api\dev\app-api.js.B858D5729410049B1864F879778307A80EF77CA24C5ACFBFF9D5E2D28356B62A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\nb-no\ui-strings.js.B858D5729410049B1864F879778307A80EF77CA24C5ACFBFF9D5E2D28356B62A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\css\main-selector.css.B858D5729410049B1864F879778307A80EF77CA24C5ACFBFF9D5E2D28356B62A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\ru-ru\ui-strings.js.B858D5729410049B1864F879778307A80EF77CA24C5ACFBFF9D5E2D28356B62A	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.195.15\msedgeupdateres_sr-Cyrl-RS.dll.B858D5729410049B1864F879778307A80EF77CA24C5ACFBFF9D5E2D28356B62A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\es-es\ui-strings.js.B858D5729410049B1864F879778307A80EF77CA24C5ACFBFF9D5E2D28356B62A	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\msedgewebview2.exe.sig.B858D5729410049B1864F879778307A80EF77CA24C5ACFBFF9D5E2D28356B62A	[email protected]
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagement\MSFT_PackageManagement.schema.mof.B858D5729410049B1864F879778307A80EF77CA24C5ACFBFF9D5E2D28356B62A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\MinionPro-Bold.otf.B858D5729410049B1864F879778307A80EF77CA24C5ACFBFF9D5E2D28356B62A	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Trust Protection Lists\Mu\Entities.B858D5729410049B1864F879778307A80EF77CA24C5ACFBFF9D5E2D28356B62A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_duplicate_18.svg.B858D5729410049B1864F879778307A80EF77CA24C5ACFBFF9D5E2D28356B62A	[email protected]

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	[email protected]

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	[email protected]
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	[email protected]

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings	taskmgr.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings	taskmgr.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
4884	taskmgr.exe
4884	taskmgr.exe
4884	taskmgr.exe
4884	taskmgr.exe
4884	taskmgr.exe
4884	taskmgr.exe
4884	taskmgr.exe
4884	taskmgr.exe
4884	taskmgr.exe
4884	taskmgr.exe
4884	taskmgr.exe
4884	taskmgr.exe
4884	taskmgr.exe
4884	taskmgr.exe
4884	taskmgr.exe
4884	taskmgr.exe
4884	taskmgr.exe
4884	taskmgr.exe
4884	taskmgr.exe
4884	taskmgr.exe

Suspicious use of AdjustPrivilegeToken 9 IoCs

description	pid	Process
Token: SeDebugPrivilege	1264	taskmgr.exe
Token: SeSystemProfilePrivilege	1264	taskmgr.exe
Token: SeCreateGlobalPrivilege	1264	taskmgr.exe
Token: SeDebugPrivilege	3016	[email protected]
Token: 33	1264	taskmgr.exe
Token: SeIncBasePriorityPrivilege	1264	taskmgr.exe
Token: SeDebugPrivilege	4884	taskmgr.exe
Token: SeSystemProfilePrivilege	4884	taskmgr.exe
Token: SeCreateGlobalPrivilege	4884	taskmgr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe
1264	taskmgr.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4924	OpenWith.exe

C:\Users\Admin\AppData\Local\Temp\[email protected]
"C:\Users\Admin\AppData\Local\Temp\[email protected]"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
PID:3016

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1264

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2940

C:\Windows\System32\eemqzy.exe
"C:\Windows\System32\eemqzy.exe"
1⤵
PID:3188

C:\Windows\System32\eemqzy.exe
"C:\Windows\System32\eemqzy.exe"
1⤵
PID:1424

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4884

C:\Windows\System32\eemqzy.exe
"C:\Windows\System32\eemqzy.exe"
1⤵
PID:3272

C:\Windows\System32\eemqzy.exe
"C:\Windows\System32\eemqzy.exe"
1⤵
PID:3428

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4924

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\icudtl.dat.B858D5729410049B1864F879778307A80EF77CA24C5ACFBFF9D5E2D28356B62A

Filesize
16B

MD5
e1268e8382a56ff89fad4961758e27c1

SHA1
867f3e37c9ac79a35baee015e207b1fee0c2de2f

SHA256
eca994d9c90006e2f014a9bd0dd0b6eeeb880ace5adc9bc320c1a2e07c4e6bd1

SHA512
fe881173698853464bda32460b0568d10bb8f0b1d5782a68dbf815ec59f77f28d74460c21da010eea9b44ca6dd522160e0c06c4f24c3f3dfff2f8c64b5fe3970

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_remove_18.svg.B858D5729410049B1864F879778307A80EF77CA24C5ACFBFF9D5E2D28356B62A

Filesize
720B

MD5
82f0efd7e93f04cb561c4f6308a39a35

SHA1
6e12314c9c29358a76940c2852e83d9b8f55e852

SHA256
3e58052d058e6c72d9a6bb973656b454c3a10d055e7511263666f26e94f41054

SHA512
3ebbf703d5c0902e6ea44ccb97f9cf4855122d668e1154639a2572e1df1d783fc2dc0b4c65c006361807d7fd114d6462d29e65ba732695cd8e98ae1ea81774a9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons.png.B858D5729410049B1864F879778307A80EF77CA24C5ACFBFF9D5E2D28356B62A

Filesize
688B

MD5
6e390cc9ea62eb404e97f2a6ec5ae70b

SHA1
685f79cb484e373b76f644fc515ca2d8e0cd5868

SHA256
1d9a5f6af7233d4bbafcb1a33e9f64ed5be2844846ad1fa50aea3c1440e1ba3c

SHA512
ddaeeb1a46906c8724d78d94d4875f44fc49dbe91397bf7fc78b0d5239d53c39bc10e3b77b7083a5e9e52d204e41d492fb06c95106c99963709f8a6ed1740f6c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons2x.png.B858D5729410049B1864F879778307A80EF77CA24C5ACFBFF9D5E2D28356B62A

Filesize
1KB

MD5
ddbfe24c3021122cd876c94ed256e641

SHA1
f232dfb25504d0d51ad376efd7ce4f0067fe06fe

SHA256
a6f058e3a0d5961ffeb96b419f22bbacc6236170c411a9c7f75f6ca26c553222

SHA512
0ae2ac2f86df8df7b11c30454cb548cfecf415260b461080d0dbc8d8ff10c1b7b1f06ce2c54c5418a9b02f833a03ad2ead7dd3a587dfdd98e75071de541772c1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon.png.B858D5729410049B1864F879778307A80EF77CA24C5ACFBFF9D5E2D28356B62A

Filesize
448B

MD5
b79488d020556e1c24f1c3263184999f

SHA1
967d733c0edf493838d534913541c6732c36d03c

SHA256
5eb24b0f85d552e184730c9b1e8ae9609818df025b191809e1e20d3efe8bbd8e

SHA512
731cb782a1550e98f481a8e11cebc976b2b1397cf8d06cb8e1317f67b2697669965430e0e4c3b0be333a0a7dadab2f0cddd182edd6dd5bd3bffba09144c9f18f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_2x.png.B858D5729410049B1864F879778307A80EF77CA24C5ACFBFF9D5E2D28356B62A

Filesize
624B

MD5
8322cc7948ee5c31b576aa12aba6033c

SHA1
dac54d22feab0b3218a75632015376ce3da65dad

SHA256
ed1bf852840cefa25c0022767c0f47789346172d08e74538fd3946b7bccccb6d

SHA512
b44b1e52f65d0c0f18816f800d4988250cf2cb4078c1edfb4ecd0a26177cee2fd0f74f38e60ddd8ed35703fba39c87459840b947110083e4e31703484353706b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover.png.B858D5729410049B1864F879778307A80EF77CA24C5ACFBFF9D5E2D28356B62A

Filesize
400B

MD5
858edbc0579f1993e43c5d4896eb171b

SHA1
b1736cc50e01f74973e2326df9cd20219551c5e8

SHA256
af21a068eb85e9fff03a4c53425eee209d1ff46c5223b14010f7013758e66751

SHA512
73fd5581dc5595ab8f13ee233a55f33273d46d2310f3a33b0b71e07bc11c4443807b8eca6fb64225d5712b40930c479e35dea2ba4462921816e72821d995e0c6

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover_2x.png.B858D5729410049B1864F879778307A80EF77CA24C5ACFBFF9D5E2D28356B62A

Filesize
560B

MD5
cbcd97b3c3b4f79feb05eeb1270f00e7

SHA1
55982bbb77017154365224afc2d8b217d0fa27bf

SHA256
afe74f040486ed4cc55435ee1203cb9cb9c22f8c5f4dc9edcd5f39dadbc9a369

SHA512
0acf853d0315b1670a29ddf737652e2677230df86b579aeca7beb641d0ee726c50a879b26d7e5210dc00ae57f5498f673afd46fea4e13126bb0328886d3d557e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon.png.B858D5729410049B1864F879778307A80EF77CA24C5ACFBFF9D5E2D28356B62A

Filesize
400B

MD5
af55dadbd047841f8d063d4d0d0b4eb7

SHA1
d41240c3f58dc9426b2b9545d7a01aa0462b2826

SHA256
9865079aa5ceff8caca7493ec7cf0f24fdf255b2dfdb63245f2013195c750952

SHA512
05963daf793921a5ac93f57c066bf8cd181783b6bed5aa021f3753c6be4d168dc0e3b0b5486bb7262602ad69654719f75b7e41dda0523513a949ab6c7c135308

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png.B858D5729410049B1864F879778307A80EF77CA24C5ACFBFF9D5E2D28356B62A

Filesize
560B

MD5
01673b6d795a710f0a44a65fc5e41fbb

SHA1
68bd9b455f623517cb22cfd74d91bcc73c07b50c

SHA256
658706214c47e9336ce8273fe7c6d1c407bfa17ab3853d7b860ee18f0bd69821

SHA512
73eccc48c62520785422d0796876f7abcacb7032ccec60c1d735e9020eb516edec5f6872dbefcf12f18b09f9db50d5fb1c260342f71f45526be3ec03a1c71a3a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png.B858D5729410049B1864F879778307A80EF77CA24C5ACFBFF9D5E2D28356B62A

Filesize
400B

MD5
86225065dc6bb3f9e344b1dd62377006

SHA1
3c0a2d9a83f213ac95ae77c2ace47dfcceb61941

SHA256
75b0b78a962480f539cc509b5a7567698f0f6bd8ebb03ffdb9f6ff80e2e88290

SHA512
611fdb76112d5f2fd98961fd5ba55de0dab35b92d091c75e3c60d62229e10b32f3f3629bebd01b75402cff87ab40d14346f0edf20a4912db94c953779c24a48f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png.B858D5729410049B1864F879778307A80EF77CA24C5ACFBFF9D5E2D28356B62A

Filesize
560B

MD5
e775c62f6ec1e91c89e3b87a506ad3a2

SHA1
fbfe54ca060e6e89b1bff794030e589f73d8c0f2

SHA256
b688c614df257505bad21b5eee5db4a329bdb7755058c6e5abc51ed24d478325

SHA512
ed12a0ae43aaad4018f3bfb7396d94c39963b82f5b073d49e1e4292befba17501484b475607678482c0cbabdd203e58db2f386ad9aa1b264b2a56d5ff3ea9833

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons.png.B858D5729410049B1864F879778307A80EF77CA24C5ACFBFF9D5E2D28356B62A

Filesize
7KB

MD5
a40b5d2f9ac8650bfe7b05499f1d699a

SHA1
6b66dd3e701375e67cabc4abb91a38c8b7d07c3a

SHA256
39796c5b8e31e0da195a7343a60449fbdaac4511dc28a25ac3f05cf5d9be5291

SHA512
2f634653815c4f59278dc1578fcf83fb93f342f76056e9b129a2ec224b48eca4cc942af59de1030c56f8cdbd3ea9d0014fb0cf2067aa2316d7d5535acd4944bb

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_ie8.gif.B858D5729410049B1864F879778307A80EF77CA24C5ACFBFF9D5E2D28356B62A

Filesize
7KB

MD5
a12336f41246ab10577b32f350968010

SHA1
868cf678f057160e4d96a5f2414c5b8cf24b82b1

SHA256
be07591109e46acb60f14303dca7cc0a7af1305adea00710eac554143a35432a

SHA512
01e1ce2491c824dd438c010881d1ef7ac1b6525cdeaa55f957b3a69125ba90e5b59b6e2f29ecc072899a011b67c85002cf78f1f2ff1c88c3f0b806bdd9ff8551

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_retina.png.B858D5729410049B1864F879778307A80EF77CA24C5ACFBFF9D5E2D28356B62A

Filesize
15KB

MD5
738d6d74d88c2c9fc185a636da85d44c

SHA1
56c3027ef3d7636d8f85c4f8a278e6c6029a7cf0

SHA256
b1b5995de5dc3e74f3ccf014d6df79e12f795891473f27a36bc55ca70516f479

SHA512
3f922d44c461bc8ea7c6b378472cf034b2b54923c0b8a7f9b21a42d9727cd0e1758fcee8262490c577715475599ffe98c93fe54a686a9f1c6f838a0a535d0b0c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons.png.B858D5729410049B1864F879778307A80EF77CA24C5ACFBFF9D5E2D28356B62A

Filesize
8KB

MD5
cc0120f231a8cd14d70d6b0f45e6c17c

SHA1
db88bb13a55ddd356f113cd31ada3c42c66e8cd3

SHA256
3617f3aa71b2ef4cfacd7cc3e23210ed2ccd6f1d34f3f270a5da5cb3b9e450de

SHA512
cd771680f9716701e661c6910931756906fef34252dee037b1ca23ef8372be564c95c2ff906bb97057056d0770942ded44efe9055d0c6613535bdb5547a3ac59

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons_retina.png.B858D5729410049B1864F879778307A80EF77CA24C5ACFBFF9D5E2D28356B62A

Filesize
17KB

MD5
7d08b9ba9ba32614c33b51020e5cf78b

SHA1
2df0d5e4bd3d02c98eb73a84ea4bc152303ad82e

SHA256
b72cb9de78965a28567b7f3a923307afd2f4581017c9d4eb8176eceeb7a17019

SHA512
6f0af917ccd647b4e962b5ee50c90a9236cd3472e10ad368c025ac6d665f013802764542ee16f3cfd276536d04b06375d3f272c642d9f705df49f555e015e5b8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_pattern_RHP.png.B858D5729410049B1864F879778307A80EF77CA24C5ACFBFF9D5E2D28356B62A

Filesize
192B

MD5
fb56129732634f4aee6acb555cd1398d

SHA1
ca1c102e56b7204fa8091abb8ba74d57852975ad

SHA256
da81f7c1e11c812b7a08a9600cf672f69761aedc7851675d0e19a0ead5254202

SHA512
5f93aafc1b2ede3b01d88105a29737b0e2b471361c80dc9c80d081652193cec2b13f814fac7f1011d0846391b2a229946202b47cd7937376d7f45e91f53847bf

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_patterns_header.png.B858D5729410049B1864F879778307A80EF77CA24C5ACFBFF9D5E2D28356B62A

Filesize
704B

MD5
f019d7e09bd83db2fc8016ab673fb7e6

SHA1
db2f7a0ee8dbb909983745fce92fc68808f4240a

SHA256
3995e5e579d56a2af9da0c3dcb610907092bb43d00d698ead6dd77c58ed74f25

SHA512
90c4d28ee82a54ac7164c49dc0a1be7fea43176360110bcdbd1f5034931103c2c243ffdffb35bfb7dea9e3f8ebe839d406f57c46c8a7d6b6100894b38f3c3fc5

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations.png.B858D5729410049B1864F879778307A80EF77CA24C5ACFBFF9D5E2D28356B62A

Filesize
8KB

MD5
ff1b9472dde234c5d64c19738b586fd7

SHA1
d5680bec2a30547e3827a6fa6155fac472d16547

SHA256
f306acf2e4d24a28b47721d73699e0010f3ae9a5a47610c8e77aa6c641940cd6

SHA512
b4f3992ee4af890681c4c69e4781c2f18d7912f9b0a4ffa937ef7d00c71edf64cbf6f41c44a76067a5c67af2fb48da8840a9c65e594f963cf34e5ccfbecee4cf

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations_retina.png.B858D5729410049B1864F879778307A80EF77CA24C5ACFBFF9D5E2D28356B62A

Filesize
19KB

MD5
13a7c10ddfaf91cae49ef0a381fda87f

SHA1
63090cde93b00e2bf9a8405e6289e369a28defaf

SHA256
3fa430c13338688e160304a2023d1eed5b6ef7a6ef0eb4b318bfca0704a307d8

SHA512
9f915b93fcd4d6b86d9e042990374e555d5cacd0e4c196accbdac292a3f79859be15ae23a3af82f49ea78a33dc708533a7b726334429d62d8a6c6e152d882b8f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-gb\ui-strings.js.B858D5729410049B1864F879778307A80EF77CA24C5ACFBFF9D5E2D28356B62A

Filesize
832B

MD5
3e2a5cd7adf3d4cfdbad6581531502d3

SHA1
3a02a2167ffd273c2b1bebed309d60756c0e7fc0

SHA256
5b5171d8281444ad866c60ecb1ca9f3dce9a41ba431f39e32bce958c1a9bdcb4

SHA512
b0cad46d876cfaeabdd34a9b406301ebdb7de7c31059e3b1a7ce7b5ab101ee32584b166ffe3f1e3026e53abae001a1921d9e882fecd7121299be7db6132d6c53

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ui-strings.js.B858D5729410049B1864F879778307A80EF77CA24C5ACFBFF9D5E2D28356B62A

Filesize
1KB

MD5
99aee2c75f71af3cccf988ddb14e009e

SHA1
009df2eabfc09f21fcfe0cd97208f59bc247c1af

SHA256
f3259829eaf19c28c804966e2ada5d8963b2ab68f2ccec4ce63a81a58b7f2fee

SHA512
c87cca958be8c9b8606feaa056a83678a46959533e00251b0de6587a4152cf0b88c0e766deaf25916c794d9932d281dd7369361e3e6367a129a3e2bfcff33af4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ui-strings.js.B858D5729410049B1864F879778307A80EF77CA24C5ACFBFF9D5E2D28356B62A

Filesize
1KB

MD5
f1295d199a107f27dbe3a2bb4e32a99a

SHA1
3b8fd6d186446655247cdf3af10f97e1994c4026

SHA256
6298270bd295744eec9c020364778b862b10477fabcf9af5ed4d913c2b31af5f

SHA512
d3c6348f6ae954b1c3c147907754ebafad8d235525080e63d864c4231533ab324ef2d29fc863647f469c455182d54e0f7485458e5e901c34428b7118b1200482

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\css\main.css.B858D5729410049B1864F879778307A80EF77CA24C5ACFBFF9D5E2D28356B62A

Filesize
816B

MD5
bce4d2fd8cfe1426f02e381064200d4d

SHA1
0453983d3d7400df5bd19fa26c0a53b94026803a

SHA256
b31db74e3b3f9ee2b93214859ae063806ef3f862d9807ef29daa754f502803e7

SHA512
1d87f91ddb166c0b4cce7a3e0d167e59a056260db33e1ab18ee1d365ed4302633601e33a60307f9cacb38d5b348785ebe51e98440f7b005015d233890cf33f33

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\bun.png.B858D5729410049B1864F879778307A80EF77CA24C5ACFBFF9D5E2D28356B62A

Filesize
2KB

MD5
62edb0e74fe608fd1ff8223dc6b62cff

SHA1
8618050928ea35dad7a8d8bdc75bbfd3b6c2f5e2

SHA256
4b16ca5ebc154482638a1caaa361bdf0a0719ab3760c2a1d08989474659a9494

SHA512
b3bc2acec9b9337f8ee16d3cb7e21ab5137875770a5d080e195e252647360b2dfa78307480571cd09d212151178e61a6b8a54380e3010dfaad84ed4fbcdf8664

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview.png.B858D5729410049B1864F879778307A80EF77CA24C5ACFBFF9D5E2D28356B62A

Filesize
2KB

MD5
42cf86709712b2ad9bea43fa1a4d573b

SHA1
b799f07235cd810791b7ff8853cb71f1ca698cea

SHA256
f28e929ca354ca3596c3fced399287ffd8703d0981113615d56c91a5bd7b61ef

SHA512
83cd428ee6e5b5aef2d7edec5ab2ac4eafbd98e887c43369803068aeddb6c993734369fa0e96b86fafb4915e2c23a2e90b86dc24cf0c5125c63ff6a3ea42fe49

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview2x.png.B858D5729410049B1864F879778307A80EF77CA24C5ACFBFF9D5E2D28356B62A

Filesize
4KB

MD5
8cd65f4c5232e2e534724464d76f66ee

SHA1
300207ec84aa16d682b1801d7cdf9490286770ea

SHA256
9d77d5c578d7164baa8498c003c553be95aa423329a2461faacf2a836856e214

SHA512
51aa9ca896b6e254085a27ddbc285a26097d310ae17f2bb12d9acdc769fe7b5421c7e89c0dc6fc28133ee25a39e2dd0cefa19aec45c4b7bc7760658f825d9a5e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small.png.B858D5729410049B1864F879778307A80EF77CA24C5ACFBFF9D5E2D28356B62A

Filesize
304B

MD5
3e2bd19fd20f7be647b19c9902459084

SHA1
82969f7da79a0f65db3c80f2ac18641c0294451c

SHA256
e0e1cdb000f93b0027408bbd64b585ce73fd9e8efdea41cd03db382c21d0da6c

SHA512
2c6b1b512b933ffedb1f2bd09db7c4bf7135a819d65aed59638e7ae5c46b1aa4842ddbc43cc34fbd2bf2d8b2e3608458752609572e87491b68b1d3bbe774a85a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small2x.png.B858D5729410049B1864F879778307A80EF77CA24C5ACFBFF9D5E2D28356B62A

Filesize
400B

MD5
31c87606cf36c31990c39b6a208fd145

SHA1
883d23a8661213f83fb1ecd23baac71e995b22d9

SHA256
4eeb771444f02bef1a478602057f9b7650ccbb3f3258016df2ec6a420e296a2e

SHA512
cac2314307c4dd4d62a98a546b7c613f67af38c784393294b8f2fa2988dc49756177d9149d076ad91657ac555bad64685397fe0fc072c25cbd0e72da48eebc00

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\nub.png.B858D5729410049B1864F879778307A80EF77CA24C5ACFBFF9D5E2D28356B62A

Filesize
1008B

MD5
b2fba5c145e2a698e20dc656421d2839

SHA1
63fb59bfeeb578a3b22ea2dbf6639f379dcb33c0

SHA256
be42d530501f0fbab8fea2f34299e29c35ae7c40549ed213b979b9a94d01647a

SHA512
0bc18067973d835a954b74de22bdaf4bd64e2f9e839b226614013266d419ce983755f9311fe3068addfd1ec726e0394a8e92b4b4632ca22f0ec1687739bedc49

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons.png.B858D5729410049B1864F879778307A80EF77CA24C5ACFBFF9D5E2D28356B62A

Filesize
1KB

MD5
dfc3dd2e7fe6c41ca400497c62d432f9

SHA1
1bbe389ef5536767a114a8ed59fa17525137eb57

SHA256
3fc6782605b088f171cc9fcc3b2f52ff76ac096efa681e3c61d68f0334403037

SHA512
91c540e7bd8bcc51d14b255a88e0c1cab2d43a7cba7dd93c8efda66c21bebcb4c81efd97b14e2cd569dcdc56641fc139d770e070d479feb6a27ed070fcdeff31

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons2x.png.B858D5729410049B1864F879778307A80EF77CA24C5ACFBFF9D5E2D28356B62A

Filesize
2KB

MD5
e6e1401a9376ba314c39cec2c7dd0718

SHA1
f88c384d7717f4550355f0cda29599d586e57c2a

SHA256
fe6c735fd21417a55280f987584962dd8af81e32aadeaeb9425c9773325f64fc

SHA512
73b25844377d81064896589b76e1f4fdab8d24105f682019ee7b3bf91ca43383e14d8a25988bb2ba6a2068910d4eceedd1aedd014e235de09d4b043105b5b9bb

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\nl-nl\ui-strings.js.B858D5729410049B1864F879778307A80EF77CA24C5ACFBFF9D5E2D28356B62A

Filesize
848B

MD5
b2adb6bdfca24d9e695b6c7708402000

SHA1
c6ad9510fdf916cc3937eed194e7e6bb5f09f09b

SHA256
2c2c087910466fcc24160eab26c13a2c4f27521f08163c1606bdaecffa5016b0

SHA512
4d5671da7cb5fdf88e130a628c04b90eefde1163f92feaea927166487960c814b5a14e3a70ec444c3be6ff1d9e8a298e8d897f45d1654520e3cc5887eee5f2e7

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.B858D5729410049B1864F879778307A80EF77CA24C5ACFBFF9D5E2D28356B62A

Filesize
32KB

MD5
9379201e2616ba238afa2139d4603519

SHA1
9683b47002d74bce0629c18695d4ac8ccf65d911

SHA256
6b7a141bab96919d9ebc82e0d1c87d0af2c628b92cd8c51606357ad7cb640d51

SHA512
a53c5c91097866e916e6ee607a6a18e4b1d7404f03791a0562c50bb399754cf21178f3c1734ed7a5ccae701ddfb0f6bc506c6c58950426c3d01f584a7697a223

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
d2fb266b97caff2086bf0fa74eddb6b2

SHA1
2f0061ce9c51b5b4fbab76b37fc6a540be7f805d

SHA256
b09f68b61d9ff5a7c7c8b10eee9447d4813ee0e866346e629e788cd4adecb66a

SHA512
c3ba95a538c1d266beb83334af755c34ce642a4178ab0f2e5f7822fd6821d3b68862a8b58f167a9294e6d913b08c1054a69b5d7aec2efdb3cf9796ed84de21a8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
944B

MD5
6bd369f7c74a28194c991ed1404da30f

SHA1
0f8e3f8ab822c9374409fe399b6bfe5d68cbd643

SHA256
878947d0ec814fe7c343cdebc05eebf00eb14f3023bdb3809a559e17f399fe5d

SHA512
8fc5f073dc9fa1e1ae47c60a5f06e0a48709fd6a4302dffaa721858409e7bde64bc6856d3fb28891090516d1a7afc542579de287778b5755eafe75cc67d45d93

Download Submit
memory/1264-223-0x000001EC67F80000-0x000001EC67F81000-memory.dmp

Filesize
4KB

Download
memory/1264-233-0x000001EC67F80000-0x000001EC67F81000-memory.dmp

Filesize
4KB

Download
memory/1264-229-0x000001EC67F80000-0x000001EC67F81000-memory.dmp

Filesize
4KB

Download
memory/1264-224-0x000001EC67F80000-0x000001EC67F81000-memory.dmp

Filesize
4KB

Download
memory/1264-225-0x000001EC67F80000-0x000001EC67F81000-memory.dmp

Filesize
4KB

Download
memory/1264-234-0x000001EC67F80000-0x000001EC67F81000-memory.dmp

Filesize
4KB

Download
memory/1264-230-0x000001EC67F80000-0x000001EC67F81000-memory.dmp

Filesize
4KB

Download
memory/1264-231-0x000001EC67F80000-0x000001EC67F81000-memory.dmp

Filesize
4KB

Download
memory/1264-235-0x000001EC67F80000-0x000001EC67F81000-memory.dmp

Filesize
4KB

Download
memory/1264-232-0x000001EC67F80000-0x000001EC67F81000-memory.dmp

Filesize
4KB

Download
memory/3016-5-0x0000000004CA0000-0x0000000004CAA000-memory.dmp

Filesize
40KB

Download
memory/3016-7-0x0000000005030000-0x0000000005086000-memory.dmp

Filesize
344KB

Download
memory/3016-1-0x0000000000270000-0x00000000002AC000-memory.dmp

Filesize
240KB

Download
memory/3016-0-0x000000007535E000-0x000000007535F000-memory.dmp

Filesize
4KB

Download
memory/3016-3-0x0000000005340000-0x00000000058E4000-memory.dmp

Filesize
5.6MB

Download
memory/3016-4-0x0000000004D90000-0x0000000004E22000-memory.dmp

Filesize
584KB

Download
memory/3016-6-0x0000000075350000-0x0000000075B00000-memory.dmp

Filesize
7.7MB

Download
memory/3016-3444-0x00000000062E0000-0x0000000006346000-memory.dmp

Filesize
408KB

Download
memory/3016-1339-0x0000000075350000-0x0000000075B00000-memory.dmp

Filesize
7.7MB

Download
memory/3016-2-0x0000000004CF0000-0x0000000004D8C000-memory.dmp

Filesize
624KB

Download
memory/3016-831-0x000000007535E000-0x000000007535F000-memory.dmp

Filesize
4KB

Download
memory/4884-3446-0x000001BA0A670000-0x000001BA0A671000-memory.dmp

Filesize
4KB

Download
memory/4884-3447-0x000001BA0A670000-0x000001BA0A671000-memory.dmp

Filesize
4KB

Download
memory/4884-3445-0x000001BA0A670000-0x000001BA0A671000-memory.dmp

Filesize
4KB

Download
memory/4884-3457-0x000001BA0A670000-0x000001BA0A671000-memory.dmp

Filesize
4KB

Download
memory/4884-3456-0x000001BA0A670000-0x000001BA0A671000-memory.dmp

Filesize
4KB

Download
memory/4884-3455-0x000001BA0A670000-0x000001BA0A671000-memory.dmp

Filesize
4KB

Download
memory/4884-3453-0x000001BA0A670000-0x000001BA0A671000-memory.dmp

Filesize
4KB

Download
memory/4884-3454-0x000001BA0A670000-0x000001BA0A671000-memory.dmp

Filesize
4KB

Download
memory/4884-3452-0x000001BA0A670000-0x000001BA0A671000-memory.dmp

Filesize
4KB

Download