infinitylock | hxxps://github[.]com/Endermanch/MalwareDatabase

Analysis

max time kernel
422s
max time network
429s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
03-10-2024 18:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Endermanch/MalwareDatabase

Score

10^/10

infinitylock discovery ransomware

Malware Config

Signatures

InfinityLock Ransomware
Also known as InfinityCrypt. Based on the open-source HiddenTear ransomware.
ransomware infinitylock

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
185	raw.githubusercontent.com
186	raw.githubusercontent.com
187	raw.githubusercontent.com
188	raw.githubusercontent.com

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\tr.gif.5EDEF14D870A95132E624C76F89B52964C5FC05E194CF92C058499221F26FAA0	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\fr-fr\ui-strings.js.5EDEF14D870A95132E624C76F89B52964C5FC05E194CF92C058499221F26FAA0	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\pl-pl\ui-strings.js.5EDEF14D870A95132E624C76F89B52964C5FC05E194CF92C058499221F26FAA0	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\cs-cz\PlayStore_icon.svg.5EDEF14D870A95132E624C76F89B52964C5FC05E194CF92C058499221F26FAA0	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ja-jp\ui-strings.js.5EDEF14D870A95132E624C76F89B52964C5FC05E194CF92C058499221F26FAA0	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\da-dk\ui-strings.js.5EDEF14D870A95132E624C76F89B52964C5FC05E194CF92C058499221F26FAA0	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Locales\ca-Es-VALENCIA.pak.5EDEF14D870A95132E624C76F89B52964C5FC05E194CF92C058499221F26FAA0	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\distribute_form.gif.5EDEF14D870A95132E624C76F89B52964C5FC05E194CF92C058499221F26FAA0	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\Locales\fi.pak.DATA.5EDEF14D870A95132E624C76F89B52964C5FC05E194CF92C058499221F26FAA0	[email protected]
File opened for modification	C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\AppInfoDocument\AddIns.store.5EDEF14D870A95132E624C76F89B52964C5FC05E194CF92C058499221F26FAA0	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\rhp\convertpdf-rna-selector.js.5EDEF14D870A95132E624C76F89B52964C5FC05E194CF92C058499221F26FAA0	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\@1x\themes\dark\A12_Crossmark_White@1x.png.5EDEF14D870A95132E624C76F89B52964C5FC05E194CF92C058499221F26FAA0	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Locales\ml.pak.5EDEF14D870A95132E624C76F89B52964C5FC05E194CF92C058499221F26FAA0	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\Locales\lt.pak.DATA.5EDEF14D870A95132E624C76F89B52964C5FC05E194CF92C058499221F26FAA0	[email protected]
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\SupplementalDictionaries\en_GB\excluded.txt.5EDEF14D870A95132E624C76F89B52964C5FC05E194CF92C058499221F26FAA0	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_duplicate_18.svg.5EDEF14D870A95132E624C76F89B52964C5FC05E194CF92C058499221F26FAA0	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons.png.5EDEF14D870A95132E624C76F89B52964C5FC05E194CF92C058499221F26FAA0	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\nl-nl\ui-strings.js.5EDEF14D870A95132E624C76F89B52964C5FC05E194CF92C058499221F26FAA0	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\pt-br\ui-strings.js.5EDEF14D870A95132E624C76F89B52964C5FC05E194CF92C058499221F26FAA0	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\zh-tw\ui-strings.js.5EDEF14D870A95132E624C76F89B52964C5FC05E194CF92C058499221F26FAA0	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\sv-se\ui-strings.js.5EDEF14D870A95132E624C76F89B52964C5FC05E194CF92C058499221F26FAA0	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Locales\qu.pak.5EDEF14D870A95132E624C76F89B52964C5FC05E194CF92C058499221F26FAA0	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_filter-focus_32.svg.5EDEF14D870A95132E624C76F89B52964C5FC05E194CF92C058499221F26FAA0	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_opencarat_18.svg.5EDEF14D870A95132E624C76F89B52964C5FC05E194CF92C058499221F26FAA0	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\eu-es\ui-strings.js.5EDEF14D870A95132E624C76F89B52964C5FC05E194CF92C058499221F26FAA0	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files-select\js\plugin.js.5EDEF14D870A95132E624C76F89B52964C5FC05E194CF92C058499221F26FAA0	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\en-il\ui-strings.js.5EDEF14D870A95132E624C76F89B52964C5FC05E194CF92C058499221F26FAA0	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\MicrosoftEdgeComRegisterShellARM64.exe.5EDEF14D870A95132E624C76F89B52964C5FC05E194CF92C058499221F26FAA0	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\download.svg.5EDEF14D870A95132E624C76F89B52964C5FC05E194CF92C058499221F26FAA0	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\sl-si\ui-strings.js.5EDEF14D870A95132E624C76F89B52964C5FC05E194CF92C058499221F26FAA0	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\eu-es\ui-strings.js.5EDEF14D870A95132E624C76F89B52964C5FC05E194CF92C058499221F26FAA0	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\nl-nl\ui-strings.js.5EDEF14D870A95132E624C76F89B52964C5FC05E194CF92C058499221F26FAA0	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\icucnv40.dll.5EDEF14D870A95132E624C76F89B52964C5FC05E194CF92C058499221F26FAA0	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\EPDF_RHP.aapp.5EDEF14D870A95132E624C76F89B52964C5FC05E194CF92C058499221F26FAA0	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\nl-nl\ui-strings.js.5EDEF14D870A95132E624C76F89B52964C5FC05E194CF92C058499221F26FAA0	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\ro-ro\ui-strings.js.5EDEF14D870A95132E624C76F89B52964C5FC05E194CF92C058499221F26FAA0	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\ko-kr\ui-strings.js.5EDEF14D870A95132E624C76F89B52964C5FC05E194CF92C058499221F26FAA0	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\zh-cn\ui-strings.js.5EDEF14D870A95132E624C76F89B52964C5FC05E194CF92C058499221F26FAA0	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\Locales\es-419.pak.DATA.5EDEF14D870A95132E624C76F89B52964C5FC05E194CF92C058499221F26FAA0	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\CollectSignatures.aapp.5EDEF14D870A95132E624C76F89B52964C5FC05E194CF92C058499221F26FAA0	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\themes\dark\text_2x.png.5EDEF14D870A95132E624C76F89B52964C5FC05E194CF92C058499221F26FAA0	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themeless\organize_poster.jpg.5EDEF14D870A95132E624C76F89B52964C5FC05E194CF92C058499221F26FAA0	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\plugin.js.5EDEF14D870A95132E624C76F89B52964C5FC05E194CF92C058499221F26FAA0	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_proxy\dev.identity_helper.exe.manifest.5EDEF14D870A95132E624C76F89B52964C5FC05E194CF92C058499221F26FAA0	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_removeme-default_18.svg.5EDEF14D870A95132E624C76F89B52964C5FC05E194CF92C058499221F26FAA0	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\sv-se\ui-strings.js.5EDEF14D870A95132E624C76F89B52964C5FC05E194CF92C058499221F26FAA0	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\nl-nl\ui-strings.js.5EDEF14D870A95132E624C76F89B52964C5FC05E194CF92C058499221F26FAA0	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\zh-tw\ui-strings.js.5EDEF14D870A95132E624C76F89B52964C5FC05E194CF92C058499221F26FAA0	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\en-gb\ui-strings.js.5EDEF14D870A95132E624C76F89B52964C5FC05E194CF92C058499221F26FAA0	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\images\help.svg.5EDEF14D870A95132E624C76F89B52964C5FC05E194CF92C058499221F26FAA0	[email protected]
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.371\goopdateres_ar.dll.5EDEF14D870A95132E624C76F89B52964C5FC05E194CF92C058499221F26FAA0	[email protected]
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.371\psmachine_64.dll.5EDEF14D870A95132E624C76F89B52964C5FC05E194CF92C058499221F26FAA0	[email protected]
File opened for modification	C:\Program Files (x86)\Common Files\Microsoft Shared\VC\msdia90.dll.5EDEF14D870A95132E624C76F89B52964C5FC05E194CF92C058499221F26FAA0	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\msedgeupdateres_sq.dll.5EDEF14D870A95132E624C76F89B52964C5FC05E194CF92C058499221F26FAA0	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\chrome_elf.dll.5EDEF14D870A95132E624C76F89B52964C5FC05E194CF92C058499221F26FAA0	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations.png.5EDEF14D870A95132E624C76F89B52964C5FC05E194CF92C058499221F26FAA0	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\da-dk\ui-strings.js.5EDEF14D870A95132E624C76F89B52964C5FC05E194CF92C058499221F26FAA0	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\zh-cn\ui-strings.js.5EDEF14D870A95132E624C76F89B52964C5FC05E194CF92C058499221F26FAA0	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\ko-kr\ui-strings.js.5EDEF14D870A95132E624C76F89B52964C5FC05E194CF92C058499221F26FAA0	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\home-view\plugin.js.5EDEF14D870A95132E624C76F89B52964C5FC05E194CF92C058499221F26FAA0	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Mac\ROMAN.TXT.5EDEF14D870A95132E624C76F89B52964C5FC05E194CF92C058499221F26FAA0	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\UnifiedShare.aapp.5EDEF14D870A95132E624C76F89B52964C5FC05E194CF92C058499221F26FAA0	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\VisualElements\SmallLogoDev.png.DATA.5EDEF14D870A95132E624C76F89B52964C5FC05E194CF92C058499221F26FAA0	[email protected]
File opened for modification	C:\Program Files (x86)\Windows Defender\ja-JP\EppManifest.dll.mui.5EDEF14D870A95132E624C76F89B52964C5FC05E194CF92C058499221F26FAA0	[email protected]

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	[email protected]

Checks processor information in registry 2 TTPs 14 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	[email protected]
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	[email protected]
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings	firefox.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\InfinityCrypt.zip:Zone.Identifier	firefox.exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: SeDebugPrivilege	2136	firefox.exe
Token: SeDebugPrivilege	2136	firefox.exe
Token: SeDebugPrivilege	2136	firefox.exe
Token: SeDebugPrivilege	2136	firefox.exe
Token: SeDebugPrivilege	2136	firefox.exe
Token: SeDebugPrivilege	2136	firefox.exe
Token: SeDebugPrivilege	4932	[email protected]

Suspicious use of FindShellTrayWindow 21 IoCs

pid	Process
2136	firefox.exe
2136	firefox.exe
2136	firefox.exe
2136	firefox.exe
2136	firefox.exe
2136	firefox.exe
2136	firefox.exe
2136	firefox.exe
2136	firefox.exe
2136	firefox.exe
2136	firefox.exe
2136	firefox.exe
2136	firefox.exe
2136	firefox.exe
2136	firefox.exe
2136	firefox.exe
2136	firefox.exe
2136	firefox.exe
2136	firefox.exe
2136	firefox.exe
2136	firefox.exe

Suspicious use of SendNotifyMessage 20 IoCs

pid	Process
2136	firefox.exe
2136	firefox.exe
2136	firefox.exe
2136	firefox.exe
2136	firefox.exe
2136	firefox.exe
2136	firefox.exe
2136	firefox.exe
2136	firefox.exe
2136	firefox.exe
2136	firefox.exe
2136	firefox.exe
2136	firefox.exe
2136	firefox.exe
2136	firefox.exe
2136	firefox.exe
2136	firefox.exe
2136	firefox.exe
2136	firefox.exe
2136	firefox.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2136	firefox.exe
2136	firefox.exe
2136	firefox.exe
2136	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1352 wrote to memory of 2136	1352	firefox.exe	82
PID 1352 wrote to memory of 2136	1352	firefox.exe	82
PID 1352 wrote to memory of 2136	1352	firefox.exe	82
PID 1352 wrote to memory of 2136	1352	firefox.exe	82
PID 1352 wrote to memory of 2136	1352	firefox.exe	82
PID 1352 wrote to memory of 2136	1352	firefox.exe	82
PID 1352 wrote to memory of 2136	1352	firefox.exe	82
PID 1352 wrote to memory of 2136	1352	firefox.exe	82
PID 1352 wrote to memory of 2136	1352	firefox.exe	82
PID 1352 wrote to memory of 2136	1352	firefox.exe	82
PID 1352 wrote to memory of 2136	1352	firefox.exe	82
PID 2136 wrote to memory of 1160	2136	firefox.exe	83
PID 2136 wrote to memory of 1160	2136	firefox.exe	83
PID 2136 wrote to memory of 1160	2136	firefox.exe	83
PID 2136 wrote to memory of 1160	2136	firefox.exe	83
PID 2136 wrote to memory of 1160	2136	firefox.exe	83
PID 2136 wrote to memory of 1160	2136	firefox.exe	83
PID 2136 wrote to memory of 1160	2136	firefox.exe	83
PID 2136 wrote to memory of 1160	2136	firefox.exe	83
PID 2136 wrote to memory of 1160	2136	firefox.exe	83
PID 2136 wrote to memory of 1160	2136	firefox.exe	83
PID 2136 wrote to memory of 1160	2136	firefox.exe	83
PID 2136 wrote to memory of 1160	2136	firefox.exe	83
PID 2136 wrote to memory of 1160	2136	firefox.exe	83
PID 2136 wrote to memory of 1160	2136	firefox.exe	83
PID 2136 wrote to memory of 1160	2136	firefox.exe	83
PID 2136 wrote to memory of 1160	2136	firefox.exe	83
PID 2136 wrote to memory of 1160	2136	firefox.exe	83
PID 2136 wrote to memory of 1160	2136	firefox.exe	83
PID 2136 wrote to memory of 1160	2136	firefox.exe	83
PID 2136 wrote to memory of 1160	2136	firefox.exe	83
PID 2136 wrote to memory of 1160	2136	firefox.exe	83
PID 2136 wrote to memory of 1160	2136	firefox.exe	83
PID 2136 wrote to memory of 1160	2136	firefox.exe	83
PID 2136 wrote to memory of 1160	2136	firefox.exe	83
PID 2136 wrote to memory of 1160	2136	firefox.exe	83
PID 2136 wrote to memory of 1160	2136	firefox.exe	83
PID 2136 wrote to memory of 1160	2136	firefox.exe	83
PID 2136 wrote to memory of 1160	2136	firefox.exe	83
PID 2136 wrote to memory of 1160	2136	firefox.exe	83
PID 2136 wrote to memory of 1160	2136	firefox.exe	83
PID 2136 wrote to memory of 1160	2136	firefox.exe	83
PID 2136 wrote to memory of 1160	2136	firefox.exe	83
PID 2136 wrote to memory of 1160	2136	firefox.exe	83
PID 2136 wrote to memory of 1160	2136	firefox.exe	83
PID 2136 wrote to memory of 1160	2136	firefox.exe	83
PID 2136 wrote to memory of 1160	2136	firefox.exe	83
PID 2136 wrote to memory of 1160	2136	firefox.exe	83
PID 2136 wrote to memory of 1160	2136	firefox.exe	83
PID 2136 wrote to memory of 1160	2136	firefox.exe	83
PID 2136 wrote to memory of 1160	2136	firefox.exe	83
PID 2136 wrote to memory of 1160	2136	firefox.exe	83
PID 2136 wrote to memory of 1160	2136	firefox.exe	83
PID 2136 wrote to memory of 1160	2136	firefox.exe	83
PID 2136 wrote to memory of 1160	2136	firefox.exe	83
PID 2136 wrote to memory of 1160	2136	firefox.exe	83
PID 2136 wrote to memory of 4856	2136	firefox.exe	84
PID 2136 wrote to memory of 4856	2136	firefox.exe	84
PID 2136 wrote to memory of 4856	2136	firefox.exe	84
PID 2136 wrote to memory of 4856	2136	firefox.exe	84
PID 2136 wrote to memory of 4856	2136	firefox.exe	84
PID 2136 wrote to memory of 4856	2136	firefox.exe	84
PID 2136 wrote to memory of 4856	2136	firefox.exe	84
PID 2136 wrote to memory of 4856	2136	firefox.exe	84

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://github.com/Endermanch/MalwareDatabase"
1⤵
- Suspicious use of WriteProcessMemory
PID:1352
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://github.com/Endermanch/MalwareDatabase
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2136
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1972 -parentBuildID 20240401114208 -prefsHandle 1888 -prefMapHandle 1880 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {277f65bb-87dd-4569-9866-374b687e26c9} 2136 "\\.\pipe\gecko-crash-server-pipe.2136" gpu
    3⤵
    PID:1160
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2468 -parentBuildID 20240401114208 -prefsHandle 2460 -prefMapHandle 2456 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {db77a999-08de-43cb-8de9-e2a4289f5195} 2136 "\\.\pipe\gecko-crash-server-pipe.2136" socket
    3⤵
    - Checks processor information in registry
    PID:4856
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3132 -childID 1 -isForBrowser -prefsHandle 3028 -prefMapHandle 3196 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 944 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {87dc7dc4-e63b-49c4-b8f7-8cc4883dec96} 2136 "\\.\pipe\gecko-crash-server-pipe.2136" tab
    3⤵
    PID:2704
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3756 -childID 2 -isForBrowser -prefsHandle 3712 -prefMapHandle 3716 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 944 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f07a4e92-a7f9-436d-84ca-e51138adcb49} 2136 "\\.\pipe\gecko-crash-server-pipe.2136" tab
    3⤵
    PID:3964
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4748 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4636 -prefMapHandle 4708 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a98d2e67-9c8d-41ed-a36a-4786dfde7854} 2136 "\\.\pipe\gecko-crash-server-pipe.2136" utility
    3⤵
    - Checks processor information in registry
    PID:3956
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5404 -childID 3 -isForBrowser -prefsHandle 5488 -prefMapHandle 5484 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 944 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {78faf621-2ecf-41b7-badd-0260c3225890} 2136 "\\.\pipe\gecko-crash-server-pipe.2136" tab
    3⤵
    PID:1100
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5424 -childID 4 -isForBrowser -prefsHandle 5368 -prefMapHandle 5320 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 944 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aa909ff7-dd36-47f8-8615-135198fcac56} 2136 "\\.\pipe\gecko-crash-server-pipe.2136" tab
    3⤵
    PID:1144
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5764 -childID 5 -isForBrowser -prefsHandle 5780 -prefMapHandle 5784 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 944 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7b80671e-7365-4318-af74-3979b96d3dac} 2136 "\\.\pipe\gecko-crash-server-pipe.2136" tab
    3⤵
    PID:2208

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2780

C:\Users\Admin\Downloads\InfinityCrypt\[email protected]
"C:\Users\Admin\Downloads\InfinityCrypt\[email protected]"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
PID:4932

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\icudtl.dat.5EDEF14D870A95132E624C76F89B52964C5FC05E194CF92C058499221F26FAA0

Filesize
16B

MD5
d481db39cf9621bfb48f1629a56a6613

SHA1
79adc2c79291df246f9033c37cc819312c4c834d

SHA256
cd573fe2afc306d2fb99eb3dd864dea133ee67f1d46a2bda646ba0beead5fde4

SHA512
6274605184f5c066e97d4f6e817c742c97f39f96ed7c9a2f9f11f0e791832d6dc0c16af72552cb013cdfa2a562831f51b557eb1a59b9977e6ce7d9fd0cb962e1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_remove_18.svg.5EDEF14D870A95132E624C76F89B52964C5FC05E194CF92C058499221F26FAA0

Filesize
720B

MD5
3fdf1b84296c9bb4047efaada59cbeff

SHA1
5c4e645f83974f3096c6c66c6eb4f97a8bdf0c3c

SHA256
8036f5e0940a3dd5eae080bf13b5b56bb94d49299f1f1607ae482d5219ff1c02

SHA512
4d60dffe56814a55fdb0aa822ce63fc59c0e9cdd826ef83ae7f309a4dc2e81bcfab2d606bc186056e533463e95b3d0129e8d5c99b6a64bd5576089019c0db098

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons.png.5EDEF14D870A95132E624C76F89B52964C5FC05E194CF92C058499221F26FAA0

Filesize
688B

MD5
5c577c0ab767aaba7d854cfa81e35161

SHA1
21d89b49ac1277c6fad4bb41855466200f8d7da7

SHA256
00a3f4ada694f753e9484596e47ae7e33e562e72531e77cd5fe90fae2ff00f38

SHA512
181c90cec9df0eff1b087e86b5c76d3653f801e270f2a968f9e7db5c852cda90864282d77e985877c013fd509b24f6d5059d7541143a0d4dd83f18e6d3e2d9c2

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons2x.png.5EDEF14D870A95132E624C76F89B52964C5FC05E194CF92C058499221F26FAA0

Filesize
1KB

MD5
942f8da6f3d7646ba4fd629bbdc6c912

SHA1
800933f2de6dd0b5f93ff5f87fd314e10b54463d

SHA256
794202b0a2abd0424fc6dfc93fbc6fdc07593fc7e6966bd8d2a3024f66218341

SHA512
b40331f2e85f084e57f3d233072b7e37a75f6a771bf71c7a21028a0495757db9219a0aa46883506fcd48a82e0039eb51916a6f896d8c616b9f91b2c4c79e5399

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon.png.5EDEF14D870A95132E624C76F89B52964C5FC05E194CF92C058499221F26FAA0

Filesize
448B

MD5
25e600d1b252c551964fc1be902ebed7

SHA1
dfe131f505e4203f44b9021bc814eccae8310d33

SHA256
2a5f24d63b6a5680fc5227bfe2f739351bb9d0bd5c37b624275efd31963ca025

SHA512
7bd22d43dd00fcee157cd34c9cc82f162d2003f89169959d72be2ba73db20fd92c0ee970aa0faffa549f5640c26e7ec2f66728c8ad2782d6660d112d866b727f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_2x.png.5EDEF14D870A95132E624C76F89B52964C5FC05E194CF92C058499221F26FAA0

Filesize
624B

MD5
07f2019437d7f5fa864f794db3040266

SHA1
549b9b43139f7f9152a2ab0af9abc5d595254627

SHA256
079189563e9158ef42a46f5fa4386306b9aaf3ae6d49dee24b1d89e5ead2c342

SHA512
1314d29e3aa5b16cb3652548955f5172977a3927cb2ccd4eb4647f8395aa33892f691653a8755e11412ff251cc0712cc99c9fdaea45a36818afe6bf6ce6ebdca

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover.png.5EDEF14D870A95132E624C76F89B52964C5FC05E194CF92C058499221F26FAA0

Filesize
400B

MD5
900b4bde862f9689773682dfab576579

SHA1
e4b5c20fbf5eab12017cbcea449c60ae256c1789

SHA256
24e5b1f1f8e39f9b7746050fab554f3a85cd2827de1cc460b6f15a622924a46c

SHA512
05a3ca52522b544a4931c9cf66a688fb90fb17d99eb02288af8a2f7b27751697e8ca01aca2d9dfedaad430896ee6d505fc6ba9888a1e5f4b768d6f755c15e2d8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover_2x.png.5EDEF14D870A95132E624C76F89B52964C5FC05E194CF92C058499221F26FAA0

Filesize
560B

MD5
5b712b7e6b699254dd51a59ff3a165d0

SHA1
8dbbd853da212db1a5216d8ca6e0cbd32dcd73d5

SHA256
b92adc4a5de4d6fb0f74c2f3874a25b6a2645763b980428fd4834f71d27f16d8

SHA512
4f3c2f041b2ff58fc05560c57f2dcdf46a1c433684a021a753661770566b2ecbc3bba9ce7393ace035915ca3c0e0d0203d6e5e46d13e3f8b8b0a249c37c78bb1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon.png.5EDEF14D870A95132E624C76F89B52964C5FC05E194CF92C058499221F26FAA0

Filesize
400B

MD5
dd3311788730050b9e3c312ddb35a9c4

SHA1
9d75845ac4e9f550c52ac2d058fa3900037ebd3d

SHA256
458c2aa2105be3d3ac7413884c9ae6a30d7c8fc80f824587eb93f2289f8706a5

SHA512
d14711ac331d8089417eed2470ff7e32890f1d6dd67eb7aa56b15a3cd59046836db75b7759c3d1eae830b863b0dba1a2d5dd47e80d0c5660bb3c6bca71d0f95c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png.5EDEF14D870A95132E624C76F89B52964C5FC05E194CF92C058499221F26FAA0

Filesize
560B

MD5
9c4d1e285caedec26816e6036d021cc4

SHA1
4d5e3c62f42425bfc842d9f9ebc9d3738f25ee60

SHA256
4fee7291ce407076ca572b3fbca9aae4c8fc0ffe48ffc5fd27a663f213066ac8

SHA512
4041330d4e2f534ed34f48f59c6a18cf8f2381f58cd86259bf59643705ed6c054369baf51a5c5377acee3f621b279a14eb72e59d78c6ed0d8043efe21127f379

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png.5EDEF14D870A95132E624C76F89B52964C5FC05E194CF92C058499221F26FAA0

Filesize
400B

MD5
ccd5609fe7a0ced94b3859290ba4a826

SHA1
1eadcc7086cd84c5fc24cde4313be4199d11f48b

SHA256
e8fa16c511f0b085434e9e9ef4759c3fb4e698dc64132773aa0114cddc900df1

SHA512
efa141e8030701e66024a3630e747fb59cdb9cf45050ddfd4200d816a4b952d495f9ad791b1a9b592105a3991a19477bae350ef620d977fb4130e7de7b22444b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png.5EDEF14D870A95132E624C76F89B52964C5FC05E194CF92C058499221F26FAA0

Filesize
560B

MD5
00ebac2db242f417155efa719dd6b285

SHA1
1941e2a44e27c117ce4ed59ea4e8f0925d06eb50

SHA256
6a48df7bd1707d7dda2bb4c6d4aadd3ec80dd16d6c6505c2580fb0a6b854f322

SHA512
6eccb6bb144071d42627fa5d46e7f1fe484002cff4b247d5808c7c0f728cec2846ed8df8a392e4f8177775f3fe01c7df40b06dce7ec09a29f4c766a2ea29ca81

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons.png.5EDEF14D870A95132E624C76F89B52964C5FC05E194CF92C058499221F26FAA0

Filesize
7KB

MD5
f00882311202685dbef77a642974843a

SHA1
2ae6f2dff6718bb594e75e55eb101b5efd447320

SHA256
02dfbf8c9f32fae97497979666962190da88dba4c8a62f6848e79039aeb9d288

SHA512
06860224346d5aed03e30364a71f60b7f7babac0e369e218eada78cbcfebe388d255a366ecb513e0275750fa2ee73d91f21aa7f52a2cc251612e7120d4f799b5

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_ie8.gif.5EDEF14D870A95132E624C76F89B52964C5FC05E194CF92C058499221F26FAA0

Filesize
7KB

MD5
335854b5c27d38ee81c6f80bd77c0f6f

SHA1
b3806bb50d3325078e2991e39713855be4104154

SHA256
2f0c220743e5fa40fa5c887fef1c35092396e7e749c8ce6d9539b2438431b333

SHA512
6702c7ad10f5187433f1570c5370c9fae8b74464307d130f9ec76c2fcf30b37e02b89b4e5fc7011b3070116ba35255fdac52f61c330336dac0659be1d87ede2f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_retina.png.5EDEF14D870A95132E624C76F89B52964C5FC05E194CF92C058499221F26FAA0

Filesize
15KB

MD5
39294b9cf7bd3b495d07b1de4b616ee6

SHA1
f6895adddc13e4a256b3b3b72f04f3ed6131a9e4

SHA256
1dc691bdabf4d339cbb035cf521aba6d2f00a70348d1b353070e2e93d5ade7b4

SHA512
29cc7e3f86a3891b9332a4c5033bdeec8314b1c9512765304f6c6650b21eec67aa21874525c405522373e2a9c5c75a19ea0aa2f3d3eceea391c59c089341531a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons.png.5EDEF14D870A95132E624C76F89B52964C5FC05E194CF92C058499221F26FAA0

Filesize
8KB

MD5
36f4da8c1d3cb004374af18e36580c64

SHA1
419b994d30658bd2b17893e1081925eb71224226

SHA256
9684dbc65f98e1eaed5539cfc57367a6d5f68b041871811fb4ac6372720889c7

SHA512
dcee90e125979d09cfc725f433f5b0db498dedc13a79067668ace4a4d7656aee33627a3dfcbde3c5e18aeb8a9ca58bbea8699d137702a5b26bc3e18e77733f46

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons_retina.png.5EDEF14D870A95132E624C76F89B52964C5FC05E194CF92C058499221F26FAA0

Filesize
17KB

MD5
1fddff9c374243fa184548b37e695bf7

SHA1
03a9cec2e8181177fa333f094a008b911ad5d54d

SHA256
aba4665ab25788cbf4f3606fe43d4ac67077c6df9404a959a7c3f5547c284ae7

SHA512
b8be25f06215df7f26d71ef7067ea36edacc272bb839c6e0e30f89db66673ab659dc6501ceeef414ecb8035aa22f1087015a99a18eedb0cc82e533427a22842b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_pattern_RHP.png.5EDEF14D870A95132E624C76F89B52964C5FC05E194CF92C058499221F26FAA0

Filesize
192B

MD5
0e8f2222c3ba5db4681b0b7a83f1480e

SHA1
7449d9dccc040c86e068ea85f48c16eda311a6b4

SHA256
45ef4fc257ec9ed7ceb570a56fc80d6cc99310b8360bd100531fbe95cd3989e7

SHA512
812308017606fc0ded82f03136be73932a120946fc8d46f26246424379681cf8dcbf6820c689274175ce5974456eac999d1490d46bdffd22dd5ee953a825b7c9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_patterns_header.png.5EDEF14D870A95132E624C76F89B52964C5FC05E194CF92C058499221F26FAA0

Filesize
704B

MD5
a67883ae4e5a4c5c4a9e619d99b93427

SHA1
557bfbbc45ca68109dfc67fd7750611de91e6ff6

SHA256
4d276a9bb3ff6c94bb642e73dccebbbe4ab16a109ca19ffeeb62893d51a030b3

SHA512
594ac5fedcb273a978cce3048888a5c1f57fcf8dadf99e051747a56da3eee1d6b133f64be4fb35e4f2fcddcb0d2296e203bba9d0c367b022c18d815bf948850c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations.png.5EDEF14D870A95132E624C76F89B52964C5FC05E194CF92C058499221F26FAA0

Filesize
8KB

MD5
3b9a716910f8068d3dc97de026b780fb

SHA1
0674ed4ec50c285b980fa60938228a13979aa041

SHA256
b25911f937dff1c04597a6ccae1c3d3e9549ff5fd1b02d33bf4a147de937689c

SHA512
5186104f5c99c54a4a6a1ed82bb681086526cd32e498a676f39b9fe4127bdc41af13d138ec3fc6f15a419918f9c6a01ca0a6c47eb987f8c4c920d4c9f7658fdc

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations_retina.png.5EDEF14D870A95132E624C76F89B52964C5FC05E194CF92C058499221F26FAA0

Filesize
19KB

MD5
d424150c118c944cb74831ed2d14a745

SHA1
6e791266889782af35642a440aaf3b6af2090c86

SHA256
ddc76576073fb205f8f3d91081ce0157f21245e68d81be3ea6a65ada3b80d9b3

SHA512
ef3ea69d2952b301041d988c94b278f8662cbe114ed970e35451222e9f9201c4429ec951fd4fdec4cad08cc762e632938d800634057a2c330c0c73e5c3e13ade

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-gb\ui-strings.js.5EDEF14D870A95132E624C76F89B52964C5FC05E194CF92C058499221F26FAA0

Filesize
832B

MD5
19b93317d46c1f815667e9b626f597dc

SHA1
3b909cfeb0b8ac427f4be61cdd7ab8a4c9d9276c

SHA256
09835c8c2ec3a8ef3cf2e29162b19193359463636bb1eb471bf913360c635276

SHA512
170f71cebc9849108ac11ece49b011bb26731ac08136958b3f3a529afba76d0ca2a3c37a7aecbd260db0463622a6edf84b0b49c67551b58fd93a6c1034aef737

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ui-strings.js.5EDEF14D870A95132E624C76F89B52964C5FC05E194CF92C058499221F26FAA0

Filesize
1KB

MD5
e39a59671ff92c820d6ef23959dbbc8e

SHA1
d7659ad654bb1989cbe33eb457ee54089f291b4a

SHA256
60860a0b24636dd4f6751e0181a78cfb27c667d61c30e79dbc99ee327c591689

SHA512
ad2aa204feaa75310dfff0d39a1ce1242cb07bf860f160012300fedb7dd2635953bfcc78641de48637fc062c8156ed3c957bdd1d9f8993a493289dcaf1c319e5

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ui-strings.js.5EDEF14D870A95132E624C76F89B52964C5FC05E194CF92C058499221F26FAA0

Filesize
1KB

MD5
c2d72264b920cc3cfa28ec3c2ff8035f

SHA1
c6dfddfef36f2e975d29633844e979641014f847

SHA256
27959dd4ebcc21f4fcf34f98246d0142396faddf5ac46e43dc56e955d9300eb5

SHA512
0eb347abadf2cb86ea6272d245fb1ab778fd58bb585a3eb60e67a49c007b24a577c96f4921e4383763866e03ccd84532a56c39b346646c7ee30f3cc76c2ae3ec

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\css\main.css.5EDEF14D870A95132E624C76F89B52964C5FC05E194CF92C058499221F26FAA0

Filesize
816B

MD5
dd689a86a5a8f24e3d3479affbc24f12

SHA1
ef7d3db829463c985936178950d9c86113922d7e

SHA256
29302f994e2ade88c38e49f5d70bf689fa74aed7211712ae7235515bf8b3de81

SHA512
d153896d2c131d69ce45cb4840c3b3713ba1a21f4a67e92d4c2bf0afb6ef903e8c3fc3897acd05db9b1d67ea1f78da20deee6d285aeff2736c3c188d1458aecd

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\bun.png.5EDEF14D870A95132E624C76F89B52964C5FC05E194CF92C058499221F26FAA0

Filesize
2KB

MD5
4990e30294af4a4b13e102ae71b5d206

SHA1
a56d8c96ca35647d9eb7f7db0a13d8e908d86835

SHA256
2e9178c122b412d0fb9db2b633af35c002a52c63eae9da319a9473c04e46dba0

SHA512
da4cc34e80d38eaa59371430394d38d7020813470f7f3438d86b8de03664ca350ee531eec2a96b7681200fd8a844bdeb983f1b074ec84f3fca76d173f5d39bb0

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview.png.5EDEF14D870A95132E624C76F89B52964C5FC05E194CF92C058499221F26FAA0

Filesize
2KB

MD5
b73e0ab074a99d114f6dc2f84bd01e90

SHA1
1dea3237e6225be70f28c243f7536fcddb0b08c1

SHA256
5623a12ea73a88718b1d8bfbdbf8ef9c793888a86b4673b559c19f6ba2de1877

SHA512
652bbf737849fbe79faad0027413f8afa1f3050f9825b711bc57a7c48c7e4be860a7d77421edfbb02dd03ef8531872fb07ef42d3380929f29c5c0bb67ac46a5e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview2x.png.5EDEF14D870A95132E624C76F89B52964C5FC05E194CF92C058499221F26FAA0

Filesize
4KB

MD5
e01fee017985cc2ac8b983305aa623f3

SHA1
2cf6c476d3e3f419c9f7659524cb5235c9852819

SHA256
b97fbed484adcc193929e6bde3b81de6956ff9797cd38cd7c41b07b61c58b9d7

SHA512
07185074dd54c30e676c3d387ca2c90f7185f60271567f7057bbbbba9c8bc43c4e98d1db288cc2be6414aa940d8ec719d79b79c6b9acc0f1d3848616aaecb84b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small.png.5EDEF14D870A95132E624C76F89B52964C5FC05E194CF92C058499221F26FAA0

Filesize
304B

MD5
ac9d18c4d5f41bb57289865c67bf91c0

SHA1
7253aaf743fcfadc966e478d7b11a8df498fe09d

SHA256
09adcc66022e504d44f6862b9b3af4b44b4cdc1660d9ab8becd3c11166751cde

SHA512
7d986386f0ffde347e373d283c1844c6991933ee412da61c36a193427e4e92894cfc613d417e74fd79fe6264f3339e1790a739668fcf5a7b427cfaa3852c385a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small2x.png.5EDEF14D870A95132E624C76F89B52964C5FC05E194CF92C058499221F26FAA0

Filesize
400B

MD5
3156249c760b3957ff2c850993ee3e9c

SHA1
98e9fe808561360a1b2d73dec8df560d48596204

SHA256
d5345b7dbafd00ed0037fba035441705054545fa54bbf1e609ea380a2b7d6fe5

SHA512
661ff090aaa3c8f1fbab0611a8d86cd41cdb47e0563ce9845e258d6fb18c0c44414051e39cd72c6658838a620af4b17ca23d8f72d49af6c36243a819f0303bf9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\nub.png.5EDEF14D870A95132E624C76F89B52964C5FC05E194CF92C058499221F26FAA0

Filesize
1008B

MD5
84c9a0b031ddf0c49595977af5825911

SHA1
fbcbec4a991a84edbfec6f652bb0a2cc5be07920

SHA256
202c704c2924dbc6fed0a2cd6262ef1b8d16f2fe7a0a89443881eae07f879737

SHA512
28f120162063152fcb0de22b0ddb0a04895b9b4bcfa77c213691e7eae518767deb21a37adf5c809ae723caea44075c185f3a4c3e3a3f5372aa39600b9bc46c0a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons.png.5EDEF14D870A95132E624C76F89B52964C5FC05E194CF92C058499221F26FAA0

Filesize
1KB

MD5
b783b4f985328d21876a60c80df2c690

SHA1
9af975b94a162cdc0072db28cd8c4c1f9e776019

SHA256
8c7f41d45488a66f06b3f760dae98be9411065a6774697a2af1b78322c255427

SHA512
153baf099bab4ea89fedb935e837cbb101c77b79c4943f140514b0bc12e00ef3a9c1fdeec69548f0e1eb90e33c52e30d264039a2dd0b5537e3305de4f4c302ad

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons2x.png.5EDEF14D870A95132E624C76F89B52964C5FC05E194CF92C058499221F26FAA0

Filesize
2KB

MD5
93d1817396ce0ac4ecdbd04f772feac7

SHA1
16b01696b280f70144eb49272117ffcde2e3202e

SHA256
b9a69d9f0a0762076a83fac42d0629929aa9f03d6983f33ef8faac938735eb6a

SHA512
6beb71f83da283857d3bccc784cc2d75b23c71c728734bf8bddc3600ef82c9ea618c23ffc458b904d486b298fa0f6934cd14999a63cf835ac718aded163416d9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\nl-nl\ui-strings.js.5EDEF14D870A95132E624C76F89B52964C5FC05E194CF92C058499221F26FAA0

Filesize
848B

MD5
1024fd34324e1d182b8e1abed6f9ba87

SHA1
a95829461ac2c796fe9647dd538432ff4d7d9510

SHA256
ecb2310e411de2134be2eea15d6a5af8d4e86df4fb46aeae5fd93294b06fb5f9

SHA512
74acf7f7ef34b7b50c581099e30f2547b0e07708b8b261213f2f0c2b93b6ea12c7260aed8ec11d2dd06e895e6db8245c865efece36eb4055dd72983d66ed96c6

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.5EDEF14D870A95132E624C76F89B52964C5FC05E194CF92C058499221F26FAA0

Filesize
32KB

MD5
5d84c8018bbcf1ece0d607c0815540e3

SHA1
6d087c3ab6b46ab3e28911a72ba95d5e2f22f62b

SHA256
5774be51c05b4a5cc667727bf2cce8fa0f9523a355255a0c64f33bd0495e0579

SHA512
f9c8dfbb1eb0659a37e34f51f281d3fd149567e8109cba6c387d929b461ae73dee0206ba083dc01124a027cfb01d0c91ab9fda245c563041872a63dae5d0bcad

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\activity-stream.discovery_stream.json

Filesize
19KB

MD5
6e30c035e58f69f50d23b5bd16c369c7

SHA1
71ed25d668491fb94ec184cdb53ca2e2acf4ef21

SHA256
6412f88a6b0f67b0af9c675e11a046a3af020b65dd8921ffcabc8bb4c0fa6be7

SHA512
e11598903e47ddf928f46020d6402cb7ac0b4ce597808ad451ab9cc9cae5df2b7d8c5e8598a597ed33e47ae7c6786637aba7bde1bfa1f26f1ddf00f255425825

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\cache2\entries\0305BF7FE660AF5F32B4319E4C7EF7A7B70257A3

Filesize
13KB

MD5
1c3bb058823f8d5628cf0d554cac179a

SHA1
4c831cea797d9eb94264f45c1480800d47398c9a

SHA256
2ad5a1b6a0e0228a8d5520889e80d664a05a9c96f27263da37a3338bc5988619

SHA512
7c5aa5d3a577d746c1c1313529b1b9b3994c3e76888bad7be972ee359d0d8682c3e685aeff83a79327fed7ccd2769721bead1cb90cb4e24f94d390afee5259a5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\cache2\entries\22386449CA13D8975B935875780066C6EF52CE37

Filesize
13KB

MD5
34ed3d84033023007552d9866681227b

SHA1
c0205f5b81753b06cae44bdd26d1cf02fb5a5234

SHA256
fa805ee49be64e27b8d985095ab85ff2f6427b666f3975030f29485f72974b49

SHA512
e09b831687adfc3b0ed89b82dcaaefbcba224d0402d5fb306b2515ce985b738759d5a3cc4f10fede06c2e3819cd95d4f79ecc9ad2ebef864b8550a949dbf47d7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\cache2\entries\549C94847E35BE89DCE95DF86EA39378F22E5078

Filesize
99KB

MD5
2b8a813f6d0f1426a582441782306542

SHA1
c688c82188be00de90e296293fd25c2085c084a0

SHA256
aa12e98593d4adc6b515d862644254c0f0673689378f0b18274b5c868aa08b5d

SHA512
18c5f4b6ba49e6d3d2543983837f0c373d1b08a6e77b9d86b592b8d8665beca564e9d08c459443c767d4d8b6fa6b3316085b239e653020731a131664df3d1c31

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\AlternateServices.bin

Filesize
6KB

MD5
0b7a68987a1da058958be67302d06f4e

SHA1
c7c238e188d3514593466d07a7e1abee36530316

SHA256
25f5ab9497585986d2c5df3bcd7a0793dc6919c8dea0e1aa9e84e2a47fafe62e

SHA512
7d1af72647d5394d68139e3d4e31432da0501d37e704a58c68cd4fc747542a1ab9d955ff84fc39112806bc4cd9e143be42ec1ea8683f538b5eb80289d911206c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\AlternateServices.bin

Filesize
6KB

MD5
5de3217335b1d890f6ff80fbf700bed3

SHA1
414f0075b42ed6ddaa354c498c29ed7fcd54a1b3

SHA256
0573863d2beaf0ea358a62d60db1039579c90983674ebe5e88bf375752ffe9c6

SHA512
ae128b7051b4eda94443fbb8ad2280c6c02e51bcec61c74be26a77203f575c13bec5832e63bc21714826fb9d6635c208935cf99d970e1f2661b96f422e270bac

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\datareporting\glean\db\data.safe.tmp

Filesize
39KB

MD5
ca31fb8583af4d7665c2ae27618ece44

SHA1
34161df03d6b62c1cda72b78bdbb7613fc61f076

SHA256
878127e0e0088639c2a4fae8df90b8f72c75c8df7b981661f6801a7e88a868d3

SHA512
80ddb68179e5c8b8f7931777a6d69cb2a2d31a93f767b2cfaaa44425d6826fbd39c260b06aff5fb1a47f9a5a7023ea39756a239287434b0ef7ab9ba38bb38b01

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
347070949728ee01d1c430179b2b8d2f

SHA1
59a8d3d692bbff5505cea9c0b6ce9f788bc4a34a

SHA256
bc5a93f13e0ffa0c62c4c90056d3f432abb470591c51d4edc017a62be7b51d87

SHA512
8042835cb4cfe932f47526c3bd40a58e69f2efa9e1779b630c5d4ec7b6d40a3e66b340ac25c2f8bf2623bb63719a97e9a6a2ca2ee347159ab940bd45e3cc99ef

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
75bcbd749e5fcad4c8f6e352238bbc2c

SHA1
cb36bedae530415147f82850a106e65cf2152112

SHA256
e7f0bce786f88a5500af9610811a665777bbf217febddf25100f12ab71a33c07

SHA512
b9e4635dd058473cb3b15b60709aa5ab4a2c641c0c3d3e471ba04563984c94a9b1e7d569379c2b8dfccc68a0ef1c6aaa75a4b3d3bdaf16adaafa966967d94603

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\datareporting\glean\db\data.safe.tmp

Filesize
38KB

MD5
e7791c22797bc58edde4247bfc60d1e3

SHA1
dfac73325600d98470b341a6dfce2468a6aab9d4

SHA256
59bdbaab3048de88c0d2f272adb92012b5fa97733bc7e74e3b7eace5579af22e

SHA512
af28f1936024c27dd883a72f3f8c09686330982b64a7eb0b3beb8bfe9114fba7d4105ffa5ac167a2d24cab78b642b47333ac7fdbdb08951fc0d28776acf10ff0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\datareporting\glean\pending_pings\36827e8f-bc9a-45d2-92a2-3e86ad2402d1

Filesize
671B

MD5
61f6c4dbe9ee8d84b5046859fd99efac

SHA1
3c44546e2cb2a62af0cde82d52c307e42ef150a0

SHA256
9493650cdeb8adf625a3a51f3dbf486dd362874fd2ddede250f5b3e7592f5056

SHA512
a7481bd164a728b83a5f10a809319a1854184bd8613e0e89a07dee52880ecdf74f88a748594e45b423e26ea2440fa31dd0d4d05c37edddf70eb1b038542f20bb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\datareporting\glean\pending_pings\4ed07e5b-15ad-4e6b-ae60-3a131abe7020

Filesize
26KB

MD5
5c1b1756e19d8f7e3f64d946a71e3008

SHA1
44a120a5572c62c3a245c2403b6a7fa93dc08600

SHA256
e1add04f375a6bfa800a8f67d065d012b96b4a114e9714b2aa153d8b21b01fed

SHA512
24f79994f3082975915c32f0cd86070c43c2465ccdbc87df0b4233377a648bce612dc6726e6b710385c478f6631ddb10b3ac8bb60a23715ddd11d226b43f44f1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\datareporting\glean\pending_pings\7d039363-855c-40ea-a85d-5c0fcb9e58fb

Filesize
982B

MD5
1fc61dd590052d0db93952192d3af245

SHA1
8e53ab44e74e737d816daf963187feb824aac83e

SHA256
43c81817e8e4686b4fc21514eeb290e6bb836b84961948a36c53ce1b66fc76cc

SHA512
db3da3a2e276a1609664539e8687013d8518100a97ca2edb697a9ad0d70c4778dd8a6d8b5c6927775fe1ad9b9616793caa90bbaf5d363b932cccdfaf1dd51ea8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\datareporting\glean\pending_pings\ea66dd74-390a-410f-883e-6d8e45c5ed0c

Filesize
11KB

MD5
c97499d337edfdf94a58992dbea6aa79

SHA1
9b6df0dbe4442f68b09874b41ecce16ee53d63d2

SHA256
1a7c199f889788dd924f49a2b8064563ba8c75438e529c62235774b496937d74

SHA512
f4cfe465287614b360a3ba8c46164133366134553ed8e9b174e5cdb47f7861d19a59c3c95403d47bee0327bbca1a963c959d31dac013fd010a10c7375d3f78c7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\prefs-1.js

Filesize
16KB

MD5
5d930e3a1251ea8fb68e226fb894c429

SHA1
a7144ed77407d0affa6c0f456e342dc3495a5a69

SHA256
2fca3869f3d3b216ff943fe6fcff5e9617aef006f567b11e6a7eac70aa4337d4

SHA512
687e98cd7e84b7bb7ba84657931e53fff46fab592290dffb55bf42090237815940b7788fabbc7e362064278a1543e47880dbfabd0520285a38f361da0aac8e76

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\prefs-1.js

Filesize
13KB

MD5
5f29a0c14db4c40cb58107e4ae3b85b0

SHA1
589276b3ada7343664abca593f6ee8988cd5c945

SHA256
877cfdc18722cf472d8b320d5d8e2d8420e002694699309374d622d2d2438741

SHA512
7611732c4ab63e94f341b250b3ed373451ed564a45d6c87329cad4c8b059b0e3b4ab770bf873b5c07111acc1b5ec30df238e3c88711bb737b9427f2f311dcffe

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\prefs-1.js

Filesize
16KB

MD5
971f42b4674a94ff83906cbb5ae2e42f

SHA1
dca24feb1d62bb8cf795de96d9772419fcda4945

SHA256
2a6d597d8e861bd42ff5c93b471ecd8fbe1c5285b7cd19e05a3fb9bed43e7136

SHA512
4bf4cc704f23e9dff435920572f3019bbb8a78408f08d9141c0880522b6ec0b8b374dbcc2cc69efa4e83e4e1bfc973e6c7353bbf58da8dd78ce2a9a33ad4a026

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
d408b2c87ef0654854178fe6b7223e94

SHA1
87cb615211a02e699b5f14d41c0a98ec93102b1c

SHA256
56e56ebece075d1915ce3eda196da011bf1b7c73941ef0c3f1ab66c094fe0d07

SHA512
2f8b9087552ed1e26c37a37cbad2ee195982937e7528fac15861d276a210b5c7e777e673de214805bcd842939d97270184cc970774c093ea05f75daf9e104184

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
64c3e9873050258ae3b06055d42ad9eb

SHA1
0a9bfb8c0195689ab88b969c3e1e8bcc1613621e

SHA256
6ce40c09d17500c16a15bc4c564edf9a4825db6616568c9ffad5d9137ad69b1d

SHA512
ef762592d736f9ef5bd76c4f2b0a8a2e89bdd2b0b310dc64208e3b45bfe13967e104b2cf30ff80d725089c38a24b695189978bc59a4f5805e4799f4c14e87fae

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
1c096d875c466134fe39502d3f33e3fa

SHA1
b6b94b99273758a820afc221f0dcab3689791da9

SHA256
bd62187b81b775f1d74e80d68dac4acc8e29b1fce99d5e84e369c102ec7a7138

SHA512
dea29dc26fb85b4a4a1229ab2c757e0970619c46523bab8b9ee1aad6dd304ef00c00642b9d32e42981c7742e090410256ac335639be0bb4b96e6a90d18c824ad

Download Submit
C:\Users\Admin\Downloads\W02HfIel.zip.part

Filesize
33KB

MD5
5569bfe4f06724dd750c2a4690b79ba0

SHA1
05414c7d5dacf43370ab451d28d4ac27bdcabf22

SHA256
cfa4daab47e6eb546323d4c976261aefba3947b4cce1a655dde9d9d6d725b527

SHA512
775bd600625dc5d293cfebb208d7dc9b506b08dd0da22124a7a69fb435756c2a309cbd3d813fc78543fd9bae7e9b286a5bd83a956859c05f5656daa96fcc2165

Download Submit
memory/4932-4454-0x0000000000530000-0x000000000056C000-memory.dmp

Filesize
240KB

Download
memory/4932-4453-0x0000000074AEE000-0x0000000074AEF000-memory.dmp

Filesize
4KB

Download
memory/4932-4455-0x0000000004F40000-0x0000000004FDC000-memory.dmp

Filesize
624KB

Download
memory/4932-4456-0x00000000055D0000-0x0000000005B74000-memory.dmp

Filesize
5.6MB

Download
memory/4932-6635-0x0000000074AEE000-0x0000000074AEF000-memory.dmp

Filesize
4KB

Download
memory/4932-4457-0x00000000050C0000-0x0000000005152000-memory.dmp

Filesize
584KB

Download
memory/4932-4458-0x0000000004FF0000-0x0000000004FFA000-memory.dmp

Filesize
40KB

Download
memory/4932-4459-0x0000000074AE0000-0x0000000075290000-memory.dmp

Filesize
7.7MB

Download
memory/4932-4460-0x0000000005160000-0x00000000051B6000-memory.dmp

Filesize
344KB

Download
memory/4932-7153-0x0000000074AE0000-0x0000000075290000-memory.dmp

Filesize
7.7MB

Download
memory/4932-7868-0x00000000062F0000-0x0000000006356000-memory.dmp

Filesize
408KB

Download
memory/4932-7869-0x0000000074AE0000-0x0000000075290000-memory.dmp

Filesize
7.7MB

Download
memory/4932-7870-0x0000000074AE0000-0x0000000075290000-memory.dmp

Filesize
7.7MB

Download