infinitylock | cfa4daab47e6eb546323d4c976261aefba3947b4cce1a655dde9d9d6d725b527

Analysis

max time kernel
53s
max time network
52s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
06-10-2024 18:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

[email protected]
Size

211KB
MD5

b805db8f6a84475ef76b795b0d1ed6ae
SHA1

7711cb4873e58b7adcf2a2b047b090e78d10c75b
SHA256

f5d002bfe80b48386a6c99c41528931b7f5df736cd34094463c3f85dde0180bf
SHA512

62a2c329b43d186c4c602c5f63efc8d2657aa956f21184334263e4f6d0204d7c31f86bda6e85e65e3b99b891c1630d805b70997731c174f6081ecc367ccf9416
SSDEEP

1536:YoCFfC303p22fkZrRQpnqjoi7l832fbu9ZXILwVENbM:rCVC303p22sZrRQpnviB832Du9WMON

Score

10^/10

infinitylock discovery ransomware

Malware Config

Signatures

InfinityLock Ransomware
Also known as InfinityCrypt. Based on the open-source HiddenTear ransomware.
ransomware infinitylock

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\nb-no\ui-strings.js.98261CD70D993434EAE3719D3F9116BE09B5E216B9F05D4F43BC87625A8DA61C	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win8-scrollbar\arrow-up.gif.98261CD70D993434EAE3719D3F9116BE09B5E216B9F05D4F43BC87625A8DA61C	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\es-es\ui-strings.js.98261CD70D993434EAE3719D3F9116BE09B5E216B9F05D4F43BC87625A8DA61C	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\images\themes\dark\s_radio_selected_18.svg.98261CD70D993434EAE3719D3F9116BE09B5E216B9F05D4F43BC87625A8DA61C	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\js\nls\sv-se\ui-strings.js.98261CD70D993434EAE3719D3F9116BE09B5E216B9F05D4F43BC87625A8DA61C	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\ko-kr\ui-strings.js.98261CD70D993434EAE3719D3F9116BE09B5E216B9F05D4F43BC87625A8DA61C	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\it-it\ui-strings.js.98261CD70D993434EAE3719D3F9116BE09B5E216B9F05D4F43BC87625A8DA61C	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\PMP\DataMatrix.pmp.98261CD70D993434EAE3719D3F9116BE09B5E216B9F05D4F43BC87625A8DA61C	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png.98261CD70D993434EAE3719D3F9116BE09B5E216B9F05D4F43BC87625A8DA61C	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_cancel_18.svg.98261CD70D993434EAE3719D3F9116BE09B5E216B9F05D4F43BC87625A8DA61C	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\en-ae\ui-strings.js.98261CD70D993434EAE3719D3F9116BE09B5E216B9F05D4F43BC87625A8DA61C	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\faf_icons.png.98261CD70D993434EAE3719D3F9116BE09B5E216B9F05D4F43BC87625A8DA61C	[email protected]
File opened for modification	C:\Program Files (x86)\Windows Media Player\mpvis.DLL.98261CD70D993434EAE3719D3F9116BE09B5E216B9F05D4F43BC87625A8DA61C	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\core_icons_retina.png.98261CD70D993434EAE3719D3F9116BE09B5E216B9F05D4F43BC87625A8DA61C	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\rename.svg.98261CD70D993434EAE3719D3F9116BE09B5E216B9F05D4F43BC87625A8DA61C	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\themes\dark\circle.cur.98261CD70D993434EAE3719D3F9116BE09B5E216B9F05D4F43BC87625A8DA61C	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\css\main-selector.css.98261CD70D993434EAE3719D3F9116BE09B5E216B9F05D4F43BC87625A8DA61C	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\tr-tr\ui-strings.js.98261CD70D993434EAE3719D3F9116BE09B5E216B9F05D4F43BC87625A8DA61C	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\js\nls\da-dk\ui-strings.js.98261CD70D993434EAE3719D3F9116BE09B5E216B9F05D4F43BC87625A8DA61C	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\themes\dark\illustrations.png.98261CD70D993434EAE3719D3F9116BE09B5E216B9F05D4F43BC87625A8DA61C	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Mac\GREEK.TXT.98261CD70D993434EAE3719D3F9116BE09B5E216B9F05D4F43BC87625A8DA61C	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\apple-touch-icon-72x72-precomposed.png.98261CD70D993434EAE3719D3F9116BE09B5E216B9F05D4F43BC87625A8DA61C	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_filterselected-dark-disabled_32.svg.98261CD70D993434EAE3719D3F9116BE09B5E216B9F05D4F43BC87625A8DA61C	[email protected]
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\PackageProviderFunctions.psm1.98261CD70D993434EAE3719D3F9116BE09B5E216B9F05D4F43BC87625A8DA61C	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\large_trefoil.png.98261CD70D993434EAE3719D3F9116BE09B5E216B9F05D4F43BC87625A8DA61C	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_sortedby_up_selected_18.svg.98261CD70D993434EAE3719D3F9116BE09B5E216B9F05D4F43BC87625A8DA61C	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\da-dk\ui-strings.js.98261CD70D993434EAE3719D3F9116BE09B5E216B9F05D4F43BC87625A8DA61C	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\css\main-selector.css.98261CD70D993434EAE3719D3F9116BE09B5E216B9F05D4F43BC87625A8DA61C	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\de-de\ui-strings.js.98261CD70D993434EAE3719D3F9116BE09B5E216B9F05D4F43BC87625A8DA61C	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\images\example_icons.png.98261CD70D993434EAE3719D3F9116BE09B5E216B9F05D4F43BC87625A8DA61C	[email protected]
File opened for modification	C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\PipelineSegments.store.98261CD70D993434EAE3719D3F9116BE09B5E216B9F05D4F43BC87625A8DA61C	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Viewer.aapp.98261CD70D993434EAE3719D3F9116BE09B5E216B9F05D4F43BC87625A8DA61C	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\themes\dark\cstm_brand_preview.png.98261CD70D993434EAE3719D3F9116BE09B5E216B9F05D4F43BC87625A8DA61C	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\ca-es\ui-strings.js.98261CD70D993434EAE3719D3F9116BE09B5E216B9F05D4F43BC87625A8DA61C	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\nb-no\ui-strings.js.98261CD70D993434EAE3719D3F9116BE09B5E216B9F05D4F43BC87625A8DA61C	[email protected]
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe.98261CD70D993434EAE3719D3F9116BE09B5E216B9F05D4F43BC87625A8DA61C	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\remove.svg.98261CD70D993434EAE3719D3F9116BE09B5E216B9F05D4F43BC87625A8DA61C	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\fr-ma\ui-strings.js.98261CD70D993434EAE3719D3F9116BE09B5E216B9F05D4F43BC87625A8DA61C	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Download_on_the_App_Store_Badge_ko_135x40.svg.98261CD70D993434EAE3719D3F9116BE09B5E216B9F05D4F43BC87625A8DA61C	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Download_on_the_App_Store_Badge_sv_135x40.svg.98261CD70D993434EAE3719D3F9116BE09B5E216B9F05D4F43BC87625A8DA61C	[email protected]
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\en_CA\README_th_en_CA_v2.txt.98261CD70D993434EAE3719D3F9116BE09B5E216B9F05D4F43BC87625A8DA61C	[email protected]
File opened for modification	C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\InkDiv.dll.98261CD70D993434EAE3719D3F9116BE09B5E216B9F05D4F43BC87625A8DA61C	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themeless\custom_poster.png.98261CD70D993434EAE3719D3F9116BE09B5E216B9F05D4F43BC87625A8DA61C	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\scan-2x.png.98261CD70D993434EAE3719D3F9116BE09B5E216B9F05D4F43BC87625A8DA61C	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\progress.gif.98261CD70D993434EAE3719D3F9116BE09B5E216B9F05D4F43BC87625A8DA61C	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\sk-sk\ui-strings.js.98261CD70D993434EAE3719D3F9116BE09B5E216B9F05D4F43BC87625A8DA61C	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\MyriadPro-Bold.otf.98261CD70D993434EAE3719D3F9116BE09B5E216B9F05D4F43BC87625A8DA61C	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\forms_distributed.gif.98261CD70D993434EAE3719D3F9116BE09B5E216B9F05D4F43BC87625A8DA61C	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\ru-ru\ui-strings.js.98261CD70D993434EAE3719D3F9116BE09B5E216B9F05D4F43BC87625A8DA61C	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\dd_arrow_small.png.98261CD70D993434EAE3719D3F9116BE09B5E216B9F05D4F43BC87625A8DA61C	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_removeme-default_18.svg.98261CD70D993434EAE3719D3F9116BE09B5E216B9F05D4F43BC87625A8DA61C	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\uk-ua\ui-strings.js.98261CD70D993434EAE3719D3F9116BE09B5E216B9F05D4F43BC87625A8DA61C	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\icudt58.dll.98261CD70D993434EAE3719D3F9116BE09B5E216B9F05D4F43BC87625A8DA61C	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_reportabuse-default_18.svg.98261CD70D993434EAE3719D3F9116BE09B5E216B9F05D4F43BC87625A8DA61C	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\hi_contrast\aic_file_icons_retina_thumb_highContrast_wob.png.98261CD70D993434EAE3719D3F9116BE09B5E216B9F05D4F43BC87625A8DA61C	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\eu-es\ui-strings.js.98261CD70D993434EAE3719D3F9116BE09B5E216B9F05D4F43BC87625A8DA61C	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\pt-br\ui-strings.js.98261CD70D993434EAE3719D3F9116BE09B5E216B9F05D4F43BC87625A8DA61C	[email protected]
File opened for modification	C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.dll.98261CD70D993434EAE3719D3F9116BE09B5E216B9F05D4F43BC87625A8DA61C	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\trash.gif.98261CD70D993434EAE3719D3F9116BE09B5E216B9F05D4F43BC87625A8DA61C	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_sendforsignature_18.svg.98261CD70D993434EAE3719D3F9116BE09B5E216B9F05D4F43BC87625A8DA61C	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\selection-actions.png.98261CD70D993434EAE3719D3F9116BE09B5E216B9F05D4F43BC87625A8DA61C	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\selector.js.98261CD70D993434EAE3719D3F9116BE09B5E216B9F05D4F43BC87625A8DA61C	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\uk-ua\ui-strings.js.98261CD70D993434EAE3719D3F9116BE09B5E216B9F05D4F43BC87625A8DA61C	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\zh-tw\ui-strings.js.98261CD70D993434EAE3719D3F9116BE09B5E216B9F05D4F43BC87625A8DA61C	[email protected]

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	[email protected]
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	[email protected]

Modifies Internet Explorer settings 1 TTPs 16 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\""	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{FD56358B-840D-11EF-ABE2-D68C0A96CA30} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4692	[email protected]

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3916	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
3916	iexplore.exe
3916	iexplore.exe
4912	IEXPLORE.EXE
4912	IEXPLORE.EXE
4912	IEXPLORE.EXE
4912	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3916 wrote to memory of 4912	3916	iexplore.exe	83
PID 3916 wrote to memory of 4912	3916	iexplore.exe	83
PID 3916 wrote to memory of 4912	3916	iexplore.exe	83

C:\Users\Admin\AppData\Local\Temp\[email protected]
"C:\Users\Admin\AppData\Local\Temp\[email protected]"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
PID:4692

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4524

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -nohome
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3916
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3916 CREDAT:82945 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:4912

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\icudtl.dat.98261CD70D993434EAE3719D3F9116BE09B5E216B9F05D4F43BC87625A8DA61C

Filesize
16B

MD5
793e2dc02f1f557fa4723eb3b75a8427

SHA1
471dbdda256f25f61b50b993d5398ec5c76db725

SHA256
f08a212d6179a3d6496bd9da9047eece39bacf9cfc755eb7821e190418e2f9fe

SHA512
2bf48c8b23643b2a3d07cdecdba1fd4a2da72129f4bef41ad929b1605f3173c22132113ac42154fc7c168660e26706d78779b4e8f33e90804c9dc283419b103b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_remove_18.svg.98261CD70D993434EAE3719D3F9116BE09B5E216B9F05D4F43BC87625A8DA61C

Filesize
720B

MD5
e8ea344248af8956779dfeecadb91ce8

SHA1
b9832cf0ae796840d0e9959ba55c2b1ba4039a1b

SHA256
0abd83fb93dd38f495a3a70801e6a320cf68e43986b9163607549d13f02c56da

SHA512
da67ecaf08d6b869d4f8b1f2828bd6d12eaf079d3f0aa8cd72c8af6ac891409595caedea1945ec737e0fecd2acbb5d82fb9d743d0a6bd2ed33b5f2b0d37b2726

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons.png.98261CD70D993434EAE3719D3F9116BE09B5E216B9F05D4F43BC87625A8DA61C

Filesize
688B

MD5
0edfe3e56efdfbab3c1f232c50c35201

SHA1
59ebda981ca1ae540fa1d6d12d8af972d8bba8dc

SHA256
0bf50ac66702bddc1117d1d7f4601ea07f2f286e8a9d178bd178f79edcfae0a0

SHA512
2c9f11569f081494d421ca2ac1d26299926888129cce6d61cb21d0b8652ef652a1bdc85fe358bbfa6a9b6c366644afbb7f74f756c06a5415627be0298f241583

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons2x.png.98261CD70D993434EAE3719D3F9116BE09B5E216B9F05D4F43BC87625A8DA61C

Filesize
1KB

MD5
1c585a2b5227427b3b2c3ff856a27014

SHA1
68ab64fc0dbbf914073dec49a3c0849c8208305a

SHA256
70d5f57f0de56238e140e1979d28bfc3b8fb045469abcae129bc565dcd342e85

SHA512
d0a1aa692ae6c00e80c815cd6d809e688792c8b72d618351bbf2c0c3a92e0747fe9a3259b4397ebad4dc1c6424f709d158fe9addea6be25d77598c1fe175ef38

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon.png.98261CD70D993434EAE3719D3F9116BE09B5E216B9F05D4F43BC87625A8DA61C

Filesize
448B

MD5
02aae9468734e75f2b798cdedb0eed0a

SHA1
380834bd9d51aeb4663c83325a5baeccdaeb5ff5

SHA256
cc980237fa92274d5dbf9119fc8aadbc41160a6f9cb0d31d8dd7ad7c3aedc476

SHA512
006a27eaf979f4c45dc480696b7e13d7d1906f7a3208a3ed4b80ba6d8e8822488d9aaac6dddc0b87d6d1b9a8f0c4b9a308180837112526d4aa15bf51940f244f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_2x.png.98261CD70D993434EAE3719D3F9116BE09B5E216B9F05D4F43BC87625A8DA61C

Filesize
624B

MD5
81fb6185a85483765fd96dee6a7dede8

SHA1
54fc7837bad48cf53d2eaa93ccfe275987f3c5b8

SHA256
c6de36c1dffbcda60831d12d1a98b2b46236b5dac3dd068ffff9bcf34df5db41

SHA512
84c9937f69365ac792dd266d8bd0167dd47228818e99a5f3cc687de093f2b2db72f96760939ff1aa8d0f6016efb1ad8b4537e45748d4ffa315fd49b280d75bb7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover.png.98261CD70D993434EAE3719D3F9116BE09B5E216B9F05D4F43BC87625A8DA61C

Filesize
400B

MD5
47a167c952321e4896e93ae9a4b5e7e4

SHA1
6e72bb149e10039738da1fec2423b793b7fee086

SHA256
8e75ea7452c9fd17da3dcc05f86a1f4c5fbb235f87bff2bcbe8ca1732cb19745

SHA512
413e664a35646091c517e44668cc61f7f0f93717db899a9aaa1e5932c0e6275f0b389dc550678aac59c956e00532aac568c4606bd3f847b4cd7f488e38e5e66d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover_2x.png.98261CD70D993434EAE3719D3F9116BE09B5E216B9F05D4F43BC87625A8DA61C

Filesize
560B

MD5
b00c170d793f9d5ad25e08ac846f6281

SHA1
cda6f06448bc508525914b0992b2222a8746be83

SHA256
c17dc498ceb8f78a8a51bb26ed5e9a171bff854934f3be88c1a5ea85b559e5e8

SHA512
6744c12106d4b4a019ff95e42049e9bcf9462ae759c7db3a61be0469cbd8fa335a57cb4e19b7153e18b03e2dea0ef8d3ac48d6fa2e9ca2733ec7dd684bfad1a3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon.png.98261CD70D993434EAE3719D3F9116BE09B5E216B9F05D4F43BC87625A8DA61C

Filesize
400B

MD5
292c2e4973ac39fcc144b8a3216ce78f

SHA1
af2b8f75eeb34a28c66defc4ca08823a9a02172a

SHA256
6793fda09c7c85539d0ce46d80167aaaec539f0acd9a643a761a56968220f947

SHA512
7bd4b532722b98514a98618267bbb30374c3c53ca507743c487f07df7d920f55c3104dde83c2e2baca4d20f420a0db2c61869bc3dd362badf4ac0d7280297c66

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png.98261CD70D993434EAE3719D3F9116BE09B5E216B9F05D4F43BC87625A8DA61C

Filesize
560B

MD5
e741ae35ba508331377e40023675f4ae

SHA1
0ebe1eb436ed74b3c2d4a4fda3c784a039906091

SHA256
df0633a38162a2e49fa39370e6e5dfed0f09703d2e0813eadb92233d5e9fa9d1

SHA512
27b5bb7ffeced82d3d1e110a0579b00ff9df7437c1a7f1f8b60759ec51ed6ba61a741a14d22ef16684e23d08252943526f75b7a9eb1430461d5789304a542b8e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png.98261CD70D993434EAE3719D3F9116BE09B5E216B9F05D4F43BC87625A8DA61C

Filesize
400B

MD5
9cfcfcac6dd382c419e8e9438b194603

SHA1
82ad106cb067c4ba80fc9dc4b4d961312bf6e6da

SHA256
fded7b8621cf630fc49187d98af9db960305199f791a802d3835ecbaaf73e9e0

SHA512
04e5370b91e8f0638481800aa5ae6ff23a692cb33b27507faa8a3ecf38ffcd359e4602e578e2827d8e29c84fbef549a84c29dbed365ef00ede56a3828bf75b29

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png.98261CD70D993434EAE3719D3F9116BE09B5E216B9F05D4F43BC87625A8DA61C

Filesize
560B

MD5
22e4d5368496d3b896924b034b3ab35a

SHA1
f986c4750d79d675e2b88240bc60241cc9141003

SHA256
7f718ec3fe80a62d26a6c9d38ba7ed7fa83a055822a9de53a225de05c3a41e24

SHA512
3b722d30b37a13037629ae330ebb325ee79a9d394cacba2ffa1bc3a7b7adf0731cfec9bd35d4ae628dc9ef50652f2a083fc2aabe0cd02ec205be7e3d0d6f9e73

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons.png.98261CD70D993434EAE3719D3F9116BE09B5E216B9F05D4F43BC87625A8DA61C

Filesize
7KB

MD5
ac6e2fbc3ffb47391d9aff7a6c65376b

SHA1
38136aad2f6ad0302bdfcd4d6a78ec281c238218

SHA256
7ac2c8b33404be4a486f7578887e3a05a5bd35622345c41ad65bafcd004708ae

SHA512
cff11d4e5f835358fd8e551592417de9c327543005bae230856a14c6673151c43b69343dc4289f50f7473669432ad6d66bb900d960f9912eee1882ebc40961ef

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_ie8.gif.98261CD70D993434EAE3719D3F9116BE09B5E216B9F05D4F43BC87625A8DA61C

Filesize
7KB

MD5
07f76e27b05db6cb0c6a401bd576ac74

SHA1
d09c3e51ab02a439dc21c336933d86caa29a5657

SHA256
6336f0339341f61ace67f750552e9a37facd8ba716a7701f58fc49475799086f

SHA512
591d21d3e172c52c334713aa08fee79eea86bc006bbc48e21fb4e4ecb8e047ada17dc823e567ef95d888f083d4f67253ce19d353f339456bce7b37427dced35b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_retina.png.98261CD70D993434EAE3719D3F9116BE09B5E216B9F05D4F43BC87625A8DA61C

Filesize
15KB

MD5
c961e70f1a6745f856ca58f16eaf5140

SHA1
f33a205d5e5274a8e3a343dcc18d00f324075460

SHA256
d57db5cf9f451aba7b8f9f0874b994730c4f70a15a86b967bd34c36fa412ab74

SHA512
80e72d408530e5db25c8ac7319fd7f5927c2a21716dc49c6150f63f75949386afa9cdf2a0389aee1e652581a9e610209fb5268e723982132f165181fe71f2e1d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons.png.98261CD70D993434EAE3719D3F9116BE09B5E216B9F05D4F43BC87625A8DA61C

Filesize
8KB

MD5
2efd0f2886328685eb785f3e245da316

SHA1
abca3920cf01f42f6cc677062771ab7da4ef9e3c

SHA256
5b7e0b8ba0da6753931642d12d1d7d2ef389eddd7f942886f87525cd363e2dfe

SHA512
561c073a7f6717f89a9b0332026831e718c518b70d45a15fddc1c86f939593c43b112f493903bc68c677e13f0b3662b3401bb138fdd60f66ec04b9c0d55d9835

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons_retina.png.98261CD70D993434EAE3719D3F9116BE09B5E216B9F05D4F43BC87625A8DA61C

Filesize
17KB

MD5
8f3fbc8fd5aab36a712c6bce43499ad7

SHA1
d4a3ab7efe8de0006070540d504965c49923f383

SHA256
1da0c1a873acb7ec382915c69bb537273c6d196978b776ec754f27a068ceedb6

SHA512
422309c91d7c98a5821633a84463466c4c462a3bd31a3eaaaf6f49cda0a184acfa086e6e954aa0de8ac230feea6606626185f751cbd805a458b2ab37b3d18b5f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_pattern_RHP.png.98261CD70D993434EAE3719D3F9116BE09B5E216B9F05D4F43BC87625A8DA61C

Filesize
192B

MD5
d44e95c7ac97a618b55a54d3e90387dd

SHA1
341c51d3b53ecd60eef2de936c0e8475325f9af8

SHA256
d7821fac1016a5dabb04b5d3bd84a355ae62a7c1e6bdee63557ad567feab75c3

SHA512
3f19d89d0eebbcbf7e240529d4ed4fa8f25e768896a5a7368a47b7f70406332da79acbc624d70faa6f642395cd1c6140fbf6e419c0e368db2e918287b81c0710

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_patterns_header.png.98261CD70D993434EAE3719D3F9116BE09B5E216B9F05D4F43BC87625A8DA61C

Filesize
704B

MD5
5103a888eca0be765b6fbf8b82856ae8

SHA1
62e9a10ae8b9c3468c7c1e7b4fd11b48695608fa

SHA256
519449d578a3b7d8a88b32174fec1805725faa2ac9a9aca949cf7afb2c5447e6

SHA512
7fb2ad7248d200a0d3bd509fa6273b8b467cf4876d3502cfc32a9a90bee388302e0db7df91d12718985f295b05f92ca3a0d378448a7574e85a9ffd471ae79b23

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations.png.98261CD70D993434EAE3719D3F9116BE09B5E216B9F05D4F43BC87625A8DA61C

Filesize
8KB

MD5
a7597435a735bcdb900525b97c51abdc

SHA1
527bbe103b478ec2328479be3a30c9c187bc363d

SHA256
99bae7c14061abd724598556bb069b72aa97f31f576c009d2beca844a02efcd5

SHA512
2b8185c56ea041010d51568697926e8b507d9c788df11c02325518255cbade32c661775b407ed25b9e04397fd7fb1d632d7f5a799369e7ed7b876488a8a6be7b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations_retina.png.98261CD70D993434EAE3719D3F9116BE09B5E216B9F05D4F43BC87625A8DA61C

Filesize
19KB

MD5
ce15c95f6567ce48043c7d5fe245d8a9

SHA1
b49c654f0173a72a3b07e961e166d6bc888675b3

SHA256
5c2b9823d1d4ca495df49d0181990a9983406e4b1b88f48ee287d4ea786e4a23

SHA512
65e482041ae9f0c96b64dd6468d57625312d851a69a023063a8a93ac495af0696ccbec6a59f4cb322bbe48474d07603d1e53b9a91cbc049bb99fb7c2ccdc8b16

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-gb\ui-strings.js.98261CD70D993434EAE3719D3F9116BE09B5E216B9F05D4F43BC87625A8DA61C

Filesize
832B

MD5
d5c1dcfc91469bed454f89209fbdaad1

SHA1
c3fbd57e219ab07bcac22797e034bb388e18627b

SHA256
29542edd343dae183ffa11096f56f24156f39ec1e911443b6f6ad23ea0ca59a5

SHA512
754baf2d78d54f3828f3931a73573b8f501b664373cb7261138c645d635f6799293d5c00d67e257cb1d0428c2bff28e7099e43785359cec52ffb1fde92923f91

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ui-strings.js.98261CD70D993434EAE3719D3F9116BE09B5E216B9F05D4F43BC87625A8DA61C

Filesize
1KB

MD5
d7274c05c9e2b965420c0ab8bf7d0fc0

SHA1
231bfe3da671b5c312f147fd0dd36ebd3dcb3bc1

SHA256
b8050a1ed54c727032d2f802c17dfe60d8af8fd5ee4581eea920922ecbfccd1c

SHA512
7365e7fb357843329f604de8bf9a6010d97ff1e9e88d0d07ca3f7b942420e8cca564f80a6eb633362109a548ac68f23fd11e4ed47c8846ba0bce9727975d767e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ui-strings.js.98261CD70D993434EAE3719D3F9116BE09B5E216B9F05D4F43BC87625A8DA61C

Filesize
1KB

MD5
4e2d2bda1b09c4b6fe964c69285fcfb6

SHA1
3275333c7347157f1221676c3418593fdb59ef55

SHA256
be425953f4743ca17c28334cf3a70f224e28e6810ffde3e6acf73f125ec32231

SHA512
ceb7bf17486d2301ccd0f8622070e57b029600635a3944c8611b1059476a0ecc13c2792d7a1c28aaae19fd94885523ef3f1d69ad0ebbf38b9d504b9fe1fdbcfa

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\css\main.css.98261CD70D993434EAE3719D3F9116BE09B5E216B9F05D4F43BC87625A8DA61C

Filesize
816B

MD5
24064665d7858123bcf7a6ea9d3563a7

SHA1
bc4d7829ac16addfe2f532805be74fa55a9880a0

SHA256
075f68924f3877753d93132d7c43ad82ba5421e1fb8dde1d185499fb4a22cb55

SHA512
85ca7680cd894a5dae3ce4d568c2ac7be66ad7a07e815789543cc92c6648ac99000ff7bf544d8373d6cfd46c2a353355e653894ead17d1a7d488c4b3f9801b08

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\bun.png.98261CD70D993434EAE3719D3F9116BE09B5E216B9F05D4F43BC87625A8DA61C

Filesize
2KB

MD5
755ead90d71eecce0ebff3ef0f5066f6

SHA1
008935d2a3d668ab90b72fb1f6159329f9c3b9ba

SHA256
eba26e27365f22fb9a4be95e67e450de601fa425d99e8aca0adefac9d9ecfa05

SHA512
c259a2d892676eed0d599d663bc29598ed17375f8e9f9aa49f4526d717b08851e298ac06f95934dc5cc8919fc4bd99e0fcbf8c0fb24383ef4472293368ab1d4b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview.png.98261CD70D993434EAE3719D3F9116BE09B5E216B9F05D4F43BC87625A8DA61C

Filesize
2KB

MD5
337bda5fd41a2f55e1692ef4bf098a26

SHA1
6df08aaa8df6718348ee62f31ada2a7338959ff9

SHA256
9300287ed308131283e9f319173a67429b47f5a69a3a03442083077d6d856f24

SHA512
3234ccc5f396cbde1f2f5746885ad215e04d134bbf16ad668e13c625e6739734cfd115a29ea28d1bf9782956375613abd1e260833c9db94e542234bab0513c2b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview2x.png.98261CD70D993434EAE3719D3F9116BE09B5E216B9F05D4F43BC87625A8DA61C

Filesize
4KB

MD5
c0bb05d6386da5a65167f9b1a96dc365

SHA1
3ec45c1b74416e113c22d2c5b5f0b056af154cac

SHA256
df36a1afdf4cbfd2cb870aba6b0ac4cb328c4cda3f205b4863f33c60e01d5f6a

SHA512
a2e9387bc7f0e872f126c7bf3049e8490ceb679f14cf9c8870744088e7d0a5ba049bdf04cea95c4e85f080211995b38fd4f3ca2ae41546608748b7b5815e389a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small.png.98261CD70D993434EAE3719D3F9116BE09B5E216B9F05D4F43BC87625A8DA61C

Filesize
304B

MD5
0fbdc56826fe4027e63435dc1aca745f

SHA1
40afc926d734e04edc602bade0e60c855f8c69cd

SHA256
4b366696d27500cd6f8a39b7984656e885f7e2c8c9ecadeeb31f6a97d2672226

SHA512
c3edba53a3300a242e5aa17cf1fcc409563b4718d2733aa4fe05d4f12881827e04d3302ea9e8dd92ef1f3349dfc988ea0eab0e49fac531abc388f893371aa358

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small2x.png.98261CD70D993434EAE3719D3F9116BE09B5E216B9F05D4F43BC87625A8DA61C

Filesize
400B

MD5
ec1d07cafaefa8e16c338ce2800df626

SHA1
bf4b6572b57c2f96b4eed73afd5f171f42d19c3d

SHA256
bf5f2f4f883d64b42b9d5be65764b33b873427cff9107348f7723e4440ac7bc5

SHA512
818f1ef93922dbbe94f34b0230fba19af5370538c492893b034b63458aecf73454a82dc4f9c5b826a8a5ed95112ff64b3ca1ee613308293faf2136e18ba2d2f4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\nub.png.98261CD70D993434EAE3719D3F9116BE09B5E216B9F05D4F43BC87625A8DA61C

Filesize
1008B

MD5
dd27a75c2c4f3672eb431f698ee8e138

SHA1
34024c9e1d5f4f048231847ce24d4af893fb49c2

SHA256
2978966aafc2719ed65c9949463a82d40cbc8f251ee2aafce8ba7544fe0472e3

SHA512
3daa48420f0aa997441c0b6b17f30454485f9e14e274738172fc3d0e4abc78ecfbdb0fc6bc504f24cb915ef97d60fe8153b09b2a44ef301759823af21843a3a3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons.png.98261CD70D993434EAE3719D3F9116BE09B5E216B9F05D4F43BC87625A8DA61C

Filesize
1KB

MD5
4011c9c56805a9cdc55c44e94db2e802

SHA1
d84f11a745a370632db527b8e1b06a6335da3395

SHA256
c026006bd81f44c888b75191ca68f2b6b44419546135fe9e3ea864bd16fcce58

SHA512
f408dd16397f42814018968aad7f025f72b8bc30b5ba5acadf7c2bc6d73ba61e5b96ce787d6e017b8ebcbe1157e25d21f3bcf26978519b85e9e7b8269ed1bf60

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons2x.png.98261CD70D993434EAE3719D3F9116BE09B5E216B9F05D4F43BC87625A8DA61C

Filesize
2KB

MD5
e255e50eaf03098f18ebfb4403b9ed1f

SHA1
c479771621315707e85817227f409ddfda4f726b

SHA256
93873bdcafc55d226074895cced66f293c43cbd847c02d0e0fa3ecc9f6a5d47a

SHA512
82d4d0d7688a77b621728d04f3ea87c3ecd7b6f189ae93d493be3f89019b78a9c57bede8df45312db3e878d2e3eb2b7aa8181e2ab7bf852f7ffad2b5284b9dda

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\nl-nl\ui-strings.js.98261CD70D993434EAE3719D3F9116BE09B5E216B9F05D4F43BC87625A8DA61C

Filesize
848B

MD5
5885629c1d2e17dfd3513fb00469733f

SHA1
133341b4a37a5a77a2e9a470661c6be2c5580b56

SHA256
838a22b2f5dc8098bbf456b3c1d54d872b0066073b572e64a6f590ffb48222bb

SHA512
95d200abc39717dd22a6d4f8c0759e487fd50be2ca6a8cf1bf8095357d1e1bd7c4ab1c28edb1d295ebced6b6feb7c297e6a9a64b45c7c47a421ce509c97ffa00

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.98261CD70D993434EAE3719D3F9116BE09B5E216B9F05D4F43BC87625A8DA61C

Filesize
32KB

MD5
98adeb7671149c7b5e11d1f6ce4eefb3

SHA1
96a380f18b582f5d2f0d6f1e49222a4f616568cb

SHA256
a12f11a84cb8f0c55cb0277d12dc1805084a6eddbed7dc4f47802da192654b43

SHA512
c8419a1ac337095518ed26dc26cff0724c9e98b1938e65062056ed16ba9f0f4db183dc3b373af2bf9a91a0b804e4e2de8cf5ae90fd67319c71e06ff8d38d0126

Download Submit
memory/4692-4-0x0000000004BB0000-0x0000000004C42000-memory.dmp

Filesize
584KB

Download
memory/4692-7-0x0000000074070000-0x000000007475E000-memory.dmp

Filesize
6.9MB

Download
memory/4692-962-0x000000007407E000-0x000000007407F000-memory.dmp

Filesize
4KB

Download
memory/4692-6-0x0000000004D70000-0x0000000004DC6000-memory.dmp

Filesize
344KB

Download
memory/4692-5-0x0000000004AD0000-0x0000000004ADA000-memory.dmp

Filesize
40KB

Download
memory/4692-1437-0x0000000074070000-0x000000007475E000-memory.dmp

Filesize
6.9MB

Download
memory/4692-3-0x00000000050B0000-0x00000000055AE000-memory.dmp

Filesize
5.0MB

Download
memory/4692-2-0x0000000004B10000-0x0000000004BAC000-memory.dmp

Filesize
624KB

Download
memory/4692-1-0x0000000000250000-0x000000000028C000-memory.dmp

Filesize
240KB

Download
memory/4692-0-0x000000007407E000-0x000000007407F000-memory.dmp

Filesize
4KB

Download
memory/4692-2926-0x0000000005F10000-0x0000000005F76000-memory.dmp

Filesize
408KB

Download
memory/4692-2927-0x0000000074070000-0x000000007475E000-memory.dmp

Filesize
6.9MB

Download
memory/4692-2929-0x0000000074070000-0x000000007475E000-memory.dmp

Filesize
6.9MB

Download