infinitylock | cfa4daab47e6eb546323d4c976261aefba3947b4cce1a655dde9d9d6d725b527

Analysis

max time kernel
115s
max time network
98s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
06-01-2025 20:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

InfinityCrypt.zip
Size

33KB
MD5

5569bfe4f06724dd750c2a4690b79ba0
SHA1

05414c7d5dacf43370ab451d28d4ac27bdcabf22
SHA256

cfa4daab47e6eb546323d4c976261aefba3947b4cce1a655dde9d9d6d725b527
SHA512

775bd600625dc5d293cfebb208d7dc9b506b08dd0da22124a7a69fb435756c2a309cbd3d813fc78543fd9bae7e9b286a5bd83a956859c05f5656daa96fcc2165
SSDEEP

768:xaTvxO0nJFcoYFY5Hn8tuWRHkD+unrGRcd0zOF9MzKh8yK4ZJy9ELob8a:EtOoJFSzt5BiGGmObB04Z09cobl

Score

10^/10

infinitylock discovery ransomware

Malware Config

Signatures

InfinityLock Ransomware
Also known as InfinityCrypt. Based on the open-source HiddenTear ransomware.
ransomware infinitylock
Infinitylock family
infinitylock

Executes dropped EXE 1 IoCs

pid	Process
1852	[email protected]

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\zh-tw\ui-strings.js.1E46D91F9A0993AD305AF67EE1ADAEEE06AFA98F14C7E139DCC878AC1FC46994	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_it_135x40.svg.1E46D91F9A0993AD305AF67EE1ADAEEE06AFA98F14C7E139DCC878AC1FC46994	[email protected]
File opened for modification	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.DataSetExtensions.dll.1E46D91F9A0993AD305AF67EE1ADAEEE06AFA98F14C7E139DCC878AC1FC46994	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\nb-no\ui-strings.js.1E46D91F9A0993AD305AF67EE1ADAEEE06AFA98F14C7E139DCC878AC1FC46994	[email protected]
File opened for modification	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\fr\PresentationFramework.resources.dll.1E46D91F9A0993AD305AF67EE1ADAEEE06AFA98F14C7E139DCC878AC1FC46994	[email protected]
File opened for modification	C:\Program Files (x86)\Common Files\Microsoft Shared\ink\pencht.dll.1E46D91F9A0993AD305AF67EE1ADAEEE06AFA98F14C7E139DCC878AC1FC46994	[email protected]
File opened for modification	C:\Program Files (x86)\Common Files\System\msadc\msdfmap.dll.1E46D91F9A0993AD305AF67EE1ADAEEE06AFA98F14C7E139DCC878AC1FC46994	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Pages_R_RHP.aapp.1E46D91F9A0993AD305AF67EE1ADAEEE06AFA98F14C7E139DCC878AC1FC46994	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\ui-strings.js.1E46D91F9A0993AD305AF67EE1ADAEEE06AFA98F14C7E139DCC878AC1FC46994	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\nl-nl\ui-strings.js.1E46D91F9A0993AD305AF67EE1ADAEEE06AFA98F14C7E139DCC878AC1FC46994	[email protected]
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Microsoft.PowerShell.Operation.Validation.Tests.ps1.1E46D91F9A0993AD305AF67EE1ADAEEE06AFA98F14C7E139DCC878AC1FC46994	[email protected]
File opened for modification	C:\Program Files (x86)\Windows Portable Devices\sqmapi.dll.1E46D91F9A0993AD305AF67EE1ADAEEE06AFA98F14C7E139DCC878AC1FC46994	[email protected]
File opened for modification	C:\Program Files (x86)\Common Files\Microsoft Shared\ink\micaut.dll.1E46D91F9A0993AD305AF67EE1ADAEEE06AFA98F14C7E139DCC878AC1FC46994	[email protected]
File opened for modification	C:\Program Files (x86)\Common Files\System\msadc\msadcor.dll.1E46D91F9A0993AD305AF67EE1ADAEEE06AFA98F14C7E139DCC878AC1FC46994	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\sv-se\ui-strings.js.1E46D91F9A0993AD305AF67EE1ADAEEE06AFA98F14C7E139DCC878AC1FC46994	[email protected]
File opened for modification	C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\VSTOMessageProvider.dll.1E46D91F9A0993AD305AF67EE1ADAEEE06AFA98F14C7E139DCC878AC1FC46994	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\fr-fr\ui-strings.js.1E46D91F9A0993AD305AF67EE1ADAEEE06AFA98F14C7E139DCC878AC1FC46994	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\js\nls\nl-nl\ui-strings.js.1E46D91F9A0993AD305AF67EE1ADAEEE06AFA98F14C7E139DCC878AC1FC46994	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\Locales\kk.pak.DATA.1E46D91F9A0993AD305AF67EE1ADAEEE06AFA98F14C7E139DCC878AC1FC46994	[email protected]
File opened for modification	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Aero.dll.1E46D91F9A0993AD305AF67EE1ADAEEE06AFA98F14C7E139DCC878AC1FC46994	[email protected]
File opened for modification	C:\Program Files (x86)\Common Files\Microsoft Shared\ink\ja-JP\rtscom.dll.mui.1E46D91F9A0993AD305AF67EE1ADAEEE06AFA98F14C7E139DCC878AC1FC46994	[email protected]
File opened for modification	C:\Program Files (x86)\Common Files\System\msadc\fr-FR\msaddsr.dll.mui.1E46D91F9A0993AD305AF67EE1ADAEEE06AFA98F14C7E139DCC878AC1FC46994	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\pdf-ownership-rdr-ja_jp.gif.1E46D91F9A0993AD305AF67EE1ADAEEE06AFA98F14C7E139DCC878AC1FC46994	[email protected]
File opened for modification	C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\PipelineSegments.store.1E46D91F9A0993AD305AF67EE1ADAEEE06AFA98F14C7E139DCC878AC1FC46994	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\themes\dark\s_close_h2x.png.1E46D91F9A0993AD305AF67EE1ADAEEE06AFA98F14C7E139DCC878AC1FC46994	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\Locales\gu.pak.DATA.1E46D91F9A0993AD305AF67EE1ADAEEE06AFA98F14C7E139DCC878AC1FC46994	[email protected]
File opened for modification	C:\Program Files (x86)\Common Files\System\ado\adovbs.inc.1E46D91F9A0993AD305AF67EE1ADAEEE06AFA98F14C7E139DCC878AC1FC46994	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\desktop.js.1E46D91F9A0993AD305AF67EE1ADAEEE06AFA98F14C7E139DCC878AC1FC46994	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\js\nls\nl-nl\ui-strings.js.1E46D91F9A0993AD305AF67EE1ADAEEE06AFA98F14C7E139DCC878AC1FC46994	[email protected]
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateOnDemand.exe.1E46D91F9A0993AD305AF67EE1ADAEEE06AFA98F14C7E139DCC878AC1FC46994	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\Locales\it.pak.DATA.1E46D91F9A0993AD305AF67EE1ADAEEE06AFA98F14C7E139DCC878AC1FC46994	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\cryptocme.sig.1E46D91F9A0993AD305AF67EE1ADAEEE06AFA98F14C7E139DCC878AC1FC46994	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\th_get.svg.1E46D91F9A0993AD305AF67EE1ADAEEE06AFA98F14C7E139DCC878AC1FC46994	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\it-it\ui-strings.js.1E46D91F9A0993AD305AF67EE1ADAEEE06AFA98F14C7E139DCC878AC1FC46994	[email protected]
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\Functions\TestsRunningInCleanRunspace.Tests.ps1.1E46D91F9A0993AD305AF67EE1ADAEEE06AFA98F14C7E139DCC878AC1FC46994	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\Locales\es-419.pak.DATA.1E46D91F9A0993AD305AF67EE1ADAEEE06AFA98F14C7E139DCC878AC1FC46994	[email protected]
File opened for modification	C:\Program Files (x86)\Common Files\System\Ole DB\oledb32r.dll.1E46D91F9A0993AD305AF67EE1ADAEEE06AFA98F14C7E139DCC878AC1FC46994	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\js\nls\nl-nl\ui-strings.js.1E46D91F9A0993AD305AF67EE1ADAEEE06AFA98F14C7E139DCC878AC1FC46994	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\fr-fr\ui-strings.js.1E46D91F9A0993AD305AF67EE1ADAEEE06AFA98F14C7E139DCC878AC1FC46994	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\nb-no\ui-strings.js.1E46D91F9A0993AD305AF67EE1ADAEEE06AFA98F14C7E139DCC878AC1FC46994	[email protected]
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.371\goopdateres_pt-BR.dll.1E46D91F9A0993AD305AF67EE1ADAEEE06AFA98F14C7E139DCC878AC1FC46994	[email protected]
File opened for modification	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Xml.Linq.Resources.dll.1E46D91F9A0993AD305AF67EE1ADAEEE06AFA98F14C7E139DCC878AC1FC46994	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_filter-focus_32.svg.1E46D91F9A0993AD305AF67EE1ADAEEE06AFA98F14C7E139DCC878AC1FC46994	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\pl-pl\ui-strings.js.1E46D91F9A0993AD305AF67EE1ADAEEE06AFA98F14C7E139DCC878AC1FC46994	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\hr-hr\ui-strings.js.1E46D91F9A0993AD305AF67EE1ADAEEE06AFA98F14C7E139DCC878AC1FC46994	[email protected]
File opened for modification	C:\Program Files (x86)\Internet Explorer\de-DE\iexplore.exe.mui.1E46D91F9A0993AD305AF67EE1ADAEEE06AFA98F14C7E139DCC878AC1FC46994	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\css\main.css.1E46D91F9A0993AD305AF67EE1ADAEEE06AFA98F14C7E139DCC878AC1FC46994	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\en_get.svg.1E46D91F9A0993AD305AF67EE1ADAEEE06AFA98F14C7E139DCC878AC1FC46994	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\eu-es\ui-strings.js.1E46D91F9A0993AD305AF67EE1ADAEEE06AFA98F14C7E139DCC878AC1FC46994	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\ja-jp\ui-strings.js.1E46D91F9A0993AD305AF67EE1ADAEEE06AFA98F14C7E139DCC878AC1FC46994	[email protected]
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.371\goopdateres_hr.dll.1E46D91F9A0993AD305AF67EE1ADAEEE06AFA98F14C7E139DCC878AC1FC46994	[email protected]
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagement\es-ES\MSFT_PackageManagement.schema.mfl.1E46D91F9A0993AD305AF67EE1ADAEEE06AFA98F14C7E139DCC878AC1FC46994	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\en-us\PlayStore_icon.svg.1E46D91F9A0993AD305AF67EE1ADAEEE06AFA98F14C7E139DCC878AC1FC46994	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\zh-cn_get.svg.1E46D91F9A0993AD305AF67EE1ADAEEE06AFA98F14C7E139DCC878AC1FC46994	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\s_filter_18.svg.1E46D91F9A0993AD305AF67EE1ADAEEE06AFA98F14C7E139DCC878AC1FC46994	[email protected]
File opened for modification	C:\Program Files (x86)\Common Files\System\msadc\ja-JP\msadcer.dll.mui.1E46D91F9A0993AD305AF67EE1ADAEEE06AFA98F14C7E139DCC878AC1FC46994	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\de-de\ui-strings.js.1E46D91F9A0993AD305AF67EE1ADAEEE06AFA98F14C7E139DCC878AC1FC46994	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons_retina.png.1E46D91F9A0993AD305AF67EE1ADAEEE06AFA98F14C7E139DCC878AC1FC46994	[email protected]
File opened for modification	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\fr\UIAutomationTypes.resources.dll.1E46D91F9A0993AD305AF67EE1ADAEEE06AFA98F14C7E139DCC878AC1FC46994	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\fr-ma\ui-strings.js.1E46D91F9A0993AD305AF67EE1ADAEEE06AFA98F14C7E139DCC878AC1FC46994	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\MobileScanCard_Light.pdf.1E46D91F9A0993AD305AF67EE1ADAEEE06AFA98F14C7E139DCC878AC1FC46994	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\Locales\ja.pak.DATA.1E46D91F9A0993AD305AF67EE1ADAEEE06AFA98F14C7E139DCC878AC1FC46994	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\organize.svg.1E46D91F9A0993AD305AF67EE1ADAEEE06AFA98F14C7E139DCC878AC1FC46994	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\fr-fr\ui-strings.js.1E46D91F9A0993AD305AF67EE1ADAEEE06AFA98F14C7E139DCC878AC1FC46994	[email protected]

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	[email protected]

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	[email protected]
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	[email protected]

Suspicious behavior: EnumeratesProcesses 38 IoCs

pid	Process
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1996	7zFM.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeRestorePrivilege	1996	7zFM.exe
Token: 35	1996	7zFM.exe
Token: SeSecurityPrivilege	1996	7zFM.exe
Token: SeSecurityPrivilege	1996	7zFM.exe
Token: SeDebugPrivilege	4732	taskmgr.exe
Token: SeSystemProfilePrivilege	4732	taskmgr.exe
Token: SeCreateGlobalPrivilege	4732	taskmgr.exe
Token: SeDebugPrivilege	1852	[email protected]

Suspicious use of FindShellTrayWindow 54 IoCs

pid	Process
1996	7zFM.exe
1996	7zFM.exe
1996	7zFM.exe
1996	7zFM.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe

Suspicious use of SendNotifyMessage 49 IoCs

pid	Process
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe
4732	taskmgr.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1996 wrote to memory of 1852	1996	7zFM.exe	91
PID 1996 wrote to memory of 1852	1996	7zFM.exe	91
PID 1996 wrote to memory of 1852	1996	7zFM.exe	91

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\InfinityCrypt.zip"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1996
- C:\Users\Admin\AppData\Local\Temp\7zOCC7DC578\[email protected]
  "C:\Users\Admin\AppData\Local\Temp\7zOCC7DC578\[email protected]"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Suspicious use of AdjustPrivilegeToken
  PID:1852

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4732

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\icudtl.dat.1E46D91F9A0993AD305AF67EE1ADAEEE06AFA98F14C7E139DCC878AC1FC46994

Filesize
16B

MD5
691f3680e4460971594e9827fb2f5d37

SHA1
ed9edd3f938429d1bc251fb71e515453b0bf6942

SHA256
b43aefc6cc2263636e3ac7408be7ed726795578c871c4b5762bf2294317050d1

SHA512
eb78435fb91612345be0613ba36cd4298ebcfd3460ed9f5d857879da11af42d1895ad4951123e8f9dd617ccbbd37cfe4f75f4be147a349ce4abcb1fff32c9fda

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_remove_18.svg.1E46D91F9A0993AD305AF67EE1ADAEEE06AFA98F14C7E139DCC878AC1FC46994

Filesize
720B

MD5
115cd8b842afbbf8c5fb76766a87976d

SHA1
277b1058a4e87f3584c8cd22b91db641b4de82bd

SHA256
ca9f957e65d34da3d7343ee46114875c6055c7e56155b44f27bea3dc8dafaac0

SHA512
f327afcfd477396c956920d771f89fecd8c3d7a7805f8056cb089e3faa9ad7690dfa6b5d5d6108ba505997baf12f0889b9a0e42032021bb5fd9af89776b64be5

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons.png.1E46D91F9A0993AD305AF67EE1ADAEEE06AFA98F14C7E139DCC878AC1FC46994

Filesize
688B

MD5
ea3566f73a5e9a8ff805cc42818edd30

SHA1
2d0c2feb433237b9651477341cf754061aef3a5e

SHA256
eaf461322f73d517cef3858facf65e6ce4ab999b0a1ec1bee34ffafdf0f21301

SHA512
fbc1cbdd96be513bfe69a4dcf6b1b18059e6e7fd30051b5033de6d134ef4c307ed0cbcf2f1af31da1a6de7d980484a8c1be0df41bda21594ec768daa5994f34a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons2x.png.1E46D91F9A0993AD305AF67EE1ADAEEE06AFA98F14C7E139DCC878AC1FC46994

Filesize
1KB

MD5
c3a0c4b4e4ce1a65c591b008f7fce25f

SHA1
e229e4cb479d6f9d25544aaaf889c06f22a4bb37

SHA256
fc115505f5c84ddfa8f6e9a76f88a947ce4a101e181b769957ca57ce533ff518

SHA512
4a1f0f629bfb46fe7243d0b492e60a0180dc1ba3b63e51286fc56635dd77ee11186a57562f8fc852a9e7f4ecabae4ed79ffd4b1463ee436db7d15f3e3926fd31

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon.png.1E46D91F9A0993AD305AF67EE1ADAEEE06AFA98F14C7E139DCC878AC1FC46994

Filesize
448B

MD5
8dcc0f5f741d592a3906168f9e5cbc6a

SHA1
431e3cf36aa526b6bf3f4e5b671ed3d763af4a0d

SHA256
2f71b696e39b4e83a7ea84ce3e6296f69cb61916e333688eee85af96e2b723db

SHA512
2ef0c63af3554868d52390c88eadefb748caf7addfd3a96c89180f64b1ac657b10905cd36eabe54de28ae4497ee5574f4150293d33d2701b82195f1cdaf054ff

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_2x.png.1E46D91F9A0993AD305AF67EE1ADAEEE06AFA98F14C7E139DCC878AC1FC46994

Filesize
624B

MD5
d37265969629488fa5bc8aa46b532aad

SHA1
2a521abfa9f99d5957df350187200a856aebe48c

SHA256
3d9f385491b866ea7116abf02ffcbcdae7d3a62ebdfbda09fb98e7c8fca26206

SHA512
15fde5a01a84f14d64cfdec3f712b56d51b3c48ef6ec06b348710279afbb86fcc8cd489a2ea2aae18a9548192c6aeb9f8bd57ca90d5298ab0895ed154a335b51

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover.png.1E46D91F9A0993AD305AF67EE1ADAEEE06AFA98F14C7E139DCC878AC1FC46994

Filesize
400B

MD5
ed4afc745f80cbf79f2763b16601945a

SHA1
a1d04b5a1b16a0582ccf1c2494eca7ccf09124ad

SHA256
7041340c6fb1013b726825fe71f2e514459ee4d1fafa261b50f1584e0e6f6244

SHA512
809b9266ac7577e6812adf26f7359e616f282665c072c8c7e1236160b71e224995225389caf48ae0804c56e69ae6b8651375a0c5b148801d095d66b5d683851c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover_2x.png.1E46D91F9A0993AD305AF67EE1ADAEEE06AFA98F14C7E139DCC878AC1FC46994

Filesize
560B

MD5
d53cb2d47abee898f0cd3535897739c5

SHA1
5dee5f5154fbd57a92d7a407bc19b16fb36e047c

SHA256
867d820633fc777c0c5ef44ce98dd4ed7470c7deab12dcf5628ecf341d4ae63c

SHA512
52d6b95faffe11c79add1b1ebe0d570d8ef4a72770e820dc49246bce2a218c9fdd082f510b85fefb6f6a6f2c6ad7d58e0481ea2d2d166c611b2e60cb4d536b30

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon.png.1E46D91F9A0993AD305AF67EE1ADAEEE06AFA98F14C7E139DCC878AC1FC46994

Filesize
400B

MD5
71fe364a4fe79484a19ffe7b8dfed40d

SHA1
b7971a9fb490ce08f06f98e0667a3f9f8c20920c

SHA256
8d2e31814c5f2312cf22c2f7669f4a5795c3a9e62ee2ccb11c7cf4d03e86f391

SHA512
52a9156b3153ce7502680d5100b6cc11884209b1a10fc175788d70cdd9ccd03ac2185e2784b9901cfe7ccaad2aabd3f9a53658b96731dec78d7ecf700f23c390

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png.1E46D91F9A0993AD305AF67EE1ADAEEE06AFA98F14C7E139DCC878AC1FC46994

Filesize
560B

MD5
1ec1ac05e706e1fe49d662678478ec1b

SHA1
292960b39201eb230dff8052bfe19d2ed57571f4

SHA256
10cf1d00c681effc08ed8e240196bf1f4306a239c13dd9ee010c7303318cb243

SHA512
9d785312fb890b4274e4e0e71c64f45a2d3b983024cbd3395279c9eb0c4961d82ef2ba44498c8544f2ed5f9afd1eaf831646a2ba2cbbe3e43e0e51f6bb6f55aa

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png.1E46D91F9A0993AD305AF67EE1ADAEEE06AFA98F14C7E139DCC878AC1FC46994

Filesize
400B

MD5
ee0cda450c4e1c9ec7919a33221c57e2

SHA1
7edf47be911e106edcbf2b78d37b7a391f8845cc

SHA256
ed4ad4e592c7dc7869439e091354d53f254d9de51043adb8c682c3c24b9c3994

SHA512
f6be6dd005ec93ca3028ce3650f8b49cf766b61839cb451f02375c09ad1f2df6ade8b6b46637c7683361613dfd5890f618a1adb069ab3b1120739a40263f13f3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png.1E46D91F9A0993AD305AF67EE1ADAEEE06AFA98F14C7E139DCC878AC1FC46994

Filesize
560B

MD5
eaf4f6719777b117a67d8a6bb9e968a0

SHA1
76e445310b0d6a2f85f3f1ff0c95f706911760f1

SHA256
72a0f5885cf20259b148cd1568bec728565cd66223c7d32cb9a5750abf08df6c

SHA512
e8871d85ad9a871af1ae74f65e916b0b537d3ffc0d124082560eb1d39f247fd4856129080b3e154b9934a7728ed8ec0624b14773af6dd9f6c2b1a03bad5b7f3b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons.png.1E46D91F9A0993AD305AF67EE1ADAEEE06AFA98F14C7E139DCC878AC1FC46994

Filesize
7KB

MD5
e4a2de98813e28e9d755f179cbbaf906

SHA1
cea010e44687cf8d3ee7acf9d8b71b51a87bfc03

SHA256
974ee5700266d012b3ae0b1ad867e9e8be0c603f3169c280844c65e0000f11c1

SHA512
0a7f0524fd6c444658e98470b4a6ab41ed1b710978257ba9d36b1050bb913e3e82e7cf6e87bb7f3e4789102661ecf8cd0a2e60a97472a38f3388c1b2e826521a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_ie8.gif.1E46D91F9A0993AD305AF67EE1ADAEEE06AFA98F14C7E139DCC878AC1FC46994

Filesize
7KB

MD5
2d3c463894206234122a1d8ce8d69083

SHA1
1033bfd34bd0844ea36e3d111806df3ea028d026

SHA256
652cf2e22c413e8cfd9f8a72891ef62a2479e818ea5450a17c755e4bb165da05

SHA512
8414de35694f44fc84c03594ee064a84097488477dc5df1bbd4a24aa40f347985765776ae3202bfbac4ab88a89e614a629f6f581c6c3c6c72cd4d85a1dfed04f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_retina.png.1E46D91F9A0993AD305AF67EE1ADAEEE06AFA98F14C7E139DCC878AC1FC46994

Filesize
15KB

MD5
1d46d26fc28cf0ba586ccc817aabd9a3

SHA1
a170b4ea16227d517766ff74a4968a99dc37701a

SHA256
7ce73a9d40a842f23d44ffc68c97754af75b814b8ab72cbe11bda59be0b215e7

SHA512
0dd55974f5136346ec541d1330dfeb1e1509e36ab5dc7c427a038faf4b98b3c1474cf844707d445334c0ab844aca2de50be2b17f0556343e214600fe7af65eae

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons.png.1E46D91F9A0993AD305AF67EE1ADAEEE06AFA98F14C7E139DCC878AC1FC46994

Filesize
8KB

MD5
051609a1419f029586560531db2e63af

SHA1
841bf990414fbc4c6794fd305234d4e8791f9dcd

SHA256
c6b22261bac1eb1ea12f0c76a4b2ccdee2adad97f5eb83d1907141b24f383618

SHA512
0e2d058ac269c6c2d2abb855cc3d46da251435ec9e1290aa92e469a1d6b986899668bded884bb836cde60ff3ce88fb9b571eb3a386f1dd62b2f9e5ba2c2d111a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons_retina.png.1E46D91F9A0993AD305AF67EE1ADAEEE06AFA98F14C7E139DCC878AC1FC46994

Filesize
17KB

MD5
7b06ad68e2ee32ebd35b8c1d1e067192

SHA1
8cac3df848dc09375a11d10adc2d22f74f1a3fa3

SHA256
e9829d9e6c26c39c1e145388ab43146b210bdef01ab081d08e69abedbc1515f2

SHA512
10832161ad9b72a650e588fc631c35fcfa167d1ea33aa850dfb070dbf4120b094fe008de92e44ec29e77003085df66ee35af72ba76fcdf333004f1c67a929092

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_pattern_RHP.png.1E46D91F9A0993AD305AF67EE1ADAEEE06AFA98F14C7E139DCC878AC1FC46994

Filesize
192B

MD5
d6ba92de17e5d63839c3645157596692

SHA1
e14a11ff44bdb6a9486298e116c75601e35848cf

SHA256
50e82a65145b44980e9e21cfe3a45056a3ddca7e042e914ce74f84bd2834e1bd

SHA512
56a0e48efc07c80e95bddb27825ea76da80b50682326a9e3f0bf53a9f43cadd0ea1548409ecdc926fdceb03a83dc489731b456e356e5a9162bd4a3b5ada2f8c9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_patterns_header.png.1E46D91F9A0993AD305AF67EE1ADAEEE06AFA98F14C7E139DCC878AC1FC46994

Filesize
704B

MD5
b7a38f9f5305ddcbe73643f748c6a4ac

SHA1
1b61e205882738ed4b78d8e37cd732863922dfd8

SHA256
fc8272f6994331e315a7fb76641db2416e474c549a4c08f61f541a3c1e8762cf

SHA512
c5b81d74dacfbe8dd83dee82c1f906de4a04f1f8b3dd776b8eaf3d1da8244cb1dfdb5eab50a152365981cd4e53d98ca7c724bb297091eaa02b36a302186d8149

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations.png.1E46D91F9A0993AD305AF67EE1ADAEEE06AFA98F14C7E139DCC878AC1FC46994

Filesize
8KB

MD5
d4885c984416e4c581a61464288fad05

SHA1
76a263027eeadf41fa99f28f98587c15b8948d01

SHA256
6b9efe829f63bc3ff2c654491e2a1db4cf921d052aabcf13e2a2cc2087bdbebf

SHA512
f87b369e8485f6ad6907eb47a4006a2314202137d6c162635fbbd171a15d62e947661109a2cb850f0668a81af36d7155e34b7283838609fd6fa02d3463b270b9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations_retina.png.1E46D91F9A0993AD305AF67EE1ADAEEE06AFA98F14C7E139DCC878AC1FC46994

Filesize
19KB

MD5
f66efcbc0e1d8f191fadf33702192e89

SHA1
e762a2588ecb2121003192a8884d1dc0b29881e4

SHA256
e854224f4cdadf0de5ce75d404574c2acbd012e31789be312b7df61a4bcf5a34

SHA512
24108ff3ce069e07dace03d9900a6681cbd4f3385e58763e8fc696a7d41fc67d52565b24ad23862aa0ddb8a8d8b1e78d43df63f4b921d12c22baf41bbe34190a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-gb\ui-strings.js.1E46D91F9A0993AD305AF67EE1ADAEEE06AFA98F14C7E139DCC878AC1FC46994

Filesize
832B

MD5
8e0c051c86bf56ce654f3efd3342f89a

SHA1
7945bd6de9d7e07062d93c83154b3959abb8bf5e

SHA256
f077bd686a3c65b28647661e3455eaa7fe4b9ce6a7f10e815db0efc20cb0a283

SHA512
4048d8f2f0ac9304fd983764eba0b6dd11bba10bcd9a8d6b02272101d9ad638f8569ae8c3ba089f07b9935069c1f22a13f6bb7efc25ee58426c3f8b0b05ea26b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ui-strings.js.1E46D91F9A0993AD305AF67EE1ADAEEE06AFA98F14C7E139DCC878AC1FC46994

Filesize
1KB

MD5
bc03cf09f2da4468983758647913ffd3

SHA1
2df310cc47fcd47044cb02844d7b8610111a0a07

SHA256
ebb40396fa9f939f2d3de6a11a64df8d603abd110250557db3a8f78fbb4ddc68

SHA512
50987c0cabd8bd35a665a08b031c5ea0c84f448bc943022963e1bf216110ae4a2cfda2e2bb9893e1d0b324b6eebc34bfed45312e2fe7dcccb19aeedef5f725a9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ui-strings.js.1E46D91F9A0993AD305AF67EE1ADAEEE06AFA98F14C7E139DCC878AC1FC46994

Filesize
1KB

MD5
da95e7efc0265f24ae5fa30eb7af548f

SHA1
8c0a6155046f2231c80a0c42c47e99ed3e6d84f5

SHA256
4bce98e5d06c1f2b2d2c263c8b9f4a8a7840aabcccd32acc151f40ac6f106ab0

SHA512
ff5081e44e15d800447e2a48814bba9e15e5ad53005e8b7c7b239b8e1bdc9cab08032b7e12c55a46b52ba8fda0f1cdbce7b03c99fb00436800aa7817e330d0dc

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\css\main.css.1E46D91F9A0993AD305AF67EE1ADAEEE06AFA98F14C7E139DCC878AC1FC46994

Filesize
816B

MD5
8ea4deed300864407816ea630caa412f

SHA1
c7d13bed8ac5b57a531389a2176b9e92f12dca88

SHA256
aa3a0b1424b2aafd0e6edbb8e9bded2d25229c01800656e88134b96566a8ff14

SHA512
f5c25abec9b8f490d001cd4a04ac41f6ec8477f812bf762db7b218c37168acc09ae7a3f496d04e82306e9d8069762580a1ea08a036e5787c9935b2287b750fbc

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\bun.png.1E46D91F9A0993AD305AF67EE1ADAEEE06AFA98F14C7E139DCC878AC1FC46994

Filesize
2KB

MD5
2c403cf4ed83d71a6060859681ed54c9

SHA1
42a18cfe77db30b0dde30507d67169ecead4ff82

SHA256
df8d443950c33501138a36b90d6938a9d8789f63db037d689de858ba3230ebc1

SHA512
0147bbacd9e2b9fa8ada98089ece234d577224a39c24f387a985ebc2ecdf6589140cef8bd4c88070660f223875f17f34f5fee7a7fe7f8b7703b4bf2f741ab5a7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview.png.1E46D91F9A0993AD305AF67EE1ADAEEE06AFA98F14C7E139DCC878AC1FC46994

Filesize
2KB

MD5
30c1deb4786a01b1b078e7ff0ae76f97

SHA1
35a6986392f2e371055e423d806865afc3afbbe8

SHA256
4d32bc1794c019e24f92def1b50df3bf7c8587752a487b1b20c12fe408076c9f

SHA512
dcabff79e18c62ccf2e285d1f594d5c8a9072dc42ab931b9f032fbde6efa4fc9f2a4239c5b57b39a4c2c1ccb0ad897b33a62c36859634a13b267ba748c0c8fee

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview2x.png.1E46D91F9A0993AD305AF67EE1ADAEEE06AFA98F14C7E139DCC878AC1FC46994

Filesize
4KB

MD5
7029b1c7ef55011faa777a703cab27c9

SHA1
ee10255a9e1c38dded7892cc3efe69291400df2c

SHA256
e4116fafd9a5888f67f79cfa049cd3dab26fc9ba339725394de9c8841792b459

SHA512
8fdca11d64c73fec47901fc6eab48ceb54c67e3ff9d71d244cd7afc13ad0119aa49c0b53054a5d449f43749247ddd02632eb2a2b61e1aceee6dc3aaf7b4c16d9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small.png.1E46D91F9A0993AD305AF67EE1ADAEEE06AFA98F14C7E139DCC878AC1FC46994

Filesize
304B

MD5
340c3c410fd1ce5d7494c261c7177009

SHA1
9f741ff02d8ff6a4aef0b8836c8de8997bdf21cf

SHA256
ca8e881967b11bca0159f496932471405b0b08c8cdaba839fb56b5cd3a2ba5a5

SHA512
4df253375a353871c9657a450c533dffc51a25a698e83af7147e4089c0d18f1a560d7169ef3803a176d2c8cf2a023d3a01fcc0d17174045e2342490ed43f9e59

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small2x.png.1E46D91F9A0993AD305AF67EE1ADAEEE06AFA98F14C7E139DCC878AC1FC46994

Filesize
400B

MD5
7f7b476983961c719431e3ddb6b0c2ae

SHA1
73de67b7bdeed2e23480c781cd08bca90f49c03f

SHA256
b761e9d2bc9f45fc3aad1f11cbbfeea060164dff326a08f96e888cb6e65c6060

SHA512
418732dfc525f0acfa75ff16fea59b03534168241e6ae9196fbc9a30063c0d0a80259f5dce6979f0c9935d8bed0ddd52b9b19d1750b7e3771aaa13f9ddacada8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\nub.png.1E46D91F9A0993AD305AF67EE1ADAEEE06AFA98F14C7E139DCC878AC1FC46994

Filesize
1008B

MD5
bed8eb3425d8306c7a127f58a78dee7b

SHA1
65d3728215f764e5693ff7dcf471b5c16af3ac7f

SHA256
dca48797725be2c9038328d2b167ef13f46e420212617b0bd4c526d581997ae3

SHA512
468a7a4cb0bb21b244541dbaa0e564098880ecf5f33fea3032e1c74591d59519c10eeea147b60ea91d0a2e840ca76dd9a0b9dbc6f29a57e84a64d0ec1495543b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons.png.1E46D91F9A0993AD305AF67EE1ADAEEE06AFA98F14C7E139DCC878AC1FC46994

Filesize
1KB

MD5
36e62eb2888be6d03a6e6d38aad5cb08

SHA1
dceafdd1880ba568fa706ced7597767b817f3cbb

SHA256
70b2e1ea427caa8093dabac66b0510a771b26d7d0d57e997f6966f1e09a853ed

SHA512
faed7b432a9ed9c43ae344285d7c48240d10decad18481658e48e8d27d3d1384c04ad8bf0bea33c5e648c198cd9943542cb5dd609823463ed79a015925854c64

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons2x.png.1E46D91F9A0993AD305AF67EE1ADAEEE06AFA98F14C7E139DCC878AC1FC46994

Filesize
2KB

MD5
9635dd2e839e77ca67c2f84ddaf8a4a6

SHA1
aa95eece931f4aa33daaed065ec89fe6b01fc4c6

SHA256
cf9b4d9adaa2be6343c1a876aff683380fe76f4e2347de5189ba97dde5130209

SHA512
728096cd04ddfd884ce58f0c0efdb0bff01ea4be38697de052edd0d7e666663a01f3ab021e125748fd93acf600b8bf6125d736bddc96b7aec34652631b6a3099

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\nl-nl\ui-strings.js.1E46D91F9A0993AD305AF67EE1ADAEEE06AFA98F14C7E139DCC878AC1FC46994

Filesize
848B

MD5
d16a5ecba8a7303acd7031d419afd407

SHA1
de8ef2569aeb0454b002e34c69c1ea0fb7618bdc

SHA256
0f31f71832100962f91eceffadd2318ea89275756085bf14465040fd3986f97f

SHA512
6229e0c69ae47e913c61d1608114ba39ee51528352880edff9a9e644a9eb707754578f4cd2b25f73c8172c833dd01cb6ea975f94b779bcb0d241e6c936508f7f

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.1E46D91F9A0993AD305AF67EE1ADAEEE06AFA98F14C7E139DCC878AC1FC46994

Filesize
32KB

MD5
0c594019152f9cac096f4d576be18320

SHA1
a3e1c85ce885b92916afde620a15ba8cfb3b0af6

SHA256
aec982afed18a41c2fedc74d9a1b6b4539d539aa441f8264928026fd13828ba8

SHA512
e9213f6cd673a31958baf340646b36180600107add19c50bfcbe49b5dae33e1b6186973af59240206d57d183d0e0fbdcf49f60e2659f65629122957c26e5afd2

Download Submit
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\penusa.dll.1E46D91F9A0993AD305AF67EE1ADAEEE06AFA98F14C7E139DCC878AC1FC46994

Filesize
2KB

MD5
e8bf62f6794f29ac9b3d19b33e6eed04

SHA1
60fb92a0ef3c74977a54a8b5205dcbce8218ec6e

SHA256
daa51a997ead56f5335d3bdaadc9459872b3577a09fd42096366b10e8130631a

SHA512
d7a4acdcd0fcdcf88b7f2dcdf3f95311b1217103ed786d3c1ce1d2a53ea62bb1d04faa29a1183eeebae5830e24045a24889bb8f9c02fc9d5403e1646a79f6074

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zOCC7DC578\[email protected]

Filesize
211KB

MD5
b805db8f6a84475ef76b795b0d1ed6ae

SHA1
7711cb4873e58b7adcf2a2b047b090e78d10c75b

SHA256
f5d002bfe80b48386a6c99c41528931b7f5df736cd34094463c3f85dde0180bf

SHA512
62a2c329b43d186c4c602c5f63efc8d2657aa956f21184334263e4f6d0204d7c31f86bda6e85e65e3b99b891c1630d805b70997731c174f6081ecc367ccf9416

Download Submit
memory/1852-15-0x0000000005A80000-0x0000000006024000-memory.dmp

Filesize
5.6MB

Download
memory/1852-13-0x0000000000BA0000-0x0000000000BDC000-memory.dmp

Filesize
240KB

Download
memory/1852-14-0x0000000005410000-0x00000000054AC000-memory.dmp

Filesize
624KB

Download
memory/1852-2183-0x0000000074D40000-0x00000000754F0000-memory.dmp

Filesize
7.7MB

Download
memory/1852-16-0x0000000005570000-0x0000000005602000-memory.dmp

Filesize
584KB

Download
memory/1852-17-0x0000000005520000-0x000000000552A000-memory.dmp

Filesize
40KB

Download
memory/1852-18-0x0000000005770000-0x00000000057C6000-memory.dmp

Filesize
344KB

Download
memory/1852-19-0x0000000074D40000-0x00000000754F0000-memory.dmp

Filesize
7.7MB

Download
memory/1852-1700-0x0000000074D4E000-0x0000000074D4F000-memory.dmp

Filesize
4KB

Download
memory/1852-12-0x0000000074D4E000-0x0000000074D4F000-memory.dmp

Filesize
4KB

Download
memory/1852-4049-0x0000000006A20000-0x0000000006A86000-memory.dmp

Filesize
408KB

Download
memory/4732-3911-0x000001FD95AC0000-0x000001FD95AC1000-memory.dmp

Filesize
4KB

Download
memory/4732-3910-0x000001FD95AC0000-0x000001FD95AC1000-memory.dmp

Filesize
4KB

Download
memory/4732-3922-0x000001FD95AC0000-0x000001FD95AC1000-memory.dmp

Filesize
4KB

Download
memory/4732-3927-0x000001FD95AC0000-0x000001FD95AC1000-memory.dmp

Filesize
4KB

Download
memory/4732-3926-0x000001FD95AC0000-0x000001FD95AC1000-memory.dmp

Filesize
4KB

Download
memory/4732-3925-0x000001FD95AC0000-0x000001FD95AC1000-memory.dmp

Filesize
4KB

Download
memory/4732-3924-0x000001FD95AC0000-0x000001FD95AC1000-memory.dmp

Filesize
4KB

Download
memory/4732-3923-0x000001FD95AC0000-0x000001FD95AC1000-memory.dmp

Filesize
4KB

Download
memory/4732-3921-0x000001FD95AC0000-0x000001FD95AC1000-memory.dmp

Filesize
4KB

Download
memory/4732-3912-0x000001FD95AC0000-0x000001FD95AC1000-memory.dmp

Filesize
4KB

Download