infinitylock | f5d002bfe80b48386a6c99c41528931b7f5df736cd34094463c3f85dde0180bf

Analysis

max time kernel
148s
max time network
158s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20250128-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250128-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
05/02/2025, 14:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

[email protected]
Size

211KB
MD5

b805db8f6a84475ef76b795b0d1ed6ae
SHA1

7711cb4873e58b7adcf2a2b047b090e78d10c75b
SHA256

f5d002bfe80b48386a6c99c41528931b7f5df736cd34094463c3f85dde0180bf
SHA512

62a2c329b43d186c4c602c5f63efc8d2657aa956f21184334263e4f6d0204d7c31f86bda6e85e65e3b99b891c1630d805b70997731c174f6081ecc367ccf9416
SSDEEP

1536:YoCFfC303p22fkZrRQpnqjoi7l832fbu9ZXILwVENbM:rCVC303p22sZrRQpnviB832Du9WMON

Score

10^/10

infinitylock discovery ransomware

Malware Config

Signatures

InfinityLock Ransomware
Also known as InfinityCrypt. Based on the open-source HiddenTear ransomware.
ransomware infinitylock
Infinitylock family
infinitylock

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ViewerPS.dll.7FBE1C6D63ED5F2D06F3EF83B150DA338F4F07AA24ABFCA09C8B8F087D89CC1E	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\ui-strings.js.7FBE1C6D63ED5F2D06F3EF83B150DA338F4F07AA24ABFCA09C8B8F087D89CC1E	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\multi-tab-file-view-2x.png.7FBE1C6D63ED5F2D06F3EF83B150DA338F4F07AA24ABFCA09C8B8F087D89CC1E	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\msedgeupdateres_sr-Cyrl-BA.dll.7FBE1C6D63ED5F2D06F3EF83B150DA338F4F07AA24ABFCA09C8B8F087D89CC1E	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Trust Protection Lists\Sigma\Fingerprinting.7FBE1C6D63ED5F2D06F3EF83B150DA338F4F07AA24ABFCA09C8B8F087D89CC1E	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\zh-tw\ui-strings.js.7FBE1C6D63ED5F2D06F3EF83B150DA338F4F07AA24ABFCA09C8B8F087D89CC1E	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\tr-tr\ui-strings.js.7FBE1C6D63ED5F2D06F3EF83B150DA338F4F07AA24ABFCA09C8B8F087D89CC1E	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\ui-strings.js.7FBE1C6D63ED5F2D06F3EF83B150DA338F4F07AA24ABFCA09C8B8F087D89CC1E	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\themes\dark\AddressBook.png.7FBE1C6D63ED5F2D06F3EF83B150DA338F4F07AA24ABFCA09C8B8F087D89CC1E	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Mac\CORPCHAR.TXT.7FBE1C6D63ED5F2D06F3EF83B150DA338F4F07AA24ABFCA09C8B8F087D89CC1E	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\example_icons.png.7FBE1C6D63ED5F2D06F3EF83B150DA338F4F07AA24ABFCA09C8B8F087D89CC1E	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\zh-cn\ui-strings.js.7FBE1C6D63ED5F2D06F3EF83B150DA338F4F07AA24ABFCA09C8B8F087D89CC1E	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\images\themes\dark\rhp_world_icon_hover_2x.png.7FBE1C6D63ED5F2D06F3EF83B150DA338F4F07AA24ABFCA09C8B8F087D89CC1E	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\pl-pl\ui-strings.js.7FBE1C6D63ED5F2D06F3EF83B150DA338F4F07AA24ABFCA09C8B8F087D89CC1E	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\cloud_secured.png.7FBE1C6D63ED5F2D06F3EF83B150DA338F4F07AA24ABFCA09C8B8F087D89CC1E	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\Locales\km.pak.DATA.7FBE1C6D63ED5F2D06F3EF83B150DA338F4F07AA24ABFCA09C8B8F087D89CC1E	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\lets-get-started.png.7FBE1C6D63ED5F2D06F3EF83B150DA338F4F07AA24ABFCA09C8B8F087D89CC1E	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\es-es\PlayStore_icon.svg.7FBE1C6D63ED5F2D06F3EF83B150DA338F4F07AA24ABFCA09C8B8F087D89CC1E	[email protected]
File opened for modification	C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Office.Contract.v9.0.dll.7FBE1C6D63ED5F2D06F3EF83B150DA338F4F07AA24ABFCA09C8B8F087D89CC1E	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe.7FBE1C6D63ED5F2D06F3EF83B150DA338F4F07AA24ABFCA09C8B8F087D89CC1E	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\images\themes\dark\rhp_world_icon_2x.png.7FBE1C6D63ED5F2D06F3EF83B150DA338F4F07AA24ABFCA09C8B8F087D89CC1E	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\js\nls\es-es\ui-strings.js.7FBE1C6D63ED5F2D06F3EF83B150DA338F4F07AA24ABFCA09C8B8F087D89CC1E	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\sv-se\ui-strings.js.7FBE1C6D63ED5F2D06F3EF83B150DA338F4F07AA24ABFCA09C8B8F087D89CC1E	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\svgCheckboxSelected.svg.7FBE1C6D63ED5F2D06F3EF83B150DA338F4F07AA24ABFCA09C8B8F087D89CC1E	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\pt-br\ui-strings.js.7FBE1C6D63ED5F2D06F3EF83B150DA338F4F07AA24ABFCA09C8B8F087D89CC1E	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ru-ru\ui-strings.js.7FBE1C6D63ED5F2D06F3EF83B150DA338F4F07AA24ABFCA09C8B8F087D89CC1E	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\ro-ro\ui-strings.js.7FBE1C6D63ED5F2D06F3EF83B150DA338F4F07AA24ABFCA09C8B8F087D89CC1E	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\sv-se\ui-strings.js.7FBE1C6D63ED5F2D06F3EF83B150DA338F4F07AA24ABFCA09C8B8F087D89CC1E	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\plugin.js.7FBE1C6D63ED5F2D06F3EF83B150DA338F4F07AA24ABFCA09C8B8F087D89CC1E	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\BIBUtils.dll.7FBE1C6D63ED5F2D06F3EF83B150DA338F4F07AA24ABFCA09C8B8F087D89CC1E	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\ui-strings.js.7FBE1C6D63ED5F2D06F3EF83B150DA338F4F07AA24ABFCA09C8B8F087D89CC1E	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\ru-ru\ui-strings.js.7FBE1C6D63ED5F2D06F3EF83B150DA338F4F07AA24ABFCA09C8B8F087D89CC1E	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\selector.js.7FBE1C6D63ED5F2D06F3EF83B150DA338F4F07AA24ABFCA09C8B8F087D89CC1E	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\lv_get.svg.7FBE1C6D63ED5F2D06F3EF83B150DA338F4F07AA24ABFCA09C8B8F087D89CC1E	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\css\main.css.7FBE1C6D63ED5F2D06F3EF83B150DA338F4F07AA24ABFCA09C8B8F087D89CC1E	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\main-high-contrast.css.7FBE1C6D63ED5F2D06F3EF83B150DA338F4F07AA24ABFCA09C8B8F087D89CC1E	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account-select\css\main.css.7FBE1C6D63ED5F2D06F3EF83B150DA338F4F07AA24ABFCA09C8B8F087D89CC1E	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\dd_arrow_small.png.7FBE1C6D63ED5F2D06F3EF83B150DA338F4F07AA24ABFCA09C8B8F087D89CC1E	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\themes\dark\bun.png.7FBE1C6D63ED5F2D06F3EF83B150DA338F4F07AA24ABFCA09C8B8F087D89CC1E	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\pt-br\ui-strings.js.7FBE1C6D63ED5F2D06F3EF83B150DA338F4F07AA24ABFCA09C8B8F087D89CC1E	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\close_dark.svg.7FBE1C6D63ED5F2D06F3EF83B150DA338F4F07AA24ABFCA09C8B8F087D89CC1E	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\js\nls\de-de\ui-strings.js.7FBE1C6D63ED5F2D06F3EF83B150DA338F4F07AA24ABFCA09C8B8F087D89CC1E	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Protect_R_RHP.aapp.7FBE1C6D63ED5F2D06F3EF83B150DA338F4F07AA24ABFCA09C8B8F087D89CC1E	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_editpdf_18.svg.7FBE1C6D63ED5F2D06F3EF83B150DA338F4F07AA24ABFCA09C8B8F087D89CC1E	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\en-gb\ui-strings.js.7FBE1C6D63ED5F2D06F3EF83B150DA338F4F07AA24ABFCA09C8B8F087D89CC1E	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\nl-nl\ui-strings.js.7FBE1C6D63ED5F2D06F3EF83B150DA338F4F07AA24ABFCA09C8B8F087D89CC1E	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\fr-ma\ui-strings.js.7FBE1C6D63ED5F2D06F3EF83B150DA338F4F07AA24ABFCA09C8B8F087D89CC1E	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\win\CP1253.TXT.7FBE1C6D63ED5F2D06F3EF83B150DA338F4F07AA24ABFCA09C8B8F087D89CC1E	[email protected]
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.371\goopdateres_ta.dll.7FBE1C6D63ED5F2D06F3EF83B150DA338F4F07AA24ABFCA09C8B8F087D89CC1E	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Measure.aapp.7FBE1C6D63ED5F2D06F3EF83B150DA338F4F07AA24ABFCA09C8B8F087D89CC1E	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png.7FBE1C6D63ED5F2D06F3EF83B150DA338F4F07AA24ABFCA09C8B8F087D89CC1E	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\fi-fi\ui-strings.js.7FBE1C6D63ED5F2D06F3EF83B150DA338F4F07AA24ABFCA09C8B8F087D89CC1E	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\Trust Protection Lists\Sigma\LICENSE.DATA.7FBE1C6D63ED5F2D06F3EF83B150DA338F4F07AA24ABFCA09C8B8F087D89CC1E	[email protected]
File opened for modification	C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.Targets.7FBE1C6D63ED5F2D06F3EF83B150DA338F4F07AA24ABFCA09C8B8F087D89CC1E	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\selection-actions2x.png.7FBE1C6D63ED5F2D06F3EF83B150DA338F4F07AA24ABFCA09C8B8F087D89CC1E	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\eu-es\ui-strings.js.7FBE1C6D63ED5F2D06F3EF83B150DA338F4F07AA24ABFCA09C8B8F087D89CC1E	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\msedgeupdateres_hi.dll.7FBE1C6D63ED5F2D06F3EF83B150DA338F4F07AA24ABFCA09C8B8F087D89CC1E	[email protected]
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe.7FBE1C6D63ED5F2D06F3EF83B150DA338F4F07AA24ABFCA09C8B8F087D89CC1E	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win-scrollbar\arrow-down.png.7FBE1C6D63ED5F2D06F3EF83B150DA338F4F07AA24ABFCA09C8B8F087D89CC1E	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_proxy\beta.identity_helper.exe.manifest.7FBE1C6D63ED5F2D06F3EF83B150DA338F4F07AA24ABFCA09C8B8F087D89CC1E	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\Trust Protection Lists\Mu\Social.DATA.7FBE1C6D63ED5F2D06F3EF83B150DA338F4F07AA24ABFCA09C8B8F087D89CC1E	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\sv-se\ui-strings.js.7FBE1C6D63ED5F2D06F3EF83B150DA338F4F07AA24ABFCA09C8B8F087D89CC1E	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\root\ui-strings.js.7FBE1C6D63ED5F2D06F3EF83B150DA338F4F07AA24ABFCA09C8B8F087D89CC1E	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\msedgeupdateres_cs.dll.7FBE1C6D63ED5F2D06F3EF83B150DA338F4F07AA24ABFCA09C8B8F087D89CC1E	[email protected]

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	[email protected]

Checks processor information in registry 2 TTPs 10 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	[email protected]
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	[email protected]
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	4756	[email protected]
Token: SeDebugPrivilege	2200	firefox.exe
Token: SeDebugPrivilege	2200	firefox.exe

Suspicious use of FindShellTrayWindow 21 IoCs

pid	Process
2200	firefox.exe
2200	firefox.exe
2200	firefox.exe
2200	firefox.exe
2200	firefox.exe
2200	firefox.exe
2200	firefox.exe
2200	firefox.exe
2200	firefox.exe
2200	firefox.exe
2200	firefox.exe
2200	firefox.exe
2200	firefox.exe
2200	firefox.exe
2200	firefox.exe
2200	firefox.exe
2200	firefox.exe
2200	firefox.exe
2200	firefox.exe
2200	firefox.exe
2200	firefox.exe

Suspicious use of SendNotifyMessage 20 IoCs

pid	Process
2200	firefox.exe
2200	firefox.exe
2200	firefox.exe
2200	firefox.exe
2200	firefox.exe
2200	firefox.exe
2200	firefox.exe
2200	firefox.exe
2200	firefox.exe
2200	firefox.exe
2200	firefox.exe
2200	firefox.exe
2200	firefox.exe
2200	firefox.exe
2200	firefox.exe
2200	firefox.exe
2200	firefox.exe
2200	firefox.exe
2200	firefox.exe
2200	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2200	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4876 wrote to memory of 2200	4876	firefox.exe	102
PID 4876 wrote to memory of 2200	4876	firefox.exe	102
PID 4876 wrote to memory of 2200	4876	firefox.exe	102
PID 4876 wrote to memory of 2200	4876	firefox.exe	102
PID 4876 wrote to memory of 2200	4876	firefox.exe	102
PID 4876 wrote to memory of 2200	4876	firefox.exe	102
PID 4876 wrote to memory of 2200	4876	firefox.exe	102
PID 4876 wrote to memory of 2200	4876	firefox.exe	102
PID 4876 wrote to memory of 2200	4876	firefox.exe	102
PID 4876 wrote to memory of 2200	4876	firefox.exe	102
PID 4876 wrote to memory of 2200	4876	firefox.exe	102
PID 2200 wrote to memory of 32	2200	firefox.exe	103
PID 2200 wrote to memory of 32	2200	firefox.exe	103
PID 2200 wrote to memory of 32	2200	firefox.exe	103
PID 2200 wrote to memory of 32	2200	firefox.exe	103
PID 2200 wrote to memory of 32	2200	firefox.exe	103
PID 2200 wrote to memory of 32	2200	firefox.exe	103
PID 2200 wrote to memory of 32	2200	firefox.exe	103
PID 2200 wrote to memory of 32	2200	firefox.exe	103
PID 2200 wrote to memory of 32	2200	firefox.exe	103
PID 2200 wrote to memory of 32	2200	firefox.exe	103
PID 2200 wrote to memory of 32	2200	firefox.exe	103
PID 2200 wrote to memory of 32	2200	firefox.exe	103
PID 2200 wrote to memory of 32	2200	firefox.exe	103
PID 2200 wrote to memory of 32	2200	firefox.exe	103
PID 2200 wrote to memory of 32	2200	firefox.exe	103
PID 2200 wrote to memory of 32	2200	firefox.exe	103
PID 2200 wrote to memory of 32	2200	firefox.exe	103
PID 2200 wrote to memory of 32	2200	firefox.exe	103
PID 2200 wrote to memory of 32	2200	firefox.exe	103
PID 2200 wrote to memory of 32	2200	firefox.exe	103
PID 2200 wrote to memory of 32	2200	firefox.exe	103
PID 2200 wrote to memory of 32	2200	firefox.exe	103
PID 2200 wrote to memory of 32	2200	firefox.exe	103
PID 2200 wrote to memory of 32	2200	firefox.exe	103
PID 2200 wrote to memory of 32	2200	firefox.exe	103
PID 2200 wrote to memory of 32	2200	firefox.exe	103
PID 2200 wrote to memory of 32	2200	firefox.exe	103
PID 2200 wrote to memory of 32	2200	firefox.exe	103
PID 2200 wrote to memory of 32	2200	firefox.exe	103
PID 2200 wrote to memory of 32	2200	firefox.exe	103
PID 2200 wrote to memory of 32	2200	firefox.exe	103
PID 2200 wrote to memory of 32	2200	firefox.exe	103
PID 2200 wrote to memory of 32	2200	firefox.exe	103
PID 2200 wrote to memory of 32	2200	firefox.exe	103
PID 2200 wrote to memory of 32	2200	firefox.exe	103
PID 2200 wrote to memory of 32	2200	firefox.exe	103
PID 2200 wrote to memory of 32	2200	firefox.exe	103
PID 2200 wrote to memory of 32	2200	firefox.exe	103
PID 2200 wrote to memory of 32	2200	firefox.exe	103
PID 2200 wrote to memory of 32	2200	firefox.exe	103
PID 2200 wrote to memory of 32	2200	firefox.exe	103
PID 2200 wrote to memory of 32	2200	firefox.exe	103
PID 2200 wrote to memory of 32	2200	firefox.exe	103
PID 2200 wrote to memory of 32	2200	firefox.exe	103
PID 2200 wrote to memory of 32	2200	firefox.exe	103
PID 2200 wrote to memory of 348	2200	firefox.exe	104
PID 2200 wrote to memory of 348	2200	firefox.exe	104
PID 2200 wrote to memory of 348	2200	firefox.exe	104
PID 2200 wrote to memory of 348	2200	firefox.exe	104
PID 2200 wrote to memory of 348	2200	firefox.exe	104
PID 2200 wrote to memory of 348	2200	firefox.exe	104
PID 2200 wrote to memory of 348	2200	firefox.exe	104
PID 2200 wrote to memory of 348	2200	firefox.exe	104

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\[email protected]
"C:\Users\Admin\AppData\Local\Temp\[email protected]"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
PID:4756

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:884

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4876
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2200
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1988 -parentBuildID 20240401114208 -prefsHandle 1904 -prefMapHandle 1896 -prefsLen 27175 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {59565f03-fe3a-4f4d-b1a3-6dc78e07aeb4} 2200 "\\.\pipe\gecko-crash-server-pipe.2200" gpu
    3⤵
    PID:32
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2396 -parentBuildID 20240401114208 -prefsHandle 2372 -prefMapHandle 2368 -prefsLen 27053 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {54bf2d68-5138-491c-9ef3-1a410900068c} 2200 "\\.\pipe\gecko-crash-server-pipe.2200" socket
    3⤵
    PID:348
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3076 -childID 1 -isForBrowser -prefsHandle 3176 -prefMapHandle 2704 -prefsLen 27194 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {606cf592-cbdd-4178-b14b-7c9f0f7a942a} 2200 "\\.\pipe\gecko-crash-server-pipe.2200" tab
    3⤵
    PID:1976
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4324 -childID 2 -isForBrowser -prefsHandle 4316 -prefMapHandle 4312 -prefsLen 32427 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b5ea4084-150c-4ec7-b277-32635667c79b} 2200 "\\.\pipe\gecko-crash-server-pipe.2200" tab
    3⤵
    PID:2500
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4992 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4984 -prefMapHandle 4980 -prefsLen 32554 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c6c8f178-49d4-4c31-a1e2-c6899d1141c7} 2200 "\\.\pipe\gecko-crash-server-pipe.2200" utility
    3⤵
    - Checks processor information in registry
    PID:5300
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5260 -childID 3 -isForBrowser -prefsHandle 5232 -prefMapHandle 4276 -prefsLen 27145 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f5e5cbd1-a7e5-4797-9c74-c524c209c5ed} 2200 "\\.\pipe\gecko-crash-server-pipe.2200" tab
    3⤵
    PID:5572
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5468 -childID 4 -isForBrowser -prefsHandle 5384 -prefMapHandle 5192 -prefsLen 27145 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0fd7bbe2-e4ee-4be1-9c98-a13d5e45e8ab} 2200 "\\.\pipe\gecko-crash-server-pipe.2200" tab
    3⤵
    PID:5584
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5600 -childID 5 -isForBrowser -prefsHandle 5676 -prefMapHandle 5672 -prefsLen 27145 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {893adecc-8765-4e5c-a0ae-416192531d74} 2200 "\\.\pipe\gecko-crash-server-pipe.2200" tab
    3⤵
    PID:5596
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6060 -childID 6 -isForBrowser -prefsHandle 6028 -prefMapHandle 6036 -prefsLen 27226 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {060fb8b0-3d89-4a57-9526-92071bfea073} 2200 "\\.\pipe\gecko-crash-server-pipe.2200" tab
    3⤵
    PID:1524
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5324 -childID 7 -isForBrowser -prefsHandle 4928 -prefMapHandle 5312 -prefsLen 28092 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {843d0583-f4d7-49c6-9931-811511e47774} 2200 "\\.\pipe\gecko-crash-server-pipe.2200" tab
    3⤵
    PID:5832
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5264 -parentBuildID 20240401114208 -prefsHandle 5356 -prefMapHandle 5332 -prefsLen 34047 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5f3c691b-482c-49d0-8139-c480dd61283f} 2200 "\\.\pipe\gecko-crash-server-pipe.2200" rdd
    3⤵
    PID:2132

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\icudtl.dat.7FBE1C6D63ED5F2D06F3EF83B150DA338F4F07AA24ABFCA09C8B8F087D89CC1E

Filesize
16B

MD5
34b57311c7071d5b5bfb5f003561906f

SHA1
aff337c369e948f9c1c914e21d86da9d43bac5ff

SHA256
4afeb394a09ee3af4576778181d7c673e17193d6e88f2cb2c03d1dded2d0ba13

SHA512
680438aa5d78b8d0ef2dd9d0bc82255bab0bbde7148a36875c72f170b920833db4059d952bc41349bef885d554c907751cdecddfdf5b4a5074e795b27341f058

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_remove_18.svg.7FBE1C6D63ED5F2D06F3EF83B150DA338F4F07AA24ABFCA09C8B8F087D89CC1E

Filesize
720B

MD5
8fda93892087ed72d146fe1a0af76a9e

SHA1
8f268d5b6d02cac986311ed9850c6ca143495105

SHA256
8d9d261a994523ddfe3bbf353d2394ea4eb9a9fb4bd7a5689f2272cb3318d8ae

SHA512
8b0d1736abbcf215e9220a9acc4037e4c6c156b01be334caec52687e4f7ef45ee4003457faccc274a80b0ecd1f3c574d58ca07305079abdcf2135f347e67e2cf

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons.png.7FBE1C6D63ED5F2D06F3EF83B150DA338F4F07AA24ABFCA09C8B8F087D89CC1E

Filesize
688B

MD5
ecfd9172a9a8f9b6197943d58b698555

SHA1
d3f67fb715518f1fb014c0f0ccc9dc895f9e99b4

SHA256
e7a4055c226651551c9f4fee5a834b291368e43d7c0adf9d2612035b80d62499

SHA512
7353782cd8c63a34efa472abaf00528c37a32708a8e24173cb692a2f7f359da6f5ad7765daf6ac48fdbc9dc3cc73789d4c3c25e50ff632b136c398ba439ab43a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons2x.png.7FBE1C6D63ED5F2D06F3EF83B150DA338F4F07AA24ABFCA09C8B8F087D89CC1E

Filesize
1KB

MD5
5867bf3df09de264246e4e71c03ae34e

SHA1
8d60022010439e0b68d60dbd77f6b330b4ac1bab

SHA256
bbefd7ff46f2e39760fdd1143d7a8ffa54c83f94c159f262f8841e8b285b7a97

SHA512
3e79efcee6d7c5884570151f13186ba1129906048d60dae0d8ab0284c80080e3d7c59ef178b668b58f2f53d6eb1a3cdf590536308ce07858b07ff3313242f39e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon.png.7FBE1C6D63ED5F2D06F3EF83B150DA338F4F07AA24ABFCA09C8B8F087D89CC1E

Filesize
448B

MD5
11204de463ec541cb9ff274660d5fd0b

SHA1
6810f60fe3b728b4f68905aa7a076482be886b83

SHA256
990a1491579c1ef9888f46f2be20f95880aa9338fb849f986ad5fdce3d98e545

SHA512
5ce56d28ba335198627348e59bd4c41be5a56b9108728e9947826777c1102024c11e69af5b9203dfe7d79d00f4b572854f04a7c4a0ea93d2d1a453e1e014dcce

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_2x.png.7FBE1C6D63ED5F2D06F3EF83B150DA338F4F07AA24ABFCA09C8B8F087D89CC1E

Filesize
624B

MD5
dcd92bcd4bbeae03c8afb4a381ec3835

SHA1
28d171a4149a29ab660756eea18b0f9deb24456c

SHA256
a6eea50b53e2dfe449e8d34e47541952bbf1adb6ec33fa1a47d7b83f8cb8023b

SHA512
09c5f5405676ac727af77138d788dccafe1a542fa3faf88544494c50d24bd79fad39cb21f2ee1c82ce39c9d6e5238d73accfe36eeedf78c425367fa18c2d7353

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover.png.7FBE1C6D63ED5F2D06F3EF83B150DA338F4F07AA24ABFCA09C8B8F087D89CC1E

Filesize
400B

MD5
1d3ab885e83b3617a7715137af41324b

SHA1
24fd8e19d3d39d8b2e2ddd4bf5dad0d7d002b4e0

SHA256
39bf93bcf71a2ce1e5adcb869390771aae49de26eb6ae265311bb9d1245b05a0

SHA512
92e4fb5b492af396e91c5f46fffdb10b13727417adb4e32a2efd46c2f7cc1abe8159c8475f25aac8ace4878e368e1467ee0c663995c5d2f74aeaeb40d548bd72

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover_2x.png.7FBE1C6D63ED5F2D06F3EF83B150DA338F4F07AA24ABFCA09C8B8F087D89CC1E

Filesize
560B

MD5
9abc37e08756e48410a0bb6d25393923

SHA1
ffb25255088fa510d3f15ca354f5959339a25cc0

SHA256
34aa58974fd9552b8de033ced5f282165fb97570e22ab6cc9a1ee672d39c581e

SHA512
af7c0a5ff73ee4ee75b67b19dafea4e1ae5dcea646dcbacdfa1c9ee315a35e9886140eea82f944be7411a8a6e4c2ea58ec578292fa08f1a0278afada7bc72039

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon.png.7FBE1C6D63ED5F2D06F3EF83B150DA338F4F07AA24ABFCA09C8B8F087D89CC1E

Filesize
400B

MD5
56fe582ac4152728f5c62a31c10e134b

SHA1
3c9d5ce8a3327b75b31746935a4202bf9059d267

SHA256
5ff8c2efac9d57eec0328165b2aa49515a36682f64b90eaef5541f528474f5c7

SHA512
3c71ea054e31d0b9bc94a8eb840de4ec11a30e3f4320654644e701271ca181d01ebf663d7bcb8fa50694ec4e20f6982275e6638a17ec094461d3afe7adc193bf

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png.7FBE1C6D63ED5F2D06F3EF83B150DA338F4F07AA24ABFCA09C8B8F087D89CC1E

Filesize
560B

MD5
3210b1381beb25fb1fa8192d2761e688

SHA1
7993df3c9838b2fb09cc62600e88d3ca4f5c2e69

SHA256
0c674745bf199251de6d844404d44c5c70960b3bc253cf04208a0ddefc017d01

SHA512
3253483bea5027a61d9164862ee88d7b57b37b15235c6634ab20c72140306438ec5a148e1dd457f86c4f687c1d57f7b8dfc9f05210ab4f7ca4a38af40139ff4f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png.7FBE1C6D63ED5F2D06F3EF83B150DA338F4F07AA24ABFCA09C8B8F087D89CC1E

Filesize
400B

MD5
11e3a70f378b57d280413eac869af1a2

SHA1
aca6666cdddb81fa1e68c13c75b9ddf88519a596

SHA256
4fec5145467f5d07176cb09bfe1a15fedec65dbbe00d361a0518be049f2d6392

SHA512
8ddd0dbd96c2610cfdbae5fb5f5c51f511c6ffd5bc3cf256a05f0b65cc0dba52a54975f36cc8860f9a190e0c0bd133ccd6427e8c3d7f1b7e8473b872c2d15326

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png.7FBE1C6D63ED5F2D06F3EF83B150DA338F4F07AA24ABFCA09C8B8F087D89CC1E

Filesize
560B

MD5
ee97a4da3c691344bdacaf9df537da30

SHA1
8a5619c56f4368e53d6415d84d7c9140e1649882

SHA256
2c75710363fb0dee73d705ca7c9f995c02a69aa118125e02202304b1bf1a32c5

SHA512
1f605e09ddcbf9f108a0bc86c76db8040529dc8316b5218c882696d900d1d4486c9490314ee910d60f7b0ccdcf3eea652ca2d60c9081fac1b66008c8af0a61d8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons.png.7FBE1C6D63ED5F2D06F3EF83B150DA338F4F07AA24ABFCA09C8B8F087D89CC1E

Filesize
7KB

MD5
4f7f7778d317da30d52623e860cbaed4

SHA1
ea8bde3d83795ec20b10923dafc8093c07f97ce2

SHA256
a0083672360e8a0f08f44a9c9f1388780fe8dc298776c510d549bbb58d4a2689

SHA512
9ad4648d003e773b2054c071a641390c4305421ace52f2786619be2eb2b7974fd21670f12ac9a04eeadff1aeca551c893d1640930b8995055f07715d283ba0da

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_ie8.gif.7FBE1C6D63ED5F2D06F3EF83B150DA338F4F07AA24ABFCA09C8B8F087D89CC1E

Filesize
7KB

MD5
01545199f13458a33d7fb6615e4832bc

SHA1
240656c5b473fd17fd189db02faef664a3e1f3ce

SHA256
4157e0cd037a173ea24a358335a06584cd60664d060ae5c5487bdbb1f1891205

SHA512
b2ec4c1116ab38dab52bdc8a7f9cec4d9b5b5135733b3d7f476dcfae040d21fd919b6d0412a25f5eea4f81e14f32466dfaace4fddb2b2ad8300e0dbc8a8240d1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_retina.png.7FBE1C6D63ED5F2D06F3EF83B150DA338F4F07AA24ABFCA09C8B8F087D89CC1E

Filesize
15KB

MD5
612e6b65aa55b3a1f8e5db9837ab695a

SHA1
2e0d79181d35d1645f94f6ae000d9ee948463d31

SHA256
af5bc025f9d4a30b48f0badfbb11d95cda44052ed76788eb75a653d88e58989c

SHA512
710b326a69813f01abc1c25fd68169b1066c5aa4cf88019fe983596022220c8773246177fdd98432d3e35ebf9993e7bfa3355befb74b19f83324ef169af0d63c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons.png.7FBE1C6D63ED5F2D06F3EF83B150DA338F4F07AA24ABFCA09C8B8F087D89CC1E

Filesize
8KB

MD5
514f8cd03130096fa09c886cd05e0278

SHA1
b0989e8eee719d38795d41c26c37379f2cb42e61

SHA256
bd89dbc5a1a87944110af85e421d71b3765c9e6fe69110806265c4a2e5fd5ce4

SHA512
95a8195777379744858e1496a0d25ec78af4c0d5c561a220eed2184b1a4f9b29ada4b4b8c170b752c85f596c8a593b92ad5a7b219f6f797636dbe1a1233182dc

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons_retina.png.7FBE1C6D63ED5F2D06F3EF83B150DA338F4F07AA24ABFCA09C8B8F087D89CC1E

Filesize
17KB

MD5
5975cdcb7c6d7d309083b8d021170703

SHA1
797586efc7189c4a809761fe0803c941cca3e1e1

SHA256
f63b6595cf8d17c96903cac3f4ec73c56d81f07efda8ed89bdef8bb5e6cbc793

SHA512
e07b4120e0aae200f2a09cbfba855b2a11492ee087802a303b4de25ff57c44c96005f33fd857633d1046e215d328305749620fca3c87f16939809b3fb52c45a6

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_pattern_RHP.png.7FBE1C6D63ED5F2D06F3EF83B150DA338F4F07AA24ABFCA09C8B8F087D89CC1E

Filesize
192B

MD5
ed694cc07c61739d2089dae739987cf4

SHA1
6b87b52ca0bb03bbed2db2c3819096fe2b3f6631

SHA256
4a66b575447a9a99ce76f155e80e5c3c52f5c4467c20e32893a92de915f2afc7

SHA512
68aed6af3f8d07f8c38e46b7a2b150c65158a96e7a9470d6bdc372321dae4ecfbffc2a59cc83f7e0b45e59165242478a5401be3b74c50e0f3f413a58ffefe371

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_patterns_header.png.7FBE1C6D63ED5F2D06F3EF83B150DA338F4F07AA24ABFCA09C8B8F087D89CC1E

Filesize
704B

MD5
485a9ecb825eddbc10fc940e53ea1861

SHA1
5b9456b0ac8d4b45614b210a7f4c4fc7b5684ba8

SHA256
35429f0cbb746251df5d1fed81aae3f2437027957905b1150dde5fb4ea5f2e01

SHA512
072004c5602084a3d9dc3f717d4bd410cc245c90d5b6e01ed6450a08db0470a8e7bec84eaec31d5a7c40940d25826cd4e1682c06384b5e732c507cca115bc6e4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations.png.7FBE1C6D63ED5F2D06F3EF83B150DA338F4F07AA24ABFCA09C8B8F087D89CC1E

Filesize
8KB

MD5
017526f06d18fcde8715ecabb8ef40af

SHA1
dac7cd5e207b08b0f98f5e8d6891dfe5f161f98b

SHA256
73af3e93d0a59a4377e0c329b72c1ad45064fcc39a0a96cf9b10c1ff6e54f69f

SHA512
1e0bc05aada763680918dd571b0d306dac8b11692eb58be197e8dcdcd3f203fd2a66e14ca74e1745e1197e3443f3aa5d425a52cbb400ca9ad7b6660c106e0c18

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations_retina.png.7FBE1C6D63ED5F2D06F3EF83B150DA338F4F07AA24ABFCA09C8B8F087D89CC1E

Filesize
19KB

MD5
f05f4e9f251bbc575aaf7475fcda22a7

SHA1
3627de51de79d827cc1c15c93248609de02c9a8f

SHA256
787d65cd833700ead60b33cd80b8faf126fa97575d963232b16022e21ac257b0

SHA512
b71c2a83de1195a89629fbc0320cbb8d6b6976b255cc5bd1e883ea823dac2a90e8b73260a1b7b3ecc7a790023bbf492fc9bebd372f8cb98e70b8d7505b38a406

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-gb\ui-strings.js.7FBE1C6D63ED5F2D06F3EF83B150DA338F4F07AA24ABFCA09C8B8F087D89CC1E

Filesize
832B

MD5
94c9b0ffc04c18941139e74b4a07fce8

SHA1
d2f4d1f4d4384fa49e1f5d5d54fb885eb96d463a

SHA256
c7fb0e8d2aba9eac1d39c416e9df361b103913d5452790c5432d05cbd1feca54

SHA512
70370a2acfae8280f2af1002e5a77876b9c9ed5b46cb5f0bb10d5ca4afde30beeb2e037b0207d40e80605b5a15413c4cb5b824a736fbeaacf1256403c37d4a15

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ui-strings.js.7FBE1C6D63ED5F2D06F3EF83B150DA338F4F07AA24ABFCA09C8B8F087D89CC1E

Filesize
1KB

MD5
1aaa696fb371fcf8a44a35ce9e4ef78f

SHA1
6312fc9f5edabade5465dd937e0f92208e07bf8c

SHA256
91c4af9935dd7dff39851f6f87d504f26172b71cbd29be42d2ab2476d7055443

SHA512
9acbaa66e3d5c329606f987a7952944b439cc8949c47f08e4534a2a3e87b6f686652507734eba073a167aea987dcee7cc27b24d0f7eb18c8c5f0e1a777456a88

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ui-strings.js.7FBE1C6D63ED5F2D06F3EF83B150DA338F4F07AA24ABFCA09C8B8F087D89CC1E

Filesize
1KB

MD5
c134aa55f7363580ed4305319bb03f33

SHA1
7be10f6128bc3959c76e5ee200037eab03203ff1

SHA256
f8c1868075e8cc96a32eac6104d1f1ba7a99f23ed5c42904c3d3d78bd502be88

SHA512
3fe852a0c661189816285224c8aa506a5db174c5fa73313a2446483a59dc9111ef33c4d15283018a015ed844de8e82a2d66de978d959054694701814ea3016f1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\css\main.css.7FBE1C6D63ED5F2D06F3EF83B150DA338F4F07AA24ABFCA09C8B8F087D89CC1E

Filesize
816B

MD5
3bbff7380cefd29b5c381165fb43d752

SHA1
afdf4b418fc35488d3ea652922aee98e08d14c68

SHA256
6eadd50c9a20d0d20be2987a0bfdd0449f42e6e53585b14297d411a7d873c2e5

SHA512
a4b17745da46e5524b0a689475a0ebe43c3457aefbbafed9763af4a4ea97aa0eb95d0e28686b858a0f231f42ba816e2b8395a4df60eb4193afef7d2ed6651287

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\bun.png.7FBE1C6D63ED5F2D06F3EF83B150DA338F4F07AA24ABFCA09C8B8F087D89CC1E

Filesize
2KB

MD5
63c64554eb1e111cc0deec17b09f9183

SHA1
0ab592d16cec4187b024291a29dc9aa8e86e3c8a

SHA256
7761fff51d96e6ba4d70cf125aa2baab388efbab0150b54b5533d7910875da2b

SHA512
aa890356dac27e9a83ba2a8edf0322feed554139a7d913162ad6ad40f44e04e29314f6815bf6ccef64f1b452b99ffdc899d9238eaa094aad09b0ea9467dfffd0

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview.png.7FBE1C6D63ED5F2D06F3EF83B150DA338F4F07AA24ABFCA09C8B8F087D89CC1E

Filesize
2KB

MD5
2fcc63a0eea16df679ec3443bbb78125

SHA1
d9b95b34fd6ba8251f378d5c3d1942309bf7e2fc

SHA256
721f0cc49fb1c03cf824de420c0bd0165aee77c02ce9c377d823faf0a1a66e48

SHA512
d2a4971683287006e3c012d83cc18252b345932ab1f23493126917b93ab82793a2efb1e680f0ef3792e8ab7897b05b7e713a8b6433737b98e11eabc4dfc04947

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview2x.png.7FBE1C6D63ED5F2D06F3EF83B150DA338F4F07AA24ABFCA09C8B8F087D89CC1E

Filesize
4KB

MD5
38b916ef4bef83834f145022b927f0b2

SHA1
82213167081128fd644f2ec1dfe70a7645c4547f

SHA256
4ee7ab12444e658681b56a0c114b637c71d7aaf6c4c03eabda5a31f31abc3b12

SHA512
4054904e113cce43ad8207ca0debb78684088062b3f5576239666f7098db2aa751fc3ddff55840fa98def9282b6ef5a01d0da71eb7e48be8b168fbba34f3b1f6

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small.png.7FBE1C6D63ED5F2D06F3EF83B150DA338F4F07AA24ABFCA09C8B8F087D89CC1E

Filesize
304B

MD5
c61e58eaa456fb4a5a99e9c1ab171d08

SHA1
1e6cab1e5f29626cf6e7704f4c3fd12fd088a1fc

SHA256
6cd382c264f0ea4215cb7c0ce544c94665d8879b3062cc5abc08e110fd6f33a7

SHA512
b0e0e7ce15612437488aad624fd7e06df0a8e80750dfa68a80dc63ff462c325e47b156c86b62f4aba692c5e2d1a772acbed24d985e107396aaaabfad6e99ce8a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small2x.png.7FBE1C6D63ED5F2D06F3EF83B150DA338F4F07AA24ABFCA09C8B8F087D89CC1E

Filesize
400B

MD5
e38a961edec7c7c707feee9b827f57d4

SHA1
7ae5707471a742b7b1a2c1854956c0e8aa211ade

SHA256
59d3b54e6c280f36ffb3b26e96880eaa8d120bedefa79f43394adb0ec1ee89c0

SHA512
09b217a8080a7e8973563613e5c7f3bbfbeece7b0a22a1cfecb2dc0661b9e912edccd9ebea52ec4ec29153fde0abd325ff657735cb79105580dd634b881d5489

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\nub.png.7FBE1C6D63ED5F2D06F3EF83B150DA338F4F07AA24ABFCA09C8B8F087D89CC1E

Filesize
1008B

MD5
309ccb1c1d7afac20233ac66e9077a80

SHA1
ce2cc7d1bf376b72fc1b6c2b8fa9db20661a1ad8

SHA256
d143a6059ab4033b3077613e88563abaa4b406b5230c66184d81ff5e18ad7a03

SHA512
09a552a3f79aad8491b48a7f3d9baba45be905fb77bcce07ef78e3de5a6528d49e659e4304af3d69c759e13be1de5ffdd5b69a0d9c2b3a7995cf0b079aff31fa

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons.png.7FBE1C6D63ED5F2D06F3EF83B150DA338F4F07AA24ABFCA09C8B8F087D89CC1E

Filesize
1KB

MD5
165f40e45cdee142728efb9be437cf60

SHA1
c08c684b299ebfd9e396dc9cb4c2e51d9beb4077

SHA256
5e638e24e95c05540ff8ca70c2b1323f65c09d00f6847552306cc28f069bb7bc

SHA512
ec2c37e815d757cb4aaf4381bc58f3c804e945f32f0b31e3b16005dd23eb1666b888e29fb8b2362e5fa2faf0e783930a46429adda51cc91aa505ee4f352fb6dc

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons2x.png.7FBE1C6D63ED5F2D06F3EF83B150DA338F4F07AA24ABFCA09C8B8F087D89CC1E

Filesize
2KB

MD5
67bc8ebb49f93aa46516cd0e80953898

SHA1
6f49ca806e230de208656e7ff56b8011817b22f1

SHA256
1bb53716474451d2256586aa43b1a9b3ae11cd53dfa7b28a8f869b5a4c438c10

SHA512
100dfebad7ad06e48678270705fbfdacedb1c05014ff7389d79d97f6133e6fa793fec71617d37162bc1184c065e343e2adb188926ecce62dd6a1677e289c8e60

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\nl-nl\ui-strings.js.7FBE1C6D63ED5F2D06F3EF83B150DA338F4F07AA24ABFCA09C8B8F087D89CC1E

Filesize
848B

MD5
1b9895dad4b7edbdc5c5274c8b1e9d81

SHA1
5460608b0098f4046782a5c3bbec7755434a1ec5

SHA256
d48c5c9b1f08f6187d24fed7a396409d5f4fd86edd0edc5a17ac78c9e92d9fbd

SHA512
0fa45fad5e6c87553e8c0b2bfd43d5ef0557efc4cc6dbb0f522f7f1a8412dbdf5fe354dbadf1fe7ff8e007f80d96818f16a7abe05a0f21d4bdda72c2e1bb31ed

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.7FBE1C6D63ED5F2D06F3EF83B150DA338F4F07AA24ABFCA09C8B8F087D89CC1E

Filesize
32KB

MD5
ac993ac247769b78b643dcebfbc1ec4e

SHA1
223d2e601265863e44e30d0315d198a5d9a5cbdb

SHA256
ccf2297661ea99e5e6f47395d4f204df1dfbe42eb20babe18f5622b956f4c29c

SHA512
12f6b2281acbfc36bc8004a98af1784186af284d905aa3656133e7997aa0327269649756733f58189b235ccfe57fd479304ea20ae92fa51e6634fc769f913111

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\e5fc29jx.default-release\activity-stream.discovery_stream.json

Filesize
24KB

MD5
0fa8c290185f53a644a2aed56fd7a591

SHA1
ea21030bb0d68b02149ba95c722a36a981583857

SHA256
4d67aadee77f40b7e623b135a7654cc933a7b67727e17bd925a410be6ba67af3

SHA512
5e1ab4d7f1957641a7c880479f84cad1382b985e275616e61a31480d64b3d27a2de88e66b9fdc1eff5ba0e41ceafdcd1a75bd15c24df5eca2dcd3e800d7eae75

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\e5fc29jx.default-release\cache2\doomed\24280

Filesize
57KB

MD5
26ae71330d7b50424155ca45e826d981

SHA1
232cc07d6931bf4a9d5ecd3bf2107629c79d3473

SHA256
c9e154f1d1f0a6ab2dd88c1b5e0f09778527dbbf81478652230c181fbf8f655d

SHA512
bf8374af6d672a3f0bfa6f2be6d49142702a85ba54a9a60ea82f74fc4006be57dbfa7acff7c3fe772b4b136d943d13a0b0a16abd3d85198163e0bf0910aab886

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\e5fc29jx.default-release\cache2\entries\0C0306E3C3FF4B735F652EE034AE95759164D4FD

Filesize
44KB

MD5
ea09f3ce02ad2af57af646b292d71bad

SHA1
2c0468f4e5d94fc8b8c3f851aff3496b1070f31e

SHA256
4806e4135347295e32d40be7188db2d96c377d8d437f61eac48d116da9499126

SHA512
52d26abcb3c427f8d03ca0d7ce839cc90f0d3e9ef3dbf1d8d334f0eb462aec05dc3d4b8238f2881af07b1ff1eece47f382f2377809046e678221529febe390d8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\e5fc29jx.default-release\cache2\entries\2E5A06132C549BDDD27307A6829F1337AB963BD6

Filesize
47KB

MD5
50bf5ad73bb445447f127e15a3961749

SHA1
d47c1fbf14add8fe9be0f4bad1bf47808ba45c9e

SHA256
ed07cfebaf662c5bdd3e432bc729efe1304df566de8e5cd480387171c7929fe5

SHA512
460b7d6d58585a19f56fba4e38ec1daccee78a68105398f76d0283360dc32cbcf2649dd74116af416fa10d3d2c91be534198a6068c98bfe6a570cd01699a2b8f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\e5fc29jx.default-release\cache2\entries\40A8F58CFC1A23A6BAE836E45F467F9B93975806

Filesize
41KB

MD5
8618e88b88d1aba3d8bc72bc8f149b48

SHA1
f456caf1a8da497d7f5ab115846d7e520d24d416

SHA256
91838b0d493534528acf493c467248c3455e3859daf208eead47a2d4ed4492af

SHA512
33e681bd3778165746ea46cae02aa34a52294d1f60ce7cd0358bd598c8276aa853e4c91107ee7feed33793eb79b39c5723cc270d776ee21ea43215d98cdf2ddf

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\e5fc29jx.default-release\cache2\entries\D095B238442D308AD8304D9F2F3369683136F3AE

Filesize
34KB

MD5
7db0ab2e39952b797367b99e892330e9

SHA1
e7552d614454ebae0e4ab5978a42e844eb5ea6ed

SHA256
25541056cac23cd38f475b74be3f59ada6e1789aa5f02bcd426f685b3d8ec568

SHA512
8c674c70ef6f2e5ac4e566eb211bd39e9a61a97a251eed681bf0ee6254b1d8169bf3e5267da16e1d4a9778b5a41f336e1de1050d3d1bbed5cfea4895b94cb852

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e5fc29jx.default-release\AlternateServices.bin

Filesize
8KB

MD5
244b9e5838fae5dc21646ade3f186f61

SHA1
e07e0890b779cf1269a4375778e8bb225e170d6e

SHA256
3448ce680631ea61c060c2b6284aa5ee5759cfd7c54b0db7a05d8ea499249d7b

SHA512
e38dd2d3d3528344aea3a6be28677e5daf3ec4e5b9059df825cc2be6e3aa499d83830b3fda801e74d7276833fd2bd4ee364c3a4de3f72428e2445d934f20f3d5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e5fc29jx.default-release\AlternateServices.bin

Filesize
12KB

MD5
acfec8c8c6f0fc0af3b6389aef2015b7

SHA1
73c9f9505383e6f0bb7dd0b2e12c10c4b0ff263f

SHA256
4cdfa8928e147b61635eeadfdc9c1768a95120288fa2e2f3d38edf89122a0bd4

SHA512
372d2368207bdf554149172ea8ce7effbe57de8d51f7bcaf47377b2f1525e86d9a421a732b0c16a096a5e46979dc7768628c726d76061f7900008182fe154ab2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e5fc29jx.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
0b0c7c197362588b6239d65e10975b87

SHA1
f80bf8e2000fc193f33a44cdf43edc47dc615222

SHA256
71941b9c30302292f02e51bf3c5c660c6e5cfc6ac6a4219c9ca835af34d4d877

SHA512
a1cddac083464fece8e59ed0ff0df75e4bfa4594f975fc0591e9f2caaeab320179a4b28cbe23ae9c1ae9cb337a9574bc92cde92d02dcc9db4ed72f5bef93d886

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e5fc29jx.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
7093c65277f76508295c6af3249cf8f3

SHA1
8e0120f90849baa427137a2eb4428854aa595999

SHA256
195997cd4c678d311b568d61519f6c1a6a672714d3ac196e73f9c52a2d3b274c

SHA512
09c9dd63e23632243e599d2f8eb3e9b2de52263034eb0f0c52b7b8796e759e89236e1756c565b286f220ab392211c18a76d51ed541fc9535bd5ec4b7ded14b2a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e5fc29jx.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
4be1a6c352294cf451b1e8e33739368f

SHA1
5b6dc7837aca0174e143a070588d8e4e24a7c154

SHA256
052b84ab482ca5f6069de0fa55d73cbf3f11cf7271635f91c7d7ad175a8ab73f

SHA512
fca3b1b12a055673912cc65f2ab4cae11558d5b03300fa404db61d3e05578efc8a17f8013091b96b53cfedb20549413314325d37f611ce26849978ecb80f9b1e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e5fc29jx.default-release\datareporting\glean\db\data.safe.tmp

Filesize
7KB

MD5
3882dd8d3c83cc533b34199b22ae09ca

SHA1
6f04504722835d380928c5ba7966d179ccebb9c6

SHA256
d20db4499a40017784d52444e0dbdbc7b9edf0231de7a34a7f562a5c1d035a92

SHA512
7b233859e90f34c56f5ec2516abebccc8c8570b64e94c96237cba4b798bea3b70c4ad4d9159512133a4507c0736784d0d1f6244c318563324e0095f9bb0892b6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e5fc29jx.default-release\datareporting\glean\pending_pings\1be580b1-d5d8-49a9-af8c-d5b50614d001

Filesize
25KB

MD5
14c04c7743306f2ac700991e330253d0

SHA1
f14181dfdb4a0356673c0ef45a8c7239c6cc549a

SHA256
d64adeb5e7062d1b4d489ad76cac2da6b149e78c6a7413fc2f2f2551848f0cf6

SHA512
092a5e050e9aeffbe8ec853dfcba28b3d40644f87b2b2bdf6f38490d9e286f10e980b058d83ebe380ecc4b5520cdcef632f2ce6c7e9d8d79ab8c1514022c2151

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e5fc29jx.default-release\datareporting\glean\pending_pings\9be18aee-1bcc-4ef3-8ece-7eac04b32815

Filesize
982B

MD5
93d9dcd0cdbbd77e2023dd61b45d5f63

SHA1
1ddcb5ab6b34bd06d3a6bb27439ec6aa59bbdc5f

SHA256
e42233815b6f3119bc52f5762d0821b3ff490b553771b45f11340484fc38b06a

SHA512
0ffb57b3d23f6162156e274e5b70f7c92d778442463f36bd6ce7ac748010b625e8394b8123b533bcc569146a12bf4cbfd1ff5e59afd8a68aa80bcd829a32e20c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e5fc29jx.default-release\datareporting\glean\pending_pings\b2cbdf72-5029-4017-afe8-43ca1c36d69a

Filesize
671B

MD5
b529a9934c3f975a9cc0126a745d8d2c

SHA1
cc03c61491e671ec08a2caee3b4350f6492a09a9

SHA256
e4bf123d43f42e15551a5e0e4de5b986287cf413533a785e4de0e7b76bd64533

SHA512
ca67a171b038fb6e50aa10b922828586a5d0e4c3f63766ce4c9313717de982b0c705657a72561f1362364cd18c41f79347474a3bc24d5aae6d17c9084ec19196

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e5fc29jx.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e5fc29jx.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e5fc29jx.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e5fc29jx.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e5fc29jx.default-release\prefs-1.js

Filesize
10KB

MD5
8fec75d728ce762290819efb52cf3694

SHA1
319890f836e710da0aa3067f73dc6981f5b7728e

SHA256
aa41b4921694e91fb94a22f59aa20847bc80268803bc6b32d732160b0f5ea9c8

SHA512
a4c3479f17298603ba0a9c062b9cd95b8da5fecc4dadad90ec15d62375cf1eda385917262be7c620cdba87099adf7b750c12879a469b8b20b8b798643fba8eb1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e5fc29jx.default-release\prefs.js

Filesize
9KB

MD5
dd1ede50dcb9791237db1d86e759ba98

SHA1
802d7754ff48fc60151fee8061c63d7869e14ccc

SHA256
1e0533ae61d74edfa284b737a50bb7048f418b034075e8486e8fe28ddd1d2612

SHA512
7001ac2347f81705fc228952ebf8bfbc55857b8b81d9af0e9694990e4c65c597750c5e0163a99a9bfd3bde24ff4f011fcf3a9aaf332b42e4d6f30c3b27c27f06

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e5fc29jx.default-release\prefs.js

Filesize
9KB

MD5
512a1e344df631534233fd41fa2002b5

SHA1
eec8e9594373326b2e2e9c7d4a661f9f4df1a8cd

SHA256
7f936d6d59a43bb7a39962481e6e668e405772bcc9df8fe980fa58bd32310a0d

SHA512
8069da0a3ed15e883e0e3533ff08a19a10568b526a585bd346e2a195a5394d8c8390e650a56034622c72e43c52a337650d020e49d854369f100ab103a25d5b87

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e5fc29jx.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
11fd7aa4310aa575a9fbfc4292d3fe8e

SHA1
ada8e0dc1c56756cdd2af12c6c3240140695084d

SHA256
69a7c8c20699ff1e9148dc5196c30df7c0121c9dfc04a7ce73e429e30e5ab0bb

SHA512
2bd0d4a8217643264968fe5fe99e7cab2e665801f0251a614999495c06d332b345c330661704658bb8fd3e3fdc1f8ad07561b199822bcf92c88de4a661674ce0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e5fc29jx.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
46069ba307109fc8850755157b0b398d

SHA1
02558bc5057179115a78cc55b04d05991205c7ed

SHA256
a9b46626c1fa5591218d566aa1c08ad1d0ea83ac68dd90a2a4e38e189edabe4c

SHA512
d36b7100bb0626e623ea9c19d544c115ad6e963a9fafbfbe14de134ee7dc953afd10cdb807fb7889b4026e6cb4f423670c27dbf311eea2ed2fab74a8dd64c796

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e5fc29jx.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
bbf77f90dcf767a38ff27e978c1b88fd

SHA1
83e27b717a87f50c158c7837afc2b15ae6102bf2

SHA256
0c44d66ac6cec6c4cbdcc08368971ac98c9009a3670fc9a000eeb0e330c5713c

SHA512
cafc109b06165684eb1308bbef40572c0e153ea0790292877dbdf28f9798a0860ad7c66a43b870c37788b6bfd577ae3374ef572ee7ccb47397ac6cec48b5cf44

Download Submit
memory/4756-3445-0x0000000006F00000-0x0000000006F66000-memory.dmp

Filesize
408KB

Download
memory/4756-0-0x0000000074FEE000-0x0000000074FEF000-memory.dmp

Filesize
4KB

Download
memory/4756-3-0x00000000058E0000-0x0000000005E86000-memory.dmp

Filesize
5.6MB

Download
memory/4756-1868-0x0000000074FE0000-0x0000000075791000-memory.dmp

Filesize
7.7MB

Download
memory/4756-2-0x0000000005220000-0x00000000052BC000-memory.dmp

Filesize
624KB

Download
memory/4756-3446-0x0000000074FE0000-0x0000000075791000-memory.dmp

Filesize
7.7MB

Download
memory/4756-3448-0x0000000074FE0000-0x0000000075791000-memory.dmp

Filesize
7.7MB

Download
memory/4756-4-0x00000000053D0000-0x0000000005462000-memory.dmp

Filesize
584KB

Download
memory/4756-1-0x0000000000880000-0x00000000008BC000-memory.dmp

Filesize
240KB

Download
memory/4756-1579-0x0000000074FEE000-0x0000000074FEF000-memory.dmp

Filesize
4KB

Download
memory/4756-5-0x0000000005340000-0x000000000534A000-memory.dmp

Filesize
40KB

Download
memory/4756-6-0x00000000054D0000-0x0000000005526000-memory.dmp

Filesize
344KB

Download
memory/4756-7-0x0000000074FE0000-0x0000000075791000-memory.dmp

Filesize
7.7MB

Download