cfa4daab47e6eb546323d4c976261aefba3947b4cce1a655dde9d9d6d725b527

Resubmissions

05/03/2025, 13:17

250305-qje5wsy1ct 10

05/03/2025, 04:08

250305-ep9qxaytct 10

Analysis

max time kernel
47s
max time network
39s
platform
windows10-2004_x64
resource
win10v2004-20250217-en
resource tags

arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
submitted
05/03/2025, 13:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

[email protected]
Size

211KB
MD5

b805db8f6a84475ef76b795b0d1ed6ae
SHA1

7711cb4873e58b7adcf2a2b047b090e78d10c75b
SHA256

f5d002bfe80b48386a6c99c41528931b7f5df736cd34094463c3f85dde0180bf
SHA512

62a2c329b43d186c4c602c5f63efc8d2657aa956f21184334263e4f6d0204d7c31f86bda6e85e65e3b99b891c1630d805b70997731c174f6081ecc367ccf9416
SSDEEP

1536:YoCFfC303p22fkZrRQpnqjoi7l832fbu9ZXILwVENbM:rCVC303p22sZrRQpnviB832Du9WMON

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\css\main-selector.css.5EA6EEDE780809721FF8578A2532F6EBCDD834FE93ADE2393F189519437227A2	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_gridview-hover.svg.5EA6EEDE780809721FF8578A2532F6EBCDD834FE93ADE2393F189519437227A2	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\themes\dark\Close2x.png.5EA6EEDE780809721FF8578A2532F6EBCDD834FE93ADE2393F189519437227A2	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.140\msedge.exe.sig.5EA6EEDE780809721FF8578A2532F6EBCDD834FE93ADE2393F189519437227A2	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\identity_proxy\win10\identity_helper.Sparse.Dev.msix.5EA6EEDE780809721FF8578A2532F6EBCDD834FE93ADE2393F189519437227A2	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\Locales\fr-CA.pak.5EA6EEDE780809721FF8578A2532F6EBCDD834FE93ADE2393F189519437227A2	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\fr-fr\ui-strings.js.5EA6EEDE780809721FF8578A2532F6EBCDD834FE93ADE2393F189519437227A2	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\en-ae\ui-strings.js.5EA6EEDE780809721FF8578A2532F6EBCDD834FE93ADE2393F189519437227A2	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\MyriadPro-It.otf.5EA6EEDE780809721FF8578A2532F6EBCDD834FE93ADE2393F189519437227A2	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedge.exe.5EA6EEDE780809721FF8578A2532F6EBCDD834FE93ADE2393F189519437227A2	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\images\digsig_icons_2x.png.5EA6EEDE780809721FF8578A2532F6EBCDD834FE93ADE2393F189519437227A2	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\nl-nl\ui-strings.js.5EA6EEDE780809721FF8578A2532F6EBCDD834FE93ADE2393F189519437227A2	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\en-ae\ui-strings.js.5EA6EEDE780809721FF8578A2532F6EBCDD834FE93ADE2393F189519437227A2	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\ko_get.svg.5EA6EEDE780809721FF8578A2532F6EBCDD834FE93ADE2393F189519437227A2	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\Locales\mr.pak.DATA.5EA6EEDE780809721FF8578A2532F6EBCDD834FE93ADE2393F189519437227A2	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\msedgeupdateres_lt.dll.5EA6EEDE780809721FF8578A2532F6EBCDD834FE93ADE2393F189519437227A2	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\vk_swiftshader.dll.5EA6EEDE780809721FF8578A2532F6EBCDD834FE93ADE2393F189519437227A2	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\review_browser.gif.5EA6EEDE780809721FF8578A2532F6EBCDD834FE93ADE2393F189519437227A2	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\AddressBook2x.png.5EA6EEDE780809721FF8578A2532F6EBCDD834FE93ADE2393F189519437227A2	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\images\rhp_world_icon.png.5EA6EEDE780809721FF8578A2532F6EBCDD834FE93ADE2393F189519437227A2	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\themes\dark\s_close2x.png.5EA6EEDE780809721FF8578A2532F6EBCDD834FE93ADE2393F189519437227A2	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Locales\lt.pak.5EA6EEDE780809721FF8578A2532F6EBCDD834FE93ADE2393F189519437227A2	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\Locales\ca-Es-VALENCIA.pak.DATA.5EA6EEDE780809721FF8578A2532F6EBCDD834FE93ADE2393F189519437227A2	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\Locales\nb.pak.DATA.5EA6EEDE780809721FF8578A2532F6EBCDD834FE93ADE2393F189519437227A2	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\VisualElements\SmallLogoBeta.png.5EA6EEDE780809721FF8578A2532F6EBCDD834FE93ADE2393F189519437227A2	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\back-arrow-hover.svg.5EA6EEDE780809721FF8578A2532F6EBCDD834FE93ADE2393F189519437227A2	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\it-it\ui-strings.js.5EA6EEDE780809721FF8578A2532F6EBCDD834FE93ADE2393F189519437227A2	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\line_2x.png.5EA6EEDE780809721FF8578A2532F6EBCDD834FE93ADE2393F189519437227A2	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\selector.js.5EA6EEDE780809721FF8578A2532F6EBCDD834FE93ADE2393F189519437227A2	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\ro-ro\ui-strings.js.5EA6EEDE780809721FF8578A2532F6EBCDD834FE93ADE2393F189519437227A2	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\MyriadPro-Bold.otf.5EA6EEDE780809721FF8578A2532F6EBCDD834FE93ADE2393F189519437227A2	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.140\Locales\as.pak.5EA6EEDE780809721FF8578A2532F6EBCDD834FE93ADE2393F189519437227A2	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Edit_R_Full.aapp.5EA6EEDE780809721FF8578A2532F6EBCDD834FE93ADE2393F189519437227A2	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations_retina.png.5EA6EEDE780809721FF8578A2532F6EBCDD834FE93ADE2393F189519437227A2	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\eu-es\ui-strings.js.5EA6EEDE780809721FF8578A2532F6EBCDD834FE93ADE2393F189519437227A2	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\hu-hu\ui-strings.js.5EA6EEDE780809721FF8578A2532F6EBCDD834FE93ADE2393F189519437227A2	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\ko-kr\ui-strings.js.5EA6EEDE780809721FF8578A2532F6EBCDD834FE93ADE2393F189519437227A2	[email protected]
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.371\goopdateres_ja.dll.5EA6EEDE780809721FF8578A2532F6EBCDD834FE93ADE2393F189519437227A2	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.140\Locales\fil.pak.5EA6EEDE780809721FF8578A2532F6EBCDD834FE93ADE2393F189519437227A2	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.140\Locales\th.pak.5EA6EEDE780809721FF8578A2532F6EBCDD834FE93ADE2393F189519437227A2	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Microsoft.VCLibs.x86.14.00.appx.5EA6EEDE780809721FF8578A2532F6EBCDD834FE93ADE2393F189519437227A2	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Edit_R_Exp_RHP.aapp.5EA6EEDE780809721FF8578A2532F6EBCDD834FE93ADE2393F189519437227A2	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\favicon.ico.5EA6EEDE780809721FF8578A2532F6EBCDD834FE93ADE2393F189519437227A2	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\S_IlluDCFilesEmpty_180x180.svg.5EA6EEDE780809721FF8578A2532F6EBCDD834FE93ADE2393F189519437227A2	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.140\Trust Protection Lists\Sigma\Social.5EA6EEDE780809721FF8578A2532F6EBCDD834FE93ADE2393F189519437227A2	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\msedgeupdateres_pl.dll.5EA6EEDE780809721FF8578A2532F6EBCDD834FE93ADE2393F189519437227A2	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedge_wer.dll.5EA6EEDE780809721FF8578A2532F6EBCDD834FE93ADE2393F189519437227A2	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\Locales\ca-Es-VALENCIA.pak.5EA6EEDE780809721FF8578A2532F6EBCDD834FE93ADE2393F189519437227A2	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\rna-main.js.5EA6EEDE780809721FF8578A2532F6EBCDD834FE93ADE2393F189519437227A2	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\fr-fr\ui-strings.js.5EA6EEDE780809721FF8578A2532F6EBCDD834FE93ADE2393F189519437227A2	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\es-es\ui-strings.js.5EA6EEDE780809721FF8578A2532F6EBCDD834FE93ADE2393F189519437227A2	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\fi-fi\ui-strings.js.5EA6EEDE780809721FF8578A2532F6EBCDD834FE93ADE2393F189519437227A2	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\selector.js.5EA6EEDE780809721FF8578A2532F6EBCDD834FE93ADE2393F189519437227A2	[email protected]
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.371\goopdateres_fr.dll.5EA6EEDE780809721FF8578A2532F6EBCDD834FE93ADE2393F189519437227A2	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\Locales\pt-PT.pak.DATA.5EA6EEDE780809721FF8578A2532F6EBCDD834FE93ADE2393F189519437227A2	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\Trust Protection Lists\Mu\Advertising.DATA.5EA6EEDE780809721FF8578A2532F6EBCDD834FE93ADE2393F189519437227A2	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_ellipses_selected-hover.svg.5EA6EEDE780809721FF8578A2532F6EBCDD834FE93ADE2393F189519437227A2	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\images\themeless\mobile_reader_logo.svg.5EA6EEDE780809721FF8578A2532F6EBCDD834FE93ADE2393F189519437227A2	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\sl-si\ui-strings.js.5EA6EEDE780809721FF8578A2532F6EBCDD834FE93ADE2393F189519437227A2	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Download_on_the_App_Store_Badge_fr_135x40.svg.5EA6EEDE780809721FF8578A2532F6EBCDD834FE93ADE2393F189519437227A2	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\editvideoimage.png.5EA6EEDE780809721FF8578A2532F6EBCDD834FE93ADE2393F189519437227A2	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.140\msedge_elf.dll.5EA6EEDE780809721FF8578A2532F6EBCDD834FE93ADE2393F189519437227A2	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateOnDemand.exe.5EA6EEDE780809721FF8578A2532F6EBCDD834FE93ADE2393F189519437227A2	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\DirectInk.dll.5EA6EEDE780809721FF8578A2532F6EBCDD834FE93ADE2393F189519437227A2	[email protected]

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	[email protected]
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	[email protected]

Modifies Internet Explorer settings 1 TTPs 19 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1479699283-3000499823-2337359760-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1479699283-3000499823-2337359760-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1479699283-3000499823-2337359760-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{401F8FA5-F9C4-11EF-9054-FE3958392D5C} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1479699283-3000499823-2337359760-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1479699283-3000499823-2337359760-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1479699283-3000499823-2337359760-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1479699283-3000499823-2337359760-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1479699283-3000499823-2337359760-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1479699283-3000499823-2337359760-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1479699283-3000499823-2337359760-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1479699283-3000499823-2337359760-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1479699283-3000499823-2337359760-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1479699283-3000499823-2337359760-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1479699283-3000499823-2337359760-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1479699283-3000499823-2337359760-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1479699283-3000499823-2337359760-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1479699283-3000499823-2337359760-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1479699283-3000499823-2337359760-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1479699283-3000499823-2337359760-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\""	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4932	iexplore.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
4932	iexplore.exe
4932	iexplore.exe
3716	IEXPLORE.EXE
3716	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4932 wrote to memory of 3716	4932	iexplore.exe	108
PID 4932 wrote to memory of 3716	4932	iexplore.exe	108
PID 4932 wrote to memory of 3716	4932	iexplore.exe	108

C:\Users\Admin\AppData\Local\Temp\[email protected]
"C:\Users\Admin\AppData\Local\Temp\[email protected]"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Checks processor information in registry
PID:1528

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\SkipBackup.xht
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4932
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4932 CREDAT:17410 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3716

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\icudtl.dat.5EA6EEDE780809721FF8578A2532F6EBCDD834FE93ADE2393F189519437227A2

Filesize
16B

MD5
d187a3dda12e9c0533b831d076e7a9ed

SHA1
2aa59dda2ec1528c1503c11ba9759344842cabaf

SHA256
5e3bd8801244352ec34b2d91914e085392b271b5b7f5dc9f060f146887e8e72c

SHA512
49eb41ce6760e59c6ef18eda87675ac8ee49ba4705106311f2de16fbe6f6b789fca6fea4e7b623a886cfd10aae0727ac34e702e07a21b9d00b544a379b589050

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_remove_18.svg.5EA6EEDE780809721FF8578A2532F6EBCDD834FE93ADE2393F189519437227A2

Filesize
720B

MD5
3455c9c094a7a39b19cc32a450d243cc

SHA1
4ee951db239a9efdee6dba917564a8f143038f35

SHA256
6c3ad87bfd8a9bce21dab9f11cbb9aa78b5519788e57c445dc9028ec9966cfc7

SHA512
7dde97246641ca55b8fce86a2c6b022971be0f819304f08297af5fc8b60db405b919e5b172302dfb9b4e8d475272e6615f5d63c8b68ca70cb0e8041c054a90b1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons.png.5EA6EEDE780809721FF8578A2532F6EBCDD834FE93ADE2393F189519437227A2

Filesize
688B

MD5
a4ce23fd038568173708f58e848856a5

SHA1
de858cbc23d5930507d57565f2c3fd6e04553e7a

SHA256
ddf6f5835036561f215207e93ab48b4bf432fcd98bf6d20e331deec7b2cc321c

SHA512
7549404ee52d6e7bfee047cb947847bad58221f03e7a7c286320434d749f4cb400f679cd2e483fd2c936682750c64a55ab7d9217c1c52c67d4d3d00c2e213aaa

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons2x.png.5EA6EEDE780809721FF8578A2532F6EBCDD834FE93ADE2393F189519437227A2

Filesize
1KB

MD5
7454813ce1d82a38f2d7c5cfbe05210a

SHA1
bd0065648ac11f96b46af09732c26d3cf36ea5ff

SHA256
174f3016723f0a0ac149535e18b09fc475eda805171a37861dab6b58f999fe92

SHA512
a836a3f6e729ea7dc171620b0d4588de8ef66c4257fbea63e62c56df3d2ebee430ecd12ff488f40562e867fcd2612e2c45451cf528cee72e332cf43c2de93382

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon.png.5EA6EEDE780809721FF8578A2532F6EBCDD834FE93ADE2393F189519437227A2

Filesize
448B

MD5
0e7e3cce238701c595602305a46c34e0

SHA1
6819b4543d95543f5ce7e592dcac0caf69159aa1

SHA256
ed1dc7d41e2235b40ed32e84bc4cda10abc1280f4afe0a6c1febc385a6150f9b

SHA512
3d2b640344b5fab5b60f0b1cfa35d46c891429f3fe81ff9196ed27b837dca6c8f93f711920303d1b9f352c7c56c12d91eae63f20134343f738ee05758eda106a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_2x.png.5EA6EEDE780809721FF8578A2532F6EBCDD834FE93ADE2393F189519437227A2

Filesize
624B

MD5
9d869f915969d79bdb5cf5b37b40cfef

SHA1
b52acf3180cf7fa81b0d2afdcab68ec1ac4c795d

SHA256
752182ea9f28ad5fa1598f815c3f214207baa26877dc9d31bc63958f71f3f667

SHA512
a82c68bb1db82294b670399e8fd1077ec76fb9da513bd56694fefd616771b56667c859aefbf0ef691bfafe860b684e8f43ff0bea892da4ed3f481ac06d74f745

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover.png.5EA6EEDE780809721FF8578A2532F6EBCDD834FE93ADE2393F189519437227A2

Filesize
400B

MD5
0b28799027e15394b0432ada4271ab41

SHA1
6eb8ce1b4051d43f18260d56e283f371ba5aa1fe

SHA256
160c0e516b7672bdadd1adf744f439a665bc21b9bd0b57992b6f8034eecccd46

SHA512
129c30ebbb5dbddb56c15b55f67bb87d2116c0d23e09613b865a8c5c596d168c4e37ebe618a20b4e265696526290cf1fa708d5a5b68bf0be1c8db54e1d01b1f4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover_2x.png.5EA6EEDE780809721FF8578A2532F6EBCDD834FE93ADE2393F189519437227A2

Filesize
560B

MD5
48d94c75a2e6608cb4d4a92ea610cf71

SHA1
522bfe7e46007933c1f63485631428159dee651c

SHA256
02dd44d38e35d1dbdb30e36f8a230e4d87614593189b1d188264fa8330562b21

SHA512
9c2cc825ca1814d1f6fc84bcaf5c35636836393e4ccc6cdf1e04f45695e5381940adf4dc20b632ea3218405991a16c593800517f3c43a6a9707ef32767c3c7f1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon.png.5EA6EEDE780809721FF8578A2532F6EBCDD834FE93ADE2393F189519437227A2

Filesize
400B

MD5
975fdbe758d75a746db0fefe6a1e2d4a

SHA1
0c931c1c9e0d38bfb531d51b03949eea92cfbbb4

SHA256
f5e7132c3adc44ef45b387b9d4b9dbc915b294bb935b1c194d2a52727fed7f81

SHA512
559b1263703ec2753a48eaefab13f3be8f9703c3e8d0bff1bc5cf46c7df53b33d5f013b06ddb26756500349c2f842bc08ea24226cb5fef36a36cbb08daa8be78

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png.5EA6EEDE780809721FF8578A2532F6EBCDD834FE93ADE2393F189519437227A2

Filesize
560B

MD5
2c5db6c24cee40991de2497fee6f7da2

SHA1
ba1ce333f132f8f2eea0abb21e17b204a59afde9

SHA256
7f2c1fca85fe3a8466be1ccb270424fa9cff5b71e209f10f40ffd56464fe92c0

SHA512
bc5280b7d5fb20eac5c65cd259b7e6a55a032781eff494ebd80a030e3199b004e6ca0ac8aebb11acfc048215b911dcf3cd4cddc709ebb5f94539f7fc1e00a67e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png.5EA6EEDE780809721FF8578A2532F6EBCDD834FE93ADE2393F189519437227A2

Filesize
400B

MD5
b1a1dcd01b991bde8b7eb46642a2db7a

SHA1
129c2c354296ac80295c1e0989d183d05936f7bd

SHA256
c057c9e74aba66a8c19e547b2713e9a0655a82273f148d8deecf23c700932e8b

SHA512
4b1228dd89fb71bdea3daa3f0416218af44598fdad5861c33483c9e7bc7e882af0c52896c1a56fa47466f87939e9162602ccc722b15860ab4978801a257b7430

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png.5EA6EEDE780809721FF8578A2532F6EBCDD834FE93ADE2393F189519437227A2

Filesize
560B

MD5
030b8ce27ba0ad2552efa68613dc1fbb

SHA1
1da8600902ce792bfce955e2fbb2c41bab22a5f6

SHA256
dffe0067056e358c93b21dd104c391128b2c3e127d61eedd7bc43c3b4e5d15d6

SHA512
6d75ed26583a51414380d408d0f86215da7e48d55525518a40f7463a63002efa0b478702c57b5ba98e836de704a6d059f1f1cf695cc2f071a36835cd2ed3048e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons.png.5EA6EEDE780809721FF8578A2532F6EBCDD834FE93ADE2393F189519437227A2

Filesize
7KB

MD5
b2cf70bd237d11afaf2ab2807f6e0b61

SHA1
5318d723172cfa4b5c86fd284e0d57ce48436fec

SHA256
f8f2d2bfaf4102801c67b37b7ced64094c90bc3d31a7521b8be8b319dae07bc1

SHA512
cbba3885de0aa289a1ca1bb1b61c206ee9c7ea041fd84ef33b4e7c0af49109eebce7b22cbd2da0e86fe0c6a669f890942529fda7fc4cca84fac06e2d37000392

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_ie8.gif.5EA6EEDE780809721FF8578A2532F6EBCDD834FE93ADE2393F189519437227A2

Filesize
7KB

MD5
85e536c433cdc99ba1a15ce91fe51a38

SHA1
95eb39be0efd541b6f1994ae2e1ad25d049d39dc

SHA256
e8a891b10be07ac9ad43eb99c515d99355feb5795a4117f8bdf4cd7bbc763f8b

SHA512
95f17771a37683d534d75d6f5c5ad66f8e7f403eab3a4606391d7bd12610c3b0f7d2d055224c4cc700852fa8d4beafa2ab3d5a96d19f01c97f83f147f6f273e8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_retina.png.5EA6EEDE780809721FF8578A2532F6EBCDD834FE93ADE2393F189519437227A2

Filesize
15KB

MD5
90d9544f4ea49d11c206fc6afdb88a2f

SHA1
468f32559c11bd5dd3e89a6c6c3d5cd257f10b7a

SHA256
60f0995303d0a2c3d25813fc07767b32ca1e6588f771b050b6bab0438923acc9

SHA512
dd1b24ef26556eb473872396e5c7e56816e165f016cfb157385f707706e00412c638ff79334c40354d7cd1028dc6ba04bca018f7663602721c8e70eb2d90acf9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons.png.5EA6EEDE780809721FF8578A2532F6EBCDD834FE93ADE2393F189519437227A2

Filesize
8KB

MD5
8b8afef9b28c15d8c19510ec57b1244c

SHA1
9e33658bf46efa92cd7ed5d70bd9a837f94431c7

SHA256
89111a0aeccf48b41fe8798439d998364d4e4c8b82a3940b5f1acdc48f5b4a53

SHA512
f5d30736bde541278097d5b5dd6b45db4e5299653730b95fdab94a09ba37ba25577648a66f8bbfc4f2a4ff0d175a2b160250111618b99975487d69baedb88792

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons_retina.png.5EA6EEDE780809721FF8578A2532F6EBCDD834FE93ADE2393F189519437227A2

Filesize
17KB

MD5
1e103499f1b4a2663529d94a59798234

SHA1
5e06554aef041e789a84b59e997e2d4785379f63

SHA256
cef19966b3f369830508c21635a00ac3df31bb25cd5b2378e77ecdcd1c8ae0ec

SHA512
268bb37bd0c2779eeb380983c566df0faad75528321abfcac0783cb07843218e6f01df65d6bd2bb564233aa0aee291d0dfc9de433fd3b8b0e089a93ef0b81f83

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_pattern_RHP.png.5EA6EEDE780809721FF8578A2532F6EBCDD834FE93ADE2393F189519437227A2

Filesize
192B

MD5
8a0739b08db3a39c985fed35b592dd22

SHA1
3db409bcb2206f05745be3a1ad67f2954e5aa0ee

SHA256
fc669f6a238c2912e5a49a94212dd25126c68f0759dad88ba9414065ed436b8c

SHA512
3624cd79deaa93b5acdc7da36fe7ebf348b88905c5f49cdceafa94c31879fd19de9aca0a7f94c4db1a409bd548b31c35234ce114f68d730cbe706c0834139132

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_patterns_header.png.5EA6EEDE780809721FF8578A2532F6EBCDD834FE93ADE2393F189519437227A2

Filesize
704B

MD5
90d3efedbf8b9470e853e167c48efba8

SHA1
f23a4d7f83c1c78d9fbcd39d2dd87ed4a4d98ef2

SHA256
a64dc7163aa4652efbdefe399f795e704a76a93810e6d88d48b89d88b1113749

SHA512
6537f67407d561dd703dba0baf98211c98709c9ab99a649406da3c05c44b2c496b0a978ff5c2ae18f40882597ce1d1479b55317194fbc049020fafb0e66cbe9c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations.png.5EA6EEDE780809721FF8578A2532F6EBCDD834FE93ADE2393F189519437227A2

Filesize
8KB

MD5
9ca15e068ba945192993283f289f30ac

SHA1
bc8308cbf17ccc1b3210238f7a7fd23d9b6fbe23

SHA256
30fcdda4381bcb938cd338cd02f7a64041cc7591a2b85809a5c1de3404dc7f34

SHA512
67e8239ec487791a8f4a22e5e281b8abbe0dbfa393f3e035f8099e51d4e387a99a6aa6d8426bad0a59fa1850342be1512b0e0c4fc6cf5ef7fe45317e9043a658

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations_retina.png.5EA6EEDE780809721FF8578A2532F6EBCDD834FE93ADE2393F189519437227A2

Filesize
19KB

MD5
2097e05d24e118611c7e09d371943a68

SHA1
1e448758fc5c9bc0b9f8903b191766593c5db2dc

SHA256
00eb4eca90a610a62dcd4fecb9cd1a2eaab726504d0b7eb7d87bff3b0e5c6626

SHA512
42e3ba3e56b2cfd7ce867ee59f7c1c023953ef640158806bcecc5dc70290f2aa15195ea958f7959d1ee1468876e672ecb2ac27f1d904a64b5b226c88c4d6ff83

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-gb\ui-strings.js.5EA6EEDE780809721FF8578A2532F6EBCDD834FE93ADE2393F189519437227A2

Filesize
832B

MD5
fbbb34e78a3ad84578cca34879bd5e1c

SHA1
b382d4cd819c75837d61a29dec35c4f9aec3578a

SHA256
013597da77cbca6d4986408b78f4b48e15eb1f34f7ce561da916a419dc5f1e02

SHA512
983ead5496c87711921e88d60c0ff729f74f239124091f2dd8238d6f0e0bce3b070b31b03f4e547a0e07c8c9764e0b2582aee3efd8c65246cf1aacced317170c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ui-strings.js.5EA6EEDE780809721FF8578A2532F6EBCDD834FE93ADE2393F189519437227A2

Filesize
1KB

MD5
5564b8fd19252089b23fd281abbc2a73

SHA1
f16ae5a0562a9baadb6756c69747a0fcf44758ad

SHA256
a0d200b1e48ddfb1e62645f40b13c13e4c76e27a36316efdfc90067b9eda8c21

SHA512
32cc8e2c5839c181e4bd0ea78e6dc1d1d115010164b2f1f20d06cf7d0a1a5e36fe359719fc4fcc3bdabdd608e6dd3c8e4589f56883d9759c2c1bbe4a9afddb33

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ui-strings.js.5EA6EEDE780809721FF8578A2532F6EBCDD834FE93ADE2393F189519437227A2

Filesize
1KB

MD5
edefb2731f7cfde788fc4e3c728bb4b0

SHA1
af7c44ba20990ae901cb1a9f94849f16ac497007

SHA256
7abc4a4a0c6876e93735c1acf7f002fe9f151b7c446273a46de6b7899e421de2

SHA512
f9cb090ea1fc9dd8b354640ec51ca5c6bd0ed0893bc17e956af1dcb1c221e80bf42396ad486256d4d509a537bb5beeacf8e4cbef8b9240caecaf5983691a1d55

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\css\main.css.5EA6EEDE780809721FF8578A2532F6EBCDD834FE93ADE2393F189519437227A2

Filesize
816B

MD5
6f16c2215319bad2dc1b8afa37dac6d2

SHA1
a70651697938300b2a6ce1548acc027413972ad5

SHA256
4e3706903b8fba8c167c14224728175e24cda864e7e9b765bc2786c1969c7b1d

SHA512
1aba3dd9228976f27af0a949f5338cb77541e8161f6200fbc2702862ca05ec244ba5924c3211abb0528c34692b14d8bdc94e8418ae564787fa79e6c5a0ef2fd2

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\bun.png.5EA6EEDE780809721FF8578A2532F6EBCDD834FE93ADE2393F189519437227A2

Filesize
2KB

MD5
beebfcda632d0bb45faeae95ee14cb52

SHA1
a007b18d32385b2152094ecdae38bf5f8b11ddef

SHA256
d59ce0279c231ffe9fc8468ec0b8cb7c2b7c1d3c20e87810e4317af4727cb4d6

SHA512
acdbdd4c3612828aa0b8af8a3638f921f2789f425f192589590bb629499ea178d8d536209042500d195476f0a93729d0b31001ed786d5cbc7136f3a3cddcddee

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview.png.5EA6EEDE780809721FF8578A2532F6EBCDD834FE93ADE2393F189519437227A2

Filesize
2KB

MD5
eff82e19c1e3854264bad78167ac8ada

SHA1
808c08c85f6f43097d3a8bf845f28be763b65f7c

SHA256
d2344f0a1dd31424819f4df116c40de597bbe80efa344f6908ca825d3389c55a

SHA512
1aeca63d40045b76742f6a69a46fd4d37cf5a1240909c615d82ac26125d45cc184a02ec0dc13296e71f2392b020fee8e0815a8b1f6600cbde82051341a21592f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview2x.png.5EA6EEDE780809721FF8578A2532F6EBCDD834FE93ADE2393F189519437227A2

Filesize
4KB

MD5
3dddf1b5979847b566553d0fdce50acb

SHA1
5d05e20b70f290858436ad9e49f722c5b8ddeabf

SHA256
94fb171dd36b52f85bc50d673e418850f90a4be12626c696863de759f6d2ebc7

SHA512
605bb6572cf082cecd565b15296872a3869307abe9b0fe8070a0dcefc338356fc52d55d0ee2e24a9fd1187e7b32ec2f3ea925748e13c63959a3c7657f96ad9e3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small.png.5EA6EEDE780809721FF8578A2532F6EBCDD834FE93ADE2393F189519437227A2

Filesize
304B

MD5
6f28b20ec5329ddad0469227d8350c75

SHA1
5fefe73524d28497478102618415b7a38022e528

SHA256
cddd6494b62d0199e15806b940a9c94df7c97ee2b74e1b2f9323a8283911b57a

SHA512
24d5453e8d6872515a96c826c95de993b2157a5bb3fecd93af8e3e42ada82fbbd59f5efd20d35a3b32b1a41d001603de5311a32280537fd85787bc86bbbf6f35

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small2x.png.5EA6EEDE780809721FF8578A2532F6EBCDD834FE93ADE2393F189519437227A2

Filesize
400B

MD5
67d86559a5f904c1f0b4487b29000e44

SHA1
3a69730916f8e00efe658a90cadbada18f63b5a1

SHA256
4e72a6ce676702afa1eaa0618b8b17dbed53c848fc13c46d3f7783a783b4b3c3

SHA512
668ae18f1aa398a48ec0a3f51659a878eba037a090e9d9db87108e656c1374d09183454008ffd9ba3c6bcb4c17f32ad17e3dcdc589d92b04b7e6cf27d88f4527

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\nub.png.5EA6EEDE780809721FF8578A2532F6EBCDD834FE93ADE2393F189519437227A2

Filesize
1008B

MD5
08608c9ec56fa23004ecd479ec3ff15f

SHA1
ef51856c3d78775d02d1d5613d118ba26d8b7b1e

SHA256
19d5b4cdb30796ad74fa510b2cbf4437bee3aca9d6236de4cc9fee7b2c40bbb5

SHA512
416c01acac4542a8668cc2089ed9ffa87393a572aece3dd7b29b1670b05736e5a04ec5976260d4e21ddc787ce33ca4dfb24675611dd7e9a49bed1f744de71c64

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons.png.5EA6EEDE780809721FF8578A2532F6EBCDD834FE93ADE2393F189519437227A2

Filesize
1KB

MD5
3762c3eb75fbbaeff151f86f6f275051

SHA1
c96b77932cecc1736094de6594f95b34ec120212

SHA256
cc50535dac60fdb750955d064da3cfa654599c20dab3dc3c4d77fbec353dd129

SHA512
4c438edfbc0eaf231080ca64557b9688b41837dd89c4d2798a99b050f172dee4229d264d3c01c44758f950766ddfb9491d306b03f10798095719b3ffb5c34b19

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons2x.png.5EA6EEDE780809721FF8578A2532F6EBCDD834FE93ADE2393F189519437227A2

Filesize
2KB

MD5
d6534b27a3a662feb34ff52dec692c1d

SHA1
88ee94016842ad55c4540b630ee00df654ed1f0e

SHA256
618410c9935447b8be2aad0027bf8fa03e3ce3d28cb53906d69fd2fa19996fa5

SHA512
b26cbdc189ea12599a51f1ebfbf7e3d55d112b34a224029dd787af71d66440e52f29bda05e8b46f85ae9651f0e6da114ab60139cd32538297ee2e00f9a2a4ff0

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\nl-nl\ui-strings.js.5EA6EEDE780809721FF8578A2532F6EBCDD834FE93ADE2393F189519437227A2

Filesize
848B

MD5
8ff92ef5de0ecc8e1d5a878db6d4a3cb

SHA1
ac08eeacb935f428561e295785fca0cf320be9a0

SHA256
255a63fad0b460b9673d07e8e81acd753fd5c35dffb6b0d0def142c31f170b3a

SHA512
f3fad2facece33ff993e1b846f653e2db71ece17b9cfaea750e34a0cd517ed005f3de17130444e090d32658071de960ab41cb81194176329caa544f17fe031be

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.5EA6EEDE780809721FF8578A2532F6EBCDD834FE93ADE2393F189519437227A2

Filesize
32KB

MD5
07329a716e3b3569cd2c653e5ac048c2

SHA1
0e0744bacd765a1cff7c7cdb64f331d72f6f6316

SHA256
32d9e2ce8c7f066cc2b1eb7a7181587c3bab784223a8ce58bd3b7b75eff38807

SHA512
5eb55c643dc5176d14d21a1d5df49d96dff8123eec53680a20a1bef14a2ce2cce4bd440bb700d4eaaf4279c603b33a95b7d3fd081b50575eaa49330f48a19a66

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\identity_proxy\stable.identity_helper.exe.manifest.5EA6EEDE780809721FF8578A2532F6EBCDD834FE93ADE2393F189519437227A2

Filesize
1KB

MD5
7fa75640edd0afffb472694b262309c5

SHA1
faf54a75c58599f348e137e65a21e672e442f3cf

SHA256
7a2772b800719b95b33a1c424c830e216b8e5e900f1955240e84b410e8a630c0

SHA512
76c961e595c3a62dc349a89ad121362cc9321af7a3eb75264e5d429aaa1991b19ba7a9c51957c708e16a608602a86720f44608a40d3b36a06e336547cc263acf

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\identity_proxy\win10\identity_helper.Sparse.Internal.msix.5EA6EEDE780809721FF8578A2532F6EBCDD834FE93ADE2393F189519437227A2

Filesize
56KB

MD5
a5d219063b0d6294d0ab4545145a0001

SHA1
bac3f17f1d48a2c33abdcfda468a72697239213f

SHA256
983136344b3c9d24b6b80e8e7d28f1a5f64ee138b244978bc9d46159e723ba98

SHA512
fab3b9647c2f00b5f47e70490c8826aa18d80e5451873f2b973b2921410ae976bc90e540b8fb3a77b0f983d6872fcf55a1de87ffcf278bafd1cae1db4204553b

Download Submit
memory/1528-6-0x0000000005560000-0x00000000055B6000-memory.dmp

Filesize
344KB

Download
memory/1528-7-0x0000000075320000-0x0000000075AD0000-memory.dmp

Filesize
7.7MB

Download
memory/1528-0-0x000000007532E000-0x000000007532F000-memory.dmp

Filesize
4KB

Download
memory/1528-5-0x0000000005300000-0x000000000530A000-memory.dmp

Filesize
40KB

Download
memory/1528-4-0x0000000005370000-0x0000000005402000-memory.dmp

Filesize
584KB

Download
memory/1528-1804-0x0000000075320000-0x0000000075AD0000-memory.dmp

Filesize
7.7MB

Download
memory/1528-3-0x0000000005880000-0x0000000005E24000-memory.dmp

Filesize
5.6MB

Download
memory/1528-2-0x0000000005230000-0x00000000052CC000-memory.dmp

Filesize
624KB

Download
memory/1528-1-0x0000000000980000-0x00000000009BC000-memory.dmp

Filesize
240KB

Download
memory/1528-1390-0x000000007532E000-0x000000007532F000-memory.dmp

Filesize
4KB

Download