ef57202247d4b07c345a0f5eb3e17a64a465e7ae86ee670eb521750edfc24274

Analysis

max time kernel
172s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
19/09/2022, 09:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ef57202247d4b07c345a0f5eb3e17a64a465e7ae86ee670eb521750edfc24274.exe
Size

1.2MB
MD5

3af20844064ec8b72b08180d09d27540
SHA1

8794f55c247a6a690a61f4f97aab6466bd692205
SHA256

ef57202247d4b07c345a0f5eb3e17a64a465e7ae86ee670eb521750edfc24274
SHA512

a20269872b0bb9e71eababe6261759742a987ee5d414643be6ace0b34451799d4ccf8c86687d8e781882a72ad3e85156b8a20740eb280213e5ada6b156d8d9f6
SSDEEP

24576:8OUb860NSG+uuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuIuuuuuuuuuuuuuuuuuuV:B+8+uuuuuuuuuuuuuuuuuuuuuuuuuuuy

Score

8^/10

persistence

Malware Config

Signatures

Adds policy Run key to start application 2 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run	alg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lsass = "c:\\windows\\system\\alg.exe"	alg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\svchost = "C:\\Windows\\svchost.exe"	alg.exe

Executes dropped EXE 3 IoCs

pid	Process
408	ef57202247d4b07c345a0f5eb3e17a64a465e7ae86ee670eb521750edfc24274.exe
2412	alg.exe
1364	alg.exe

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	ef57202247d4b07c345a0f5eb3e17a64a465e7ae86ee670eb521750edfc24274.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	alg.exe

Loads dropped DLL 33 IoCs

pid	Process
1364	alg.exe
1364	alg.exe
1364	alg.exe
1364	alg.exe
1364	alg.exe
1364	alg.exe
1364	alg.exe
1364	alg.exe
1364	alg.exe
1364	alg.exe
1364	alg.exe
1364	alg.exe
1364	alg.exe
1364	alg.exe
1364	alg.exe
1364	alg.exe
1364	alg.exe
1364	alg.exe
1364	alg.exe
1364	alg.exe
1364	alg.exe
1364	alg.exe
1364	alg.exe
1364	alg.exe
1364	alg.exe
1364	alg.exe
1364	alg.exe
1364	alg.exe
1364	alg.exe
1364	alg.exe
1364	alg.exe
1364	alg.exe
1364	alg.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	\??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\alg.exe	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RCXF059.tmp	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\RCXFBEC.tmp	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\RCX849.tmp	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\RCX132B.tmp	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\RCX101F.tmp	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\RCX13A0.tmp	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RCXF018.tmp	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\RCXFC10.tmp	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RCXF006.tmp	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\RCXFEFF.tmp	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\RCX133C.tmp	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\RCX13C2.tmp	alg.exe
File created	\??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\alg.exe	alg.exe
File created	\??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\alg.exe	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\RCXFBFD.tmp	alg.exe
File created	\??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\alg.exe	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\RCX12F6.tmp	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\RCX12F7.tmp	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\RCX1309.tmp	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\RCXF9D3.tmp	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\RCXFBFE.tmp	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\RCX86C.tmp	alg.exe
File created	\??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\alg.exe	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\RCX134C.tmp	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exe	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\alg.exe	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\RCX103F.tmp	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\RCX1041.tmp	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\RCX12E5.tmp	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\RCX12F8.tmp	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\RCX13B0.tmp	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RCXF06A.tmp	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\RCXF9C2.tmp	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\RCXFA15.tmp	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\RCX86B.tmp	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\RCX86D.tmp	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\alg.exe	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\RCX85A.tmp	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\RCX13B1.tmp	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\RCXF9E4.tmp	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\RCXFA04.tmp	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\RCX838.tmp	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RCXF007.tmp	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RCXF028.tmp	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\RCX1051.tmp	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RCXF058.tmp	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\RCX859.tmp	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exe	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\RCX131B.tmp	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\RCX136E.tmp	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\RCXFB3E.tmp	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32Info.exe	alg.exe
File opened for modification	\??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe	alg.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\svchost.aaa	alg.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 15 IoCs

description	pid	Process	procid_target
PID 680 wrote to memory of 408	680	ef57202247d4b07c345a0f5eb3e17a64a465e7ae86ee670eb521750edfc24274.exe	80
PID 680 wrote to memory of 408	680	ef57202247d4b07c345a0f5eb3e17a64a465e7ae86ee670eb521750edfc24274.exe	80
PID 680 wrote to memory of 408	680	ef57202247d4b07c345a0f5eb3e17a64a465e7ae86ee670eb521750edfc24274.exe	80
PID 680 wrote to memory of 2412	680	ef57202247d4b07c345a0f5eb3e17a64a465e7ae86ee670eb521750edfc24274.exe	82
PID 680 wrote to memory of 2412	680	ef57202247d4b07c345a0f5eb3e17a64a465e7ae86ee670eb521750edfc24274.exe	82
PID 680 wrote to memory of 2412	680	ef57202247d4b07c345a0f5eb3e17a64a465e7ae86ee670eb521750edfc24274.exe	82
PID 2412 wrote to memory of 1364	2412	alg.exe	83
PID 2412 wrote to memory of 1364	2412	alg.exe	83
PID 2412 wrote to memory of 1364	2412	alg.exe	83
PID 1364 wrote to memory of 2888	1364	alg.exe	84
PID 1364 wrote to memory of 2888	1364	alg.exe	84
PID 1364 wrote to memory of 2888	1364	alg.exe	84
PID 2412 wrote to memory of 2684	2412	alg.exe	86
PID 2412 wrote to memory of 2684	2412	alg.exe	86
PID 2412 wrote to memory of 2684	2412	alg.exe	86

C:\Users\Admin\AppData\Local\Temp\ef57202247d4b07c345a0f5eb3e17a64a465e7ae86ee670eb521750edfc24274.exe
"C:\Users\Admin\AppData\Local\Temp\ef57202247d4b07c345a0f5eb3e17a64a465e7ae86ee670eb521750edfc24274.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:680
- C:\Windows\temp\ef57202247d4b07c345a0f5eb3e17a64a465e7ae86ee670eb521750edfc24274.exe
  "C:\Windows\temp\ef57202247d4b07c345a0f5eb3e17a64a465e7ae86ee670eb521750edfc24274.exe"
  2⤵
  - Executes dropped EXE
  PID:408
- C:\Windows\alg.exe
  "C:\Windows\alg.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:2412
- - \??\c:\windows\system\alg.exe
    c:\windows\system\alg.exe
    3⤵
    - Adds policy Run key to start application
    - Executes dropped EXE
    - Checks computer location settings
    - Loads dropped DLL
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious use of WriteProcessMemory
    PID:1364
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c del C:\Windows\temp\*.* /q /s
      4⤵
      PID:2888
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c del C:\Windows\alg.exe > nul
    3⤵
    PID:2684

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe

Filesize
545KB

MD5
65c648493aeb4ea7532f057b04f2701d

SHA1
c7d82e897ff0dfa0ff4a9994e647a02286a5d53b

SHA256
bbaf6a43aa4a2a15f895959d44721b656d9c5c5bdfb5ea92315481b5b850f448

SHA512
72348b51b733d4725b0ef2b90fdef10de3a822ef655c3033f2eac7c0c8a3b52701109e68084a39eaeaec34e0fb1eff414ca91c007922ef9ee3df35ff23b770b5

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe

Filesize
545KB

MD5
65c648493aeb4ea7532f057b04f2701d

SHA1
c7d82e897ff0dfa0ff4a9994e647a02286a5d53b

SHA256
bbaf6a43aa4a2a15f895959d44721b656d9c5c5bdfb5ea92315481b5b850f448

SHA512
72348b51b733d4725b0ef2b90fdef10de3a822ef655c3033f2eac7c0c8a3b52701109e68084a39eaeaec34e0fb1eff414ca91c007922ef9ee3df35ff23b770b5

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe

Filesize
697KB

MD5
33cdeb14fdcc97f0fca0aee906b49487

SHA1
197714ae30e545b041d434bdd6e18633461d2fd7

SHA256
b7aebc9e48ac6217654d30959f2301cb6544c03238b55d9aafdea4e6897c04a3

SHA512
932a7c914e907e877cce2cc7aef7a4ec4f5dc40c9936b23ab2e67779905a2493c0b7f593ff51c732ed5a3f7b9164537d1b4b869eba5cb4cfeecabb584056b204

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe

Filesize
697KB

MD5
d14d4dd2385506377cebb0ee871498a2

SHA1
371f2eedb1b25eb2d583b8a139c1eb762ec54867

SHA256
db06b28c8085e1a968caa9bebcf59742312399706c9af19ec505a725827077b1

SHA512
07313baa238d39bc6d0e2b312072ff404ba5293b298367c6572c929b87cf080a512f1fb05f0f2826b0db858f7a711501f951a07bab56d9ae96783dd2b5bd7400

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe

Filesize
9.7MB

MD5
c846a73a28777af88d91e81dac8618ed

SHA1
964e5d402b0d4c904e1ee157c3c321d863728ffe

SHA256
02486cff829b597bfe20f0559216da84e77b9d537c437dfab7b0dacc98a0a88b

SHA512
1fb031ee04ecf88f13a6ee8f731a61c0032a2a150b8bb8d0a6fcb7c0bbaef2bfeb5330346eccdc792a3064b0a8eac0a94a38b0a6c682051fdbd0059c4802f191

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe

Filesize
9.7MB

MD5
e452ced776bc5ba0f18eca0ae533410f

SHA1
56b7907ac4881d8bb0a3087b41e437649c50b618

SHA256
dc938e2b2b07b442aaf593a9f6095a40d17923a03203bc1c70eae3f98d055e22

SHA512
b9f742a7da6c05d3f37ef0806ca6c2fec96988084c7e18383eae94ac02711a7057ca267bbe5aa9cf92ab1a4457417345099296f1af008983d7cc38545c82ba91

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe

Filesize
25.2MB

MD5
44f6d2fdd1a9ed4649c3a25d29ed1400

SHA1
100c25f1a520eae39892484d52fc98809adc19ff

SHA256
87d0125ac7e2b202d0f7489a09e0c4c454f1efd465aca235ed14697b75285dec

SHA512
6fe8aae45c093ed81a11c1e84ad8532428e9b383ae00b678ed054f3e3dcfd47863d28be030168e40492139b579857547a970d8f955b4951e227f35019a3f8da3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe

Filesize
25.2MB

MD5
44f6d2fdd1a9ed4649c3a25d29ed1400

SHA1
100c25f1a520eae39892484d52fc98809adc19ff

SHA256
87d0125ac7e2b202d0f7489a09e0c4c454f1efd465aca235ed14697b75285dec

SHA512
6fe8aae45c093ed81a11c1e84ad8532428e9b383ae00b678ed054f3e3dcfd47863d28be030168e40492139b579857547a970d8f955b4951e227f35019a3f8da3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

Filesize
3.2MB

MD5
5f16aaf607dfb313c67acb40b64bd18c

SHA1
9fcdb732de1e8e6461fe1fb721fad95ab0370057

SHA256
084896a3e74d099beea4bf948fc885695792f2514ddf9ac70b94ba19fecab09e

SHA512
0e4fd7229215c5e764ed4fe7177c20b5436483dccf24595818467fadd1bb91d192d99a7cbe564a405935c2ca8c9c9ef8138de8e8d61d53b750833d3813de65fd

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

Filesize
3.2MB

MD5
ed946c9552375dbc755679fc4074314b

SHA1
0d7d749c580ddcdd6b68e697d6fdd6de3b790a0c

SHA256
931fcbe1a668365a39eb031fac2e1fb981f074dfc46fc4172bf9cd99a4796fba

SHA512
845b54f5bd81739cf7a72e22f87b972d3e2c43fb99779cb30e2e1baff21a1f3505e37392fc2453c660986ac9ad786313ce71a3e77283efccee9142989d165bea

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32Info.exe

Filesize
438KB

MD5
53e196748981de7f58ddca0363ee8625

SHA1
7681a6be76395a32caf9bc1fa703a5776e83c9fc

SHA256
cd983485ce6d80f8b22b6b57bda1e6894167c469eae7bf89bb10d97b0be2c00d

SHA512
b4035b9967a4a360185bdde39013bcd4932cae77dc1c73293999118e22dffce0587de4c51dc0aba385e5c814262f7f47bd7c4f7fe0b3111358b07b617a2e5648

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32Info.exe

Filesize
438KB

MD5
53e196748981de7f58ddca0363ee8625

SHA1
7681a6be76395a32caf9bc1fa703a5776e83c9fc

SHA256
cd983485ce6d80f8b22b6b57bda1e6894167c469eae7bf89bb10d97b0be2c00d

SHA512
b4035b9967a4a360185bdde39013bcd4932cae77dc1c73293999118e22dffce0587de4c51dc0aba385e5c814262f7f47bd7c4f7fe0b3111358b07b617a2e5648

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe

Filesize
456KB

MD5
02b989f470568ee31e8cdabeeefb6154

SHA1
ff2bcbc252eeed5e6c304dd11fa2a052cb1d016e

SHA256
dea35c9a6662d2afc2088e76bebfe2f54a99b0e750adbf0cb9db66dfe24f7cfa

SHA512
29add513b534e2fe6e9fce50bf1705ca1145a3577cfce3f4abd538d461d9ea046631b1c647f7612d7d066683e0f92cd36cd9e8c694dcd07fd1a92654bb760e96

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe

Filesize
456KB

MD5
e130f1a6c511440a556d2aa5571245b4

SHA1
5ec21851a45b54878c21e9660a416c01e9079b87

SHA256
c78bb6fce2d28af03c2182ea30b33e9aeeffbe472ea9dc910c8a1b5ce7528c08

SHA512
c873e321762149459317b1e0f64c8c8baebd2e8808d76815ed5d69eb543f64d4a9dda94decc5cd132efd4b77e67eea5339c32d9cb73a3def157dbcbe4a9df56d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe

Filesize
6.0MB

MD5
2a07d9ea070be274f6cd9e99defb5fd1

SHA1
35610c2c3066439cd5f5c040b564cd31935e40b7

SHA256
7b436bc399ff203d4502426f5175a7800d284fc6f676fe81f8cc40ae420e8c0f

SHA512
2769b48b07dd190003176fd05cfe38e8cbee51dc36d2ce35d84a08b4a2347d6af1421e60352ff33bee53948e6199e06aa99314e835f3918544e75f1c27f2cb8c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe

Filesize
6.0MB

MD5
95b060fe0c2663bad4c0947f0cdc7845

SHA1
86e5eb8b7904362c33ae3125a53c62e3e4d2d9d6

SHA256
d82a83670c341d901a4457f2f998d98d8b5b73e8c8182a8241533381f1fa5ea3

SHA512
3e168077d2b5fbc75b56e8bf400c02c5dca0db72cea225d028ca8daef86ab7f62b623a29888da8d4b0e0f2d8042b89e634285cd22fd95d6988656fc377813f6c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe

Filesize
143KB

MD5
aed56efadf897456d2a4411de0dcbb40

SHA1
fb87c1f327808980577b1370c66b4a331a29dfa0

SHA256
7fb6e5e624f30ae037d398e2eda1312e8855c49a1eae27cfe800d69e46898601

SHA512
07c78455b47cd07e5176280266c56f0e5ca2823bff0ce32d23fca4642a0b87efb75c564ebc81fae4598c5aed5e6adabc48a8105c12bfde3dcc8bf820bc3486df

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe

Filesize
143KB

MD5
aed56efadf897456d2a4411de0dcbb40

SHA1
fb87c1f327808980577b1370c66b4a331a29dfa0

SHA256
7fb6e5e624f30ae037d398e2eda1312e8855c49a1eae27cfe800d69e46898601

SHA512
07c78455b47cd07e5176280266c56f0e5ca2823bff0ce32d23fca4642a0b87efb75c564ebc81fae4598c5aed5e6adabc48a8105c12bfde3dcc8bf820bc3486df

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exe

Filesize
501KB

MD5
13dede7da5f88a0a81b923bffff8c3d6

SHA1
f16cdfec147422f02bdd2eec65ffbb6abe133061

SHA256
d44dbb40c05a95ca7dc3825ec9d6030d7e0929f633b275ebf0d55fc3a2ed85a2

SHA512
58a10d0b78d84f426be621a6291a00ddf8326a9aa32fbbbd0253b74c1d2003acd793c8f5cfd96c8d2f396920fa0bfab37f4e31817e090d572a7436d4f5407590

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exe

Filesize
501KB

MD5
13dede7da5f88a0a81b923bffff8c3d6

SHA1
f16cdfec147422f02bdd2eec65ffbb6abe133061

SHA256
d44dbb40c05a95ca7dc3825ec9d6030d7e0929f633b275ebf0d55fc3a2ed85a2

SHA512
58a10d0b78d84f426be621a6291a00ddf8326a9aa32fbbbd0253b74c1d2003acd793c8f5cfd96c8d2f396920fa0bfab37f4e31817e090d572a7436d4f5407590

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe

Filesize
623KB

MD5
56bafe87fe1fe1d1d7627095e2099a3d

SHA1
8ab9335b2074e0488e9ff47800628d9a7a78d007

SHA256
1f383128e577afbacbf00feda986b27175e111d1d3ad754d9efd34410ee8c3d0

SHA512
b0d8c9d87bd890ac6aadada88cc9f6b9d36d02ee0e53018045850027391ea6bc5c97836190dbe740b0e3f24ef556efb7c77e3e9f6830e56fe5cebccbe241a3a3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe

Filesize
623KB

MD5
ab3d96f88c64b05293c1b5afc5e9a06e

SHA1
7efb15a05ec1fb96fec080a6047d79da757226f8

SHA256
1fa44cf70ba37cd637eb888852eb3a700da29c62b5060eb70cfc1bd1c658af63

SHA512
3f186b939eaf638c4c162f4fd52c36fbfd8a59296f4ba05b0fca27803912c510645218ac56051e505735f5804084914169d81b80f53a2a800de134989960cb57

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe

Filesize
755KB

MD5
377164c192280183c8a9985017e250e8

SHA1
e7859a70258f9e032c6d4dd6d2c4e01487bc050c

SHA256
7f712e895587e71ac332b8adafa530904876bb6ac74a4cf9d92db8f7d31905bc

SHA512
a4d5dfc1262e5e43e16912cf636ca11619c9a98baebb157d614e239ddfdf265b2837276567eefbc5350f57311021ad3a44e7eecc723eaea4c86ede9947dd28fd

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe

Filesize
755KB

MD5
377164c192280183c8a9985017e250e8

SHA1
e7859a70258f9e032c6d4dd6d2c4e01487bc050c

SHA256
7f712e895587e71ac332b8adafa530904876bb6ac74a4cf9d92db8f7d31905bc

SHA512
a4d5dfc1262e5e43e16912cf636ca11619c9a98baebb157d614e239ddfdf265b2837276567eefbc5350f57311021ad3a44e7eecc723eaea4c86ede9947dd28fd

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe

Filesize
494KB

MD5
d43d8e437e3991e045f847c436086334

SHA1
60105851bf169c6606715a3d323255b4c0cbbe52

SHA256
18aebfa09d4247d898d1aebc588a5bc5cc5fb23f743eb0afca9e0db6437392ed

SHA512
6be15eed7a27305bbd51debc03d3b39942dfbf76d773a092d9166c0bfee1edf74efb6bcad75e8634eb12d63c93d6fd46f2a80a0d4331516d2b6c5909f3b8a46c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe

Filesize
494KB

MD5
d43d8e437e3991e045f847c436086334

SHA1
60105851bf169c6606715a3d323255b4c0cbbe52

SHA256
18aebfa09d4247d898d1aebc588a5bc5cc5fb23f743eb0afca9e0db6437392ed

SHA512
6be15eed7a27305bbd51debc03d3b39942dfbf76d773a092d9166c0bfee1edf74efb6bcad75e8634eb12d63c93d6fd46f2a80a0d4331516d2b6c5909f3b8a46c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exe

Filesize
102KB

MD5
962f4fb1f6e9d787211b0132fad6e0d5

SHA1
7b7b80163e93efd81d4d841a98bc33604972dfb8

SHA256
6919f2fcf1f2f97d29b183b132e8746b03e809b36b542be8837d320e3b99ab41

SHA512
a0f5cfe8cb06c9cb4ef94ea58928a0d43cd34eb7243ec7b6c130627ca0be4a266e593ba6248706eb0e2a348d40ac61eecd9b16af55eac8074c21a915a06a404b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exe

Filesize
102KB

MD5
962f4fb1f6e9d787211b0132fad6e0d5

SHA1
7b7b80163e93efd81d4d841a98bc33604972dfb8

SHA256
6919f2fcf1f2f97d29b183b132e8746b03e809b36b542be8837d320e3b99ab41

SHA512
a0f5cfe8cb06c9cb4ef94ea58928a0d43cd34eb7243ec7b6c130627ca0be4a266e593ba6248706eb0e2a348d40ac61eecd9b16af55eac8074c21a915a06a404b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe

Filesize
237KB

MD5
e352fd0c9a5422eb380f327e188db1e0

SHA1
75346f9870328faef5f03045a155566a3ca072fe

SHA256
2a922ebe7edb08480baa1721ce1b5185fb5af7f64ec0f128d6a7a37711784815

SHA512
a33398457924a29715cf71c3133b09ff00a82d7b4785360109a5f3c08792571eacb20e13ee63822648c001fa91e9ff2cb22f73b8a6ce9c586163b802fcf8bab1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe

Filesize
462KB

MD5
3c0ff824737a86472f648bbdd8dbbb85

SHA1
ec850f931ce0ce68917eec600b64ca66120f3b5d

SHA256
858b824bad6985a49f3d5260329f3a70acb578de2c66a735a1c8c3a8c1556c9a

SHA512
884a5955e4595b4c73269069da0f1e79f1e629943912c262a83eab404af0f43deda1dbcaaa3c06ff1d15f1802a5100232cdded87cc242f6e593dc1d0e0d21c2c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe

Filesize
462KB

MD5
3c0ff824737a86472f648bbdd8dbbb85

SHA1
ec850f931ce0ce68917eec600b64ca66120f3b5d

SHA256
858b824bad6985a49f3d5260329f3a70acb578de2c66a735a1c8c3a8c1556c9a

SHA512
884a5955e4595b4c73269069da0f1e79f1e629943912c262a83eab404af0f43deda1dbcaaa3c06ff1d15f1802a5100232cdded87cc242f6e593dc1d0e0d21c2c

Download Submit
C:\Windows\System\alg.exe

Filesize
410KB

MD5
cf74fc2ebee7f5bf7a0dd9718dabd072

SHA1
6adcc6f8b06531a25b403f8b37b4fe9eac93e2bc

SHA256
942d473e63ec9c02b241defe112cda14a2ddd11cc3ba9b30b1ac80494cb73c0e

SHA512
4b11e222f73b82b043778ba04867aedf7aab8f481f9a1269d4958a3fcaee8651009ad1adb0e52f7bc2c85d8cb161937ade268c7a369eb2287a2022056fc944ec

Download Submit
C:\Windows\Temp\ef57202247d4b07c345a0f5eb3e17a64a465e7ae86ee670eb521750edfc24274.exe

Filesize
787KB

MD5
021a14bd97067ec93909b7106803dda7

SHA1
61c92a89567070cd1e184798437a8c544597347a

SHA256
eaa33b91d3ac045ce9c2d6f5a8f748c056d374faf67d96d5c37d0e1ce4c3d12c

SHA512
50590c3b97d65df9817a05dabd16c8993af3ce281e77f4d27c22055c8ab6201ee5406dfe75ca83c3ab83fabbff5e71477db990010006035b1611396810e50153

Download Submit
C:\Windows\alg.exe

Filesize
410KB

MD5
cf74fc2ebee7f5bf7a0dd9718dabd072

SHA1
6adcc6f8b06531a25b403f8b37b4fe9eac93e2bc

SHA256
942d473e63ec9c02b241defe112cda14a2ddd11cc3ba9b30b1ac80494cb73c0e

SHA512
4b11e222f73b82b043778ba04867aedf7aab8f481f9a1269d4958a3fcaee8651009ad1adb0e52f7bc2c85d8cb161937ade268c7a369eb2287a2022056fc944ec

Download Submit
C:\Windows\alg.exe

Filesize
410KB

MD5
cf74fc2ebee7f5bf7a0dd9718dabd072

SHA1
6adcc6f8b06531a25b403f8b37b4fe9eac93e2bc

SHA256
942d473e63ec9c02b241defe112cda14a2ddd11cc3ba9b30b1ac80494cb73c0e

SHA512
4b11e222f73b82b043778ba04867aedf7aab8f481f9a1269d4958a3fcaee8651009ad1adb0e52f7bc2c85d8cb161937ade268c7a369eb2287a2022056fc944ec

Download Submit
C:\Windows\temp\ef57202247d4b07c345a0f5eb3e17a64a465e7ae86ee670eb521750edfc24274.exe

Filesize
787KB

MD5
021a14bd97067ec93909b7106803dda7

SHA1
61c92a89567070cd1e184798437a8c544597347a

SHA256
eaa33b91d3ac045ce9c2d6f5a8f748c056d374faf67d96d5c37d0e1ce4c3d12c

SHA512
50590c3b97d65df9817a05dabd16c8993af3ce281e77f4d27c22055c8ab6201ee5406dfe75ca83c3ab83fabbff5e71477db990010006035b1611396810e50153

Download Submit
C:\odt\office2016setup.exe

Filesize
5.4MB

MD5
76ad11fd0248847f252f48d2ebb22bdb

SHA1
132d314a7c4e0540ee73af2dc9e02aaccf306f10

SHA256
eb660c8a06fbe2ad18fbc03d536538dbe463e4e522d4968f233842e5fdacb86e

SHA512
60c129d94e90deb3a39ba20263b081c0b83653105daa6c87699efe7d8aa9b988cd55998061a169d69384877613c3866af1c01c310232b39118374d5c7fa25e4b

Download Submit
C:\odt\office2016setup.exe

Filesize
5.4MB

MD5
414434ffa91b517fa63d1bdaad8cf86a

SHA1
371ed4e18a70a8318ecf7017e03777e86bd48886

SHA256
0e02ce2a3ee7927640a4a748ceade86fdc69c8151f51a53e9fded4a7b0e434d6

SHA512
37cad6f8b032d4297d8832d267a556b93ac202191c3037b006ddcaf362e1944858854852cabdfb0e24efccbfd2fe138610cdb806daecf6428a5a28ceac03fc40

Download Submit
\??\c:\windows\system\alg.exe

Filesize
410KB

MD5
cf74fc2ebee7f5bf7a0dd9718dabd072

SHA1
6adcc6f8b06531a25b403f8b37b4fe9eac93e2bc

SHA256
942d473e63ec9c02b241defe112cda14a2ddd11cc3ba9b30b1ac80494cb73c0e

SHA512
4b11e222f73b82b043778ba04867aedf7aab8f481f9a1269d4958a3fcaee8651009ad1adb0e52f7bc2c85d8cb161937ade268c7a369eb2287a2022056fc944ec

Download Submit