Analysis

  • max time kernel
    16s
  • max time network
    21s
  • platform
    windows10-1703_x64
  • resource
    win10-20231215-en
  • resource tags

    arch:x64arch:x86image:win10-20231215-enlocale:en-usos:windows10-1703-x64system
  • submitted
    08-02-2024 18:24

General

  • Target

    Voicemail (1).pdf

  • Size

    2.1MB

  • MD5

    aebe18c641f295f19d1aa8ade0c606cc

  • SHA1

    406324520d884fb3310e353b31c7ae313f605ce8

  • SHA256

    e704e7847f7776014173bf9867c92dfe2eac710ac67a840cb3b675580cdb1ab4

  • SHA512

    5fffa67146808f08ce296d3e1001503ffde2358317117b070ee4faf47531b17dcef1d1a9f3908f17f8e4d22be18b0a679746a6c09e69ada92c255fe0deb3b675

  • SSDEEP

    49152:rzQT2lrEJrXpkO34gvGt4T7wKA5+SnohnKm9lScNmEngmUF9wWsFLGuY1K:rDlwPeWIcNRUFaWsFyuF

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 2 IoCs
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
  • Modifies registry class 28 IoCs
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 4 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Voicemail (1).pdf"
    1⤵
    • Checks processor information in registry
    • Modifies Internet Explorer settings
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4616
    • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" -c
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:3768
      • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe
        "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" -c --type=collab-renderer --proc=3768
        3⤵
        • Modifies registry class
        • Suspicious use of WriteProcessMemory
        PID:4992
        • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe
          "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe" GetChannelUri
          4⤵
            PID:4120
      • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
        "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:3096
        • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
          "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=AE4261AD697EFA7B3C0DC53B6CD8D2BA --mojo-platform-channel-handle=1500 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
          3⤵
            PID:2192
          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
            "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=2F194197CC781ED28143F96E5D0E9582 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=2F194197CC781ED28143F96E5D0E9582 --renderer-client-id=2 --mojo-platform-channel-handle=1652 --allow-no-sandbox-job /prefetch:1
            3⤵
              PID:788
            • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
              "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=F143CAD1D0090A853A2B51F22E3BE898 --mojo-platform-channel-handle=2236 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
              3⤵
                PID:3108
              • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=6CFBF610E515160B4E3217AB05AD2CB2 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=6CFBF610E515160B4E3217AB05AD2CB2 --renderer-client-id=5 --mojo-platform-channel-handle=1728 --allow-no-sandbox-job /prefetch:1
                3⤵
                  PID:3048
                • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=6C2C974355D01931BAC17C9BFF697994 --mojo-platform-channel-handle=2596 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
                  3⤵
                    PID:1464
                  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=E4B5ADD5FEEFAB28C8F911BA9C657872 --mojo-platform-channel-handle=2740 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
                    3⤵
                      PID:768
                  • C:\Windows\SysWOW64\LaunchWinApp.exe
                    "C:\Windows\system32\LaunchWinApp.exe" "https://voicemail247central.com/"
                    2⤵
                      PID:424
                  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
                    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
                    1⤵
                    • Drops file in Windows directory
                    • Modifies registry class
                    • Suspicious use of SetWindowsHookEx
                    PID:3752
                  • C:\Windows\system32\browser_broker.exe
                    C:\Windows\system32\browser_broker.exe -Embedding
                    1⤵
                      PID:3588
                    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                      1⤵
                        PID:2492
                      • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                        "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                        1⤵
                          PID:4584
                        • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                          "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                          1⤵
                            PID:4424

                          Network

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

                            Filesize

                            56KB

                            MD5

                            752a1f26b18748311b691c7d8fc20633

                            SHA1

                            c1f8e83eebc1cc1e9b88c773338eb09ff82ab862

                            SHA256

                            111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131

                            SHA512

                            a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5

                          • C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

                            Filesize

                            64KB

                            MD5

                            92c363ed98e9f861490fda5c416ba73c

                            SHA1

                            7da97a1349cbe31245e7e8e17e5c96fa1317eae7

                            SHA256

                            892ed9d6bfa7754444c0b728814e1095f8e8db8b44ed72dadb744afeba7931e6

                            SHA512

                            3ebdda7668f54e3aa3b7e326a9122aebb7f7ca1e61c66b3bea19d8b540a787306c9f4327d56d8a5ddc69dfc69e5ff03e52e965132042ea246b0cc5b0342e0d28

                          • C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

                            Filesize

                            92KB

                            MD5

                            aebe0d2eb7a2077a55e57a955e62406a

                            SHA1

                            3f811b8148f12220f4b45699135e6d21c9847d8a

                            SHA256

                            87aa4c64348b534771f03919b5bdca09596e89f6e0cca0a992bb3d290ec4155a

                            SHA512

                            efa1b082925a4e478fcea74764bbacb91d43da8c01c4b360a34e6f7402af23f91c93b5e91c6266120e144b5300e8dae73a62a7b6d7c4328410128f6a72a7baed

                          • C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

                            Filesize

                            92KB

                            MD5

                            8ea85d649407312a8dce327ce513006f

                            SHA1

                            9973fd15393421356006032bc669468c3b0512e6

                            SHA256

                            0153d11c846f4dbc522fed70b95c421728e85180fae0cf26e5d75cd2ebfea3df

                            SHA512

                            378b90cbff9c04a2d97a435bfde94c4d15a70b14916b19a95da1401674e40818d7f917f7cc6b6f10f0c65c2283ea6296bc4c08ba4f24438ad33fc859d8431d34

                          • C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

                            Filesize

                            92KB

                            MD5

                            d44b8bb248cf57af3145a9b8aed89199

                            SHA1

                            9d56340ca9ebb06fefc393e4a35db4f8c344df3a

                            SHA256

                            c1b62e18e7d2ea738e76ba273cd00262720a1a921e8cf267e113eba94d192239

                            SHA512

                            377a9f7ec594eecd49a90a4c458770fee1f47dae24f8bea139f405c9a2ed4bb6353ae181270925a0dead392ed8ae1a0d150799a6e1a7e525c1df96659abcdef6

                          • C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

                            Filesize

                            92KB

                            MD5

                            245950c48f668cf2fcb3c64778e64089

                            SHA1

                            3a5a14c820f58e35a3fc6f5de29669f0840587d8

                            SHA256

                            a027cf12f2055635a3020f08e0448b2f0314791260ccd25570426088c5b0e307

                            SHA512

                            4fc8448536663b551cc716d78715f06d4ed217fbdf755924f0b30aebbb6212798a61c6638f919d5c14bdb6998d6a12f0ca37281f3c7f484c1821fbfc98d4a24d

                          • C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\resources\resource-18

                            Filesize

                            3.5MB

                            MD5

                            17b8abba81aa32dc79778a6305717ac0

                            SHA1

                            e661e0d2247fd7333bd49391b5d66194e845cc2d

                            SHA256

                            a0c4a82ac8f55627773a23f421a50a033ece9bc8898fa1d4d5b29a8563dba12b

                            SHA512

                            df9381f37f77922aee95e18271ae15fb3c1b46146311a593c10c7113ee5dc3c4ecea2fafee0d466e8d352255f80e0baded36ca4c769d780cbf4f1ca086f1d354

                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

                            Filesize

                            4KB

                            MD5

                            1bfe591a4fe3d91b03cdf26eaacd8f89

                            SHA1

                            719c37c320f518ac168c86723724891950911cea

                            SHA256

                            9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8

                            SHA512

                            02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

                            Filesize

                            471B

                            MD5

                            4b38e0e0da3abefefc07e667f95ce50b

                            SHA1

                            384ccef46a2a1d8146a932edb619ae7cf034ed6e

                            SHA256

                            145f1c0d6d4cf854c974b0e9d9a84e9a4763ca50dec97f903cb360c595b99510

                            SHA512

                            818e58d1c4b1b2b3d4e92c84a9171a2ebc1a30a4c507d15b52b97ccd596de39ff6aeba87cfaab8848f0f4dbbc6db4fee4dc282d780a0950d4030bfc8b549789c

                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

                            Filesize

                            338B

                            MD5

                            18a59a60ffb247c2bf17379851036a5d

                            SHA1

                            852b04846083aa3df483ce622d2b0c5dfe21be42

                            SHA256

                            3e5579ea04e3bc683aadab7f04251f762ab923eb605a733515bf7b0f3313485a

                            SHA512

                            b612541ea4702200b81d9aad566f4200ca64d4fd727ded92c0fedddb8e2188c6b2d047651fef3c6e8a5f37cb3cac41d72880fa3c9bcf4b9d1a6cc2bd94025655

                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

                            Filesize

                            400B

                            MD5

                            7e265d1c11a54b73c3347fd2e2e575f4

                            SHA1

                            c8c26c95762a0ee8e2e60dade247fcf87b0644c6

                            SHA256

                            947e2ac8666182517b8d2bb4e975a23e91273a6a622cc3a7e9d117fe05cb2a94

                            SHA512

                            cacd8457cba3ff0b4eb3d3d5c0ee84a723051e319eac78942b93c6f1858fbac5feb12a102dfccadcf9d60fc707d4ce5ca57852784a106facdaba1ccd33f7e489

                          • C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

                            Filesize

                            12KB

                            MD5

                            4fa881662206943c7816d3e72b2a2e09

                            SHA1

                            fc9510407aafb0fc6117e5dfccc0486381c9f87b

                            SHA256

                            17815f30796fa107d3854f81a3fca3874f77e45fa1d94b12279d33385a1cb466

                            SHA512

                            a13ebd78beb17d280ee21eb8401e274e3044c60792ebdfab3511ad4640f441d6f2e877539564a54ecf43400d695b0432ca0c51c5c52a52141d4f4fbbc4628c49

                          • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata

                            Filesize

                            5.2MB

                            MD5

                            141f3b448cc8d3054ccdad1334616583

                            SHA1

                            0e48b93c00c7c83f36782aaa0b9b902a2e03d935

                            SHA256

                            e37ac866c10edfceae178fb0c41757142ba2a6ccaa19a7749f2cc6b243491b95

                            SHA512

                            077d467dca91a9603c481e0183f45c7f87e354a4d8ca5847e5120c952ff6e2665ded9bfc68090916c942b8ed4044067016dd1c75b89bbb45e7e0b6ec3ccd9a78

                          • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata

                            Filesize

                            14KB

                            MD5

                            947f93fe0eed44767626846f28cfde05

                            SHA1

                            f6276d2a2b4a9d8a8e23c84019cd3961e9d60e88

                            SHA256

                            06a576fc14e995c437b26c0d150b4e84cd745e7cedfd972a84b42b51c842fc9b

                            SHA512

                            f97739eb0d22a99b06ef340aefb0d5a5b45b679d28accff3de2565166392c7d2fabaa33f945696f7d456ba2ef323f48e43eb26578f71c8b2e8ed32fb4dc69bc9

                          • memory/3752-194-0x0000017A597E0000-0x0000017A597F0000-memory.dmp

                            Filesize

                            64KB

                          • memory/3752-213-0x0000017A58770000-0x0000017A58772000-memory.dmp

                            Filesize

                            8KB

                          • memory/3752-178-0x0000017A59520000-0x0000017A59530000-memory.dmp

                            Filesize

                            64KB

                          • memory/4424-294-0x00000287A74E0000-0x00000287A74E2000-memory.dmp

                            Filesize

                            8KB

                          • memory/4424-296-0x00000287A7600000-0x00000287A7602000-memory.dmp

                            Filesize

                            8KB

                          • memory/4424-298-0x00000287A76C0000-0x00000287A76C2000-memory.dmp

                            Filesize

                            8KB