Malware Analysis Report

2025-04-14 03:25

Sample ID 240612-sj7k9azbne
Target a11aa25b9ce40579c0546c071e5593fd_JaffaCakes118
SHA256 b24383ce4aab8beb5478d11371c9871e3bc310677bd4dd279c69f15a3af6f01e
Tags
persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

b24383ce4aab8beb5478d11371c9871e3bc310677bd4dd279c69f15a3af6f01e

Threat Level: Shows suspicious behavior

The file a11aa25b9ce40579c0546c071e5593fd_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

persistence

Executes dropped EXE

Loads dropped DLL

Checks computer location settings

Adds Run key to start application

Enumerates physical storage devices

Unsigned PE

Checks processor information in registry

Modifies Internet Explorer settings

Suspicious use of WriteProcessMemory

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SetWindowsHookEx

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-12 15:10

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 15:10

Reported

2024-06-12 15:12

Platform

win7-20240508-en

Max time kernel

150s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\COPY180921348283848482293942938492929440293482828484-PlDF.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\ToolBoxMng.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\COPY180921348283848482293942938492929440293482828484-PlDF.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Windows\CurrentVersion\Run\ToolBoxMng = "C:\\Users\\Admin\\AppData\\Roaming\\ToolBoxMng.exe" C:\Users\Admin\AppData\Local\Temp\COPY180921348283848482293942938492929440293482828484-PlDF.exe N/A

Enumerates physical storage devices

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2928 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Temp\COPY180921348283848482293942938492929440293482828484-PlDF.exe C:\Users\Admin\AppData\Roaming\ToolBoxMng.exe
PID 2928 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Temp\COPY180921348283848482293942938492929440293482828484-PlDF.exe C:\Users\Admin\AppData\Roaming\ToolBoxMng.exe
PID 2928 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Temp\COPY180921348283848482293942938492929440293482828484-PlDF.exe C:\Users\Admin\AppData\Roaming\ToolBoxMng.exe
PID 2928 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Temp\COPY180921348283848482293942938492929440293482828484-PlDF.exe C:\Users\Admin\AppData\Roaming\ToolBoxMng.exe
PID 2928 wrote to memory of 1088 N/A C:\Users\Admin\AppData\Local\Temp\COPY180921348283848482293942938492929440293482828484-PlDF.exe C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
PID 2928 wrote to memory of 1088 N/A C:\Users\Admin\AppData\Local\Temp\COPY180921348283848482293942938492929440293482828484-PlDF.exe C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
PID 2928 wrote to memory of 1088 N/A C:\Users\Admin\AppData\Local\Temp\COPY180921348283848482293942938492929440293482828484-PlDF.exe C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
PID 2928 wrote to memory of 1088 N/A C:\Users\Admin\AppData\Local\Temp\COPY180921348283848482293942938492929440293482828484-PlDF.exe C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe

Processes

C:\Users\Admin\AppData\Local\Temp\COPY180921348283848482293942938492929440293482828484-PlDF.exe

"C:\Users\Admin\AppData\Local\Temp\COPY180921348283848482293942938492929440293482828484-PlDF.exe"

C:\Users\Admin\AppData\Roaming\ToolBoxMng.exe

"C:\Users\Admin\AppData\Roaming\ToolBoxMng.exe"

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe

"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Roaming\doc5454.pdf"

Network

Country Destination Domain Proto
US 8.8.8.8:53 proglnksur.tk udp
US 8.8.8.8:53 proglnksur.tk udp
US 8.8.8.8:53 proglnksur.tk udp
US 8.8.8.8:53 proglnksur.tk udp
US 8.8.8.8:53 proglnksur.be.ma udp
US 8.8.8.8:53 proglnksur.be.ma udp
US 8.8.8.8:53 proglnksur.be.ma udp
US 8.8.8.8:53 proglnksur.be.ma udp
US 8.8.8.8:53 proglnksur.nut.cc udp
US 8.8.8.8:53 proglnksur.nut.cc udp
US 8.8.8.8:53 proglnksur.nut.cc udp

Files

memory/2928-0-0x00000000742D1000-0x00000000742D2000-memory.dmp

memory/2928-1-0x00000000742D0000-0x000000007487B000-memory.dmp

memory/2928-2-0x00000000742D0000-0x000000007487B000-memory.dmp

\Users\Admin\AppData\Roaming\ToolBoxMng.exe

MD5 d6f8c3bd564842a238479599492c5d5f
SHA1 37878ee82cda9137cd1b596d7addcf0c2eccbf2d
SHA256 4b5d6b33a194e5e476bfae34b84efc652dbcc95793ccfdf695a4b018d53f00aa
SHA512 c9d33d2ef5f57d81549e34907012db62df28586ef314004b936838ef0a8951b8d83758ebbd43d9f9b63399f8cd9c26f70d7bc128534617620fc563b334ee266c

memory/2932-11-0x00000000742D0000-0x000000007487B000-memory.dmp

memory/2932-14-0x00000000742D0000-0x000000007487B000-memory.dmp

memory/2932-13-0x00000000742D0000-0x000000007487B000-memory.dmp

memory/2928-12-0x00000000742D0000-0x000000007487B000-memory.dmp

C:\Users\Admin\AppData\Roaming\doc5454.pdf

MD5 9855f780e442620ea1f8eaab59949581
SHA1 56e57c94960f0dbdf7cc6dacdac2ad9d8f0f52fe
SHA256 23c611b5476cf9962f8ec3b15e89c677c2cec39580504ba94d9aa0425b476d2e
SHA512 62bfe970daece2ddd6c593ab79ec3cf8b79e492095bde3b0cf26fb33dfa5f7c0b1b2a12a0796dce64d1f1634e2efd11655f9bd4c60486d3cefc0afe3669d7508

memory/1088-16-0x0000000002E30000-0x0000000002EA6000-memory.dmp

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\Security\addressbook.acrodata

MD5 4618312ec50b52c81043bb6ff393cfc3
SHA1 80537497d939529b34de993b14d96510068bf075
SHA256 e8e27396e2a043abd283eed4fd5b8fa256cc22e741defd522158fc9e29205839
SHA512 fc589a974f35ee83c297784c7d7cc62826854422ceec2d5ff46aa6575f5b2bade27d26c1dfc0686602c81e5c14f75f7abd23e6c19fd90a2dbe70e0f5c09251e9

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

MD5 a6a05812d2aa2251fb73c2a6ef6657f1
SHA1 3db3378344f37bdb5e1803a277e94b711617cb9b
SHA256 717d40b9512f9a15cf85bbd3f1fd355b830cc172c07772e0ed5b862099f5eeae
SHA512 c005d611c60d2173f69da5d99ff9a212e54f8e3b011fddb8d042f07fb94cca67aa91dbb59e6d163bdb3977efc6c397156479f9e7264857eababce1c61785a524

memory/2932-67-0x00000000742D0000-0x000000007487B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-12 15:10

Reported

2024-06-12 15:12

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

51s

Command Line

"C:\Users\Admin\AppData\Local\Temp\COPY180921348283848482293942938492929440293482828484-PlDF.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\COPY180921348283848482293942938492929440293482828484-PlDF.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\ToolBoxMng.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ToolBoxMng = "C:\\Users\\Admin\\AppData\\Roaming\\ToolBoxMng.exe" C:\Users\Admin\AppData\Local\Temp\COPY180921348283848482293942938492929440293482828484-PlDF.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\COPY180921348283848482293942938492929440293482828484-PlDF.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4964 wrote to memory of 3120 N/A C:\Users\Admin\AppData\Local\Temp\COPY180921348283848482293942938492929440293482828484-PlDF.exe C:\Users\Admin\AppData\Roaming\ToolBoxMng.exe
PID 4964 wrote to memory of 3120 N/A C:\Users\Admin\AppData\Local\Temp\COPY180921348283848482293942938492929440293482828484-PlDF.exe C:\Users\Admin\AppData\Roaming\ToolBoxMng.exe
PID 4964 wrote to memory of 3120 N/A C:\Users\Admin\AppData\Local\Temp\COPY180921348283848482293942938492929440293482828484-PlDF.exe C:\Users\Admin\AppData\Roaming\ToolBoxMng.exe
PID 4964 wrote to memory of 3148 N/A C:\Users\Admin\AppData\Local\Temp\COPY180921348283848482293942938492929440293482828484-PlDF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
PID 4964 wrote to memory of 3148 N/A C:\Users\Admin\AppData\Local\Temp\COPY180921348283848482293942938492929440293482828484-PlDF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
PID 4964 wrote to memory of 3148 N/A C:\Users\Admin\AppData\Local\Temp\COPY180921348283848482293942938492929440293482828484-PlDF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
PID 3148 wrote to memory of 3816 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe
PID 3148 wrote to memory of 3816 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe
PID 3148 wrote to memory of 3816 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe
PID 3816 wrote to memory of 3388 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe
PID 3816 wrote to memory of 3388 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe
PID 3816 wrote to memory of 3388 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe
PID 3148 wrote to memory of 2156 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 3148 wrote to memory of 2156 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 3148 wrote to memory of 2156 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 2156 wrote to memory of 1632 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 2156 wrote to memory of 1632 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 2156 wrote to memory of 1632 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 2156 wrote to memory of 1632 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 2156 wrote to memory of 1632 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 2156 wrote to memory of 1632 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 2156 wrote to memory of 1632 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 2156 wrote to memory of 1632 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 2156 wrote to memory of 1632 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 2156 wrote to memory of 1632 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 2156 wrote to memory of 1632 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 2156 wrote to memory of 1632 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 2156 wrote to memory of 1632 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 2156 wrote to memory of 1632 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 2156 wrote to memory of 1632 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 2156 wrote to memory of 1632 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 2156 wrote to memory of 1632 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 2156 wrote to memory of 1632 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 2156 wrote to memory of 1632 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 2156 wrote to memory of 1632 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 2156 wrote to memory of 1632 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 2156 wrote to memory of 1632 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 2156 wrote to memory of 1632 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 2156 wrote to memory of 1632 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 2156 wrote to memory of 1632 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 2156 wrote to memory of 1632 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 2156 wrote to memory of 1632 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 2156 wrote to memory of 1632 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 2156 wrote to memory of 1632 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 2156 wrote to memory of 1632 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 2156 wrote to memory of 1632 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 2156 wrote to memory of 1632 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 2156 wrote to memory of 1632 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 2156 wrote to memory of 1632 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 2156 wrote to memory of 1632 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 2156 wrote to memory of 1632 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 2156 wrote to memory of 1632 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 2156 wrote to memory of 1632 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 2156 wrote to memory of 1632 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 2156 wrote to memory of 1632 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 2156 wrote to memory of 1632 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 2156 wrote to memory of 4060 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 2156 wrote to memory of 4060 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 2156 wrote to memory of 4060 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 2156 wrote to memory of 4060 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 2156 wrote to memory of 4060 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 2156 wrote to memory of 4060 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 2156 wrote to memory of 4060 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 2156 wrote to memory of 4060 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe

Processes

C:\Users\Admin\AppData\Local\Temp\COPY180921348283848482293942938492929440293482828484-PlDF.exe

"C:\Users\Admin\AppData\Local\Temp\COPY180921348283848482293942938492929440293482828484-PlDF.exe"

C:\Users\Admin\AppData\Roaming\ToolBoxMng.exe

"C:\Users\Admin\AppData\Roaming\ToolBoxMng.exe"

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Roaming\doc5454.pdf"

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" -c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" -c --type=collab-renderer --proc=3816

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=066A846F2A1FFBBC5AC19598A70A9985 --mojo-platform-channel-handle=1724 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=CD1CDEC1DA2313ACD541044A574824D7 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=CD1CDEC1DA2313ACD541044A574824D7 --renderer-client-id=2 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=AE0E9791DC2027B89E798E10A2B1AF30 --mojo-platform-channel-handle=2300 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=2B265C19F6427AA7B6376976FD2601BF --mojo-platform-channel-handle=2412 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=C915FC86AAA2DB3951A5124A7F6D1232 --mojo-platform-channel-handle=2412 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=77B2F7F1B615BB8E97824D6592FBA5CA --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=77B2F7F1B615BB8E97824D6592FBA5CA --renderer-client-id=7 --mojo-platform-channel-handle=2376 --allow-no-sandbox-job /prefetch:1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe" GetChannelUri

Network

Country Destination Domain Proto
US 8.8.8.8:53 trustlist.adobe.com udp
US 8.8.8.8:53 proglnksur.tk udp
US 8.8.8.8:53 trustlist.adobe.com udp
US 8.8.8.8:53 proglnksur.tk udp

Files

memory/4964-0-0x00000000753A2000-0x00000000753A3000-memory.dmp

memory/4964-1-0x00000000753A0000-0x0000000075951000-memory.dmp

memory/4964-2-0x00000000753A0000-0x0000000075951000-memory.dmp

C:\Users\Admin\AppData\Roaming\ToolBoxMng.exe

MD5 152679974ee4b978d59bc81faac760f9
SHA1 b6ab76d2c2a83a453d8c9780db58b657e52db60d
SHA256 2d03dac56888b935065096036efef5bed5b1891a97183943b50d4f4367b05ab8
SHA512 983829649a551e5897cbb41168a7dee7561a226bb1c918cc82bcf3dcde865f404d8b7c53a26619208d8bcb55c38687bda2dbd5efaa234f512d7283fed2900088

memory/3120-16-0x00000000753A0000-0x0000000075951000-memory.dmp

memory/3120-17-0x00000000753A0000-0x0000000075951000-memory.dmp

memory/3120-18-0x00000000753A0000-0x0000000075951000-memory.dmp

memory/4964-20-0x00000000753A0000-0x0000000075951000-memory.dmp

C:\Users\Admin\AppData\Roaming\doc5454.pdf

MD5 9855f780e442620ea1f8eaab59949581
SHA1 56e57c94960f0dbdf7cc6dacdac2ad9d8f0f52fe
SHA256 23c611b5476cf9962f8ec3b15e89c677c2cec39580504ba94d9aa0425b476d2e
SHA512 62bfe970daece2ddd6c593ab79ec3cf8b79e492095bde3b0cf26fb33dfa5f7c0b1b2a12a0796dce64d1f1634e2efd11655f9bd4c60486d3cefc0afe3669d7508

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

MD5 245950c48f668cf2fcb3c64778e64089
SHA1 3a5a14c820f58e35a3fc6f5de29669f0840587d8
SHA256 a027cf12f2055635a3020f08e0448b2f0314791260ccd25570426088c5b0e307
SHA512 4fc8448536663b551cc716d78715f06d4ed217fbdf755924f0b30aebbb6212798a61c6638f919d5c14bdb6998d6a12f0ca37281f3c7f484c1821fbfc98d4a24d

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\DesktopNotification\NotificationsDB\notificationsDB

MD5 4fe2b64a2631d0d6eb30b8f42b49bcf5
SHA1 10c931554e79c2f4280a65ef2ad57ff61a2429ec
SHA256 4901703febb24c665059d25ae6d0769c55051bcdc1b7a72b600252d4c3b0eca0
SHA512 8ad48178aa8d835e0c2028688e41f575e50e21b6b4b59161d08984c300911fda1a4614738bfa5557c3f2d254373a61497b491cbc7fb163afea2dbe08fcb67004

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

MD5 aebe0d2eb7a2077a55e57a955e62406a
SHA1 3f811b8148f12220f4b45699135e6d21c9847d8a
SHA256 87aa4c64348b534771f03919b5bdca09596e89f6e0cca0a992bb3d290ec4155a
SHA512 efa1b082925a4e478fcea74764bbacb91d43da8c01c4b360a34e6f7402af23f91c93b5e91c6266120e144b5300e8dae73a62a7b6d7c4328410128f6a72a7baed

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

MD5 86e0951fff9f06b609969b4c7c7fc930
SHA1 4cbd47935d4cb075e79484199cfcde64f6d36db5
SHA256 bc8e0a934e97386dabb16786efa05edf4cafa0ca52a71c2a477a1979baa39588
SHA512 6b124bcd1032724f920abe9aa6bcb4088a170bde90eb95a5e89f9054c0413f9b78f3d8bba0f7b47f73b9f36e016814f8f8cb319d79c3042f6a7f9e974b629a85

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

MD5 e899ce827556bf4def25ebad0f863df6
SHA1 1fea4a1a875d2482ecc884f248ca29785c2ff418
SHA256 2f605f8f5dd08c24e6d06ef914deb0715c3b5fb1ec73714e715dbee014f617cd
SHA512 b1f82784a167be9e13e4075ef642ca6a8381a9d5aba31ebed5506353fe6548e3d3dddf6010607e153d42aa157c0d0dba2a910bac71a2df013517c805f907cc46

memory/3120-62-0x00000000753A0000-0x0000000075951000-memory.dmp

C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

MD5 0f726df9a5d93809b22d3cdc1000802a
SHA1 4ed9186880c5b7413e179ad95e24a4b51db46929
SHA256 88880e532942390b1714067540386f50f5c141ed5ea68dd6e1698c60c7d5eae5
SHA512 8959a422dc7a47537fe27b290f240eb35fe77ad1d5c385f8f77d0f28bafe9be5e2cc7c6882ad0b9d1bab5a11e1a3a6a9d084e9418b6e5989ade90ba956b39af1

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

MD5 944c64c06e208d3d64748bcb2487ec16
SHA1 8045f44ac3ff340c5bbe7b5d92ab20f4b1f5c3c5
SHA256 f5f776e44ce7337d939472b73d42c895f5f6fccf46bad6391b4d5b4c53b16d06
SHA512 fc0e65a6e468c3a0287071752a4baf44dfe87f45b11a4f13963af16045002681dccc5b22c594ce2a020245dd00c9fe8ed8348b34f3b312edb45b8c73f085eb12

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

MD5 f97abfb60ee8a7f6cb41ca8e79096b9a
SHA1 d0ef3bfa346d709cd58c3ae0d6e6d5a18013fcfe
SHA256 a6ac7598a1eac40019533cd974241abc5e4015b5078dfd8bd24dc0142383d538
SHA512 a462fa4b5e9116214d547795c61218212ee586492b78574da1017e6b86da5d53fcaf2a29cae87501880114b115cd6caed0f0356f608071579d17a9ccc30f7382

C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

MD5 c47ba6ff997e28c608df567cc3f4fe60
SHA1 d6b113fa422700696a78dfe8bd62199f0c9fd8db
SHA256 56a6030cfaa6406213dd2fcd9ed8fe987ce87fe0494cb31ae99ad6a6f395d5f5
SHA512 fc2fd7228fa152038acd0b586306f977e9df02f0d38ff1ffc7fb82f717464139fe809793e80596f48e427a2a1e925581abfa88ceb9bb0c643c6af5b571157d78

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

MD5 e371f0c8bcde82781439410957ed52ab
SHA1 c88f41ee23c247ed161534f09e05596a51b0cfd9
SHA256 a9ce3d76c309163d1ef1baa394139d86362d686b1168534ab611dce46e7346f8
SHA512 1c83a9bc606035609a164347597bb7877c8f41e3a559600c75552d7bc863b5b55444aecd69876f007145fb3cb76853c7123e7e9a8db31e74d835157203a72e1d

memory/3120-179-0x00000000753A0000-0x0000000075951000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

MD5 a1debc450b799acc7c002e4410084f52
SHA1 34a9a2d89a217647d55e22537d187485144c6122
SHA256 d303c4ff5cfcca7830d7a12ce6df65b2fde49db31280cd05dfa997c651c8f0e9
SHA512 2633bdc85308a38d661f99bd80ecae61c35ff610f278af6aab9292b334bcb1a9e11d432c8459cd03521692fee0216d3da543b90df30dcc486a8aec0dedfd896a