Overview

overview

10

Static

static

3

main.exe

windows10-2004-x64

10

setup.exe

windows10-2004-x64

10

svchost.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    579s
  • max time network
    580s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240704-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05-07-2024 17:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    main.exe

  • Size

    5.6MB

  • MD5

    3d3c49dd5d13a242b436e0a065cd6837

  • SHA1

    e38a773ffa08452c449ca5a880d89cfad24b6f1b

  • SHA256

    e0338c845a876d585eceb084311e84f3becd6fa6f0851567ba2c5f00eeaf4ecf

  • SHA512

    dd0e590310392b0543d47a2d24d55f6f091ba59acc0d7ea533039ffb48f1b8938587889bcfa19b0538a62ba26fcde2172253860ceab34af40fd7bf65b6587b00

  • SSDEEP

    98304:nsl27OuKr+gvhf2U9Nzm31PMoslkqXf0FvUcwti78OqJ7TPBvc8X6UcR6s:nPOuK6mn9NzgMoYkSIvUcwti7TQlvciY

Score
10/10
gurcumilleniumratpersistenceprivilege_escalationratspywarestealer

Malware Config

Extracted

Family

gurcu

C2

https://api.telegram.org/bot7258239318:AAE_J6DhWLSRk9YOV8l1ienRdy5HsJZuR6I/sendDocument?chat_id=-1002245526003&caption=%F0%9F%93%82%20-%20Browser%20data%0A%E2%94%9C%E2%94%80%E2%94%80%20%F0%9F%93%82%20-%20cookies(0%20kb

https://api.telegram.org/bot7258239318:AAE_J6DhWLSRk9YOV8l1ienRdy5HsJZuR6I/sendMessage?chat_id=-1002245526003

https://api.telegram.org/bot7258239318:AAE_J6DhWLSRk9YOV8l1ienRdy5HsJZuR6I/getUpdates?offset=-

https://api.telegram.org/bot7258239318:AAE_J6DhWLSRk9YOV8l1ienRdy5HsJZuR6I/sendDocument?chat_id=-1002245526003&caption=%F0%9F%93%B8Screenshot%20take

Signatures

  • Gurcu, WhiteSnake

    Gurcu is a malware stealer written in C#.

    stealergurcu
  • MilleniumRat

    MilleniumRat is a remote access trojan written in C#.

    ratstealermilleniumrat
  • Event Triggered Execution: Image File Execution Options Injection 1 TTPs 16 IoCs
    persistence
  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    persistenceprivilege_escalation
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 48 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Drops file in System32 directory 1 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Delays execution with timeout.exe 1 IoCs
    evasion
  • Enumerates processes with tasklist 1 TTPs 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 3 IoCs
  • Modifies registry class 64 IoCs
  • Modifies registry key 1 TTPs 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 29 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\main.exe
    "C:\Users\Admin\AppData\Local\Temp\main.exe"
    1⤵
    • Checks computer location settings
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3796
    • C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\tmpCB01.tmp.bat & Del C:\Users\Admin\AppData\Local\Temp\tmpCB01.tmp.bat
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1904
      • C:\Windows\system32\tasklist.exe
        Tasklist /fi "PID eq 3796"
        3⤵
        • Enumerates processes with tasklist
        • Suspicious use of AdjustPrivilegeToken
        PID:4956
      • C:\Windows\system32\find.exe
        find ":"
        3⤵
          PID:4948
        • C:\Windows\system32\timeout.exe
          Timeout /T 1 /Nobreak
          3⤵
          • Delays execution with timeout.exe
          PID:1696
        • C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLog\Update.exe
          "C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLog\Update.exe"
          3⤵
          • Checks computer location settings
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks processor information in registry
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:1544
          • C:\Windows\System32\cmd.exe
            "C:\Windows\System32\cmd.exe" /c reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v ChromeUpdate /t REG_SZ /d C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLog\Update.exe /f
            4⤵
            • Suspicious use of WriteProcessMemory
            PID:1772
            • C:\Windows\system32\reg.exe
              reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v ChromeUpdate /t REG_SZ /d C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLog\Update.exe /f
              5⤵
              • Adds Run key to start application
              • Modifies registry key
              PID:2732
    • C:\Windows\system32\taskmgr.exe
      "C:\Windows\system32\taskmgr.exe" /4
      1⤵
      • Checks SCSI registry key(s)
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:1296
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:1196
      • C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\setup.exe
        "C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\setup.exe"
        1⤵
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:5112
        • C:\Windows\SysWOW64\msiexec.exe
          "C:\Windows\system32\msiexec.exe" /i {AC76BA86-7AD7-1033-7B44-AC0F074E4100} REBOOT="ReallySuppress" PATCH="C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\AcroRdrDCUpd1901020069.msp" /qb
          2⤵
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of FindShellTrayWindow
          PID:2720
      • C:\Windows\system32\msiexec.exe
        C:\Windows\system32\msiexec.exe /V
        1⤵
        • Event Triggered Execution: Image File Execution Options Injection
        • Enumerates connected drives
        • Drops file in Program Files directory
        • Drops file in Windows directory
        • Modifies Internet Explorer settings
        • Modifies data under HKEY_USERS
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:5048
        • C:\Windows\syswow64\MsiExec.exe
          C:\Windows\syswow64\MsiExec.exe -Embedding 17212DFCDE6650E3D1FED90970ABE454
          2⤵
          • Loads dropped DLL
          • Drops file in System32 directory
          • Suspicious use of AdjustPrivilegeToken
          PID:4280
        • C:\Windows\syswow64\MsiExec.exe
          C:\Windows\syswow64\MsiExec.exe -Embedding 0EBFA83E88E8AAC16A0A6FE8A3C02086 E Global\MSI0000
          2⤵
          • Event Triggered Execution: Image File Execution Options Injection
          • Loads dropped DLL
          • Modifies Internet Explorer settings
          • Modifies registry class
          PID:2412
        • C:\Windows\Installer\MSIE656.tmp
          "C:\Windows\Installer\MSIE656.tmp" /b 3 120 0
          2⤵
          • Executes dropped EXE
          PID:636
        • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe
          "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe" 19.010.20069 19.010.20069.0
          2⤵
          • Executes dropped EXE
          • Drops file in Program Files directory
          PID:5008
      • C:\Program Files\7-Zip\7zFM.exe
        "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLog\credit_cards_db"
        1⤵
          PID:3220
        • C:\Windows\System32\notepad.exe
          "C:\Windows\System32\notepad.exe" credit_cards_db
          1⤵
            PID:404

          Network

          MITRE ATT&CK Enterprise v15

          Reconnaissance

          Resource Development

          Initial Access

          Execution

          Persistence

          Boot or Logon Autostart Execution

          1
          T1547

          Registry Run Keys / Startup Folder

          1
          T1547.001

          Event Triggered Execution

          2
          T1546

          Component Object Model Hijacking

          1
          T1546.015

          Image File Execution Options Injection

          1
          T1546.012

          Privilege Escalation

          Boot or Logon Autostart Execution

          1
          T1547

          Registry Run Keys / Startup Folder

          1
          T1547.001

          Event Triggered Execution

          2
          T1546

          Component Object Model Hijacking

          1
          T1546.015

          Image File Execution Options Injection

          1
          T1546.012

          Defense Evasion

          Modify Registry

          3
          T1112

          Credential Access

          Unsecured Credentials

          1
          T1552

          Credentials In Files

          1
          T1552.001

          Discovery

          Peripheral Device Discovery

          2
          T1120

          Process Discovery

          1
          T1057

          Query Registry

          4
          T1012

          System Information Discovery

          5
          T1082

          Lateral Movement

          Collection

          Data from Local System

          1
          T1005

          Command and Control

          Web Service

          1
          T1102

          Exfiltration

          Impact

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Config.Msi\e5fce5c.rbs
            Filesize

            1.2MB

            MD5

            c5e649ebe953e2b23b21d2a037894d56

            SHA1

            4d0654113e208a489e67a648e0c9eb0f06ab5f05

            SHA256

            36a05ba19b3d3eb3155b97b41ac382779aa89ddd96a04bc64f2688d5b6bc4041

            SHA512

            da484866a157f91281c59c24f5e67f9b7480e9cb5fd475b9290ff77b0ea5b1d54fb6999f8adfffd45bc12e017585e685d8fd3ec6a16a28dcd019503d89a13d93

            Download Submit

          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\images\s_remove_18.svg
            Filesize

            711B

            MD5

            8bb62cfad37334a15129a0da2091d472

            SHA1

            a9f223eb2bd355c8cbf7d17db501db834f39cb6c

            SHA256

            94f76b160568e3705f1e0d2d6ff3ee6927bd812032498d373bbcc516af2864f7

            SHA512

            da08c15accffeca9c1ec985899ebf234aa881546dfb80862c72bfe206dfbf92772582ff87c0636ca0a4cdeeb03635de7a24aecacba86e22683a1d689724d6dab

            Download Submit

          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\plugins\aicuc\images\rhp_world_icon.png
            Filesize

            445B

            MD5

            ed537606a39879a091a8c085cf95ff38

            SHA1

            86c73d85094efbfdcd80abf119f03b64a71cbd0f

            SHA256

            42c312aa2a038ca54e9a6fe4bad8c9c044c35b4c5f421496f289c00c957d7591

            SHA512

            fc331c2e1ec84a6a83b51f365484033b3069d73c5987094cf526c45a92c3297df22fe2a35ec20382ed4d563ee604ecbdbdf17fb735f7e0118ab444b4d5db8e9d

            Download Submit

          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\plugins\aicuc\images\rhp_world_icon_2x.png
            Filesize

            611B

            MD5

            37d179c947c13f64b7b6356f57441032

            SHA1

            9d1c1bd0c370336c229baeb2cd7f80d7b3cf4d0a

            SHA256

            71039e6370f68913e67cb8451d3127c22d3e1045ca644e4dc9821e9f6f6899aa

            SHA512

            3034a8b9694bbde20be0f7fa2596fbca8fd3f1e45810b15a5cb1a2bc6f4ef852afc36639a56f82a4e582d74684724d5c4ee43cbf5e33c94c6cf00b3c059757bf

            Download Submit

          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\plugins\aicuc\images\rhp_world_icon_hover.png
            Filesize

            388B

            MD5

            6d8f7e9751f955452a9ceeb815456035

            SHA1

            e6903b2ec0f2c5632d4288f88d993d4a41f04527

            SHA256

            8bcf53efcb1b630087d4cfcedf5e48a7abaa9c71dd13745eedfd2c7cfa6827f5

            SHA512

            c869a94a224bce8ed553f5a86ffdea6d8a279e06a1c060b311cc52e4538b89e07fc0a4a76f85a28e2f62e8629a7c67101e990cc12bef2d0e2d6d7d3c1d4d7d90

            Download Submit

          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\plugins\aicuc\images\rhp_world_icon_hover_2x.png
            Filesize

            552B

            MD5

            f364ee8508831e375004ac82b924efd5

            SHA1

            b04bc510ef53760bdd22ce0dd9d2e2f248c16df7

            SHA256

            87da831caa04bd303918a32265830ff97648dc8adc18881ba14d1cc1d28cde85

            SHA512

            399b2da615c0373214e3cf421f502fd0de02bdb9473da644e9f23df9ea7fc792da7d36bde61a456c2451276f74877232c8bedbe55e57098c1ffd13719206bac3

            Download Submit

          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\plugins\aicuc\images\themes\dark\rhp_world_icon.png
            Filesize

            388B

            MD5

            39be6b8bd8dce3ff5a1c20ac41ba993f

            SHA1

            a49d8a0c769601bf922c8aa1673bfd3a92d67855

            SHA256

            854a09f1f875a3a2e6566c593af465c9c8a3aa9b9112eb755bb09cee76224a63

            SHA512

            9fd5d4f02aa9d24ce9591ac0542d0abadf2b26208c3043220d2a0f036298199131ad804f9be20c6cc67f39e2921eebec65efb3a1e435ee7318fd8591fcc2fa2a

            Download Submit

          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\plugins\aicuc\images\themes\dark\rhp_world_icon_2x.png
            Filesize

            552B

            MD5

            b34c8c3b8117b038839beefa0df5a7ce

            SHA1

            c8d1e8eb4c71d5aa02e36fe3b7365374a9e4e32b

            SHA256

            bfef65c62bfc309f698e8e0b999edfc06ad272b87d805f183551c43f08d704a9

            SHA512

            89fa9f31f62c6e119e6280dbc475c35dd7bb37c27457732a0b1cb04809a35fec44a12ccb6a3a626586d596a0636d754a9ff79ecd9ed739c5c6edea50738a60d7

            Download Submit

          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\plugins\aicuc\images\themes\dark\rhp_world_icon_hover.png
            Filesize

            388B

            MD5

            2ca9f57d61ed45337ec4e6565480367f

            SHA1

            fa06ed14d72ad8ced6ad98a4e223bc80cccc5e75

            SHA256

            a584379ebf9aa0d3c0239edb7e1f114f01a9865f01c68494d5f28d410ba8d873

            SHA512

            83a172f2f304b2f634c313e248b62c11b7798f416872929ef233134bfc4ad8f44b1b4dfa123e8378a233417e1298a73088258f5671ace96ff677d1f26447de87

            Download Submit

          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\plugins\aicuc\images\themes\dark\rhp_world_icon_hover_2x.png
            Filesize

            552B

            MD5

            74af10749d7f19d15c8dca65a7453415

            SHA1

            dc96d9dbffe472600548dc64c724055e62620d8d

            SHA256

            0e0084df79ab98e5df48ed1e01987f7ac3fcf4a038dd5453708d868f73a073a8

            SHA512

            83d190bf6f9cb77894e7aaf84029c40a2a0335e43d08062ca2275a2cb7a784a29b3b7b8be820c7dfb2f1458ab0528fcdfe45f05491be673b30495e1ed916999e

            Download Submit

          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\plugins\my-computer\images\icons.png
            Filesize

            7KB

            MD5

            d3963e6fe853dbd9d22f794d5ece4c48

            SHA1

            db35a3e565d0b6dca7ad243443a5560a1247eb33

            SHA256

            a870c4e9ff6c433b5583a8f09fcdfbe712241c7e7d64cd59a10c2ad592f64fe5

            SHA512

            fe60a1b2a20d3c11152df2d6fbee05c3d6b80c89486d258dd6d318c3f89deef3e91a116c502c117d79a5020489e394194310f5c7a7ea3d4b7d284ca5a3e43ca7

            Download Submit

          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\plugins\my-computer\images\themes\dark\icons_ie8.gif
            Filesize

            7KB

            MD5

            d4585d0ccf35ae69b1246339cfb46b90

            SHA1

            1fffc3492684a5db89e949d2d8b612eabb38994b

            SHA256

            d6707a7a393687bccd92de05cecbd746be791f3a670cb4fc106252f49d2a0a2a

            SHA512

            a85560cabd3ce3dd21177948884a921385c0325b431dd281edda61d3585a69ceef28cb339c5a88d167597451ce22d54828b03d69823b5737bf3e253bd9bda9f6

            Download Submit

          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\plugins\my-computer\images\themes\dark\icons_retina.png
            Filesize

            15KB

            MD5

            7045217d47de04c1d72eea7413b780c4

            SHA1

            04c73e38fa17d35a1f684577cc79d77615c09e02

            SHA256

            8c659d0904687a97d9c6b649e4b74e99b286265e92252908824efcd07f956b66

            SHA512

            abe433cb154598ad2c0de6070d6e75bb70274a58ce92007ce200201f788553517bb579b0df5cbde3b4f2bebdca1243f0e54836d125d72ea206b3ccba1d15a385

            Download Submit

          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\plugins\my-computer\images\themes\dark\new_icons.png
            Filesize

            8KB

            MD5

            0e366a48bdf6a3b140508e56eed0bf0f

            SHA1

            bcd76a4a537fc00d8c468b9496d3d5b5dd6a2a7e

            SHA256

            a311b5a78e1b856505337b90e53edb4ba380160234e1b4e8801c231ba8d590a5

            SHA512

            1830e3e260a50f79553673bec5775c0ba623284d233c25a2da016f273e67e218f5d2f49bed5f9e68842c7dc14b852e979fbfc7ed336f9a34dafd04a48742f827

            Download Submit

          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\plugins\my-computer\images\themes\dark\new_icons_retina.png
            Filesize

            17KB

            MD5

            28a435033f504be69def6f9d52efd2b8

            SHA1

            6f50318e05b79851a445f98d4b3ae3d65feb22ad

            SHA256

            f84c7c93947e86e2a499117d4c55910de9fbaefb6d703a8d0f90f4867c69c182

            SHA512

            a2b410bb6bb328eb1e3af794259bacce7918f44698c8145fa530af9be6bfc22a064c1f0ee5d7ce289f4a60a50fce9b56a720793d19ec477340b1d7ef158df6b0

            Download Submit

          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\plugins\my-files\images\bg_pattern_RHP.png
            Filesize

            179B

            MD5

            117ec36a5cc6d82e63e8b3beae4a3099

            SHA1

            4c692192be53827f8ec8015ceb129f6e0f89e923

            SHA256

            041917c06c638a1b1accaf0d2f0b2a6dd335dea629de602e104553024d822ea4

            SHA512

            abb02a02a9161ece12464020676e880f1eed96b43a9dfd4f7ca06dc203fe633b0a712da5f151d36a5644d65aad7b2880c135df0bc42d7c1e61b44006807a8c9d

            Download Submit

          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\plugins\my-files\images\illustrations_retina.png
            Filesize

            19KB

            MD5

            ff84cb8f89545b86e32abd27a9694e1e

            SHA1

            3cde537531f8689772bc9eb39a12c687da5d5225

            SHA256

            8b32854c17056ea617a680cd26ea91015e77d68260f656758984583eb6895a87

            SHA512

            2690d712ba02fbaa769689d0eae380d0988721c6fcb710e04e1e2aba56496cb58f5d4168fe75540139afce179b1250c2ceb11fc4c3d589a3615ad20dccacc8f1

            Download Submit

          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\plugins\my-files\images\themes\dark\bg_patterns_header.png
            Filesize

            703B

            MD5

            ccc8d470e94b3441e41521572ba86ccd

            SHA1

            d294d7e78b596fefcc8084fab7917c54d3043e27

            SHA256

            a7cdf870b0b1b8459e94ed25a29daa87f5e9050294bf6cdff3bc72f93b928f94

            SHA512

            f3b2ca4d3160a089f6959b7c8e3e6c213c0facb2733f7948a7222196d3bd8c7350015602569df2cdc7408e38b0ff6700306d7e3439f0892b4d13d9f2d5329e42

            Download Submit

          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\plugins\my-files\images\themes\dark\illustrations.png
            Filesize

            8KB

            MD5

            f6e318123e7ad5933a49669eb035c737

            SHA1

            ed8938fa3c13af75978bbd0bcdd3e8bd40a02004

            SHA256

            19f68990146444907956056019aaee514c522c3c00ae00604da44a1bec2f8f51

            SHA512

            b2506a283dbdcf40ba0cac63b4fd0249463218cc9511ce52cae5ab8c36706090fc1f1942f1082204dcdad5d80e7b655d9e12326c820ac21f64a508999e130743

            Download Submit

          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\plugins\my-files\js\nls\ui-strings.js
            Filesize

            1KB

            MD5

            d59d8ff7aaa17ee875adbe48b7a77e78

            SHA1

            7405acc07f6137b7fd9575f99a2b4354135956ef

            SHA256

            d74c0782682efde01c1c30e46814256f7d16d7df00a7167d90f2bd55ebaab626

            SHA512

            63fc8bef9e8ef833e45d99f954a9eb99d6bbcae39b2eca8a7000ac11b976cdd0ce0581e5e5e6b2f1bb2bdc911e31690e503dad945f0a3ea702dfe404896eded8

            Download Submit

          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\plugins\pages-app\images\example_icons.png
            Filesize

            683B

            MD5

            a0522ef468697e74b90c444ceb4aa17a

            SHA1

            31fa5bb9b4ada150c9001b6e9f3213644117187f

            SHA256

            57804748e775c08ae188b4d860f31e4482ab99b44ed1d8489780daa6756fb11c

            SHA512

            bbb91f8b3c204c4c04da2ad635eb18e9f224f73395dac509c438c0a645316162b6ff78e03e7af76d5da2d9e84cd0c4b5e9db1d4dc08bc3f524bcc55c1f4dbbd3

            Download Submit

          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\plugins\pages-app\images\example_icons2x.png
            Filesize

            1KB

            MD5

            99a1fefa123aa745b30727cc5ad50126

            SHA1

            c48f74cee78f8ed8463634d80c4112f3e12bd566

            SHA256

            7a610114be56ff131462bc67f9a23bcd4fde4fdd0158691448ab9e4a3eb2ca3b

            SHA512

            504800f03a4aa57c1cfa15b28542382728b5f3dd85309fe12ebfd711980d78d15d8241d5f54956ee41da2cd65203b7764ab7b15119457b74ebc07fcf8e55a742

            Download Submit

          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\plugins\search-summary\js\nls\ui-strings.js
            Filesize

            1KB

            MD5

            3dde11f8594519f004ded2687db9b90e

            SHA1

            fcf1854df851616a25d7cf1439a9120b16902420

            SHA256

            196c132938d324c62184ddc85bdb1cd642af830712e0fbf0fb3230978316d510

            SHA512

            adc2cb3a37dbf5fe2ae79f5752c0d38d2427a95e333e848ffa113046f630eaa967b3cb29c049dcdd9b921d57e23392562d779c24207f770aba6e92392064f17b

            Download Submit

          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\plugins\task-handler\js\nls\fi-fi\ui-strings.js
            Filesize

            823B

            MD5

            5e884e2f05ac036b7a6cded3efc2ea2d

            SHA1

            807c1cf1bf0943404601b6241bf4bcf9fcc29c9e

            SHA256

            b333de3a4a7be7749b82302085ed26ad868f0f8eccd09d2a8bb8840414e624d6

            SHA512

            6665aa6fa35e05d01a4a2312a93faf52d6b39409bfaa861c187b0cc2fc51e74aa253ebf56061872d548cb6d3d7bbf1f7c2568de81e5287e0a1d6591c1e780f15

            Download Submit

          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\plugins\tracked-send\js\plugins\tracked-send\css\home-selector.css
            Filesize

            802B

            MD5

            bfeb063e064c71e44ce75898e79c61bc

            SHA1

            c4dcb4b6814cbee53b415a2a5df02fa500510ef3

            SHA256

            af439ebb0d55750003f7dbec517e7b0b26a6a0506b21e3b74d800cd1c7faa004

            SHA512

            0835ebe63867fba6d69a25c83dca767ffd9c57907ba76d9c71012be18510e2145a358d37c1cf4e4ad35d1cdd4f67ffd5928e70e18a376db607d8482356f12219

            Download Submit

          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\plugins\tracked-send\js\plugins\tracked-send\images\bun.png
            Filesize

            2KB

            MD5

            4c27ad089d04cfefd979d56f2a67b172

            SHA1

            63289f9198ee4553759b07de7a4229ad370fa976

            SHA256

            e34bcd5b8436d3bc45f98dd913d41f185c6b06326b66937d6e0d5c6434b16fe7

            SHA512

            23f9283f769fd310dcac26cac00d2eb033763d73bd45b0d148ea1ec3a3c75b073572c9fa9234699372a7e1caad7fcde7629d004815536df1d39d291f2d2d96a9

            Download Submit

          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview.png
            Filesize

            2KB

            MD5

            61bd39ed095fa82ffd334fbd7982616c

            SHA1

            51af9c2cd42743c5cf81200e0fba3cfaff801885

            SHA256

            237a70fe0388ce6884f5424692c460625691ef7acb0bf80403ec6b25f348b94a

            SHA512

            54dd8e1a5c19a9d51892a12e9501b7f6f69e09e0c446ec36f7ddfd9ad0d9cef52604ab2f8071c71ce63989510a703f1cfd5492e1ac20c8b37258ba21f8952400

            Download Submit

          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview2x.png
            Filesize

            4KB

            MD5

            543415ad8ba14db1b75a93a551a4abfc

            SHA1

            3d4737451e899240fe19daa07f3c58ce9a623631

            SHA256

            03bcfd7fcbd98e48b1954f912ecd66ce0bd5c181da0c2408beed01486ed23804

            SHA512

            7c4bd1cf6fc8d7aeedb1c666ca45c95615927fe76cad3d3c4f4dafc987f4ac04f527ecaebb3103f593eb080302e768fcd77739ce8344ff2e7ec10efdd1113cd0

            Download Submit

          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small2x.png
            Filesize

            385B

            MD5

            c789d387908d7b7f21c6474a86e84019

            SHA1

            1c36fc6954178c43d9249a5ff3c7246057c6aead

            SHA256

            223f32512aec50c1c00fafc476d8e4ce61e79aa748c67b72fe55514882a31a5a

            SHA512

            1cab85dff119b591046049b69b6208283ca5e009d95129bb407df2768c82da30fd2af8debf6f1bbd91f37518538f3ba6bcda32b63d1d278b56fdd1f5f93439ca

            Download Submit

          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\plugins\tracked-send\js\plugins\tracked-send\images\nub.png
            Filesize

            1003B

            MD5

            c5aab3d175e0a3753ed2c3bbd7b929c1

            SHA1

            3ebee0101ad62449a67f506df9c8e7dacc39f877

            SHA256

            2e187b74e926afe70eafe0648c7125817e99f5586eee3e2e05446e360d4cc1bd

            SHA512

            e967020462477c3e9465e3383c544cf468dd89f4da084193634f5bcdc001b90f5bad3f4f6dda9e95ebe068108986daf41504e02331f4922ea25e7ffee1f27040

            Download Submit

          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons.png
            Filesize

            1KB

            MD5

            808971f45b803583d9d1f812803d81b7

            SHA1

            0f6aaecba7c976ed8c2f53782b3d3148f41b2905

            SHA256

            c25d9409ddf9645c2731ec785cacbb7568005bfc78fe0aec7df3ae3c4d30e333

            SHA512

            121e6b01125f9e9d4894f7d498bb4d39ce676ce51e29cbcd148e0c1feed46fbc58267cea7d5f66654be831dc479e4643be8b28b005467309b7df5cc7fbcd0dbe

            Download Submit

          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons2x.png
            Filesize

            2KB

            MD5

            ad68c0b141ea1dbfcadb540c1817289f

            SHA1

            548a46167f7f5193c5a1335753bc208bf92aa504

            SHA256

            537ac64cd204d7ef82cfe41c932deb9cb1ae738b2156eff4dbf73208384c0a13

            SHA512

            269ae39458a9f30351166f304825b777f3ff143b7914b98e83e01600fa04c7790e6e813466c2a1c5396ce13cd2199792905cf0baba1cd28a420440efce0843e8

            Download Submit

          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\plugins\tracked-send\js\plugins\tracked-send\images\themes\dark\dd_arrow_small.png
            Filesize

            289B

            MD5

            36503740756a442b7be294947462be83

            SHA1

            a1203ae869deb46f59a3273f6d130e7457bf5321

            SHA256

            d188ab283c552eee50677129f3b0ffd8d97828c4e7007bea258174c9a2200e87

            SHA512

            6ff98b15c7d757dd351bf50a1c4ac759a73fdafe03d5fad506478550987d0ec016ba9e617c099e6bf7b0263846eddc4eb32cb70fb1fbbc1189791defe556967a

            Download Submit

          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\plugins\tracked-send\js\viewer\nls\nl-nl\ui-strings.js
            Filesize

            840B

            MD5

            32147da1c647161e45a1004eb1b16349

            SHA1

            a953c222cce91729ebab36bddd43bd5a795a69cc

            SHA256

            434731fdc6d2f5115c5f7786ac989fedef7d0f60cd2ad4385cc98f6d2160566c

            SHA512

            8c825f8d38519cdac2a49e4ee8a9564ae72839199562ce9acfe72b4fbb94f8946775054782cf26a9566eaf8cf944a26e42b7b372c4e7349b33a8e17dcd13df94

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\Costura\A54E036D2DCD19384E8EA53862E0DD8F\64\sqlite.interop.dll
            Filesize

            1.7MB

            MD5

            65ccd6ecb99899083d43f7c24eb8f869

            SHA1

            27037a9470cc5ed177c0b6688495f3a51996a023

            SHA256

            aba67c7e6c01856838b8bc6b0ba95e864e1fdcb3750aa7cdc1bc73511cea6fe4

            SHA512

            533900861fe36cf78b614d6a7ce741ff1172b41cbd5644b4a9542e6ca42702e6fbfb12f0fbaae8f5992320870a15e90b4f7bf180705fc9839db433413860be6d

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\tmpCB01.tmp.bat
            Filesize

            256B

            MD5

            6b2b1b20be8d3f49a9b88f84bb5b37fe

            SHA1

            2a1a2292369b0b283d9abf39fd3694851a611f2f

            SHA256

            f36931892f893b6d3c0435e5a8bd30df7c20df58ec70c78e4f31fbce799009d1

            SHA512

            21d1635e10f0ff9554528344ce6114cf2a915822d8325135b46ea65f044c889ad481f473e6cb3bb3984458088a4eca241e5cfdee02f7012336cbd948c21405b7

            Download Submit

          • C:\Users\Admin\AppData\Roaming\GoogleChromeUpdateLog\Update.exe
            Filesize

            5.6MB

            MD5

            3d3c49dd5d13a242b436e0a065cd6837

            SHA1

            e38a773ffa08452c449ca5a880d89cfad24b6f1b

            SHA256

            e0338c845a876d585eceb084311e84f3becd6fa6f0851567ba2c5f00eeaf4ecf

            SHA512

            dd0e590310392b0543d47a2d24d55f6f091ba59acc0d7ea533039ffb48f1b8938587889bcfa19b0538a62ba26fcde2172253860ceab34af40fd7bf65b6587b00

            Download Submit

          • C:\Windows\Installer\MSID0F5.tmp
            Filesize

            57KB

            MD5

            c23d4d5a87e08f8a822ad5a8dbd69592

            SHA1

            317df555bc309dace46ae5c5589bec53ea8f137e

            SHA256

            6d149866246e79919bde5a0b45569ea41327c32ee250f37ad8216275a641bb27

            SHA512

            fa584655ae241004af44774a1f43508e53e95028ce96b39f8b5c62742f38acdf2b1df8871b468ac70c6043ca0e7ae8241bad2db6bc4f700d78471f12bb809e6b

            Download Submit

          • C:\Windows\Installer\MSID1E0.tmp
            Filesize

            418KB

            MD5

            67f23a38c85856e8a20e815c548cd424

            SHA1

            16e8959c52f983e83f688f4cce3487364b1ffd10

            SHA256

            f3c935cac911d9024c7797e8ffe4cce7d28154b236ad3e182f9efb85cd5a0a40

            SHA512

            41fc1b4e2f47d5705861ee726c8d5d7b42191e7d586b370981da268414f207f6dea00a59dc53012cf6510c44651fec4a3a33bf69e501d85fd2efd66517e4169d

            Download Submit

          • C:\Windows\Installer\MSID250.tmp
            Filesize

            148KB

            MD5

            be0b6bea2e4e12bf5d966c6f74fa79b5

            SHA1

            8468ec23f0a30065eee6913bf8eba62dd79651ec

            SHA256

            6bac226fb3b530c6d4b409dd1858e0b53735abb5344779b6dfe8859658b2e164

            SHA512

            dddb9689ad4910cc6c40f5f343bd661bae23b986156f2a56ab32832ddb727af5c767c9f21f94eec3986023bae9a4f10f8d24a9af44fa6e8e7e8610d7b686867b

            Download Submit

          • C:\Windows\Installer\MSID2BF.tmp
            Filesize

            209KB

            MD5

            0e91605ee2395145d077adb643609085

            SHA1

            303263aa6889013ce889bd4ea0324acdf35f29f2

            SHA256

            5472237b0947d129ab6ad89b71d8e007fd5c4624e97af28cd342919ba0d5f87b

            SHA512

            3712c3645be47db804f08ef0f44465d0545cd0d435b4e6310c39966ccb85a801645adb98781b548472b2dfd532dd79520bf3ff98042a5457349f2380b52b45be

            Download Submit

          • C:\Windows\Installer\MSIE4DB.tmp
            Filesize

            271KB

            MD5

            f88c6a79abbb5680ae8628fbc7a6915c

            SHA1

            6e1eb7906cdae149c6472f394fa8fe8dc274a556

            SHA256

            5ded99991217600ebd0b48f21c4cd946f3c7858f07d712fcfb93f743faa635ed

            SHA512

            33e150822331356e1cdcbff824b897ca5bf2bed0345d2fa39cf9b1f36a77201167819761b1cc3b6cb02a87625e0b6b85a8505281ccc575ca6b73af68e1e90361

            Download Submit

          • C:\Windows\Installer\MSIE656.tmp
            Filesize

            28KB

            MD5

            260cc3aeb3c5994f5a07dbeaf1d80d43

            SHA1

            ed1ff111c77b3422ad282c43cdde06254d1fa8b4

            SHA256

            65671cf7ac4ae49a411c47592cc337fe0b8ffa3cfb0a1ce5a219cae8c22012b8

            SHA512

            4aba5ade56ade7b27c93be844d88737ad7b3fa99e1bde484cd97f46b3bf05d82c394310d025167a4702fedba45bcbb14710c94a57b03f8f0e31ca5abba11cadc

            Download Submit

          • C:\Windows\Installer\e5fce24.HDR
            Filesize

            35B

            MD5

            f0fe0d0a7b4408605d4813bdc5d17c90

            SHA1

            99b1742d32df55b476a3afb968024d0d87aa7e28

            SHA256

            8700160de81b068dffcb99c65f89fc3dcd202083afb4c5d650935bcd2641c444

            SHA512

            24e0ba30a3e2a20281a7371b85f9da6c74f8a37958119d7ec4d6a9162839202aefab322ebf0c9942357c58cc29c1c69b1abbdce1f3a74da87d650f937c4a9863

            Download Submit

          • C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\PDXFile_8.ico
            Filesize

            340KB

            MD5

            d07cea5fbf17f2ffa4fdcb38e395dbaf

            SHA1

            c0218a4f53428d71f19f1121b8532b3fe0d178b9

            SHA256

            c5ba5c23decaa64a9176f20f8b18a8c89b42ed54f55f3285bd400fd74051e37e

            SHA512

            98ad990280e9db23ee91e23ee5d0ebc8e289eed7923cd07bb31b845af28ebe0a09bc49f9de2c7e81a49a041d9f87f089a4a67402e1182c41e0d41a3e47264d4f

            Download Submit

          • memory/1296-58-0x000001A761C40000-0x000001A761C41000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1296-54-0x000001A761C40000-0x000001A761C41000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1296-57-0x000001A761C40000-0x000001A761C41000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1296-52-0x000001A761C40000-0x000001A761C41000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1296-53-0x000001A761C40000-0x000001A761C41000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1296-55-0x000001A761C40000-0x000001A761C41000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1296-46-0x000001A761C40000-0x000001A761C41000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1296-48-0x000001A761C40000-0x000001A761C41000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1296-47-0x000001A761C40000-0x000001A761C41000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1296-56-0x000001A761C40000-0x000001A761C41000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1544-42-0x0000020DC9470000-0x0000020DC9482000-memory.dmp

            Filesize

            72KB

            Download

          • memory/1544-20-0x0000020DC8FD0000-0x0000020DC903A000-memory.dmp

            Filesize

            424KB

            Download

          • memory/1544-24-0x0000020DB0410000-0x0000020DB0436000-memory.dmp

            Filesize

            152KB

            Download

          • memory/1544-23-0x0000020DC9430000-0x0000020DC946A000-memory.dmp

            Filesize

            232KB

            Download

          • memory/1544-19-0x0000020DB0440000-0x0000020DB044A000-memory.dmp

            Filesize

            40KB

            Download

          • memory/3796-0-0x00007FF92AA33000-0x00007FF92AA35000-memory.dmp

            Filesize

            8KB

            Download

          • memory/3796-12-0x00007FF92AA30000-0x00007FF92B4F1000-memory.dmp

            Filesize

            10.8MB

            Download

          • memory/3796-8-0x000002B111C40000-0x000002B111C5E000-memory.dmp

            Filesize

            120KB

            Download

          • memory/3796-7-0x00007FF92AA30000-0x00007FF92B4F1000-memory.dmp

            Filesize

            10.8MB

            Download

          • memory/3796-6-0x000002B113460000-0x000002B1134D6000-memory.dmp

            Filesize

            472KB

            Download

          • memory/3796-1-0x000002B111280000-0x000002B111820000-memory.dmp

            Filesize

            5.6MB

            Download