3dfd22d098fbada464e9041e07272e15fd9ef7b87f2d92de0993ad3a378db469

Resubmissions

06/08/2024, 21:55

240806-1s6pba1hrm 3

06/08/2024, 21:55

240806-1sxfms1hqp 4

06/08/2024, 21:45

240806-1l7yssvgjc 3

Analysis

max time kernel
95s
max time network
119s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
06/08/2024, 21:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

customIY.js
Size

6KB
MD5

451a4a3c06bcf25e037333edfa261014
SHA1

a95e15d6a541e6873557ca46bd0f2d081bb408b1
SHA256

3dfd22d098fbada464e9041e07272e15fd9ef7b87f2d92de0993ad3a378db469
SHA512

394eb84276a1d85aed84982579ed58b7fab2587cd38f2f4cbc1f8e2cf9b22647ad0f4091d21d43670b875ce3dfe93757fdfa37bb0d2a835282460898ca0bc8f0
SSDEEP

96:R4jCOp4rHHevbeFF+oxu82/K18bU9bXyps:R4jCOGb+vbnVSibU9Ge

Score

3^/10

discovery execution

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2656	chrome.exe
2656	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2756	AcroRd32.exe

Suspicious use of AdjustPrivilegeToken 56 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
2756	AcroRd32.exe
2756	AcroRd32.exe
2756	AcroRd32.exe
2756	AcroRd32.exe
2756	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2656 wrote to memory of 2200	2656	chrome.exe	33
PID 2656 wrote to memory of 2200	2656	chrome.exe	33
PID 2656 wrote to memory of 2200	2656	chrome.exe	33
PID 2656 wrote to memory of 2316	2656	chrome.exe	35
PID 2656 wrote to memory of 2316	2656	chrome.exe	35
PID 2656 wrote to memory of 2316	2656	chrome.exe	35
PID 2656 wrote to memory of 2316	2656	chrome.exe	35
PID 2656 wrote to memory of 2316	2656	chrome.exe	35
PID 2656 wrote to memory of 2316	2656	chrome.exe	35
PID 2656 wrote to memory of 2316	2656	chrome.exe	35
PID 2656 wrote to memory of 2316	2656	chrome.exe	35
PID 2656 wrote to memory of 2316	2656	chrome.exe	35
PID 2656 wrote to memory of 2316	2656	chrome.exe	35
PID 2656 wrote to memory of 2316	2656	chrome.exe	35
PID 2656 wrote to memory of 2316	2656	chrome.exe	35
PID 2656 wrote to memory of 2316	2656	chrome.exe	35
PID 2656 wrote to memory of 2316	2656	chrome.exe	35
PID 2656 wrote to memory of 2316	2656	chrome.exe	35
PID 2656 wrote to memory of 2316	2656	chrome.exe	35
PID 2656 wrote to memory of 2316	2656	chrome.exe	35
PID 2656 wrote to memory of 2316	2656	chrome.exe	35
PID 2656 wrote to memory of 2316	2656	chrome.exe	35
PID 2656 wrote to memory of 2316	2656	chrome.exe	35
PID 2656 wrote to memory of 2316	2656	chrome.exe	35
PID 2656 wrote to memory of 2316	2656	chrome.exe	35
PID 2656 wrote to memory of 2316	2656	chrome.exe	35
PID 2656 wrote to memory of 2316	2656	chrome.exe	35
PID 2656 wrote to memory of 2316	2656	chrome.exe	35
PID 2656 wrote to memory of 2316	2656	chrome.exe	35
PID 2656 wrote to memory of 2316	2656	chrome.exe	35
PID 2656 wrote to memory of 2316	2656	chrome.exe	35
PID 2656 wrote to memory of 2316	2656	chrome.exe	35
PID 2656 wrote to memory of 2316	2656	chrome.exe	35
PID 2656 wrote to memory of 2316	2656	chrome.exe	35
PID 2656 wrote to memory of 2316	2656	chrome.exe	35
PID 2656 wrote to memory of 2316	2656	chrome.exe	35
PID 2656 wrote to memory of 2316	2656	chrome.exe	35
PID 2656 wrote to memory of 2316	2656	chrome.exe	35
PID 2656 wrote to memory of 2316	2656	chrome.exe	35
PID 2656 wrote to memory of 2316	2656	chrome.exe	35
PID 2656 wrote to memory of 2316	2656	chrome.exe	35
PID 2656 wrote to memory of 2316	2656	chrome.exe	35
PID 2656 wrote to memory of 2872	2656	chrome.exe	36
PID 2656 wrote to memory of 2872	2656	chrome.exe	36
PID 2656 wrote to memory of 2872	2656	chrome.exe	36
PID 2656 wrote to memory of 1868	2656	chrome.exe	37
PID 2656 wrote to memory of 1868	2656	chrome.exe	37
PID 2656 wrote to memory of 1868	2656	chrome.exe	37
PID 2656 wrote to memory of 1868	2656	chrome.exe	37
PID 2656 wrote to memory of 1868	2656	chrome.exe	37
PID 2656 wrote to memory of 1868	2656	chrome.exe	37
PID 2656 wrote to memory of 1868	2656	chrome.exe	37
PID 2656 wrote to memory of 1868	2656	chrome.exe	37
PID 2656 wrote to memory of 1868	2656	chrome.exe	37
PID 2656 wrote to memory of 1868	2656	chrome.exe	37
PID 2656 wrote to memory of 1868	2656	chrome.exe	37
PID 2656 wrote to memory of 1868	2656	chrome.exe	37
PID 2656 wrote to memory of 1868	2656	chrome.exe	37
PID 2656 wrote to memory of 1868	2656	chrome.exe	37
PID 2656 wrote to memory of 1868	2656	chrome.exe	37
PID 2656 wrote to memory of 1868	2656	chrome.exe	37
PID 2656 wrote to memory of 1868	2656	chrome.exe	37
PID 2656 wrote to memory of 1868	2656	chrome.exe	37
PID 2656 wrote to memory of 1868	2656	chrome.exe	37

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\customIY.js
1⤵
PID:1744

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2756

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6c19758,0x7fef6c19768,0x7fef6c19778
  2⤵
  PID:2200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1112 --field-trial-handle=1360,i,15311816872056110469,5278682629363731237,131072 /prefetch:2
  2⤵
  PID:2316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1508 --field-trial-handle=1360,i,15311816872056110469,5278682629363731237,131072 /prefetch:8
  2⤵
  PID:2872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1612 --field-trial-handle=1360,i,15311816872056110469,5278682629363731237,131072 /prefetch:8
  2⤵
  PID:1868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2280 --field-trial-handle=1360,i,15311816872056110469,5278682629363731237,131072 /prefetch:1
  2⤵
  PID:2404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2292 --field-trial-handle=1360,i,15311816872056110469,5278682629363731237,131072 /prefetch:1
  2⤵
  PID:1988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1376 --field-trial-handle=1360,i,15311816872056110469,5278682629363731237,131072 /prefetch:2
  2⤵
  PID:820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2256 --field-trial-handle=1360,i,15311816872056110469,5278682629363731237,131072 /prefetch:1
  2⤵
  PID:2032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3472 --field-trial-handle=1360,i,15311816872056110469,5278682629363731237,131072 /prefetch:1
  2⤵
  PID:1932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2516 --field-trial-handle=1360,i,15311816872056110469,5278682629363731237,131072 /prefetch:8
  2⤵
  PID:2640

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2092

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\52a9449d-364c-488e-a6cb-a22651b34fac.tmp

Filesize
309KB

MD5
4e9bcbe9d46f6f0acac4d9f046eb2ff6

SHA1
98b3a047731e4b866eb86e8f6dfe67f97ba888b7

SHA256
d0191cc739d074cfa757312f0be8ccdf05b072071353f6b32768b537da6cc069

SHA512
127e5368ad084b567f52cd78d35953adcf0538a5c5532ac01f6de065d65dc9465758179d1daf5507ca3b37d03fe35167d734bc0b052e8a3bf01956b412889916

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
304f6dca31b4ba923683ee10ea48120d

SHA1
652a42a5da651217bc68543ee5c30019905f4ec0

SHA256
7956e4bbc93041d681efef4488294e192b091f55d37f629195563b937be35ef9

SHA512
712c238d34bc1235c0b2b13b5cee6cffad4c288eef63fc8c4b66e1902aba040155f1d97890bab3bb493b9a7809d358d0d315cd6886b25862c117637f5b0321d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
a81bf54de999d7daa57a7d08392bc7e7

SHA1
c936050dd7151894b01a0b754a9e88202758fa7f

SHA256
a3f7d42405ab9d66a3bb3537ae539bf38e981d143ca1d23fbaddead1ebbb48ca

SHA512
31fd38ab408ff7b53b69b15db2c2b051924bf56de8ee1b35a674f1b8dc2b91265ad5d8088b523d5b1a82f5fbc7d91b4d8727e487be69ec5df72b72a581b03171

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
309KB

MD5
dc749655c1aa1bc6e3f077f93264ebbb

SHA1
93ded9f89d3a0fc4e8459dd6e22a0bed2ae3b85c

SHA256
94d729a843b9cb5459d20ba85434dce74a9653aacee9e5bc31240b3e06fd8ed8

SHA512
2992e6bb9a92eff20fe67c6270eea80598895bd6b98cb9c4e18884d34ad7d7e522869664d2ebaff9b82f1c261e96c92fb61ec4dc5e98d0b20407646336ecf445

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
8e360098ee1fda6db70efef446c6246b

SHA1
dc10fd3cd51e1dc7fe64a0cf9cca28cc1b275c65

SHA256
a9a041d65f2782384373cc54c0bc63e78fe3b9db6996ac8c0cb3835139885fbf

SHA512
7cc6d414e6d9689f72b9f50dfc15cb59e3bed0e7e1468eb038b8eb40da7c2a6ea0c6b0bf699f45a9f072a94234402fac2c5cd3ccd2ee63d6543211d9555b6f01

Download Submit
C:\Users\Public\Desktop\Adobe Reader 9.lnk

Filesize
1KB

MD5
a7b4cd0dfbe0018b7930a10837df358d

SHA1
3d7725423c6937a7a980f6ea585ae52b07062c76

SHA256
787c87a65c55bf4a1804eeceee24377a76298c9b61dc36e49f9d144316c034f2

SHA512
9fe01669fbe3d54672f2e7545d122c49a4af8b49b23ea72c3154bd3ff88fd242646297c6b596e870e07b3962111243bf7ef4b0fba5a2c905a636c0a9afba92de

Download Submit