4e3d0b4c2f15ad3709faf8eda116b8b116c938559b124269b73adf14ca6f24b5

Analysis

max time kernel
149s
max time network
139s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
22-09-2022 14:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

LEC_E1_220922102805-715_5Q78646-91540---_----------_1TWE635_Z89M0JUY.pdf
Size

201KB
MD5

d8d3b3f6a4cf503a0163a99470ea16f0
SHA1

2632a26ecefa97e689aa87eae01744fc7d0cd4dd
SHA256

4e3d0b4c2f15ad3709faf8eda116b8b116c938559b124269b73adf14ca6f24b5
SHA512

a531cbf9cf9f83738fb96cf80dde798c78bbbb64acb161a1d4a341b55629e0ea2e25158dd4791efd58fdd7a6b0342823059a549dbc7d7bd3e73e26612a96f454
SSDEEP

6144:k9dwT/TUxnp6CHxrKDDg3QmVcUp4qeOzRNK:kL9ppKDAcUmqeOzRNK

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

AcroRd32.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

Processes:

AcroRd32.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies registry class 1 IoCs

Processes:

AdobeCollabSync.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\MuiCache AdobeCollabSync.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\MuiCache	AdobeCollabSync.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

Processes:

AcroRd32.exe

pid	process
2976	AcroRd32.exe
2976	AcroRd32.exe
2976	AcroRd32.exe
2976	AcroRd32.exe
2976	AcroRd32.exe
2976	AcroRd32.exe
2976	AcroRd32.exe
2976	AcroRd32.exe
2976	AcroRd32.exe
2976	AcroRd32.exe
2976	AcroRd32.exe
2976	AcroRd32.exe
2976	AcroRd32.exe
2976	AcroRd32.exe
2976	AcroRd32.exe
2976	AcroRd32.exe
2976	AcroRd32.exe
2976	AcroRd32.exe
2976	AcroRd32.exe
2976	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

AcroRd32.exe

pid process

2976 AcroRd32.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

AcroRd32.exe

pid process

2976 AcroRd32.exe
2976 AcroRd32.exe
2976 AcroRd32.exe
2976 AcroRd32.exe
2976 AcroRd32.exe
2976 AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

AcroRd32.exeAdobeCollabSync.exeAdobeCollabSync.exeRdrCEF.exe

description	pid	process	target process
PID 2976 wrote to memory of 3416	2976	AcroRd32.exe	AdobeCollabSync.exe
PID 2976 wrote to memory of 3416	2976	AcroRd32.exe	AdobeCollabSync.exe
PID 2976 wrote to memory of 3416	2976	AcroRd32.exe	AdobeCollabSync.exe
PID 3416 wrote to memory of 4564	3416	AdobeCollabSync.exe	AdobeCollabSync.exe
PID 3416 wrote to memory of 4564	3416	AdobeCollabSync.exe	AdobeCollabSync.exe
PID 3416 wrote to memory of 4564	3416	AdobeCollabSync.exe	AdobeCollabSync.exe
PID 4564 wrote to memory of 1396	4564	AdobeCollabSync.exe	FullTrustNotifier.exe
PID 4564 wrote to memory of 1396	4564	AdobeCollabSync.exe	FullTrustNotifier.exe
PID 4564 wrote to memory of 1396	4564	AdobeCollabSync.exe	FullTrustNotifier.exe
PID 2976 wrote to memory of 204	2976	AcroRd32.exe	RdrCEF.exe
PID 2976 wrote to memory of 204	2976	AcroRd32.exe	RdrCEF.exe
PID 2976 wrote to memory of 204	2976	AcroRd32.exe	RdrCEF.exe
PID 204 wrote to memory of 1944	204	RdrCEF.exe	RdrCEF.exe
PID 204 wrote to memory of 1944	204	RdrCEF.exe	RdrCEF.exe
PID 204 wrote to memory of 1944	204	RdrCEF.exe	RdrCEF.exe
PID 204 wrote to memory of 1944	204	RdrCEF.exe	RdrCEF.exe
PID 204 wrote to memory of 1944	204	RdrCEF.exe	RdrCEF.exe
PID 204 wrote to memory of 1944	204	RdrCEF.exe	RdrCEF.exe
PID 204 wrote to memory of 1944	204	RdrCEF.exe	RdrCEF.exe
PID 204 wrote to memory of 1944	204	RdrCEF.exe	RdrCEF.exe
PID 204 wrote to memory of 1944	204	RdrCEF.exe	RdrCEF.exe
PID 204 wrote to memory of 1944	204	RdrCEF.exe	RdrCEF.exe
PID 204 wrote to memory of 1944	204	RdrCEF.exe	RdrCEF.exe
PID 204 wrote to memory of 1944	204	RdrCEF.exe	RdrCEF.exe
PID 204 wrote to memory of 1944	204	RdrCEF.exe	RdrCEF.exe
PID 204 wrote to memory of 1944	204	RdrCEF.exe	RdrCEF.exe
PID 204 wrote to memory of 1944	204	RdrCEF.exe	RdrCEF.exe
PID 204 wrote to memory of 1944	204	RdrCEF.exe	RdrCEF.exe
PID 204 wrote to memory of 1944	204	RdrCEF.exe	RdrCEF.exe
PID 204 wrote to memory of 1944	204	RdrCEF.exe	RdrCEF.exe
PID 204 wrote to memory of 1944	204	RdrCEF.exe	RdrCEF.exe
PID 204 wrote to memory of 1944	204	RdrCEF.exe	RdrCEF.exe
PID 204 wrote to memory of 1944	204	RdrCEF.exe	RdrCEF.exe
PID 204 wrote to memory of 1944	204	RdrCEF.exe	RdrCEF.exe
PID 204 wrote to memory of 1944	204	RdrCEF.exe	RdrCEF.exe
PID 204 wrote to memory of 1944	204	RdrCEF.exe	RdrCEF.exe
PID 204 wrote to memory of 1944	204	RdrCEF.exe	RdrCEF.exe
PID 204 wrote to memory of 1944	204	RdrCEF.exe	RdrCEF.exe
PID 204 wrote to memory of 1944	204	RdrCEF.exe	RdrCEF.exe
PID 204 wrote to memory of 1944	204	RdrCEF.exe	RdrCEF.exe
PID 204 wrote to memory of 1944	204	RdrCEF.exe	RdrCEF.exe
PID 204 wrote to memory of 1944	204	RdrCEF.exe	RdrCEF.exe
PID 204 wrote to memory of 1944	204	RdrCEF.exe	RdrCEF.exe
PID 204 wrote to memory of 1944	204	RdrCEF.exe	RdrCEF.exe
PID 204 wrote to memory of 1944	204	RdrCEF.exe	RdrCEF.exe
PID 204 wrote to memory of 1944	204	RdrCEF.exe	RdrCEF.exe
PID 204 wrote to memory of 1944	204	RdrCEF.exe	RdrCEF.exe
PID 204 wrote to memory of 1944	204	RdrCEF.exe	RdrCEF.exe
PID 204 wrote to memory of 1944	204	RdrCEF.exe	RdrCEF.exe
PID 204 wrote to memory of 1944	204	RdrCEF.exe	RdrCEF.exe
PID 204 wrote to memory of 1944	204	RdrCEF.exe	RdrCEF.exe
PID 204 wrote to memory of 1944	204	RdrCEF.exe	RdrCEF.exe
PID 204 wrote to memory of 1944	204	RdrCEF.exe	RdrCEF.exe
PID 204 wrote to memory of 3492	204	RdrCEF.exe	RdrCEF.exe
PID 204 wrote to memory of 3492	204	RdrCEF.exe	RdrCEF.exe
PID 204 wrote to memory of 3492	204	RdrCEF.exe	RdrCEF.exe
PID 204 wrote to memory of 3492	204	RdrCEF.exe	RdrCEF.exe
PID 204 wrote to memory of 3492	204	RdrCEF.exe	RdrCEF.exe
PID 204 wrote to memory of 3492	204	RdrCEF.exe	RdrCEF.exe
PID 204 wrote to memory of 3492	204	RdrCEF.exe	RdrCEF.exe
PID 204 wrote to memory of 3492	204	RdrCEF.exe	RdrCEF.exe
PID 204 wrote to memory of 3492	204	RdrCEF.exe	RdrCEF.exe
PID 204 wrote to memory of 3492	204	RdrCEF.exe	RdrCEF.exe
PID 204 wrote to memory of 3492	204	RdrCEF.exe	RdrCEF.exe

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\LEC_E1_220922102805-715_5Q78646-91540---_----------_1TWE635_Z89M0JUY.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2976

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" -c
2⤵
- Suspicious use of WriteProcessMemory
PID:3416

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" -c --type=collab-renderer --proc=3416
3⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:4564

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe" GetChannelUri
4⤵
PID:1396

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
2⤵
- Suspicious use of WriteProcessMemory
PID:204

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=12AB5100BC30A8CD552120F33C885A6E --mojo-platform-channel-handle=1608 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:1944

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=7093F276FF59B0152430DBEDFF3CEDEB --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=7093F276FF59B0152430DBEDFF3CEDEB --renderer-client-id=2 --mojo-platform-channel-handle=1616 --allow-no-sandbox-job /prefetch:1
3⤵
PID:3492

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=FE26E0F20B86302119AE3A11DC3778D7 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=FE26E0F20B86302119AE3A11DC3778D7 --renderer-client-id=4 --mojo-platform-channel-handle=2072 --allow-no-sandbox-job /prefetch:1
3⤵
PID:1976

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=451B05179D38782B6104849D02FD42EE --mojo-platform-channel-handle=2552 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:3852

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=3F52F064D39FB9F44E7E5B218C9ABB43 --mojo-platform-channel-handle=2728 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:4928

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=57474E776A52A792A49256DBAA482232 --mojo-platform-channel-handle=2688 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:1240

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer
Filesize
92KB

MD5
245950c48f668cf2fcb3c64778e64089

SHA1
3a5a14c820f58e35a3fc6f5de29669f0840587d8

SHA256
a027cf12f2055635a3020f08e0448b2f0314791260ccd25570426088c5b0e307

SHA512
4fc8448536663b551cc716d78715f06d4ed217fbdf755924f0b30aebbb6212798a61c6638f919d5c14bdb6998d6a12f0ca37281f3c7f484c1821fbfc98d4a24d

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer
Filesize
92KB

MD5
aebe0d2eb7a2077a55e57a955e62406a

SHA1
3f811b8148f12220f4b45699135e6d21c9847d8a

SHA256
87aa4c64348b534771f03919b5bdca09596e89f6e0cca0a992bb3d290ec4155a

SHA512
efa1b082925a4e478fcea74764bbacb91d43da8c01c4b360a34e6f7402af23f91c93b5e91c6266120e144b5300e8dae73a62a7b6d7c4328410128f6a72a7baed

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer
Filesize
92KB

MD5
6c7cb81175fee275238949eddd356c18

SHA1
b0b1756ec87c5755cd222b4d543b212293e76659

SHA256
433d05d37b15338655bea54efe6d5598f1532d11d4b30a80207c9bc13cf01d3b

SHA512
d7e78c404ebd407821679357991c5ac2f86325618e28de6172ed9728c279ac65e7b039b5596d4f97be20eed0e3b7ce2c5681138c6b1bc301275060bc2c1a3bff

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer
Filesize
92KB

MD5
76150605a80e58c4aa62ca4a391ebc50

SHA1
4389de915da88ac330ff5b80d9e023db0934f2e4

SHA256
06b387723d0f6b25ec3143ec3f65e74e7ec984426eba5c87ad453fd07f0418bc

SHA512
bbe13ccd2b06208695234cacb50b3f84d8c812af47214c10873d1247609036cb82a08c8b33e2e8c96edd6243ff41fe5a98551404f02dd276667814f055835838

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\resources\resource-18
Filesize
3.1MB

MD5
0120fbae78976275cc29d2e4db6ddef4

SHA1
333fd8932e397f56f540e9aac16335d521cf980e

SHA256
7230f5cef1b2dbfe0e1a5758a76b55bba2dd7407b9d601f32566b674307c04fd

SHA512
d7bafe0ba2b3194d899c19111f1b7d24d7e76ebe5049374c7c507e29946d4043f2cf3b7c84cb5f9a04fcfd0dd38c9566b89ef0fca5261f6aa3212e4e22355929

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
Filesize
4KB

MD5
f7dcb24540769805e5bb30d193944dce

SHA1
e26c583c562293356794937d9e2e6155d15449ee

SHA256
6b88c6ac55bbd6fea0ebe5a760d1ad2cfce251c59d0151a1400701cb927e36ea

SHA512
cb5ad678b0ef642bf492f32079fe77e8be20c02de267f04b545df346b25f3e4eb98bb568c4c2c483bb88f7d1826863cb515b570d620766e52476c8ee2931ea94

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
Filesize
471B

MD5
c3598150f5d62d292a6f97e67828cf0b

SHA1
26b074167f416004366196ff5b54edab5660464d

SHA256
9de672280fe18a8d8a25ca8d32ccaec43d97e3ca1ed52a16f9254c58608f547e

SHA512
f128eb5b4727131d9c2debf104a9b79744a3edc3b61639eee69d5a067530d546744f0ab52ca59979aa45feb55438242d0c83e31a84d859924dbd477f7082ad00

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
Filesize
340B

MD5
b8b426e4a64bec86e2a975a6e8ca6653

SHA1
8d92e885b73dbe704a610ff7c22b0a815c211122

SHA256
9109f855856221f77d8c38c98d0594f8b603d561880c23cffb8cf5da1063a96b

SHA512
6d3711cce336bc63fe4351d2fd739230256c00f4ae81537eaedd9075e3ba71486adcdf92196b3debcddba361fa1c8705f5fbac4cefd7e064435bea9bbf6448a9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
Filesize
400B

MD5
ed059dede92d38c622abacc942342c32

SHA1
a7cdd2550d31ae14501595a7160cef7dfc0e238a

SHA256
5ad723a06d5bde9f33c874602513ef7e352d9a925ff5b90f7c0e745f26c724cb

SHA512
5df23fd009351a1f29f1181ccc73e9dc0da6d9dba2b28b642f0010f4bbd92b0b3db73641831ae3544eaa187e14860ef25f6099749acee51e62f88ba3ff7c119e

Download Submit
memory/204-444-0x0000000000000000-mapping.dmp

Download
memory/1240-995-0x0000000000000000-mapping.dmp

Download
memory/1396-409-0x0000000000000000-mapping.dmp

Download
memory/1944-556-0x0000000000000000-mapping.dmp

Download
memory/1976-594-0x0000000000000000-mapping.dmp

Download
memory/2976-154-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/2976-149-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/2976-127-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/2976-128-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/2976-129-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/2976-130-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/2976-131-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/2976-132-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/2976-133-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/2976-134-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/2976-135-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/2976-136-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/2976-137-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/2976-138-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/2976-139-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/2976-140-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/2976-141-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/2976-142-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/2976-143-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/2976-144-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/2976-145-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/2976-147-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/2976-148-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/2976-150-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/2976-151-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/2976-153-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/2976-125-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/2976-156-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/2976-158-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/2976-159-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/2976-161-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/2976-160-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/2976-157-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/2976-155-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/2976-152-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/2976-126-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/2976-146-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/2976-162-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/2976-163-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/2976-164-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/2976-165-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/2976-166-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/2976-167-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/2976-168-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/2976-169-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/2976-170-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/2976-172-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/2976-173-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/2976-171-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/2976-174-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/2976-175-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/2976-176-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/2976-124-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/2976-123-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/2976-122-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/2976-121-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/2976-120-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/2976-119-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/2976-118-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/2976-177-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/2976-178-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/2976-179-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/2976-116-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/2976-117-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/3416-256-0x0000000000000000-mapping.dmp

Download
memory/3492-571-0x0000000000000000-mapping.dmp

Download
memory/3852-812-0x0000000000000000-mapping.dmp

Download
memory/4564-306-0x0000000000000000-mapping.dmp

Download
memory/4928-904-0x0000000000000000-mapping.dmp

Download