9dd7771b4d3b433189f5dbac36fa540c4d50fc9c2dd3c838d7bd3eb496ac08fc

Analysis

max time kernel
150s
max time network
133s
platform
windows10-2004_x64
resource
win10v2004-20230221-en
resource tags

arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
submitted
28-02-2023 22:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

증명서발급및인쇄_20230227_114616.pdf
Size

599KB
MD5

8666817d3fbd798072137fa8af8ac7e8
SHA1

b9bdb34fc6f5c844fd2785601442127d8bac6524
SHA256

9dd7771b4d3b433189f5dbac36fa540c4d50fc9c2dd3c838d7bd3eb496ac08fc
SHA512

f5e7e6ea45865d6cb70ebae7a52e3a6de179714996f20decfe9770ce7cb093ed6d66887b61201df6b8ff43fd35ddbc5cd87c87731c28e3d36da3d802c8cd7b30
SSDEEP

12288:P4CpZSxBb8NnseHPWeO2oLPv0HAfAat6YK7QL3L:F/S7bgke0LPsgfAC6FsL7

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\MuiCache	AdobeCollabSync.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
4144	AcroRd32.exe
4144	AcroRd32.exe
4144	AcroRd32.exe
4144	AcroRd32.exe
4144	AcroRd32.exe
4144	AcroRd32.exe
4144	AcroRd32.exe
4144	AcroRd32.exe
4144	AcroRd32.exe
4144	AcroRd32.exe
4144	AcroRd32.exe
4144	AcroRd32.exe
4144	AcroRd32.exe
4144	AcroRd32.exe
4144	AcroRd32.exe
4144	AcroRd32.exe
4144	AcroRd32.exe
4144	AcroRd32.exe
4144	AcroRd32.exe
4144	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4144	AcroRd32.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
4144	AcroRd32.exe
4144	AcroRd32.exe
4144	AcroRd32.exe
4144	AcroRd32.exe
4144	AcroRd32.exe
4144	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4144 wrote to memory of 1620	4144	AcroRd32.exe	86
PID 4144 wrote to memory of 1620	4144	AcroRd32.exe	86
PID 4144 wrote to memory of 1620	4144	AcroRd32.exe	86
PID 1620 wrote to memory of 100	1620	AdobeCollabSync.exe	87
PID 1620 wrote to memory of 100	1620	AdobeCollabSync.exe	87
PID 1620 wrote to memory of 100	1620	AdobeCollabSync.exe	87
PID 100 wrote to memory of 1048	100	AdobeCollabSync.exe	93
PID 100 wrote to memory of 1048	100	AdobeCollabSync.exe	93
PID 100 wrote to memory of 1048	100	AdobeCollabSync.exe	93
PID 4144 wrote to memory of 5036	4144	AcroRd32.exe	98
PID 4144 wrote to memory of 5036	4144	AcroRd32.exe	98
PID 4144 wrote to memory of 5036	4144	AcroRd32.exe	98
PID 5036 wrote to memory of 1756	5036	RdrCEF.exe	99
PID 5036 wrote to memory of 1756	5036	RdrCEF.exe	99
PID 5036 wrote to memory of 1756	5036	RdrCEF.exe	99
PID 5036 wrote to memory of 1756	5036	RdrCEF.exe	99
PID 5036 wrote to memory of 1756	5036	RdrCEF.exe	99
PID 5036 wrote to memory of 1756	5036	RdrCEF.exe	99
PID 5036 wrote to memory of 1756	5036	RdrCEF.exe	99
PID 5036 wrote to memory of 1756	5036	RdrCEF.exe	99
PID 5036 wrote to memory of 1756	5036	RdrCEF.exe	99
PID 5036 wrote to memory of 1756	5036	RdrCEF.exe	99
PID 5036 wrote to memory of 1756	5036	RdrCEF.exe	99
PID 5036 wrote to memory of 1756	5036	RdrCEF.exe	99
PID 5036 wrote to memory of 1756	5036	RdrCEF.exe	99
PID 5036 wrote to memory of 1756	5036	RdrCEF.exe	99
PID 5036 wrote to memory of 1756	5036	RdrCEF.exe	99
PID 5036 wrote to memory of 1756	5036	RdrCEF.exe	99
PID 5036 wrote to memory of 1756	5036	RdrCEF.exe	99
PID 5036 wrote to memory of 1756	5036	RdrCEF.exe	99
PID 5036 wrote to memory of 1756	5036	RdrCEF.exe	99
PID 5036 wrote to memory of 1756	5036	RdrCEF.exe	99
PID 5036 wrote to memory of 1756	5036	RdrCEF.exe	99
PID 5036 wrote to memory of 1756	5036	RdrCEF.exe	99
PID 5036 wrote to memory of 1756	5036	RdrCEF.exe	99
PID 5036 wrote to memory of 1756	5036	RdrCEF.exe	99
PID 5036 wrote to memory of 1756	5036	RdrCEF.exe	99
PID 5036 wrote to memory of 1756	5036	RdrCEF.exe	99
PID 5036 wrote to memory of 1756	5036	RdrCEF.exe	99
PID 5036 wrote to memory of 1756	5036	RdrCEF.exe	99
PID 5036 wrote to memory of 1756	5036	RdrCEF.exe	99
PID 5036 wrote to memory of 1756	5036	RdrCEF.exe	99
PID 5036 wrote to memory of 1756	5036	RdrCEF.exe	99
PID 5036 wrote to memory of 1756	5036	RdrCEF.exe	99
PID 5036 wrote to memory of 1756	5036	RdrCEF.exe	99
PID 5036 wrote to memory of 1756	5036	RdrCEF.exe	99
PID 5036 wrote to memory of 1756	5036	RdrCEF.exe	99
PID 5036 wrote to memory of 1756	5036	RdrCEF.exe	99
PID 5036 wrote to memory of 1756	5036	RdrCEF.exe	99
PID 5036 wrote to memory of 1756	5036	RdrCEF.exe	99
PID 5036 wrote to memory of 1756	5036	RdrCEF.exe	99
PID 5036 wrote to memory of 1756	5036	RdrCEF.exe	99
PID 5036 wrote to memory of 1756	5036	RdrCEF.exe	99
PID 5036 wrote to memory of 800	5036	RdrCEF.exe	100
PID 5036 wrote to memory of 800	5036	RdrCEF.exe	100
PID 5036 wrote to memory of 800	5036	RdrCEF.exe	100
PID 5036 wrote to memory of 800	5036	RdrCEF.exe	100
PID 5036 wrote to memory of 800	5036	RdrCEF.exe	100
PID 5036 wrote to memory of 800	5036	RdrCEF.exe	100
PID 5036 wrote to memory of 800	5036	RdrCEF.exe	100
PID 5036 wrote to memory of 800	5036	RdrCEF.exe	100
PID 5036 wrote to memory of 800	5036	RdrCEF.exe	100
PID 5036 wrote to memory of 800	5036	RdrCEF.exe	100
PID 5036 wrote to memory of 800	5036	RdrCEF.exe	100

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\증명서발급및인쇄_20230227_114616.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4144
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" -c
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1620
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" -c --type=collab-renderer --proc=1620
    3⤵
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:100
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe" GetChannelUri
      4⤵
      PID:1048
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:5036
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=493309D95F6A1DF0AB64CFD339C2D7B6 --mojo-platform-channel-handle=1724 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1756
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=DDAAB675FE291244269A177A96A8B0FA --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=DDAAB675FE291244269A177A96A8B0FA --renderer-client-id=2 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:800
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=9C89853AF549C8EBC81BE3E185625147 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=9C89853AF549C8EBC81BE3E185625147 --renderer-client-id=4 --mojo-platform-channel-handle=2300 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:2828
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=D077D1FD6EE8AEE930DE741D0A1CE25B --mojo-platform-channel-handle=2440 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4360
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=62C287F9A8E343248C0CAABDBF7C9634 --mojo-platform-channel-handle=2588 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2136
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=DFF75782F9A94148DA104BEB288E7035 --mojo-platform-channel-handle=2120 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4956

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1308

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
36KB

MD5
b30d3becc8731792523d599d949e63f5

SHA1
19350257e42d7aee17fb3bf139a9d3adb330fad4

SHA256
b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3

SHA512
523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
56KB

MD5
752a1f26b18748311b691c7d8fc20633

SHA1
c1f8e83eebc1cc1e9b88c773338eb09ff82ab862

SHA256
111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131

SHA512
a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
d57e5f2d9fc460173bba9ef2ab891fd4

SHA1
ca5a3c44f4c02579a16b8d99b27188a37e43fa25

SHA256
4a8a3c4c9335c27af4329053c2ca8f421fc986f4ef869ebaf1283583b67411b2

SHA512
9a8664d1d856939403ae73554d5e14672a915abdc835c8cc5117877f3eec132319344d1a0bee20badab7d22db98846f13f8bff7e7613822da0de1fdc4b0d247b

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

Filesize
92KB

MD5
245950c48f668cf2fcb3c64778e64089

SHA1
3a5a14c820f58e35a3fc6f5de29669f0840587d8

SHA256
a027cf12f2055635a3020f08e0448b2f0314791260ccd25570426088c5b0e307

SHA512
4fc8448536663b551cc716d78715f06d4ed217fbdf755924f0b30aebbb6212798a61c6638f919d5c14bdb6998d6a12f0ca37281f3c7f484c1821fbfc98d4a24d

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

Filesize
92KB

MD5
245950c48f668cf2fcb3c64778e64089

SHA1
3a5a14c820f58e35a3fc6f5de29669f0840587d8

SHA256
a027cf12f2055635a3020f08e0448b2f0314791260ccd25570426088c5b0e307

SHA512
4fc8448536663b551cc716d78715f06d4ed217fbdf755924f0b30aebbb6212798a61c6638f919d5c14bdb6998d6a12f0ca37281f3c7f484c1821fbfc98d4a24d

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

Filesize
92KB

MD5
aebe0d2eb7a2077a55e57a955e62406a

SHA1
3f811b8148f12220f4b45699135e6d21c9847d8a

SHA256
87aa4c64348b534771f03919b5bdca09596e89f6e0cca0a992bb3d290ec4155a

SHA512
efa1b082925a4e478fcea74764bbacb91d43da8c01c4b360a34e6f7402af23f91c93b5e91c6266120e144b5300e8dae73a62a7b6d7c4328410128f6a72a7baed

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

Filesize
92KB

MD5
17313385907a2ed9960405a1a9350db4

SHA1
f400cd783f22a4faee9098af43b7820ebd8314f4

SHA256
e3e8f90c5ac458101e1f53b4a63084843bd7f032c5596156af04ac2194877d73

SHA512
4495e7d8ca6bbb8e306f88071903849439e627035af8f9b97c7122d54574cbe6d070b61f3485cbdb3014a1d6c31b76745b7d95b4ca9078437770e0b3d744c997

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

Filesize
92KB

MD5
129f5a960e055a2690eb552bb40758aa

SHA1
9d7558d3031ef3a3b868c5dfcb64f0ebf3e23a50

SHA256
0272148d36143a6ac84c19b960d0bc474e68a500c0ce8b59b36d47487afee228

SHA512
264e34cacd6035221cbe75329028878e211af7a40272cf476fd648209205410f087cefdfc94071a19d617391b13bb4b6fb8e9a7f84543a6785565cdc5d3c34c3

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

Filesize
92KB

MD5
1dff5543b5e2323f2a0eda655c28eef7

SHA1
39fe01f8ce517d07f33e7d8fdbd5714a33b9f01a

SHA256
49a9621de35c43668a0c872cf08c9eb8b679d82c3a692ddff55709d0a99dbe86

SHA512
12eb6cefe25ef3863970eec2dadb06246ecd57df518318d4ea552e0739ebb09ecfcd37f4ae9d1d03f4b9e678d1b5315d03b116480f41c162efeeb2c73275367b

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

Filesize
92KB

MD5
1dff5543b5e2323f2a0eda655c28eef7

SHA1
39fe01f8ce517d07f33e7d8fdbd5714a33b9f01a

SHA256
49a9621de35c43668a0c872cf08c9eb8b679d82c3a692ddff55709d0a99dbe86

SHA512
12eb6cefe25ef3863970eec2dadb06246ecd57df518318d4ea552e0739ebb09ecfcd37f4ae9d1d03f4b9e678d1b5315d03b116480f41c162efeeb2c73275367b

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\resources\resource-18

Filesize
3.2MB

MD5
218d5dd24c34779d0e49864bccf4da55

SHA1
044e72209372a8e1252190d916faa37c17ba3e48

SHA256
4e03ea3c450c2572c53c206744afe02b30dc26b6708911cb187b86188489b383

SHA512
0620f8ec70bb5af163e43fbb557d72e8973221fab0d5833c7ba0ea533d1d95359ce71cffa6d14a518a061f543c22c3012e386413498d5d693ff0093efdd5cb89

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\resources\resource-18

Filesize
3.2MB

MD5
218d5dd24c34779d0e49864bccf4da55

SHA1
044e72209372a8e1252190d916faa37c17ba3e48

SHA256
4e03ea3c450c2572c53c206744afe02b30dc26b6708911cb187b86188489b383

SHA512
0620f8ec70bb5af163e43fbb557d72e8973221fab0d5833c7ba0ea533d1d95359ce71cffa6d14a518a061f543c22c3012e386413498d5d693ff0093efdd5cb89

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
471B

MD5
e10b0af002fe9e4491856a0b32f32ec3

SHA1
79c62e93149ffd99f8f5fe27feab734b85ffd240

SHA256
59d2ed1c1a5cb926efc23e930ace78e34bb8ad387625978c56c47108ab025e7e

SHA512
31fd1abccf0b0a2cae442af4ff6bb34df043be572258e5ee1c9d8650447b6f4191a7d332fbbb593eb85801f472f56b4359485adcccbf312fe45057dea48c7c3b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
430B

MD5
5c787aef6d5855ce5802a77cd98726ad

SHA1
1ef1d968eabde3bca55ac235e8ed2f8e32024482

SHA256
b8dc0d0e1df8483d722fce5692f47843cc8fd752c041c52a0487f16e373b4484

SHA512
e1364e356b49ddbb03cf64e8b77dd268e1c99cd3eba3422c5efff4b09379eed4e274066603fbfa97554afdb86482ddaa576d57ebec6d6f9422bb46cb7c186a19

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Filesize
12KB

MD5
ff6abed50d3f39e2cbec87d9bccb577d

SHA1
6ebadeb674b23f249e5e3c309f78d812cb98df97

SHA256
7a7fc04f11a9592801a7a416fa126fc3ce4bacc2fc52b7eee84d31a604e58036

SHA512
6e82e15ccae1239d9bfa19fd2882e978a3463eb20f518821375b5520fc9ef5da9e64f29738c19ad34041358ca010f87590454ec0bb5265bcf02f15717a9be487

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata

Filesize
14KB

MD5
947f93fe0eed44767626846f28cfde05

SHA1
f6276d2a2b4a9d8a8e23c84019cd3961e9d60e88

SHA256
06a576fc14e995c437b26c0d150b4e84cd745e7cedfd972a84b42b51c842fc9b

SHA512
f97739eb0d22a99b06ef340aefb0d5a5b45b679d28accff3de2565166392c7d2fabaa33f945696f7d456ba2ef323f48e43eb26578f71c8b2e8ed32fb4dc69bc9

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata

Filesize
4.6MB

MD5
3cc0323dd54c56dfe247dc76e67744f9

SHA1
c9521e254ce69028deae40f7dee6c72614ff1d61

SHA256
c81818fea923a446dc6b6fa3e7f0f9e33fe43d2087ed2e1c956ff21981b40ef8

SHA512
21866d2ca0afa497c31d841c87473802763ee9932f80e5230ebf205d8ba5ac46512a1e326bfcb8164d06abc2bacf4f20aaa3a48ad9a0dd6d9d059b39613b0500

Download Submit
memory/4144-396-0x000000000F8A0000-0x000000000F8CA000-memory.dmp

Filesize
168KB

Download