10ea410ada8d7ec980f91bef5189c5d588951385361874571ac0d27b08546df8

Analysis

max time kernel
145s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
19-07-2023 02:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

IVCA - BR Issuer Profile Form.pdf
Size

1.9MB
MD5

ebed50c8d175e3cc5292ee96f37f5df9
SHA1

15019482951107cf78637c429809002c40cb40bf
SHA256

07ef735a9e742b42d50939ad4d43a25d85377ce02623f838caaf14dd32874ced
SHA512

07effd12175f1c991dd617e7aebed3e021e279ae7763fe91b7be380b2cafc6ee609ddebd3e42723ed498b50b77fd06bdb0b6271ff1c03162d1b6409b6ff9facd
SSDEEP

49152:Xx/e4P+uGD6pa8t6u0ep+69iub0IGzlQL5nyryZTTggV5z:XxbGD69t6uvpkG0IOl3ry1TpV5z

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000_Classes\Local Settings\MuiCache	AdobeCollabSync.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
3628	AcroRd32.exe
3628	AcroRd32.exe
3628	AcroRd32.exe
3628	AcroRd32.exe
3628	AcroRd32.exe
3628	AcroRd32.exe
3628	AcroRd32.exe
3628	AcroRd32.exe
3628	AcroRd32.exe
3628	AcroRd32.exe
3628	AcroRd32.exe
3628	AcroRd32.exe
3628	AcroRd32.exe
3628	AcroRd32.exe
3628	AcroRd32.exe
3628	AcroRd32.exe
3628	AcroRd32.exe
3628	AcroRd32.exe
3628	AcroRd32.exe
3628	AcroRd32.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
4036	AdobeCollabSync.exe
3628	AcroRd32.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
4036	AdobeCollabSync.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
3628	AcroRd32.exe
3628	AcroRd32.exe
3628	AcroRd32.exe
3628	AcroRd32.exe
3628	AcroRd32.exe
3628	AcroRd32.exe
3628	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3628 wrote to memory of 2976	3628	AcroRd32.exe	90
PID 3628 wrote to memory of 2976	3628	AcroRd32.exe	90
PID 3628 wrote to memory of 2976	3628	AcroRd32.exe	90
PID 2976 wrote to memory of 1528	2976	AdobeCollabSync.exe	91
PID 2976 wrote to memory of 1528	2976	AdobeCollabSync.exe	91
PID 2976 wrote to memory of 1528	2976	AdobeCollabSync.exe	91
PID 3628 wrote to memory of 4036	3628	AcroRd32.exe	92
PID 3628 wrote to memory of 4036	3628	AcroRd32.exe	92
PID 3628 wrote to memory of 4036	3628	AcroRd32.exe	92
PID 4036 wrote to memory of 2800	4036	AdobeCollabSync.exe	93
PID 4036 wrote to memory of 2800	4036	AdobeCollabSync.exe	93
PID 4036 wrote to memory of 2800	4036	AdobeCollabSync.exe	93
PID 1528 wrote to memory of 736	1528	AdobeCollabSync.exe	97
PID 1528 wrote to memory of 736	1528	AdobeCollabSync.exe	97
PID 1528 wrote to memory of 736	1528	AdobeCollabSync.exe	97
PID 3628 wrote to memory of 1948	3628	AcroRd32.exe	98
PID 3628 wrote to memory of 1948	3628	AcroRd32.exe	98
PID 3628 wrote to memory of 1948	3628	AcroRd32.exe	98
PID 1948 wrote to memory of 232	1948	RdrCEF.exe	99
PID 1948 wrote to memory of 232	1948	RdrCEF.exe	99
PID 1948 wrote to memory of 232	1948	RdrCEF.exe	99
PID 1948 wrote to memory of 232	1948	RdrCEF.exe	99
PID 1948 wrote to memory of 232	1948	RdrCEF.exe	99
PID 1948 wrote to memory of 232	1948	RdrCEF.exe	99
PID 1948 wrote to memory of 232	1948	RdrCEF.exe	99
PID 1948 wrote to memory of 232	1948	RdrCEF.exe	99
PID 1948 wrote to memory of 232	1948	RdrCEF.exe	99
PID 1948 wrote to memory of 232	1948	RdrCEF.exe	99
PID 1948 wrote to memory of 232	1948	RdrCEF.exe	99
PID 1948 wrote to memory of 232	1948	RdrCEF.exe	99
PID 1948 wrote to memory of 232	1948	RdrCEF.exe	99
PID 1948 wrote to memory of 232	1948	RdrCEF.exe	99
PID 1948 wrote to memory of 232	1948	RdrCEF.exe	99
PID 1948 wrote to memory of 232	1948	RdrCEF.exe	99
PID 1948 wrote to memory of 232	1948	RdrCEF.exe	99
PID 1948 wrote to memory of 232	1948	RdrCEF.exe	99
PID 1948 wrote to memory of 232	1948	RdrCEF.exe	99
PID 1948 wrote to memory of 232	1948	RdrCEF.exe	99
PID 1948 wrote to memory of 232	1948	RdrCEF.exe	99
PID 1948 wrote to memory of 232	1948	RdrCEF.exe	99
PID 1948 wrote to memory of 232	1948	RdrCEF.exe	99
PID 1948 wrote to memory of 232	1948	RdrCEF.exe	99
PID 1948 wrote to memory of 232	1948	RdrCEF.exe	99
PID 1948 wrote to memory of 232	1948	RdrCEF.exe	99
PID 1948 wrote to memory of 232	1948	RdrCEF.exe	99
PID 1948 wrote to memory of 232	1948	RdrCEF.exe	99
PID 1948 wrote to memory of 232	1948	RdrCEF.exe	99
PID 1948 wrote to memory of 232	1948	RdrCEF.exe	99
PID 1948 wrote to memory of 232	1948	RdrCEF.exe	99
PID 1948 wrote to memory of 232	1948	RdrCEF.exe	99
PID 1948 wrote to memory of 232	1948	RdrCEF.exe	99
PID 1948 wrote to memory of 232	1948	RdrCEF.exe	99
PID 1948 wrote to memory of 232	1948	RdrCEF.exe	99
PID 1948 wrote to memory of 232	1948	RdrCEF.exe	99
PID 1948 wrote to memory of 232	1948	RdrCEF.exe	99
PID 1948 wrote to memory of 232	1948	RdrCEF.exe	99
PID 1948 wrote to memory of 232	1948	RdrCEF.exe	99
PID 1948 wrote to memory of 232	1948	RdrCEF.exe	99
PID 1948 wrote to memory of 232	1948	RdrCEF.exe	99
PID 1948 wrote to memory of 2300	1948	RdrCEF.exe	100
PID 1948 wrote to memory of 2300	1948	RdrCEF.exe	100
PID 1948 wrote to memory of 2300	1948	RdrCEF.exe	100
PID 1948 wrote to memory of 2300	1948	RdrCEF.exe	100
PID 1948 wrote to memory of 2300	1948	RdrCEF.exe	100

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\IVCA - BR Issuer Profile Form.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3628
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" -c
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2976
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" -c --type=collab-renderer --proc=2976
    3⤵
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:1528
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe" GetChannelUri
      4⤵
      PID:736
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" -c
  2⤵
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:4036
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" -c --type=collab-renderer --proc=4036
    3⤵
    PID:2800
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1948
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=84E9B09161B646DE00D48267EA9DC3CC --mojo-platform-channel-handle=1728 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:232
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=9F8DF757EB2B201A66214FC5C5437C13 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=9F8DF757EB2B201A66214FC5C5437C13 --renderer-client-id=2 --mojo-platform-channel-handle=1744 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:2300
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=FBF248931C6A708B030A56A8846CCBA5 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=FBF248931C6A708B030A56A8846CCBA5 --renderer-client-id=4 --mojo-platform-channel-handle=2308 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:4216
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=9DEDB36BFF66CB27F8BE66B139134553 --mojo-platform-channel-handle=2324 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:984
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=18AAA3961FDD196009770495DAF933CF --mojo-platform-channel-handle=2588 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4748
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=B1E46798AC8A90C7A9ECD6D814BDA368 --mojo-platform-channel-handle=1876 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4016

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5076

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
36KB

MD5
b30d3becc8731792523d599d949e63f5

SHA1
19350257e42d7aee17fb3bf139a9d3adb330fad4

SHA256
b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3

SHA512
523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
56KB

MD5
752a1f26b18748311b691c7d8fc20633

SHA1
c1f8e83eebc1cc1e9b88c773338eb09ff82ab862

SHA256
111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131

SHA512
a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
6deba1650d5293a5f02f0ce22cd62a7c

SHA1
f8e18518d714992e9537eef3ec39e44e88ba4541

SHA256
e2ef9e734b800fe1f1576f323ecaae3e889ca5a10dd3aaf328979f66d27cf52a

SHA512
be7ba132a07decd3e6cbdd332021b25ce348a7d2fcb8dd3eaeaa9f143bb9ba96be2d83eaa7651b36bd101c3120d9b09e1965b154de2d7b28f3c497d867aad797

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Eureka\AcroCoreSync\Adobe\CoreSync\EntitySync\eac4cf9da8b4acca06ece00ca75105a1.db

Filesize
4KB

MD5
db094082d4f0575ec4b04cb4c4ed7b2f

SHA1
acbf2301b40ac443be9f5af638c7164d3d326a31

SHA256
647d621210c2a281180a1e678b7be08962610a0e1754bd310c5c6c558a8c5c98

SHA512
48e2889a52fbcae6e7c3004e4feb3f4b1ce32c4e441ba05e24f79c869561bbbcb95ecc0ba1e9743595ecd1f9a6480ae5b2f78af20790f037e39e58902b0db2b4

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Eureka\AcroCoreSync\Adobe\CoreSync\EntitySync\eac4cf9da8b4acca06ece00ca75105a1.db-wal

Filesize
132KB

MD5
3b13cab7de802220911ab3dbb78c9fae

SHA1
d765752db41c80a63c9e6f6346233c073e2e7624

SHA256
5eaffbeb68415a3b3573387f001d3c4d83172ba93b0105211a48db029b411483

SHA512
0e27025b01ce483e79c6a7f5987f9e9e21fdfb2042aaa2b9a7986005c1e7328e53c361829b135410b62c26e7c31b2bcf8696eed9e58bd71188758b93cff053d8

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Eureka\AcroCoreSync\CreativeCloud\CoreSync\EntitySync-2023-07-19.log

Filesize
2KB

MD5
9e0768868620904839c1c97e4ef4818e

SHA1
6b4f31bf9664f8ee722616bba86df7a8447723e3

SHA256
afc77ef6857ff8ffa35b878c248d5d69ea08f5ab283257db5c4f7ae427c74e8e

SHA512
4fedf8ab75aea65e5af06836a4a77c9b663d57399473a1d9615f029babbd93acddefed3b679c611fe793bc0c68c2d6634f7bf4a6ffc8246752f82b48ba1741ee

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

Filesize
92KB

MD5
245950c48f668cf2fcb3c64778e64089

SHA1
3a5a14c820f58e35a3fc6f5de29669f0840587d8

SHA256
a027cf12f2055635a3020f08e0448b2f0314791260ccd25570426088c5b0e307

SHA512
4fc8448536663b551cc716d78715f06d4ed217fbdf755924f0b30aebbb6212798a61c6638f919d5c14bdb6998d6a12f0ca37281f3c7f484c1821fbfc98d4a24d

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

Filesize
92KB

MD5
245950c48f668cf2fcb3c64778e64089

SHA1
3a5a14c820f58e35a3fc6f5de29669f0840587d8

SHA256
a027cf12f2055635a3020f08e0448b2f0314791260ccd25570426088c5b0e307

SHA512
4fc8448536663b551cc716d78715f06d4ed217fbdf755924f0b30aebbb6212798a61c6638f919d5c14bdb6998d6a12f0ca37281f3c7f484c1821fbfc98d4a24d

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

Filesize
92KB

MD5
aebe0d2eb7a2077a55e57a955e62406a

SHA1
3f811b8148f12220f4b45699135e6d21c9847d8a

SHA256
87aa4c64348b534771f03919b5bdca09596e89f6e0cca0a992bb3d290ec4155a

SHA512
efa1b082925a4e478fcea74764bbacb91d43da8c01c4b360a34e6f7402af23f91c93b5e91c6266120e144b5300e8dae73a62a7b6d7c4328410128f6a72a7baed

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

Filesize
92KB

MD5
5ccfd34569d50827aa0f072100b2bf91

SHA1
ae4997ff1a3ea4f28470068af7795a3aa6b518e5

SHA256
1f92de27be5cb62f457b05527f4dc54639c23639e3208babf778adf9e84e1e3d

SHA512
e008b63b413668897e5c83d250f76499678a9d54647acaf7c9c0aeae4da6d34dc7c4235d91cae3eedcff53773cf4c26b566b45ca29751079186c6444e556c8b4

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

Filesize
92KB

MD5
2d0c699759b6410dc789a2912d3585c8

SHA1
ad04809c13c9c55642bbb96a5229b2144f36c507

SHA256
e39786c81a5454dc6ca3098826e2f078e22d00704f4979bffc358a7a7acf1aef

SHA512
f28c0a748d0c66915fa6e2438041c75c4ca8556a878cf7f38527a67acf6c3419c42b1e9fb181a6f3cc8a6d0574d2b557eda890c3bf434fb988eb10688f8e5a07

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

Filesize
92KB

MD5
e73ef2e9df31c3b52dccccffd4252fb8

SHA1
c32f0a74b322dbf46aded62c26bba49d25221dc8

SHA256
c8c88e620ded7d83ea1b91278058ea5db6f1a7cfdaaa1caf25c4677d4fad87dc

SHA512
580cf5740c1cf1febb4a73d3517deb2248c8427f5d63cb1b6d4b8a7bbca30811d7d1cc605c2aea1a42ef56cdee67a171509253f06135923e8bff5d862c028728

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

Filesize
92KB

MD5
e73ef2e9df31c3b52dccccffd4252fb8

SHA1
c32f0a74b322dbf46aded62c26bba49d25221dc8

SHA256
c8c88e620ded7d83ea1b91278058ea5db6f1a7cfdaaa1caf25c4677d4fad87dc

SHA512
580cf5740c1cf1febb4a73d3517deb2248c8427f5d63cb1b6d4b8a7bbca30811d7d1cc605c2aea1a42ef56cdee67a171509253f06135923e8bff5d862c028728

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\resources\resource-18

Filesize
3.3MB

MD5
31680a3649b9380f0555a7dbba606e59

SHA1
5481032e4f8127b80811753d9be86c765848a095

SHA256
68833ff758532368ba4d9f72932d716f0cabd823d2816ab985ab3564256caa44

SHA512
c560e46661740eabca66c4fe88535f2b87d46177dc772fe2f2fc687bcb14c85fbcd99332cac8031ba8f9358e7fecc39b33df56437db8551b47bcd797e269eb57

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\resources\resource-18

Filesize
3.3MB

MD5
31680a3649b9380f0555a7dbba606e59

SHA1
5481032e4f8127b80811753d9be86c765848a095

SHA256
68833ff758532368ba4d9f72932d716f0cabd823d2816ab985ab3564256caa44

SHA512
c560e46661740eabca66c4fe88535f2b87d46177dc772fe2f2fc687bcb14c85fbcd99332cac8031ba8f9358e7fecc39b33df56437db8551b47bcd797e269eb57

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
471B

MD5
9c18abf285a7755c6df32e783d11d389

SHA1
07bf678913f9533ca022876254ff7dff80b17792

SHA256
bcb68caabe8270af2cf355c1ee062e2d4084410e430fb13070939a12dc17b1be

SHA512
26773a32c1221d9d04f5747416e9e443433c660e875021b22caecf8cef31366d5ab30dab1c646b4c013004848964a98542b1d8c47e6dc37d57c03714acbcff0f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
400B

MD5
25ca569a6473554fba5d6638836751cf

SHA1
8fe34932b2a953c81f7a66340a1e0466637cb29c

SHA256
cceb59e180efa8f8bc5598b001d774c24f531da7b9165452d78ebafa6fa8dc9e

SHA512
90904ab278af00651b10db6dc3bbe48880ba541a1bd2584194991812d6382ea711017893a6fb8f55bf2386421cc1d3e280fd53e4b42eb921862e58db88049295

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Filesize
12KB

MD5
513d6d0212af049da5c67e1516bed572

SHA1
ed88f132b1365f14b9846c8b6bee0e2f8592fef7

SHA256
4372f928f387001b6b5f4910ae93fd2629236eda1381c81293193f4e6bc903cd

SHA512
75da8b9458d234061cf90418778a549ef5b564ea6d369d09a3cc50099fc6abb2d1c262a0b0d2bf64354d435b0bbb3bc5c7bc026cf4fa1a52b26c52bb8f24dc42

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata

Filesize
14KB

MD5
947f93fe0eed44767626846f28cfde05

SHA1
f6276d2a2b4a9d8a8e23c84019cd3961e9d60e88

SHA256
06a576fc14e995c437b26c0d150b4e84cd745e7cedfd972a84b42b51c842fc9b

SHA512
f97739eb0d22a99b06ef340aefb0d5a5b45b679d28accff3de2565166392c7d2fabaa33f945696f7d456ba2ef323f48e43eb26578f71c8b2e8ed32fb4dc69bc9

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata

Filesize
4.8MB

MD5
7f2b1a970ae5cefa8921580eaaa5dead

SHA1
b3785d40bb64c666d71e3f83008ff66ec88d27d9

SHA256
1f8e16fe98dc3f64fafd6d6cd3529a52f9ebc28f65357078471cad8b110affd0

SHA512
d1e511bb572848d62f133c547736338b1cb91e2886237c9bf1f6c4824015a8f7eff543bc7663008a37fd1c36ab6c4acc9cd4b7fcb89997767beef96c620ce8f2

Download Submit