10ea410ada8d7ec980f91bef5189c5d588951385361874571ac0d27b08546df8

Analysis

max time kernel
145s
max time network
135s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
19/07/2023, 02:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

IVCA - BR NOBO Request Form 7-18.pdf
Size

2.3MB
MD5

5a9745bf41409f63eedabff1a941b636
SHA1

2afb25f309410b99588e1dc4e77712d24de87896
SHA256

91f04dd369c2f1cd1cf5c7c84df94829403081088d93c42f6bba74f3f562dee2
SHA512

4a347356f7ca24b5b01b76ebb94a264548bb2e3a168523281bbcb1c9eb5421144028773633167645e3eb91215253626de3552a671db2243443e407b03a46d837
SSDEEP

49152:gZXG52uRy1/e4P+uGD6pa8t6l0ep+69iub0IGzlQL5nyryZT9:gababGD69t6lvpkG0IOl3ry19

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000_Classes\Local Settings\MuiCache	AdobeCollabSync.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
2576	AcroRd32.exe
2576	AcroRd32.exe
2576	AcroRd32.exe
2576	AcroRd32.exe
2576	AcroRd32.exe
2576	AcroRd32.exe
2576	AcroRd32.exe
2576	AcroRd32.exe
2576	AcroRd32.exe
2576	AcroRd32.exe
2576	AcroRd32.exe
2576	AcroRd32.exe
2576	AcroRd32.exe
2576	AcroRd32.exe
2576	AcroRd32.exe
2576	AcroRd32.exe
2576	AcroRd32.exe
2576	AcroRd32.exe
2576	AcroRd32.exe
2576	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2576	AcroRd32.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
2576	AcroRd32.exe
2576	AcroRd32.exe
2576	AcroRd32.exe
2576	AcroRd32.exe
2576	AcroRd32.exe
2576	AcroRd32.exe
2576	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2576 wrote to memory of 3052	2576	AcroRd32.exe	92
PID 2576 wrote to memory of 3052	2576	AcroRd32.exe	92
PID 2576 wrote to memory of 3052	2576	AcroRd32.exe	92
PID 3052 wrote to memory of 1016	3052	AdobeCollabSync.exe	93
PID 3052 wrote to memory of 1016	3052	AdobeCollabSync.exe	93
PID 3052 wrote to memory of 1016	3052	AdobeCollabSync.exe	93
PID 1016 wrote to memory of 3388	1016	AdobeCollabSync.exe	97
PID 1016 wrote to memory of 3388	1016	AdobeCollabSync.exe	97
PID 1016 wrote to memory of 3388	1016	AdobeCollabSync.exe	97
PID 2576 wrote to memory of 1504	2576	AcroRd32.exe	100
PID 2576 wrote to memory of 1504	2576	AcroRd32.exe	100
PID 2576 wrote to memory of 1504	2576	AcroRd32.exe	100
PID 1504 wrote to memory of 4192	1504	RdrCEF.exe	101
PID 1504 wrote to memory of 4192	1504	RdrCEF.exe	101
PID 1504 wrote to memory of 4192	1504	RdrCEF.exe	101
PID 1504 wrote to memory of 4192	1504	RdrCEF.exe	101
PID 1504 wrote to memory of 4192	1504	RdrCEF.exe	101
PID 1504 wrote to memory of 4192	1504	RdrCEF.exe	101
PID 1504 wrote to memory of 4192	1504	RdrCEF.exe	101
PID 1504 wrote to memory of 4192	1504	RdrCEF.exe	101
PID 1504 wrote to memory of 4192	1504	RdrCEF.exe	101
PID 1504 wrote to memory of 4192	1504	RdrCEF.exe	101
PID 1504 wrote to memory of 4192	1504	RdrCEF.exe	101
PID 1504 wrote to memory of 4192	1504	RdrCEF.exe	101
PID 1504 wrote to memory of 4192	1504	RdrCEF.exe	101
PID 1504 wrote to memory of 4192	1504	RdrCEF.exe	101
PID 1504 wrote to memory of 4192	1504	RdrCEF.exe	101
PID 1504 wrote to memory of 4192	1504	RdrCEF.exe	101
PID 1504 wrote to memory of 4192	1504	RdrCEF.exe	101
PID 1504 wrote to memory of 4192	1504	RdrCEF.exe	101
PID 1504 wrote to memory of 4192	1504	RdrCEF.exe	101
PID 1504 wrote to memory of 4192	1504	RdrCEF.exe	101
PID 1504 wrote to memory of 4192	1504	RdrCEF.exe	101
PID 1504 wrote to memory of 4192	1504	RdrCEF.exe	101
PID 1504 wrote to memory of 4192	1504	RdrCEF.exe	101
PID 1504 wrote to memory of 4192	1504	RdrCEF.exe	101
PID 1504 wrote to memory of 4192	1504	RdrCEF.exe	101
PID 1504 wrote to memory of 4192	1504	RdrCEF.exe	101
PID 1504 wrote to memory of 4192	1504	RdrCEF.exe	101
PID 1504 wrote to memory of 4192	1504	RdrCEF.exe	101
PID 1504 wrote to memory of 4192	1504	RdrCEF.exe	101
PID 1504 wrote to memory of 4192	1504	RdrCEF.exe	101
PID 1504 wrote to memory of 4192	1504	RdrCEF.exe	101
PID 1504 wrote to memory of 4192	1504	RdrCEF.exe	101
PID 1504 wrote to memory of 4192	1504	RdrCEF.exe	101
PID 1504 wrote to memory of 4192	1504	RdrCEF.exe	101
PID 1504 wrote to memory of 4192	1504	RdrCEF.exe	101
PID 1504 wrote to memory of 4192	1504	RdrCEF.exe	101
PID 1504 wrote to memory of 4192	1504	RdrCEF.exe	101
PID 1504 wrote to memory of 4192	1504	RdrCEF.exe	101
PID 1504 wrote to memory of 4192	1504	RdrCEF.exe	101
PID 1504 wrote to memory of 4192	1504	RdrCEF.exe	101
PID 1504 wrote to memory of 4192	1504	RdrCEF.exe	101
PID 1504 wrote to memory of 4576	1504	RdrCEF.exe	102
PID 1504 wrote to memory of 4576	1504	RdrCEF.exe	102
PID 1504 wrote to memory of 4576	1504	RdrCEF.exe	102
PID 1504 wrote to memory of 4576	1504	RdrCEF.exe	102
PID 1504 wrote to memory of 4576	1504	RdrCEF.exe	102
PID 1504 wrote to memory of 4576	1504	RdrCEF.exe	102
PID 1504 wrote to memory of 4576	1504	RdrCEF.exe	102
PID 1504 wrote to memory of 4576	1504	RdrCEF.exe	102
PID 1504 wrote to memory of 4576	1504	RdrCEF.exe	102
PID 1504 wrote to memory of 4576	1504	RdrCEF.exe	102
PID 1504 wrote to memory of 4576	1504	RdrCEF.exe	102

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\IVCA - BR NOBO Request Form 7-18.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2576
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" -c
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3052
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" -c --type=collab-renderer --proc=3052
    3⤵
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:1016
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe" GetChannelUri
      4⤵
      PID:3388
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1504
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=B59C3A0EACA6B5882FED4B0F22A0316E --mojo-platform-channel-handle=1716 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4192
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=9E96C4B27BE2C561640E77FFBC840318 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=9E96C4B27BE2C561640E77FFBC840318 --renderer-client-id=2 --mojo-platform-channel-handle=1728 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:4576
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=24DE881F15C71CA57A13A6374052DA35 --mojo-platform-channel-handle=2328 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4000
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=8E74CE18D88E10F144025476850244A3 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=8E74CE18D88E10F144025476850244A3 --renderer-client-id=4 --mojo-platform-channel-handle=2336 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:4356
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=1F5A8FBC5BDDF0C07C8E43E3128E83CC --mojo-platform-channel-handle=2352 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3192
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=10C3661501A23CBE29AAB2624D76E26E --mojo-platform-channel-handle=2584 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1792

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:508

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
36KB

MD5
b30d3becc8731792523d599d949e63f5

SHA1
19350257e42d7aee17fb3bf139a9d3adb330fad4

SHA256
b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3

SHA512
523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
56KB

MD5
752a1f26b18748311b691c7d8fc20633

SHA1
c1f8e83eebc1cc1e9b88c773338eb09ff82ab862

SHA256
111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131

SHA512
a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
d70313396fc7ad878100fb2a6693f94d

SHA1
c682847fc491c682ac9b48290ddcda704f12efea

SHA256
53f8251b3b1486404633a29405cdd7441a865d3aba4312626925b9a259a3fc66

SHA512
386233984e9594078878212dd6be1281480f5fb701fbf5f13b32729c6be1cf5b702f6466c2a2f7b553831a5930c69a33c6f124bfa594034a521759fa0c7ba110

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

Filesize
92KB

MD5
245950c48f668cf2fcb3c64778e64089

SHA1
3a5a14c820f58e35a3fc6f5de29669f0840587d8

SHA256
a027cf12f2055635a3020f08e0448b2f0314791260ccd25570426088c5b0e307

SHA512
4fc8448536663b551cc716d78715f06d4ed217fbdf755924f0b30aebbb6212798a61c6638f919d5c14bdb6998d6a12f0ca37281f3c7f484c1821fbfc98d4a24d

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

Filesize
92KB

MD5
245950c48f668cf2fcb3c64778e64089

SHA1
3a5a14c820f58e35a3fc6f5de29669f0840587d8

SHA256
a027cf12f2055635a3020f08e0448b2f0314791260ccd25570426088c5b0e307

SHA512
4fc8448536663b551cc716d78715f06d4ed217fbdf755924f0b30aebbb6212798a61c6638f919d5c14bdb6998d6a12f0ca37281f3c7f484c1821fbfc98d4a24d

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

Filesize
92KB

MD5
aebe0d2eb7a2077a55e57a955e62406a

SHA1
3f811b8148f12220f4b45699135e6d21c9847d8a

SHA256
87aa4c64348b534771f03919b5bdca09596e89f6e0cca0a992bb3d290ec4155a

SHA512
efa1b082925a4e478fcea74764bbacb91d43da8c01c4b360a34e6f7402af23f91c93b5e91c6266120e144b5300e8dae73a62a7b6d7c4328410128f6a72a7baed

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

Filesize
92KB

MD5
e2f63222569793675dd69d05ac4d3e16

SHA1
7d9dd1ee1700bd57d5b6f9323f5ef4305ee0cfcf

SHA256
9afa1ed20e1fbfbe1a74f0968e67370ba3f2ced62b8113111e270d16fc57d179

SHA512
ac7c49e73c639c9d35cc3d330d9e0db199ce70a71553d1f31c336cacc8dc45c5782d04a25f789b44007e683949215b737760f41216ffd3337d8d52e63eaac2c4

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

Filesize
92KB

MD5
d499d5fbc75920ac0549ab79d7e120a1

SHA1
d994b47b4d9999166a6a20c8b0ebbf79cafbc827

SHA256
92765cbea72c7e63384943b80f710a2c7b742d87bd5f8b640cf0a573d8d69d5e

SHA512
e04f9e6867c8df0ed84710e57366eb3a4430b3174c4cea973e1dcf983aaa3ed34422de43035562a516112f9f69c7d6fb420b0043259a374311099acd926935e4

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

Filesize
92KB

MD5
d499d5fbc75920ac0549ab79d7e120a1

SHA1
d994b47b4d9999166a6a20c8b0ebbf79cafbc827

SHA256
92765cbea72c7e63384943b80f710a2c7b742d87bd5f8b640cf0a573d8d69d5e

SHA512
e04f9e6867c8df0ed84710e57366eb3a4430b3174c4cea973e1dcf983aaa3ed34422de43035562a516112f9f69c7d6fb420b0043259a374311099acd926935e4

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\resources\resource-18

Filesize
3.3MB

MD5
31680a3649b9380f0555a7dbba606e59

SHA1
5481032e4f8127b80811753d9be86c765848a095

SHA256
68833ff758532368ba4d9f72932d716f0cabd823d2816ab985ab3564256caa44

SHA512
c560e46661740eabca66c4fe88535f2b87d46177dc772fe2f2fc687bcb14c85fbcd99332cac8031ba8f9358e7fecc39b33df56437db8551b47bcd797e269eb57

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\resources\resource-18

Filesize
3.3MB

MD5
31680a3649b9380f0555a7dbba606e59

SHA1
5481032e4f8127b80811753d9be86c765848a095

SHA256
68833ff758532368ba4d9f72932d716f0cabd823d2816ab985ab3564256caa44

SHA512
c560e46661740eabca66c4fe88535f2b87d46177dc772fe2f2fc687bcb14c85fbcd99332cac8031ba8f9358e7fecc39b33df56437db8551b47bcd797e269eb57

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
471B

MD5
9c18abf285a7755c6df32e783d11d389

SHA1
07bf678913f9533ca022876254ff7dff80b17792

SHA256
bcb68caabe8270af2cf355c1ee062e2d4084410e430fb13070939a12dc17b1be

SHA512
26773a32c1221d9d04f5747416e9e443433c660e875021b22caecf8cef31366d5ab30dab1c646b4c013004848964a98542b1d8c47e6dc37d57c03714acbcff0f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
400B

MD5
4fced6d649ddb0de40723a41fd398d12

SHA1
d294b26089e403e270c97b61ea717679abe93c1a

SHA256
79bc75b2250943118d7116ea5cc303f0e96a92e3e98963f7a95012fa937808e5

SHA512
e7d1994f6e3d0a7aeea8ca4267c50e90523e5a295e19614262119dcb03c0d3746aba0488bce6aa58396110354f20d170603692b89592f1f65b222527adc640a2

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Filesize
12KB

MD5
eab5aa0049ac215150fc7fe48f71eaff

SHA1
04b5f45460cdb79fe51727aeef4e64c7fb90138d

SHA256
16c675dd51e47e4aeaafa4eb78ead0680c241cc67b00efe52d7c2a00d3139d2d

SHA512
d7e75c9c3d3c8039e56d69c09e1e4a0406dbc1d8ab92c4a1b4ccc3f8b5e70b3e8c23ffdfda152d9a7bb8a7e0fda83742ae75d4df40a9659239b844bfa553f302

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata

Filesize
14KB

MD5
947f93fe0eed44767626846f28cfde05

SHA1
f6276d2a2b4a9d8a8e23c84019cd3961e9d60e88

SHA256
06a576fc14e995c437b26c0d150b4e84cd745e7cedfd972a84b42b51c842fc9b

SHA512
f97739eb0d22a99b06ef340aefb0d5a5b45b679d28accff3de2565166392c7d2fabaa33f945696f7d456ba2ef323f48e43eb26578f71c8b2e8ed32fb4dc69bc9

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata

Filesize
4.8MB

MD5
7f2b1a970ae5cefa8921580eaaa5dead

SHA1
b3785d40bb64c666d71e3f83008ff66ec88d27d9

SHA256
1f8e16fe98dc3f64fafd6d6cd3529a52f9ebc28f65357078471cad8b110affd0

SHA512
d1e511bb572848d62f133c547736338b1cb91e2886237c9bf1f6c4824015a8f7eff543bc7663008a37fd1c36ab6c4acc9cd4b7fcb89997767beef96c620ce8f2

Download Submit