326158155b9515ad1e6ff052b12a248c1dd3658afe5e6cf16d2ff2eb1738dda5

Analysis

max time kernel
155s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
19-07-2023 21:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

var www html kemhan/wp-content/uploads/How-to-Response-Against-Web-Security-Incident-signed.pdf
Size

794KB
MD5

d3d8156812167648cee550056dd06cbe
SHA1

f03e1117237617af2b399a8b241b60fa87a6558c
SHA256

0398b9dbaa9d8d8ca9a2552f5f3513f36e113785a46fb7e15276199957e553d5
SHA512

7bce27650bb997ce00579617a7373d6a0ce5d5071e190b39ae82d00ff6d4b684538170647fd30b5f2adb3e90a0c45df0fbc96a115820fd1123e942008e914ea7
SSDEEP

24576:Fc3TGNnWvRyGgfGQ6JkAEtWcYHkVuHo7oY:23CIJyGgfUJoWcCm/

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

AcroRd32.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

Processes:

AcroRd32.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies registry class 1 IoCs

Processes:

AdobeCollabSync.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000_Classes\Local Settings\MuiCache AdobeCollabSync.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000_Classes\Local Settings\MuiCache	AdobeCollabSync.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

Processes:

AcroRd32.exe

pid	process
3780	AcroRd32.exe
3780	AcroRd32.exe
3780	AcroRd32.exe
3780	AcroRd32.exe
3780	AcroRd32.exe
3780	AcroRd32.exe
3780	AcroRd32.exe
3780	AcroRd32.exe
3780	AcroRd32.exe
3780	AcroRd32.exe
3780	AcroRd32.exe
3780	AcroRd32.exe
3780	AcroRd32.exe
3780	AcroRd32.exe
3780	AcroRd32.exe
3780	AcroRd32.exe
3780	AcroRd32.exe
3780	AcroRd32.exe
3780	AcroRd32.exe
3780	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

AcroRd32.exe

pid process

3780 AcroRd32.exe
Suspicious use of SetWindowsHookEx 8 IoCs

Processes:

AcroRd32.exe

pid process

3780 AcroRd32.exe
3780 AcroRd32.exe
3780 AcroRd32.exe
3780 AcroRd32.exe
3780 AcroRd32.exe
3780 AcroRd32.exe
3780 AcroRd32.exe
3780 AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

AcroRd32.exeAdobeCollabSync.exeAdobeCollabSync.exeRdrCEF.exe

description	pid	process	target process
PID 3780 wrote to memory of 4092	3780	AcroRd32.exe	AdobeCollabSync.exe
PID 3780 wrote to memory of 4092	3780	AcroRd32.exe	AdobeCollabSync.exe
PID 3780 wrote to memory of 4092	3780	AcroRd32.exe	AdobeCollabSync.exe
PID 4092 wrote to memory of 880	4092	AdobeCollabSync.exe	AdobeCollabSync.exe
PID 4092 wrote to memory of 880	4092	AdobeCollabSync.exe	AdobeCollabSync.exe
PID 4092 wrote to memory of 880	4092	AdobeCollabSync.exe	AdobeCollabSync.exe
PID 880 wrote to memory of 5016	880	AdobeCollabSync.exe	FullTrustNotifier.exe
PID 880 wrote to memory of 5016	880	AdobeCollabSync.exe	FullTrustNotifier.exe
PID 880 wrote to memory of 5016	880	AdobeCollabSync.exe	FullTrustNotifier.exe
PID 3780 wrote to memory of 1376	3780	AcroRd32.exe	RdrCEF.exe
PID 3780 wrote to memory of 1376	3780	AcroRd32.exe	RdrCEF.exe
PID 3780 wrote to memory of 1376	3780	AcroRd32.exe	RdrCEF.exe
PID 1376 wrote to memory of 3296	1376	RdrCEF.exe	RdrCEF.exe
PID 1376 wrote to memory of 3296	1376	RdrCEF.exe	RdrCEF.exe
PID 1376 wrote to memory of 3296	1376	RdrCEF.exe	RdrCEF.exe
PID 1376 wrote to memory of 3296	1376	RdrCEF.exe	RdrCEF.exe
PID 1376 wrote to memory of 3296	1376	RdrCEF.exe	RdrCEF.exe
PID 1376 wrote to memory of 3296	1376	RdrCEF.exe	RdrCEF.exe
PID 1376 wrote to memory of 3296	1376	RdrCEF.exe	RdrCEF.exe
PID 1376 wrote to memory of 3296	1376	RdrCEF.exe	RdrCEF.exe
PID 1376 wrote to memory of 3296	1376	RdrCEF.exe	RdrCEF.exe
PID 1376 wrote to memory of 3296	1376	RdrCEF.exe	RdrCEF.exe
PID 1376 wrote to memory of 3296	1376	RdrCEF.exe	RdrCEF.exe
PID 1376 wrote to memory of 3296	1376	RdrCEF.exe	RdrCEF.exe
PID 1376 wrote to memory of 3296	1376	RdrCEF.exe	RdrCEF.exe
PID 1376 wrote to memory of 3296	1376	RdrCEF.exe	RdrCEF.exe
PID 1376 wrote to memory of 3296	1376	RdrCEF.exe	RdrCEF.exe
PID 1376 wrote to memory of 3296	1376	RdrCEF.exe	RdrCEF.exe
PID 1376 wrote to memory of 3296	1376	RdrCEF.exe	RdrCEF.exe
PID 1376 wrote to memory of 3296	1376	RdrCEF.exe	RdrCEF.exe
PID 1376 wrote to memory of 3296	1376	RdrCEF.exe	RdrCEF.exe
PID 1376 wrote to memory of 3296	1376	RdrCEF.exe	RdrCEF.exe
PID 1376 wrote to memory of 3296	1376	RdrCEF.exe	RdrCEF.exe
PID 1376 wrote to memory of 3296	1376	RdrCEF.exe	RdrCEF.exe
PID 1376 wrote to memory of 3296	1376	RdrCEF.exe	RdrCEF.exe
PID 1376 wrote to memory of 3296	1376	RdrCEF.exe	RdrCEF.exe
PID 1376 wrote to memory of 3296	1376	RdrCEF.exe	RdrCEF.exe
PID 1376 wrote to memory of 3296	1376	RdrCEF.exe	RdrCEF.exe
PID 1376 wrote to memory of 3296	1376	RdrCEF.exe	RdrCEF.exe
PID 1376 wrote to memory of 3296	1376	RdrCEF.exe	RdrCEF.exe
PID 1376 wrote to memory of 3296	1376	RdrCEF.exe	RdrCEF.exe
PID 1376 wrote to memory of 3296	1376	RdrCEF.exe	RdrCEF.exe
PID 1376 wrote to memory of 3296	1376	RdrCEF.exe	RdrCEF.exe
PID 1376 wrote to memory of 3296	1376	RdrCEF.exe	RdrCEF.exe
PID 1376 wrote to memory of 3296	1376	RdrCEF.exe	RdrCEF.exe
PID 1376 wrote to memory of 3296	1376	RdrCEF.exe	RdrCEF.exe
PID 1376 wrote to memory of 3296	1376	RdrCEF.exe	RdrCEF.exe
PID 1376 wrote to memory of 3296	1376	RdrCEF.exe	RdrCEF.exe
PID 1376 wrote to memory of 3296	1376	RdrCEF.exe	RdrCEF.exe
PID 1376 wrote to memory of 3296	1376	RdrCEF.exe	RdrCEF.exe
PID 1376 wrote to memory of 3296	1376	RdrCEF.exe	RdrCEF.exe
PID 1376 wrote to memory of 3296	1376	RdrCEF.exe	RdrCEF.exe
PID 1376 wrote to memory of 3296	1376	RdrCEF.exe	RdrCEF.exe
PID 1376 wrote to memory of 2772	1376	RdrCEF.exe	RdrCEF.exe
PID 1376 wrote to memory of 2772	1376	RdrCEF.exe	RdrCEF.exe
PID 1376 wrote to memory of 2772	1376	RdrCEF.exe	RdrCEF.exe
PID 1376 wrote to memory of 2772	1376	RdrCEF.exe	RdrCEF.exe
PID 1376 wrote to memory of 2772	1376	RdrCEF.exe	RdrCEF.exe
PID 1376 wrote to memory of 2772	1376	RdrCEF.exe	RdrCEF.exe
PID 1376 wrote to memory of 2772	1376	RdrCEF.exe	RdrCEF.exe
PID 1376 wrote to memory of 2772	1376	RdrCEF.exe	RdrCEF.exe
PID 1376 wrote to memory of 2772	1376	RdrCEF.exe	RdrCEF.exe
PID 1376 wrote to memory of 2772	1376	RdrCEF.exe	RdrCEF.exe
PID 1376 wrote to memory of 2772	1376	RdrCEF.exe	RdrCEF.exe

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\var www html kemhan\wp-content\uploads\How-to-Response-Against-Web-Security-Incident-signed.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3780

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" -c
2⤵
- Suspicious use of WriteProcessMemory
PID:4092

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" -c --type=collab-renderer --proc=4092
3⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:880

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe" GetChannelUri
4⤵
PID:5016

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
2⤵
- Suspicious use of WriteProcessMemory
PID:1376

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=85417773DE017D6D16FC215B0E8CB9E6 --mojo-platform-channel-handle=1720 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:3296

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=1521FA1197F73B366F6B392EF99000CE --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=1521FA1197F73B366F6B392EF99000CE --renderer-client-id=2 --mojo-platform-channel-handle=1736 --allow-no-sandbox-job /prefetch:1
3⤵
PID:2772

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=367EDF1B7C3B1FFEDC11FE486457C24B --mojo-platform-channel-handle=2312 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:4652

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=1CF426DB73D2E9D87E2ED4F1E433A025 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=1CF426DB73D2E9D87E2ED4F1E433A025 --renderer-client-id=5 --mojo-platform-channel-handle=2328 --allow-no-sandbox-job /prefetch:1
3⤵
PID:1776

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=6B72423D10D7E5A9733DE6C6DFCA3A80 --mojo-platform-channel-handle=2560 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:3788

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=C8AEB507C7B98E44195A2D7537180F93 --mojo-platform-channel-handle=2364 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:2104

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
Filesize
36KB

MD5
b30d3becc8731792523d599d949e63f5

SHA1
19350257e42d7aee17fb3bf139a9d3adb330fad4

SHA256
b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3

SHA512
523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
Filesize
56KB

MD5
752a1f26b18748311b691c7d8fc20633

SHA1
c1f8e83eebc1cc1e9b88c773338eb09ff82ab862

SHA256
111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131

SHA512
a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
Filesize
64KB

MD5
c27b62b3903a91e7162122779291ea59

SHA1
1ebfc510d7b684dfc319be0105dd2d85c65397d1

SHA256
6b9bc823607d65886c0950f9aa51f3818f78426baa81f9a64fae845f4120f772

SHA512
d4391ed39eb8844661892867d05e1e34afb21190a7d9dac57821a5b5dd709ca31fcac6c08b8d21e3db0832ae576966706a44c21f2a4dfc7c556c533efdb9d4cf

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer
Filesize
92KB

MD5
245950c48f668cf2fcb3c64778e64089

SHA1
3a5a14c820f58e35a3fc6f5de29669f0840587d8

SHA256
a027cf12f2055635a3020f08e0448b2f0314791260ccd25570426088c5b0e307

SHA512
4fc8448536663b551cc716d78715f06d4ed217fbdf755924f0b30aebbb6212798a61c6638f919d5c14bdb6998d6a12f0ca37281f3c7f484c1821fbfc98d4a24d

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer
Filesize
92KB

MD5
245950c48f668cf2fcb3c64778e64089

SHA1
3a5a14c820f58e35a3fc6f5de29669f0840587d8

SHA256
a027cf12f2055635a3020f08e0448b2f0314791260ccd25570426088c5b0e307

SHA512
4fc8448536663b551cc716d78715f06d4ed217fbdf755924f0b30aebbb6212798a61c6638f919d5c14bdb6998d6a12f0ca37281f3c7f484c1821fbfc98d4a24d

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer
Filesize
92KB

MD5
aebe0d2eb7a2077a55e57a955e62406a

SHA1
3f811b8148f12220f4b45699135e6d21c9847d8a

SHA256
87aa4c64348b534771f03919b5bdca09596e89f6e0cca0a992bb3d290ec4155a

SHA512
efa1b082925a4e478fcea74764bbacb91d43da8c01c4b360a34e6f7402af23f91c93b5e91c6266120e144b5300e8dae73a62a7b6d7c4328410128f6a72a7baed

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer
Filesize
92KB

MD5
459ac95e653b2d2ab41824b98a63800c

SHA1
a6e99d05f6f552315766978fb8492f9471e5d77f

SHA256
2cd73ea962e137e2a3374ab6dc5c791511ea301b1992b081eb3cdd34bf8f7b66

SHA512
1f4150f0390c1d457659643b1016b66b4a315bfffab5587e3607ebff765ea52d5c5c2ec254fd2923def79e526d485e5d28465041cb71bdd133bdcc7a8eccb7ff

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer
Filesize
92KB

MD5
80feef90bdff5a1f84160b511b9f0b1d

SHA1
6c8335210daefa84734e369a7880d9323a7a525c

SHA256
3877c55ece102dc98a2e7d83bbb9f33cd2b15b1566ce5065f98f6df5b77342db

SHA512
6a7d50cb7a2af7135db03cb4bc0524e4351378c65496b05c11bab6fcc5eb5b976354cbb47be4013fade41f8e0bb7c7d5f90330dcc256808701d45e211c55b6f9

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer
Filesize
92KB

MD5
b9d52b9ffbcf5697ec3aca21625fdb48

SHA1
55c66ba63d82c96c17d9390e5a83caf23a12d13e

SHA256
6cef895a41c6d21f27750ffdcc362e08c730b82ea6a31b32e74a07de1d9c6535

SHA512
92cbfa494cd7be7148b9c9f8cc67a7343363f9e3d7c9f5f0b70bf20d8edff3175239e1a8dc38dd155a78c7ea23b296cf766e45f478a9e2db0ea9385bcf8c8dff

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer
Filesize
92KB

MD5
b9d52b9ffbcf5697ec3aca21625fdb48

SHA1
55c66ba63d82c96c17d9390e5a83caf23a12d13e

SHA256
6cef895a41c6d21f27750ffdcc362e08c730b82ea6a31b32e74a07de1d9c6535

SHA512
92cbfa494cd7be7148b9c9f8cc67a7343363f9e3d7c9f5f0b70bf20d8edff3175239e1a8dc38dd155a78c7ea23b296cf766e45f478a9e2db0ea9385bcf8c8dff

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\resources\resource-18
Filesize
3.3MB

MD5
31680a3649b9380f0555a7dbba606e59

SHA1
5481032e4f8127b80811753d9be86c765848a095

SHA256
68833ff758532368ba4d9f72932d716f0cabd823d2816ab985ab3564256caa44

SHA512
c560e46661740eabca66c4fe88535f2b87d46177dc772fe2f2fc687bcb14c85fbcd99332cac8031ba8f9358e7fecc39b33df56437db8551b47bcd797e269eb57

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\resources\resource-18
Filesize
3.3MB

MD5
31680a3649b9380f0555a7dbba606e59

SHA1
5481032e4f8127b80811753d9be86c765848a095

SHA256
68833ff758532368ba4d9f72932d716f0cabd823d2816ab985ab3564256caa44

SHA512
c560e46661740eabca66c4fe88535f2b87d46177dc772fe2f2fc687bcb14c85fbcd99332cac8031ba8f9358e7fecc39b33df56437db8551b47bcd797e269eb57

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
Filesize
471B

MD5
261d95453b2b77925742b779280be3bf

SHA1
7666055f50e9b4dd9c60a82c6cdbb04d2b4d80a0

SHA256
bef4a4c0b33fe567cc43225f4406b520c556d4051401e408d21964131c0214d4

SHA512
51ab40fc640c8534e43efa9f255fe9d4b6c063a41a499040577c3c1d9e6f855039a6490431036b48848b7944ed04b6a5b8da9b56577536bfd7c093d9feb68ac3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
Filesize
400B

MD5
18f2f4494717bb38953a3fdaf210de8a

SHA1
140df8dbc00b2da16822b1c22136ca06311c3569

SHA256
e177ed9aec72ee0afd13ec9730faf89bc8d68f6aa96f6d6421bfab2197b143f9

SHA512
1cea98b7ad81c60b9d764e7d1c9b6f983765019b97c2823ee5d54c98cb8f8ef0e38e208657d145ddf98d850cc55a359d52d712c22ddfb17653b03f6edc5f19f8

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents
Filesize
12KB

MD5
2ede2666111cc9720ff55b9735981933

SHA1
651401360821abedb4c6fc9e25d991f1a6d17c27

SHA256
0209a4c2a59c12e06376293c66bf5f701498965de612ee50454613db729388a0

SHA512
51789aa55235bbb308a610ddceb86ee07412449336aa7d8fc11bd0fa74e88283266b19bdb60a3a0c8ba25814ef0131f4a650eb4e4b7ed67dce1ea5210f262992

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata
Filesize
14KB

MD5
947f93fe0eed44767626846f28cfde05

SHA1
f6276d2a2b4a9d8a8e23c84019cd3961e9d60e88

SHA256
06a576fc14e995c437b26c0d150b4e84cd745e7cedfd972a84b42b51c842fc9b

SHA512
f97739eb0d22a99b06ef340aefb0d5a5b45b679d28accff3de2565166392c7d2fabaa33f945696f7d456ba2ef323f48e43eb26578f71c8b2e8ed32fb4dc69bc9

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata
Filesize
4.8MB

MD5
7f2b1a970ae5cefa8921580eaaa5dead

SHA1
b3785d40bb64c666d71e3f83008ff66ec88d27d9

SHA256
1f8e16fe98dc3f64fafd6d6cd3529a52f9ebc28f65357078471cad8b110affd0

SHA512
d1e511bb572848d62f133c547736338b1cb91e2886237c9bf1f6c4824015a8f7eff543bc7663008a37fd1c36ab6c4acc9cd4b7fcb89997767beef96c620ce8f2

Download Submit