f5cf9afaa2944a1318e8b23dbc7685ed12558933879b4c475facb42b3fb540ea

Analysis

max time kernel
291s
max time network
271s
platform
windows10-2004_x64
resource
win10v2004-20230831-en
resource tags

arch:x64arch:x86image:win10v2004-20230831-enlocale:en-usos:windows10-2004-x64system
submitted
13-09-2023 02:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

EFT Form 2023.pdf
Size

307KB
MD5

7755ec887f148c5a0943392c810fc477
SHA1

a253e5bd42192f11c4c4dfb0cdc3f903c571ac6c
SHA256

db5565bcf63e257562fe138d6ce2f7505a0e824cb1e161bae66d65c3c9f3a722
SHA512

c7a2ba1d6201af39613fa0d8e133a9b465bd131afa280b9bf98ce90404f541742a52437cc713111a6145fdc6ca2050cf05568cf8054fd1d4f0cd075eb8978ff2
SSDEEP

6144:gSnGUZbsmCx4H6in0+Kdt+oyVhHq2OW+NYDS3PpVf9M:gIGUm4HXnPKdt+oyVh0tYDehVfG

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

AcroRd32.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

Processes:

AcroRd32.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-4272677097-406801653-1594978504-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies registry class 1 IoCs

Processes:

AdobeCollabSync.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-4272677097-406801653-1594978504-1000_Classes\Local Settings\MuiCache AdobeCollabSync.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-4272677097-406801653-1594978504-1000_Classes\Local Settings\MuiCache	AdobeCollabSync.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

Processes:

AcroRd32.exe

pid	process
4264	AcroRd32.exe
4264	AcroRd32.exe
4264	AcroRd32.exe
4264	AcroRd32.exe
4264	AcroRd32.exe
4264	AcroRd32.exe
4264	AcroRd32.exe
4264	AcroRd32.exe
4264	AcroRd32.exe
4264	AcroRd32.exe
4264	AcroRd32.exe
4264	AcroRd32.exe
4264	AcroRd32.exe
4264	AcroRd32.exe
4264	AcroRd32.exe
4264	AcroRd32.exe
4264	AcroRd32.exe
4264	AcroRd32.exe
4264	AcroRd32.exe
4264	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

AcroRd32.exe

pid process

4264 AcroRd32.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

AcroRd32.exe

pid process

4264 AcroRd32.exe
4264 AcroRd32.exe
4264 AcroRd32.exe
4264 AcroRd32.exe
4264 AcroRd32.exe
4264 AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

AcroRd32.exeAdobeCollabSync.exeAdobeCollabSync.exeRdrCEF.exe

description	pid	process	target process
PID 4264 wrote to memory of 2624	4264	AcroRd32.exe	AdobeCollabSync.exe
PID 4264 wrote to memory of 2624	4264	AcroRd32.exe	AdobeCollabSync.exe
PID 4264 wrote to memory of 2624	4264	AcroRd32.exe	AdobeCollabSync.exe
PID 2624 wrote to memory of 1524	2624	AdobeCollabSync.exe	AdobeCollabSync.exe
PID 2624 wrote to memory of 1524	2624	AdobeCollabSync.exe	AdobeCollabSync.exe
PID 2624 wrote to memory of 1524	2624	AdobeCollabSync.exe	AdobeCollabSync.exe
PID 1524 wrote to memory of 2224	1524	AdobeCollabSync.exe	FullTrustNotifier.exe
PID 1524 wrote to memory of 2224	1524	AdobeCollabSync.exe	FullTrustNotifier.exe
PID 1524 wrote to memory of 2224	1524	AdobeCollabSync.exe	FullTrustNotifier.exe
PID 4264 wrote to memory of 4976	4264	AcroRd32.exe	RdrCEF.exe
PID 4264 wrote to memory of 4976	4264	AcroRd32.exe	RdrCEF.exe
PID 4264 wrote to memory of 4976	4264	AcroRd32.exe	RdrCEF.exe
PID 4976 wrote to memory of 772	4976	RdrCEF.exe	RdrCEF.exe
PID 4976 wrote to memory of 772	4976	RdrCEF.exe	RdrCEF.exe
PID 4976 wrote to memory of 772	4976	RdrCEF.exe	RdrCEF.exe
PID 4976 wrote to memory of 772	4976	RdrCEF.exe	RdrCEF.exe
PID 4976 wrote to memory of 772	4976	RdrCEF.exe	RdrCEF.exe
PID 4976 wrote to memory of 772	4976	RdrCEF.exe	RdrCEF.exe
PID 4976 wrote to memory of 772	4976	RdrCEF.exe	RdrCEF.exe
PID 4976 wrote to memory of 772	4976	RdrCEF.exe	RdrCEF.exe
PID 4976 wrote to memory of 772	4976	RdrCEF.exe	RdrCEF.exe
PID 4976 wrote to memory of 772	4976	RdrCEF.exe	RdrCEF.exe
PID 4976 wrote to memory of 772	4976	RdrCEF.exe	RdrCEF.exe
PID 4976 wrote to memory of 772	4976	RdrCEF.exe	RdrCEF.exe
PID 4976 wrote to memory of 772	4976	RdrCEF.exe	RdrCEF.exe
PID 4976 wrote to memory of 772	4976	RdrCEF.exe	RdrCEF.exe
PID 4976 wrote to memory of 772	4976	RdrCEF.exe	RdrCEF.exe
PID 4976 wrote to memory of 772	4976	RdrCEF.exe	RdrCEF.exe
PID 4976 wrote to memory of 772	4976	RdrCEF.exe	RdrCEF.exe
PID 4976 wrote to memory of 772	4976	RdrCEF.exe	RdrCEF.exe
PID 4976 wrote to memory of 772	4976	RdrCEF.exe	RdrCEF.exe
PID 4976 wrote to memory of 772	4976	RdrCEF.exe	RdrCEF.exe
PID 4976 wrote to memory of 772	4976	RdrCEF.exe	RdrCEF.exe
PID 4976 wrote to memory of 772	4976	RdrCEF.exe	RdrCEF.exe
PID 4976 wrote to memory of 772	4976	RdrCEF.exe	RdrCEF.exe
PID 4976 wrote to memory of 772	4976	RdrCEF.exe	RdrCEF.exe
PID 4976 wrote to memory of 772	4976	RdrCEF.exe	RdrCEF.exe
PID 4976 wrote to memory of 772	4976	RdrCEF.exe	RdrCEF.exe
PID 4976 wrote to memory of 772	4976	RdrCEF.exe	RdrCEF.exe
PID 4976 wrote to memory of 772	4976	RdrCEF.exe	RdrCEF.exe
PID 4976 wrote to memory of 772	4976	RdrCEF.exe	RdrCEF.exe
PID 4976 wrote to memory of 772	4976	RdrCEF.exe	RdrCEF.exe
PID 4976 wrote to memory of 772	4976	RdrCEF.exe	RdrCEF.exe
PID 4976 wrote to memory of 772	4976	RdrCEF.exe	RdrCEF.exe
PID 4976 wrote to memory of 772	4976	RdrCEF.exe	RdrCEF.exe
PID 4976 wrote to memory of 772	4976	RdrCEF.exe	RdrCEF.exe
PID 4976 wrote to memory of 772	4976	RdrCEF.exe	RdrCEF.exe
PID 4976 wrote to memory of 772	4976	RdrCEF.exe	RdrCEF.exe
PID 4976 wrote to memory of 772	4976	RdrCEF.exe	RdrCEF.exe
PID 4976 wrote to memory of 772	4976	RdrCEF.exe	RdrCEF.exe
PID 4976 wrote to memory of 772	4976	RdrCEF.exe	RdrCEF.exe
PID 4976 wrote to memory of 772	4976	RdrCEF.exe	RdrCEF.exe
PID 4976 wrote to memory of 772	4976	RdrCEF.exe	RdrCEF.exe
PID 4976 wrote to memory of 1140	4976	RdrCEF.exe	RdrCEF.exe
PID 4976 wrote to memory of 1140	4976	RdrCEF.exe	RdrCEF.exe
PID 4976 wrote to memory of 1140	4976	RdrCEF.exe	RdrCEF.exe
PID 4976 wrote to memory of 1140	4976	RdrCEF.exe	RdrCEF.exe
PID 4976 wrote to memory of 1140	4976	RdrCEF.exe	RdrCEF.exe
PID 4976 wrote to memory of 1140	4976	RdrCEF.exe	RdrCEF.exe
PID 4976 wrote to memory of 1140	4976	RdrCEF.exe	RdrCEF.exe
PID 4976 wrote to memory of 1140	4976	RdrCEF.exe	RdrCEF.exe
PID 4976 wrote to memory of 1140	4976	RdrCEF.exe	RdrCEF.exe
PID 4976 wrote to memory of 1140	4976	RdrCEF.exe	RdrCEF.exe
PID 4976 wrote to memory of 1140	4976	RdrCEF.exe	RdrCEF.exe

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\EFT Form 2023.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4264

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" -c
2⤵
- Suspicious use of WriteProcessMemory
PID:2624

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" -c --type=collab-renderer --proc=2624
3⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:1524

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe" GetChannelUri
4⤵
PID:2224

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
2⤵
- Suspicious use of WriteProcessMemory
PID:4976

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=A7BE43014C5CA87BAFAF0D06CF5B4142 --mojo-platform-channel-handle=1744 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:772

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=F7CBFE540677371CC3B60C2E9D4B5C09 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=F7CBFE540677371CC3B60C2E9D4B5C09 --renderer-client-id=2 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job /prefetch:1
3⤵
PID:1140

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=27720C6506A5E3E0A87E358211BF5A48 --mojo-platform-channel-handle=2304 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:396

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=E5207A07E298C85D7B3FDF4D8486E364 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=E5207A07E298C85D7B3FDF4D8486E364 --renderer-client-id=5 --mojo-platform-channel-handle=1952 --allow-no-sandbox-job /prefetch:1
3⤵
PID:2640

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=422BE21657B274E22845A3519778EA7B --mojo-platform-channel-handle=2556 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:5112

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=6A6B401797C0E57DBC82017DA3BF44ED --mojo-platform-channel-handle=1964 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:1608

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1684

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
36KB

MD5
b30d3becc8731792523d599d949e63f5

SHA1
19350257e42d7aee17fb3bf139a9d3adb330fad4

SHA256
b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3

SHA512
523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
56KB

MD5
752a1f26b18748311b691c7d8fc20633

SHA1
c1f8e83eebc1cc1e9b88c773338eb09ff82ab862

SHA256
111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131

SHA512
a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
cded036c5bcd41d89ac7e9dfad715b4d

SHA1
1752889dbc15cf8dfd85620abd0494d56e09eb07

SHA256
f58d62d3ed840338a66d2ef6f6a5099f2bcff902b3d40609eab034c6ce7f0406

SHA512
06e0248745327552236eed9fc62539563150c4baa8f0ab815a725fe0870aefbf89c2503a6136c1f6bb106294399cae36922cb695f14abff1d34131d08a979471

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

Filesize
92KB

MD5
245950c48f668cf2fcb3c64778e64089

SHA1
3a5a14c820f58e35a3fc6f5de29669f0840587d8

SHA256
a027cf12f2055635a3020f08e0448b2f0314791260ccd25570426088c5b0e307

SHA512
4fc8448536663b551cc716d78715f06d4ed217fbdf755924f0b30aebbb6212798a61c6638f919d5c14bdb6998d6a12f0ca37281f3c7f484c1821fbfc98d4a24d

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

Filesize
92KB

MD5
aebe0d2eb7a2077a55e57a955e62406a

SHA1
3f811b8148f12220f4b45699135e6d21c9847d8a

SHA256
87aa4c64348b534771f03919b5bdca09596e89f6e0cca0a992bb3d290ec4155a

SHA512
efa1b082925a4e478fcea74764bbacb91d43da8c01c4b360a34e6f7402af23f91c93b5e91c6266120e144b5300e8dae73a62a7b6d7c4328410128f6a72a7baed

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

Filesize
92KB

MD5
4dd7295188efb8a911f29868ad8d7e64

SHA1
d93961841c350d42c4769b2af93071b9d5a121e3

SHA256
dbe61d29e7e90d0ea0ff36a67c7ded3d21f90e1ab050c36b1b9049170f8be6c0

SHA512
b62098179976619db0b04cb964ecd9449a3371327bff202087c7dd368c61136b2d9b9f900ffb20969a97deee31a4adc280d440576420fe3f8dda4d109c54c388

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

Filesize
92KB

MD5
e78518a5e284b0e6b26cd2da89c9f740

SHA1
2fd59aac1a3cd25ac9e3da2c3d78a94b29b73663

SHA256
abbb519592a418001b537adf5d5cafc14b75f21039ff52c82c3e8c21aa5c1634

SHA512
c420e6e821e420ca85b00731f7b3bcf86606887679903ac92f7d2111172a0c75e99bb522e2ac5bbb0f667b0e4c7d1fdaff242b4ab15d50813c022c1849a8bb71

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

Filesize
92KB

MD5
e78518a5e284b0e6b26cd2da89c9f740

SHA1
2fd59aac1a3cd25ac9e3da2c3d78a94b29b73663

SHA256
abbb519592a418001b537adf5d5cafc14b75f21039ff52c82c3e8c21aa5c1634

SHA512
c420e6e821e420ca85b00731f7b3bcf86606887679903ac92f7d2111172a0c75e99bb522e2ac5bbb0f667b0e4c7d1fdaff242b4ab15d50813c022c1849a8bb71

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

Filesize
92KB

MD5
245950c48f668cf2fcb3c64778e64089

SHA1
3a5a14c820f58e35a3fc6f5de29669f0840587d8

SHA256
a027cf12f2055635a3020f08e0448b2f0314791260ccd25570426088c5b0e307

SHA512
4fc8448536663b551cc716d78715f06d4ed217fbdf755924f0b30aebbb6212798a61c6638f919d5c14bdb6998d6a12f0ca37281f3c7f484c1821fbfc98d4a24d

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\resources\resource-18

Filesize
3.4MB

MD5
44047c4b3f1013d694b5d01098c8a0a8

SHA1
236b4716b08b4f4d031d9d55eb46b37d3c8ca6b9

SHA256
eaebc3b6731ad0d4eea255da74d0c5e6babb22dee4e558644a5fa0fa9a9c5fbf

SHA512
cc99e8877c77f65bf05e50cc64a25bdfaea3370be503151a24026977a6b9e80cf2c585081cc21cb1ce0bf93c776e1b452972dcb19d6ca1a1ff01474332079ed1

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\resources\resource-18

Filesize
3.4MB

MD5
44047c4b3f1013d694b5d01098c8a0a8

SHA1
236b4716b08b4f4d031d9d55eb46b37d3c8ca6b9

SHA256
eaebc3b6731ad0d4eea255da74d0c5e6babb22dee4e558644a5fa0fa9a9c5fbf

SHA512
cc99e8877c77f65bf05e50cc64a25bdfaea3370be503151a24026977a6b9e80cf2c585081cc21cb1ce0bf93c776e1b452972dcb19d6ca1a1ff01474332079ed1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
471B

MD5
c9d729a54f8492b942bce7ceda13b94f

SHA1
0e3b03f5fdd6e10440127e82d9078ae76edb92a0

SHA256
a3788de30b2d2af967be4233b0a442dbde950c3d75615a2fa80d20638b1d5b28

SHA512
03e593727208893adce85d6864fd0ba91ac22f01619876b80713e7996efc08d37f01fb31a1ef4e3f68432d6143940f6227ee7e8ec67651928763bff651a6a92e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
400B

MD5
802a381d312c9d9baac1637ba4da8529

SHA1
9b5ec813320f9e940aa2a07dc3a904604a89570a

SHA256
90ffdea29214fdf535b8fcff124067087f49653d42c353f6c18d24a823ce2cd7

SHA512
f3c08d40fe66564df9f2a6e770e51a54674f02b424ccb3ca6e298dd5350b1db5e20872bf7406caee81d3f9e9ef324d20f0501b7c4e024d44a87c3d4b2a9aacfc

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Filesize
12KB

MD5
d6572af19448ec489fc5a349511ecd9c

SHA1
507022ed19cb8301ab839026a533319c4eeb6d93

SHA256
9c6225989ac858bfb9b84933cdc873c06a71b319888d970762e0b39a5590bf5c

SHA512
33f318940a5b94678ad8a39e7c134aaaec02111e733006a81c92886665c9743a71291d1d7df9c1dd5f2756fa1a7d8e7a778bc60549eea1b24c6ba725796f2e8a

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata

Filesize
5.0MB

MD5
76b38860f377c77e2f952fbf8b9c3efe

SHA1
4165433fcccc6254b9154c0e8c695525bddd85d9

SHA256
592e16600eeaba7f3bb4823764799bae23c0eb5bc8ae151257c97038547bf7a9

SHA512
96cd363f7e2e66138ebea2a488eb457ef2cf1c40b621f80cf713267493816b246548a1fd33119f7f79b7bffb5f47408d6a7a96ecf67b3b81a74663f333eb0fca

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata

Filesize
14KB

MD5
947f93fe0eed44767626846f28cfde05

SHA1
f6276d2a2b4a9d8a8e23c84019cd3961e9d60e88

SHA256
06a576fc14e995c437b26c0d150b4e84cd745e7cedfd972a84b42b51c842fc9b

SHA512
f97739eb0d22a99b06ef340aefb0d5a5b45b679d28accff3de2565166392c7d2fabaa33f945696f7d456ba2ef323f48e43eb26578f71c8b2e8ed32fb4dc69bc9

Download Submit