8f70ba0810eb678e4c2e78f73af65dcdf3d665ce21b5486364ad74a8a7f753ae

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
14/03/2024, 09:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8f70ba0810eb678e4c2e78f73af65dcdf3d665ce21b5486364ad74a8a7f753ae.pdf
Size

399KB
MD5

3da30bea627055ee8b073ab089bd77f1
SHA1

2d9ae9d4051844cb6e279becdd34cb2dc38fcf1e
SHA256

8f70ba0810eb678e4c2e78f73af65dcdf3d665ce21b5486364ad74a8a7f753ae
SHA512

968b39fb069e27bc89b9e6a3834631a169d96b995dfbce79b86407cfdd4ff8ab41142ef78395f60231f8ae28b870b4cceb13bb889c7617c2e54def050bcbf96a
SSDEEP

6144:T/HNLdh+R/DVLud3JAhY3ftzDEwsuQ0WtrZaY+kmfPuAIuNgnhksbflTeLII:T/Ths7Vid3yEDZdQJtrrL6wGclTeMI

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\MuiCache	AdobeCollabSync.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
4556	AcroRd32.exe
4556	AcroRd32.exe
4556	AcroRd32.exe
4556	AcroRd32.exe
4556	AcroRd32.exe
4556	AcroRd32.exe
4556	AcroRd32.exe
4556	AcroRd32.exe
4556	AcroRd32.exe
4556	AcroRd32.exe
4556	AcroRd32.exe
4556	AcroRd32.exe
4556	AcroRd32.exe
4556	AcroRd32.exe
4556	AcroRd32.exe
4556	AcroRd32.exe
4556	AcroRd32.exe
4556	AcroRd32.exe
4556	AcroRd32.exe
4556	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4556	AcroRd32.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
4556	AcroRd32.exe
4556	AcroRd32.exe
4556	AcroRd32.exe
4556	AcroRd32.exe
4556	AcroRd32.exe
4556	AcroRd32.exe
4556	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4556 wrote to memory of 1616	4556	AcroRd32.exe	92
PID 4556 wrote to memory of 1616	4556	AcroRd32.exe	92
PID 4556 wrote to memory of 1616	4556	AcroRd32.exe	92
PID 1616 wrote to memory of 3736	1616	AdobeCollabSync.exe	93
PID 1616 wrote to memory of 3736	1616	AdobeCollabSync.exe	93
PID 1616 wrote to memory of 3736	1616	AdobeCollabSync.exe	93
PID 3736 wrote to memory of 3416	3736	AdobeCollabSync.exe	98
PID 3736 wrote to memory of 3416	3736	AdobeCollabSync.exe	98
PID 3736 wrote to memory of 3416	3736	AdobeCollabSync.exe	98
PID 4556 wrote to memory of 4048	4556	AcroRd32.exe	102
PID 4556 wrote to memory of 4048	4556	AcroRd32.exe	102
PID 4556 wrote to memory of 4048	4556	AcroRd32.exe	102
PID 4048 wrote to memory of 4936	4048	RdrCEF.exe	103
PID 4048 wrote to memory of 4936	4048	RdrCEF.exe	103
PID 4048 wrote to memory of 4936	4048	RdrCEF.exe	103
PID 4048 wrote to memory of 4936	4048	RdrCEF.exe	103
PID 4048 wrote to memory of 4936	4048	RdrCEF.exe	103
PID 4048 wrote to memory of 4936	4048	RdrCEF.exe	103
PID 4048 wrote to memory of 4936	4048	RdrCEF.exe	103
PID 4048 wrote to memory of 4936	4048	RdrCEF.exe	103
PID 4048 wrote to memory of 4936	4048	RdrCEF.exe	103
PID 4048 wrote to memory of 4936	4048	RdrCEF.exe	103
PID 4048 wrote to memory of 4936	4048	RdrCEF.exe	103
PID 4048 wrote to memory of 4936	4048	RdrCEF.exe	103
PID 4048 wrote to memory of 4936	4048	RdrCEF.exe	103
PID 4048 wrote to memory of 4936	4048	RdrCEF.exe	103
PID 4048 wrote to memory of 4936	4048	RdrCEF.exe	103
PID 4048 wrote to memory of 4936	4048	RdrCEF.exe	103
PID 4048 wrote to memory of 4936	4048	RdrCEF.exe	103
PID 4048 wrote to memory of 4936	4048	RdrCEF.exe	103
PID 4048 wrote to memory of 4936	4048	RdrCEF.exe	103
PID 4048 wrote to memory of 4936	4048	RdrCEF.exe	103
PID 4048 wrote to memory of 4936	4048	RdrCEF.exe	103
PID 4048 wrote to memory of 4936	4048	RdrCEF.exe	103
PID 4048 wrote to memory of 4936	4048	RdrCEF.exe	103
PID 4048 wrote to memory of 4936	4048	RdrCEF.exe	103
PID 4048 wrote to memory of 4936	4048	RdrCEF.exe	103
PID 4048 wrote to memory of 4936	4048	RdrCEF.exe	103
PID 4048 wrote to memory of 4936	4048	RdrCEF.exe	103
PID 4048 wrote to memory of 4936	4048	RdrCEF.exe	103
PID 4048 wrote to memory of 4936	4048	RdrCEF.exe	103
PID 4048 wrote to memory of 4936	4048	RdrCEF.exe	103
PID 4048 wrote to memory of 4936	4048	RdrCEF.exe	103
PID 4048 wrote to memory of 4936	4048	RdrCEF.exe	103
PID 4048 wrote to memory of 4936	4048	RdrCEF.exe	103
PID 4048 wrote to memory of 4936	4048	RdrCEF.exe	103
PID 4048 wrote to memory of 4936	4048	RdrCEF.exe	103
PID 4048 wrote to memory of 4936	4048	RdrCEF.exe	103
PID 4048 wrote to memory of 4936	4048	RdrCEF.exe	103
PID 4048 wrote to memory of 4936	4048	RdrCEF.exe	103
PID 4048 wrote to memory of 4936	4048	RdrCEF.exe	103
PID 4048 wrote to memory of 4936	4048	RdrCEF.exe	103
PID 4048 wrote to memory of 4936	4048	RdrCEF.exe	103
PID 4048 wrote to memory of 3700	4048	RdrCEF.exe	104
PID 4048 wrote to memory of 3700	4048	RdrCEF.exe	104
PID 4048 wrote to memory of 3700	4048	RdrCEF.exe	104
PID 4048 wrote to memory of 3700	4048	RdrCEF.exe	104
PID 4048 wrote to memory of 3700	4048	RdrCEF.exe	104
PID 4048 wrote to memory of 3700	4048	RdrCEF.exe	104
PID 4048 wrote to memory of 3700	4048	RdrCEF.exe	104
PID 4048 wrote to memory of 3700	4048	RdrCEF.exe	104
PID 4048 wrote to memory of 3700	4048	RdrCEF.exe	104
PID 4048 wrote to memory of 3700	4048	RdrCEF.exe	104
PID 4048 wrote to memory of 3700	4048	RdrCEF.exe	104

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\8f70ba0810eb678e4c2e78f73af65dcdf3d665ce21b5486364ad74a8a7f753ae.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4556
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" -c
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1616
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" -c --type=collab-renderer --proc=1616
    3⤵
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:3736
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe" GetChannelUri
      4⤵
      PID:3416
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4048
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=E75F130F5D33E83098E08E6C79AFD880 --mojo-platform-channel-handle=1736 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4936
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=8F6935F2237F4897790A069DD0C0388A --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=8F6935F2237F4897790A069DD0C0388A --renderer-client-id=2 --mojo-platform-channel-handle=1744 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:3700
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=D5B20B7BE9C4ABDFB4DE0D25AA2D4F61 --mojo-platform-channel-handle=2308 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4456
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=BE05C4798ED30E7CF748CB9E975D4038 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=BE05C4798ED30E7CF748CB9E975D4038 --renderer-client-id=5 --mojo-platform-channel-handle=1820 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:4424
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=50E3C3C90C18F87506FEE4A5798B4207 --mojo-platform-channel-handle=2576 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3668
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=65B8D565DBA32F5B00C9522C37A974ED --mojo-platform-channel-handle=2824 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4384

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1448

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
36KB

MD5
b30d3becc8731792523d599d949e63f5

SHA1
19350257e42d7aee17fb3bf139a9d3adb330fad4

SHA256
b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3

SHA512
523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
56KB

MD5
752a1f26b18748311b691c7d8fc20633

SHA1
c1f8e83eebc1cc1e9b88c773338eb09ff82ab862

SHA256
111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131

SHA512
a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
af46ea748bf5bfbfadc189a8e68042d0

SHA1
0b345871aa1fd8387c74eaf96583e70a2a2abff5

SHA256
31cf6ad0ac2c4690e357d288061696cb3a2072cc8a02dfe30f5db55b5d7ce419

SHA512
1970ba581542366a44991d5d615fcdf5eb2e3ba893092edb6a407edb6024d79ba0597bfd6162c3b82194b9db366849f75b01307db2976b6347b2ed17cfe2fdc6

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

Filesize
92KB

MD5
aebe0d2eb7a2077a55e57a955e62406a

SHA1
3f811b8148f12220f4b45699135e6d21c9847d8a

SHA256
87aa4c64348b534771f03919b5bdca09596e89f6e0cca0a992bb3d290ec4155a

SHA512
efa1b082925a4e478fcea74764bbacb91d43da8c01c4b360a34e6f7402af23f91c93b5e91c6266120e144b5300e8dae73a62a7b6d7c4328410128f6a72a7baed

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

Filesize
92KB

MD5
b350f9ef77c4ab590d098537e1a82dac

SHA1
0ddf83a181557e83beb8349c7a46f98fd2c11838

SHA256
a05f73ab7ac8a096c4c7a4888b365efafb3b64292a0d49aa26a2bb1dc7a438e0

SHA512
c0210739dc1309d959236915e327fe8da40173aab6a430096ad0e81b4cfa558b768f587e9dcde8bd4f4752d845cc088b41f79656991a37960754a203bd640815

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

Filesize
92KB

MD5
55a619e4a49d5266024b9dc822a22bf3

SHA1
a2259036658218d0da3a2265f887b9cb79732035

SHA256
78a754651835e9ec12d44380b41666ee69ad194045d3c77afff139544f20bc3a

SHA512
8555ed0207a9011484d004e1a886143b6a1fb5ca6482fb2f767888044347c30ce85c7b3c090c39ebdbfac74ba5dbfb10631e09b360396f01734cf852f1e7151a

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

Filesize
92KB

MD5
245950c48f668cf2fcb3c64778e64089

SHA1
3a5a14c820f58e35a3fc6f5de29669f0840587d8

SHA256
a027cf12f2055635a3020f08e0448b2f0314791260ccd25570426088c5b0e307

SHA512
4fc8448536663b551cc716d78715f06d4ed217fbdf755924f0b30aebbb6212798a61c6638f919d5c14bdb6998d6a12f0ca37281f3c7f484c1821fbfc98d4a24d

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\resources\resource-18

Filesize
3.6MB

MD5
a8c8361b7f2302396e258a3409e8371c

SHA1
cd84724e89830994e8b958a0c0a9db2b5fd3db08

SHA256
152951ea34b49de148c3d4f11fa81875193576c8aa4a49abc5fa756cd3e12f42

SHA512
29d08b72d345cc95e0ce998bde0967f63cb72bf3a8316ff49f009aadeab3872f99f0a3bb5230f5f3f2655cf6e1dc04ffcc716dcc7f6050814339b25a0824e60b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
471B

MD5
c5f458e04632f12727c3d9cb1eda59ab

SHA1
2bf868e367304cfa02b52a012d2574fe0653e429

SHA256
3a2fa7214f0d5b9451a8e1fe1ac080c4281fea28ec7f384de15b365a59cfef15

SHA512
b0fe9ecb1dfdeaef8ea404645c084855297f879567671d065260fef70abcf9af8bdc3e8e31e27e2dfb14ac43285ce46818fdda04ffc7644467109043a7ce8307

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
400B

MD5
547cf4d3561b55ff4e3a1d57d0d56367

SHA1
a82d708bb7a892605e650e599d8c97233e618b05

SHA256
4e1a092b9a8cd6eb934a27a708feac28b097d516cceb5d01d8fa3a804f77140e

SHA512
87a3fa78d07a286f474db9fa4c91313576a2e2eb46fcac0befc5906d7b7bb204f478790af796f1c1bbb98d2926f8c09bec48723c115644f5a081d71b0fbefb36

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Filesize
12KB

MD5
badadfc195bd32fe706a2dcd3680d270

SHA1
b4876428e644fe3a3f093549ae1be539f2e15e1f

SHA256
0f59fe19cf1494236280d03e228d023bbfdfcbabde513bd81dc1b2c3b742b68d

SHA512
7a51fc9e349e4b353ff918e82f534afe99305e402f24ce9454dd6bc9ee142d6768f42ce43534c969f8c24dff158821bcb11e4bc0e5d22f62133702e943d2623f

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata

Filesize
14KB

MD5
947f93fe0eed44767626846f28cfde05

SHA1
f6276d2a2b4a9d8a8e23c84019cd3961e9d60e88

SHA256
06a576fc14e995c437b26c0d150b4e84cd745e7cedfd972a84b42b51c842fc9b

SHA512
f97739eb0d22a99b06ef340aefb0d5a5b45b679d28accff3de2565166392c7d2fabaa33f945696f7d456ba2ef323f48e43eb26578f71c8b2e8ed32fb4dc69bc9

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata

Filesize
5.3MB

MD5
97f2aebb4c3cb058995441277db99da3

SHA1
eaef8a3e37740115632646e64eb2810dc2eec1e6

SHA256
793125c5420b86d763c7c3fd5191d0448480732551b1e5dc10f09eefb05b3380

SHA512
fa325d799ff464718a4073946c7b7b2d43c1ebd34904726bb0f030c9cecef1a5f1988fc4eae5b1388110cd1b93b1e427501e95d96ddd21a3ffdbf7c49c2e466a

Download Submit