2c9e483729ba842161dbf111980837ebf9f50f98e153df7a9f315d486c9bdf07

Analysis

max time kernel
141s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
29-03-2024 19:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2c9e483729ba842161dbf111980837ebf9f50f98e153df7a9f315d486c9bdf07.pdf
Size

19KB
MD5

60047d74e78b897f96f454a1a4ceadfe
SHA1

fb9d9780e43aebf35bea0ae0724eb3b0ed16a773
SHA256

2c9e483729ba842161dbf111980837ebf9f50f98e153df7a9f315d486c9bdf07
SHA512

b1d6e807e77290a6d875e799f507b5927c17f82e9b100b456f8f101472aef83267d5b107890de1c04274a264b8276e6e433930fb385cca6538d69a8133292747
SSDEEP

384:8gEqvkstuhJtToj5ssRCOhPlieI1na/UdUN9EuFBzJG7HHWn:81qvkskhJpoj5ssRPlieIVFdWhVG7S

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Local Settings\MuiCache	AdobeCollabSync.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
3500	AcroRd32.exe
3500	AcroRd32.exe
3500	AcroRd32.exe
3500	AcroRd32.exe
3500	AcroRd32.exe
3500	AcroRd32.exe
3500	AcroRd32.exe
3500	AcroRd32.exe
3500	AcroRd32.exe
3500	AcroRd32.exe
3500	AcroRd32.exe
3500	AcroRd32.exe
3500	AcroRd32.exe
3500	AcroRd32.exe
3500	AcroRd32.exe
3500	AcroRd32.exe
3500	AcroRd32.exe
3500	AcroRd32.exe
3500	AcroRd32.exe
3500	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3500	AcroRd32.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
3500	AcroRd32.exe
3500	AcroRd32.exe
3500	AcroRd32.exe
3500	AcroRd32.exe
3500	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3500 wrote to memory of 948	3500	AcroRd32.exe	87
PID 3500 wrote to memory of 948	3500	AcroRd32.exe	87
PID 3500 wrote to memory of 948	3500	AcroRd32.exe	87
PID 948 wrote to memory of 1696	948	AdobeCollabSync.exe	88
PID 948 wrote to memory of 1696	948	AdobeCollabSync.exe	88
PID 948 wrote to memory of 1696	948	AdobeCollabSync.exe	88
PID 1696 wrote to memory of 2624	1696	AdobeCollabSync.exe	93
PID 1696 wrote to memory of 2624	1696	AdobeCollabSync.exe	93
PID 1696 wrote to memory of 2624	1696	AdobeCollabSync.exe	93
PID 3500 wrote to memory of 4728	3500	AcroRd32.exe	97
PID 3500 wrote to memory of 4728	3500	AcroRd32.exe	97
PID 3500 wrote to memory of 4728	3500	AcroRd32.exe	97
PID 4728 wrote to memory of 2992	4728	RdrCEF.exe	98
PID 4728 wrote to memory of 2992	4728	RdrCEF.exe	98
PID 4728 wrote to memory of 2992	4728	RdrCEF.exe	98
PID 4728 wrote to memory of 2992	4728	RdrCEF.exe	98
PID 4728 wrote to memory of 2992	4728	RdrCEF.exe	98
PID 4728 wrote to memory of 2992	4728	RdrCEF.exe	98
PID 4728 wrote to memory of 2992	4728	RdrCEF.exe	98
PID 4728 wrote to memory of 2992	4728	RdrCEF.exe	98
PID 4728 wrote to memory of 2992	4728	RdrCEF.exe	98
PID 4728 wrote to memory of 2992	4728	RdrCEF.exe	98
PID 4728 wrote to memory of 2992	4728	RdrCEF.exe	98
PID 4728 wrote to memory of 2992	4728	RdrCEF.exe	98
PID 4728 wrote to memory of 2992	4728	RdrCEF.exe	98
PID 4728 wrote to memory of 2992	4728	RdrCEF.exe	98
PID 4728 wrote to memory of 2992	4728	RdrCEF.exe	98
PID 4728 wrote to memory of 2992	4728	RdrCEF.exe	98
PID 4728 wrote to memory of 2992	4728	RdrCEF.exe	98
PID 4728 wrote to memory of 2992	4728	RdrCEF.exe	98
PID 4728 wrote to memory of 2992	4728	RdrCEF.exe	98
PID 4728 wrote to memory of 2992	4728	RdrCEF.exe	98
PID 4728 wrote to memory of 2992	4728	RdrCEF.exe	98
PID 4728 wrote to memory of 2992	4728	RdrCEF.exe	98
PID 4728 wrote to memory of 2992	4728	RdrCEF.exe	98
PID 4728 wrote to memory of 2992	4728	RdrCEF.exe	98
PID 4728 wrote to memory of 2992	4728	RdrCEF.exe	98
PID 4728 wrote to memory of 2992	4728	RdrCEF.exe	98
PID 4728 wrote to memory of 2992	4728	RdrCEF.exe	98
PID 4728 wrote to memory of 2992	4728	RdrCEF.exe	98
PID 4728 wrote to memory of 2992	4728	RdrCEF.exe	98
PID 4728 wrote to memory of 2992	4728	RdrCEF.exe	98
PID 4728 wrote to memory of 2992	4728	RdrCEF.exe	98
PID 4728 wrote to memory of 2992	4728	RdrCEF.exe	98
PID 4728 wrote to memory of 2992	4728	RdrCEF.exe	98
PID 4728 wrote to memory of 2992	4728	RdrCEF.exe	98
PID 4728 wrote to memory of 2992	4728	RdrCEF.exe	98
PID 4728 wrote to memory of 2992	4728	RdrCEF.exe	98
PID 4728 wrote to memory of 2992	4728	RdrCEF.exe	98
PID 4728 wrote to memory of 2992	4728	RdrCEF.exe	98
PID 4728 wrote to memory of 2992	4728	RdrCEF.exe	98
PID 4728 wrote to memory of 2992	4728	RdrCEF.exe	98
PID 4728 wrote to memory of 2992	4728	RdrCEF.exe	98
PID 4728 wrote to memory of 1028	4728	RdrCEF.exe	99
PID 4728 wrote to memory of 1028	4728	RdrCEF.exe	99
PID 4728 wrote to memory of 1028	4728	RdrCEF.exe	99
PID 4728 wrote to memory of 1028	4728	RdrCEF.exe	99
PID 4728 wrote to memory of 1028	4728	RdrCEF.exe	99
PID 4728 wrote to memory of 1028	4728	RdrCEF.exe	99
PID 4728 wrote to memory of 1028	4728	RdrCEF.exe	99
PID 4728 wrote to memory of 1028	4728	RdrCEF.exe	99
PID 4728 wrote to memory of 1028	4728	RdrCEF.exe	99
PID 4728 wrote to memory of 1028	4728	RdrCEF.exe	99
PID 4728 wrote to memory of 1028	4728	RdrCEF.exe	99

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\2c9e483729ba842161dbf111980837ebf9f50f98e153df7a9f315d486c9bdf07.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3500
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" -c
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:948
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" -c --type=collab-renderer --proc=948
    3⤵
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:1696
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe" GetChannelUri
      4⤵
      PID:2624
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4728
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=E0559EB40DAF9FDFE5BCDFE762CFDA50 --mojo-platform-channel-handle=1736 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2992
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=679D7A8369BD849014052B3F14202E29 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=679D7A8369BD849014052B3F14202E29 --renderer-client-id=2 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:1028
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=E11E5B9E840FDAA1CCD814994A2C0C8E --mojo-platform-channel-handle=2304 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:432
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=C921F25889F3EE0F4C114167644B0EAD --mojo-platform-channel-handle=1892 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1992
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=82178B6720289FE42489653C6BB02AED --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=82178B6720289FE42489653C6BB02AED --renderer-client-id=6 --mojo-platform-channel-handle=2320 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:2380
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=6D076FF78FEEE3D64B723F64845B5FE0 --mojo-platform-channel-handle=2700 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2720

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4716

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
36KB

MD5
b30d3becc8731792523d599d949e63f5

SHA1
19350257e42d7aee17fb3bf139a9d3adb330fad4

SHA256
b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3

SHA512
523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
56KB

MD5
752a1f26b18748311b691c7d8fc20633

SHA1
c1f8e83eebc1cc1e9b88c773338eb09ff82ab862

SHA256
111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131

SHA512
a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
087bc2be50d2cddfa474fbde634b4c81

SHA1
3623de33c85cd0a40a78c8aa63ad41fd5ffba747

SHA256
2cba28ff33f3ee6f3f7fc88d876f8d2c06c93c98fc84651a4f17712f94e3defa

SHA512
65b3ed9a28f3256f8c32bf0f2e33b907dca5a1208ab12fce7157474ec0f8630820a08062bed394710e3047ea13c80c3454aab66565fd553aeb4de692191012ba

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

Filesize
92KB

MD5
aebe0d2eb7a2077a55e57a955e62406a

SHA1
3f811b8148f12220f4b45699135e6d21c9847d8a

SHA256
87aa4c64348b534771f03919b5bdca09596e89f6e0cca0a992bb3d290ec4155a

SHA512
efa1b082925a4e478fcea74764bbacb91d43da8c01c4b360a34e6f7402af23f91c93b5e91c6266120e144b5300e8dae73a62a7b6d7c4328410128f6a72a7baed

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

Filesize
92KB

MD5
9cd04e33e804723f5a09881b69afbdad

SHA1
0252fba07b9d0f06a7c812602fedc01e0e33d6b8

SHA256
bb751dac35eca17da7ce8bfa98fe1c400c161fbce1847e2d95eb342306691a4a

SHA512
7819c867e9522ea6412e95ca4e8dd4cb2d13ac8def052d93037e8a0f4c3e8fc962414578b9aa6bd46f4ba4c8532fb6221293869b94ddb073c6ecad32d89cfa7d

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

Filesize
92KB

MD5
86606d6069dbbf6f5744ab440199b62f

SHA1
bbf38ba5385283dee3d1408a37c48a1e7a568e17

SHA256
99e4c718387034030546c1d0df17422562a9fcdedbd51ee739bc92d998eb7352

SHA512
5b497db679c946f502711e2755f8b94ddf8cef5aa2ccaaf58672dbb31e51f83aef49c2ab07e459d7adf36f57b2579c17d1047e18c13e119ec28fe48479fb5117

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

Filesize
92KB

MD5
245950c48f668cf2fcb3c64778e64089

SHA1
3a5a14c820f58e35a3fc6f5de29669f0840587d8

SHA256
a027cf12f2055635a3020f08e0448b2f0314791260ccd25570426088c5b0e307

SHA512
4fc8448536663b551cc716d78715f06d4ed217fbdf755924f0b30aebbb6212798a61c6638f919d5c14bdb6998d6a12f0ca37281f3c7f484c1821fbfc98d4a24d

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\resources\resource-18

Filesize
3.6MB

MD5
a8c8361b7f2302396e258a3409e8371c

SHA1
cd84724e89830994e8b958a0c0a9db2b5fd3db08

SHA256
152951ea34b49de148c3d4f11fa81875193576c8aa4a49abc5fa756cd3e12f42

SHA512
29d08b72d345cc95e0ce998bde0967f63cb72bf3a8316ff49f009aadeab3872f99f0a3bb5230f5f3f2655cf6e1dc04ffcc716dcc7f6050814339b25a0824e60b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
471B

MD5
9fac047120dabf3556e435e484636e86

SHA1
8a03b41b739baa4ecd52db96c2cb133ff4a3958d

SHA256
1cfce0a99cfb9191d3f0ae4a6013fe0b3ccc1a8a371d96f456bc63e78440c82b

SHA512
de6cd2e042a5e94f5273b682afd07fe123c8c7ffc4252fdee6c2f444ca7ebc26688d2b40f35191e18b6255620557920ca1c1149bc701aa8e1216a18e350f21a8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
400B

MD5
1fe6e34cb7c256ee54180e1de9684c5e

SHA1
9fdeea1bbc1f2c029caa80daf94b5a1a3bcdf196

SHA256
2545d48244908bdb55be55b297c27e7db5ce909ecf9c70387a3f5b8272989ca6

SHA512
7010c038cebc2aa54fa3104bd94a74983e02e55c22d0083867868de529ed9b0a9b127dce8c51d65b5d0f09e0fda26cea8f1de861f224b0058506b0c42bdb8022

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Filesize
12KB

MD5
e6faec9b799900b1204c16ae52218f78

SHA1
3052bf0d68f3395a9ecfc182d1b4822f477f078c

SHA256
75d42ca6701bd285f69a72009f7eb7818aaa8bc265e197f7b186e26271e5d248

SHA512
712a963843b302d38e9d3da4bb46542928b42e2f7f75dd27f98ba6e901c3bf78f6f5f5eb9fa36b0ea2ebcb52f94c97454b76680d97b693bcfba938a2b46e67f7

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata

Filesize
5.3MB

MD5
97f2aebb4c3cb058995441277db99da3

SHA1
eaef8a3e37740115632646e64eb2810dc2eec1e6

SHA256
793125c5420b86d763c7c3fd5191d0448480732551b1e5dc10f09eefb05b3380

SHA512
fa325d799ff464718a4073946c7b7b2d43c1ebd34904726bb0f030c9cecef1a5f1988fc4eae5b1388110cd1b93b1e427501e95d96ddd21a3ffdbf7c49c2e466a

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata

Filesize
14KB

MD5
947f93fe0eed44767626846f28cfde05

SHA1
f6276d2a2b4a9d8a8e23c84019cd3961e9d60e88

SHA256
06a576fc14e995c437b26c0d150b4e84cd745e7cedfd972a84b42b51c842fc9b

SHA512
f97739eb0d22a99b06ef340aefb0d5a5b45b679d28accff3de2565166392c7d2fabaa33f945696f7d456ba2ef323f48e43eb26578f71c8b2e8ed32fb4dc69bc9

Download Submit