bbab12dc486b1c6fcf9e343ec1474d0f8967de988444d7f838f1b4dcab343e8a

Analysis

max time kernel
174s
max time network
184s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10-04-2024 13:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bbab12dc486b1c6fcf9e343ec1474d0f8967de988444d7f838f1b4dcab343e8a.pdf
Size

1.2MB
MD5

c326ba10fb458ca8b17a12047664ba61
SHA1

897439fae9312219b87e6b62d0d7d0bcdf419eff
SHA256

bbab12dc486b1c6fcf9e343ec1474d0f8967de988444d7f838f1b4dcab343e8a
SHA512

d647695b7bfc10d8c94af873506cb02c51ecdf672f151b175a3b42f78138fa401824b7a4f813d400acb35dbbc365968261282718672bc25d30040cf8e2e61941
SSDEEP

24576:iPO7CFXws3rSFQh08q/SjCUO+rT4p/5bKTeUXBXJbM:i73bSSh0oCU149KTLlJY

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000_Classes\Local Settings\MuiCache	AdobeCollabSync.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
4576	AcroRd32.exe
4576	AcroRd32.exe
4576	AcroRd32.exe
4576	AcroRd32.exe
4576	AcroRd32.exe
4576	AcroRd32.exe
4576	AcroRd32.exe
4576	AcroRd32.exe
4576	AcroRd32.exe
4576	AcroRd32.exe
4576	AcroRd32.exe
4576	AcroRd32.exe
4576	AcroRd32.exe
4576	AcroRd32.exe
4576	AcroRd32.exe
4576	AcroRd32.exe
4576	AcroRd32.exe
4576	AcroRd32.exe
4576	AcroRd32.exe
4576	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4576	AcroRd32.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
4576	AcroRd32.exe
4576	AcroRd32.exe
4576	AcroRd32.exe
4576	AcroRd32.exe
4576	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4576 wrote to memory of 1816	4576	AcroRd32.exe	96
PID 4576 wrote to memory of 1816	4576	AcroRd32.exe	96
PID 4576 wrote to memory of 1816	4576	AcroRd32.exe	96
PID 1816 wrote to memory of 440	1816	AdobeCollabSync.exe	99
PID 1816 wrote to memory of 440	1816	AdobeCollabSync.exe	99
PID 1816 wrote to memory of 440	1816	AdobeCollabSync.exe	99
PID 440 wrote to memory of 3772	440	AdobeCollabSync.exe	102
PID 440 wrote to memory of 3772	440	AdobeCollabSync.exe	102
PID 440 wrote to memory of 3772	440	AdobeCollabSync.exe	102
PID 4576 wrote to memory of 640	4576	AcroRd32.exe	106
PID 4576 wrote to memory of 640	4576	AcroRd32.exe	106
PID 4576 wrote to memory of 640	4576	AcroRd32.exe	106
PID 4576 wrote to memory of 3772	4576	AcroRd32.exe	107
PID 4576 wrote to memory of 3772	4576	AcroRd32.exe	107
PID 4576 wrote to memory of 3772	4576	AcroRd32.exe	107
PID 640 wrote to memory of 456	640	RdrCEF.exe	108
PID 640 wrote to memory of 456	640	RdrCEF.exe	108
PID 640 wrote to memory of 456	640	RdrCEF.exe	108
PID 640 wrote to memory of 456	640	RdrCEF.exe	108
PID 640 wrote to memory of 456	640	RdrCEF.exe	108
PID 640 wrote to memory of 456	640	RdrCEF.exe	108
PID 640 wrote to memory of 456	640	RdrCEF.exe	108
PID 640 wrote to memory of 456	640	RdrCEF.exe	108
PID 640 wrote to memory of 456	640	RdrCEF.exe	108
PID 640 wrote to memory of 456	640	RdrCEF.exe	108
PID 640 wrote to memory of 456	640	RdrCEF.exe	108
PID 640 wrote to memory of 456	640	RdrCEF.exe	108
PID 640 wrote to memory of 456	640	RdrCEF.exe	108
PID 640 wrote to memory of 456	640	RdrCEF.exe	108
PID 640 wrote to memory of 456	640	RdrCEF.exe	108
PID 640 wrote to memory of 456	640	RdrCEF.exe	108
PID 640 wrote to memory of 456	640	RdrCEF.exe	108
PID 640 wrote to memory of 456	640	RdrCEF.exe	108
PID 640 wrote to memory of 456	640	RdrCEF.exe	108
PID 640 wrote to memory of 456	640	RdrCEF.exe	108
PID 640 wrote to memory of 456	640	RdrCEF.exe	108
PID 640 wrote to memory of 456	640	RdrCEF.exe	108
PID 640 wrote to memory of 456	640	RdrCEF.exe	108
PID 640 wrote to memory of 456	640	RdrCEF.exe	108
PID 640 wrote to memory of 456	640	RdrCEF.exe	108
PID 640 wrote to memory of 456	640	RdrCEF.exe	108
PID 640 wrote to memory of 456	640	RdrCEF.exe	108
PID 640 wrote to memory of 456	640	RdrCEF.exe	108
PID 640 wrote to memory of 456	640	RdrCEF.exe	108
PID 640 wrote to memory of 456	640	RdrCEF.exe	108
PID 640 wrote to memory of 456	640	RdrCEF.exe	108
PID 640 wrote to memory of 456	640	RdrCEF.exe	108
PID 640 wrote to memory of 456	640	RdrCEF.exe	108
PID 640 wrote to memory of 456	640	RdrCEF.exe	108
PID 640 wrote to memory of 456	640	RdrCEF.exe	108
PID 640 wrote to memory of 456	640	RdrCEF.exe	108
PID 640 wrote to memory of 456	640	RdrCEF.exe	108
PID 640 wrote to memory of 456	640	RdrCEF.exe	108
PID 640 wrote to memory of 456	640	RdrCEF.exe	108
PID 640 wrote to memory of 456	640	RdrCEF.exe	108
PID 640 wrote to memory of 456	640	RdrCEF.exe	108
PID 640 wrote to memory of 1284	640	RdrCEF.exe	109
PID 640 wrote to memory of 1284	640	RdrCEF.exe	109
PID 640 wrote to memory of 1284	640	RdrCEF.exe	109
PID 640 wrote to memory of 1284	640	RdrCEF.exe	109
PID 640 wrote to memory of 1284	640	RdrCEF.exe	109
PID 640 wrote to memory of 1284	640	RdrCEF.exe	109
PID 640 wrote to memory of 1284	640	RdrCEF.exe	109
PID 640 wrote to memory of 1284	640	RdrCEF.exe	109

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\bbab12dc486b1c6fcf9e343ec1474d0f8967de988444d7f838f1b4dcab343e8a.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4576
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" -c
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1816
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" -c --type=collab-renderer --proc=1816
    3⤵
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:440
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe" GetChannelUri
      4⤵
      PID:3772
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:640
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=0461CF3D64E83EC1022A790503C3D3FE --mojo-platform-channel-handle=1724 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:456
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=F5C4788392E4553B14F0A56705DEBCD4 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=F5C4788392E4553B14F0A56705DEBCD4 --renderer-client-id=2 --mojo-platform-channel-handle=1732 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:1284
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=45CB4A26270490B2C49256269742F589 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=45CB4A26270490B2C49256269742F589 --renderer-client-id=4 --mojo-platform-channel-handle=2176 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:2008
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=DA5D703C8930C634E4C4951DE093E755 --mojo-platform-channel-handle=1780 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4404
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=81532D3A017267E25FBA1E5362B01C24 --mojo-platform-channel-handle=2596 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1044
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=549C32B8F7ADF3876FFCFFEF8109E04D --mojo-platform-channel-handle=1788 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:960
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  PID:3772

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4012 --field-trial-handle=2700,i,14629483171127516024,12350888228055326066,262144 --variations-seed-version /prefetch:8
1⤵
PID:1180

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4400

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
36KB

MD5
b30d3becc8731792523d599d949e63f5

SHA1
19350257e42d7aee17fb3bf139a9d3adb330fad4

SHA256
b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3

SHA512
523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
56KB

MD5
752a1f26b18748311b691c7d8fc20633

SHA1
c1f8e83eebc1cc1e9b88c773338eb09ff82ab862

SHA256
111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131

SHA512
a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
4e6e8f5e853a3ddbdc5c06138c627c34

SHA1
99bed2a1ed26cb6aa41d55b5c3d153ce75d8dea6

SHA256
688b31927e0df12f24ed14e3a61077847651d20ebd0435e5d32b0cebcec5e4c8

SHA512
5d1fde23050ba1b7e99cb2290c479f3336ce9aa643b97e985906da4f299b18b422dd28a6d83854beb5d0927fabd9911f1f27d375eac115caaf039abff236d3cc

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

Filesize
92KB

MD5
245950c48f668cf2fcb3c64778e64089

SHA1
3a5a14c820f58e35a3fc6f5de29669f0840587d8

SHA256
a027cf12f2055635a3020f08e0448b2f0314791260ccd25570426088c5b0e307

SHA512
4fc8448536663b551cc716d78715f06d4ed217fbdf755924f0b30aebbb6212798a61c6638f919d5c14bdb6998d6a12f0ca37281f3c7f484c1821fbfc98d4a24d

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

Filesize
92KB

MD5
aebe0d2eb7a2077a55e57a955e62406a

SHA1
3f811b8148f12220f4b45699135e6d21c9847d8a

SHA256
87aa4c64348b534771f03919b5bdca09596e89f6e0cca0a992bb3d290ec4155a

SHA512
efa1b082925a4e478fcea74764bbacb91d43da8c01c4b360a34e6f7402af23f91c93b5e91c6266120e144b5300e8dae73a62a7b6d7c4328410128f6a72a7baed

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

Filesize
92KB

MD5
7fb7ce75feb04208f8fa7ab4ea7d7877

SHA1
a19505f2a2e85d5e829c4be3b6406ffa06594c71

SHA256
b208b8a120c602683bcf9d87a6e3ce050de5825cef5521819311a2cd1dec0908

SHA512
5b3a5db984ed70bc77895c16d51feb520d8f01daa5b01c2272b4e1c0129a2afe2bf23b900ba116ba951355a55e3f2e12a44a5683469f49c7c8c30dc4211eea93

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

Filesize
92KB

MD5
00eebb37cecd1a2ec3ddfbb5ca79b75c

SHA1
633bdb7c2b8990574ac486164214665202752ebc

SHA256
b95edf250529a606f236af8503dd9738890facc288ef556b2c61175f7f12c9de

SHA512
51972f6fe1c16cd6d6673f4a5b12fc0538bfcd455e41f3f4a109be1e269d7837de80cb0642f467a710625de0c23129b88abe22085e86c7c2b6d9f0a383bbb47e

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\resources\resource-18

Filesize
3.6MB

MD5
eacf7fae6113ca0dc6577bf4a0b4cf8c

SHA1
a070901fb29267aaa25e1f85f77bfed1b3ef8446

SHA256
f0cbb9bed3f12ea767ee9572aefdea89338643b6b803b180f3c494a83745e83f

SHA512
9ef45a231319f1b86f7fc9a2f15048a3d28bed9e8fcc6007921ad9ad2dae9d9b3c3b0ee15cefbb9d80af8059c4bcb0ed5cd2eba4d4e3b27b29e6146f8eb9e22a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
471B

MD5
f5a650353ee243aaf1cf1f6889d25c76

SHA1
6bb2f62b62f2416cbd87e2d63908523cc2b7bbed

SHA256
535aca1a3b43aaa89e54f76365b0b26ea6f48e896fa5384dce5494fd8478c4f0

SHA512
f8951eb7a7c556f414d7b16aa36716288b7f8845b2fb578dbc7df6b23148f3f54272db8bb1ce7db6823f3dde2d31befd42e604bde44b15c6b508079028f82f0c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
400B

MD5
910f21b181c87775336d5dd1b54d0a37

SHA1
14c6e716827b645e5aa302e059e4f9a7572a59d2

SHA256
616f7ddb0a1aa176777c6db3b02c7f8c92e07a610c98a0edfb4bfe9b014ad64e

SHA512
0c747d20eaff65001c883d09a5078cc6f122da14924f9fe3d1771ed0e516aafb3f52fc69e1e7879754323ca01c99d43cbcc15eeb738e2f200a8ac9e4930e2c6b

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Filesize
12KB

MD5
7c483ecc77d7e28a91710feb5675c462

SHA1
07e88217c98b5c70383b56e76bdc84c747fc7f3a

SHA256
66ebe172b3be0d4a07bd148eff41db341fb282dfe605817af61e7e26c7b9a3bb

SHA512
cdf342f6cba1ea62fc5ac0c061e4c704d3dc8fe058b7e9c81713e777834ce7f678ff36d7f778f3aa9a06f98564765f2f15f7abdc3045f2171fdd5f5863776bbf

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Filesize
12KB

MD5
b1b11d6999bd238e6ec25f6a8557b5ea

SHA1
68c26cf671ee5b0a370c1e145da6a04d84f0a8cc

SHA256
fc55f5232498179317d1db5e06aed7437c28aa7dcc7932102bc81b4a0b15662a

SHA512
77ea305ebfb99f771a6f7fdfbbd8e75d7a935fec0298122a72d907b27687ec718c49059281f276ee9daae7e689cfeba299926947be3ab979b76611c6cc46e10f

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata

Filesize
14KB

MD5
947f93fe0eed44767626846f28cfde05

SHA1
f6276d2a2b4a9d8a8e23c84019cd3961e9d60e88

SHA256
06a576fc14e995c437b26c0d150b4e84cd745e7cedfd972a84b42b51c842fc9b

SHA512
f97739eb0d22a99b06ef340aefb0d5a5b45b679d28accff3de2565166392c7d2fabaa33f945696f7d456ba2ef323f48e43eb26578f71c8b2e8ed32fb4dc69bc9

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata

Filesize
5.3MB

MD5
c34fbec852686f9cdceb057afab88123

SHA1
1f0dc09dc3ddaee50f820a1d316b0bbbcf0d2b2c

SHA256
03140463d9f2ed2a98d80d9e7210d8d35a6c8db17daa313c8ccddb9a696d3c90

SHA512
a6676c35896339b38729c49d21d8b3ddbc916e02d9e98974d7ccc98acacc1bb4acfdd9072927341985fdf3a3c11da7f4cfbd06a9703d15dc552c8c8170cc3be4

Download Submit