cdd4dd7e7323f6ab8472ccf602a94be52c6b38b1f5200a6df05f8250d84b900f

Analysis

max time kernel
149s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
19/04/2024, 12:13

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

cdd4dd7e7323f6ab8472ccf602a94be52c6b38b1f5200a6df05f8250d84b900f.pdf
Size

96KB
MD5

87f665c1205347aa26c35391228b7daa
SHA1

bfe63ba4785d1fdf1369c2d551aef53ca7d390d3
SHA256

cdd4dd7e7323f6ab8472ccf602a94be52c6b38b1f5200a6df05f8250d84b900f
SHA512

e57f7bcdaa12e1345330f16117bb4a098265fd59f18aea5c35294a906da8d746a4f8fcac039f16cdd0696b5af617888b72634fffa0114a4bc71b0cd904680ace
SSDEEP

3072:XnK+H99ZszZpTSVBZ8YCu2oEgOdtgyASMU:XnK+H9zizTSVBI9As

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\MuiCache	AdobeCollabSync.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
1316	AcroRd32.exe
1316	AcroRd32.exe
1316	AcroRd32.exe
1316	AcroRd32.exe
1316	AcroRd32.exe
1316	AcroRd32.exe
1316	AcroRd32.exe
1316	AcroRd32.exe
1316	AcroRd32.exe
1316	AcroRd32.exe
1316	AcroRd32.exe
1316	AcroRd32.exe
1316	AcroRd32.exe
1316	AcroRd32.exe
1316	AcroRd32.exe
1316	AcroRd32.exe
1316	AcroRd32.exe
1316	AcroRd32.exe
1316	AcroRd32.exe
1316	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1316	AcroRd32.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
1316	AcroRd32.exe
1316	AcroRd32.exe
1316	AcroRd32.exe
1316	AcroRd32.exe
1316	AcroRd32.exe
1316	AcroRd32.exe
1316	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1316 wrote to memory of 2368	1316	AcroRd32.exe	91
PID 1316 wrote to memory of 2368	1316	AcroRd32.exe	91
PID 1316 wrote to memory of 2368	1316	AcroRd32.exe	91
PID 2368 wrote to memory of 1200	2368	AdobeCollabSync.exe	92
PID 2368 wrote to memory of 1200	2368	AdobeCollabSync.exe	92
PID 2368 wrote to memory of 1200	2368	AdobeCollabSync.exe	92
PID 1200 wrote to memory of 2336	1200	AdobeCollabSync.exe	95
PID 1200 wrote to memory of 2336	1200	AdobeCollabSync.exe	95
PID 1200 wrote to memory of 2336	1200	AdobeCollabSync.exe	95
PID 1316 wrote to memory of 2428	1316	AcroRd32.exe	96
PID 1316 wrote to memory of 2428	1316	AcroRd32.exe	96
PID 1316 wrote to memory of 2428	1316	AcroRd32.exe	96
PID 2428 wrote to memory of 2748	2428	RdrCEF.exe	97
PID 2428 wrote to memory of 2748	2428	RdrCEF.exe	97
PID 2428 wrote to memory of 2748	2428	RdrCEF.exe	97
PID 2428 wrote to memory of 2748	2428	RdrCEF.exe	97
PID 2428 wrote to memory of 2748	2428	RdrCEF.exe	97
PID 2428 wrote to memory of 2748	2428	RdrCEF.exe	97
PID 2428 wrote to memory of 2748	2428	RdrCEF.exe	97
PID 2428 wrote to memory of 2748	2428	RdrCEF.exe	97
PID 2428 wrote to memory of 2748	2428	RdrCEF.exe	97
PID 2428 wrote to memory of 2748	2428	RdrCEF.exe	97
PID 2428 wrote to memory of 2748	2428	RdrCEF.exe	97
PID 2428 wrote to memory of 2748	2428	RdrCEF.exe	97
PID 2428 wrote to memory of 2748	2428	RdrCEF.exe	97
PID 2428 wrote to memory of 2748	2428	RdrCEF.exe	97
PID 2428 wrote to memory of 2748	2428	RdrCEF.exe	97
PID 2428 wrote to memory of 2748	2428	RdrCEF.exe	97
PID 2428 wrote to memory of 2748	2428	RdrCEF.exe	97
PID 2428 wrote to memory of 2748	2428	RdrCEF.exe	97
PID 2428 wrote to memory of 2748	2428	RdrCEF.exe	97
PID 2428 wrote to memory of 2748	2428	RdrCEF.exe	97
PID 2428 wrote to memory of 2748	2428	RdrCEF.exe	97
PID 2428 wrote to memory of 2748	2428	RdrCEF.exe	97
PID 2428 wrote to memory of 2748	2428	RdrCEF.exe	97
PID 2428 wrote to memory of 2748	2428	RdrCEF.exe	97
PID 2428 wrote to memory of 2748	2428	RdrCEF.exe	97
PID 2428 wrote to memory of 2748	2428	RdrCEF.exe	97
PID 2428 wrote to memory of 2748	2428	RdrCEF.exe	97
PID 2428 wrote to memory of 2748	2428	RdrCEF.exe	97
PID 2428 wrote to memory of 2748	2428	RdrCEF.exe	97
PID 2428 wrote to memory of 2748	2428	RdrCEF.exe	97
PID 2428 wrote to memory of 2748	2428	RdrCEF.exe	97
PID 2428 wrote to memory of 2748	2428	RdrCEF.exe	97
PID 2428 wrote to memory of 2748	2428	RdrCEF.exe	97
PID 2428 wrote to memory of 2748	2428	RdrCEF.exe	97
PID 2428 wrote to memory of 2748	2428	RdrCEF.exe	97
PID 2428 wrote to memory of 2748	2428	RdrCEF.exe	97
PID 2428 wrote to memory of 2748	2428	RdrCEF.exe	97
PID 2428 wrote to memory of 2748	2428	RdrCEF.exe	97
PID 2428 wrote to memory of 2748	2428	RdrCEF.exe	97
PID 2428 wrote to memory of 2748	2428	RdrCEF.exe	97
PID 2428 wrote to memory of 2748	2428	RdrCEF.exe	97
PID 2428 wrote to memory of 3296	2428	RdrCEF.exe	98
PID 2428 wrote to memory of 3296	2428	RdrCEF.exe	98
PID 2428 wrote to memory of 3296	2428	RdrCEF.exe	98
PID 2428 wrote to memory of 3296	2428	RdrCEF.exe	98
PID 2428 wrote to memory of 3296	2428	RdrCEF.exe	98
PID 2428 wrote to memory of 3296	2428	RdrCEF.exe	98
PID 2428 wrote to memory of 3296	2428	RdrCEF.exe	98
PID 2428 wrote to memory of 3296	2428	RdrCEF.exe	98
PID 2428 wrote to memory of 3296	2428	RdrCEF.exe	98
PID 2428 wrote to memory of 3296	2428	RdrCEF.exe	98
PID 2428 wrote to memory of 3296	2428	RdrCEF.exe	98

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\cdd4dd7e7323f6ab8472ccf602a94be52c6b38b1f5200a6df05f8250d84b900f.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1316
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" -c
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2368
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" -c --type=collab-renderer --proc=2368
    3⤵
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:1200
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe" GetChannelUri
      4⤵
      PID:2336
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2428
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=2641832660E1C005CD91587363331E9D --mojo-platform-channel-handle=1732 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2748
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=9E0238F6921A4DB811BB1D81D84F1AE7 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=9E0238F6921A4DB811BB1D81D84F1AE7 --renderer-client-id=2 --mojo-platform-channel-handle=1724 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:3296
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=BF41F4BE620E25E6CBA034B141814145 --mojo-platform-channel-handle=2300 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:32
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=4C96F709AE7D03CEF267603447D7224F --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=4C96F709AE7D03CEF267603447D7224F --renderer-client-id=5 --mojo-platform-channel-handle=2416 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:4372
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=FF1901EC2096CA410E143639382B9331 --mojo-platform-channel-handle=1952 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1784
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=77D858426885DDE520E1EA0EC39476B8 --mojo-platform-channel-handle=2756 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3860

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2132

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
56KB

MD5
752a1f26b18748311b691c7d8fc20633

SHA1
c1f8e83eebc1cc1e9b88c773338eb09ff82ab862

SHA256
111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131

SHA512
a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
ac7860b7b3163ef4e5f4c2bc66bb3410

SHA1
9457bd1c803c0d5da9d4c8e4c7578c011688834a

SHA256
18dfa3855a7bb699b1c5bfb595d6e8c0860da963513862332fd077e36f81ee84

SHA512
cceb589c855039da6645fae71322872b7e8f95fd9452f664b05a29aad1c1cb06cea6f8390f1e56ee817a2f2c70a0832f1542d4a6a22f7333c82092002a0fe01a

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

Filesize
92KB

MD5
0327cb69b62706e7ef62b3ab501ecc5f

SHA1
17217b6d5ad794b0d682e1c4073cdef1c34d90d8

SHA256
3bfdcfd0a9617d6fb18b115b797339ce28d00d0936f31028fe2cb76c123e50e9

SHA512
f53340cda7581f46a961d28553376bb41c45cd241e05a51cdc2f7adc39ed0b4a7ff4bd60e5623c354063852099231e9f7c55e957aeaefc4fe37eef5bdbf6ba5f

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

Filesize
92KB

MD5
aebe0d2eb7a2077a55e57a955e62406a

SHA1
3f811b8148f12220f4b45699135e6d21c9847d8a

SHA256
87aa4c64348b534771f03919b5bdca09596e89f6e0cca0a992bb3d290ec4155a

SHA512
efa1b082925a4e478fcea74764bbacb91d43da8c01c4b360a34e6f7402af23f91c93b5e91c6266120e144b5300e8dae73a62a7b6d7c4328410128f6a72a7baed

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

Filesize
92KB

MD5
d142ecb1b0a627e32b09cf822851c13f

SHA1
8249e067d9b4c0df1b2362886a767e8558964b73

SHA256
55c10c60f1687a0a4f37fb7fe1751023dd3908bfaad5ce5f8025611aefd07d30

SHA512
ca2daa24b4bab744f586d7105a404f327af985221d9a7d6d8e32498c15480a34e246be3cd2d70ebdf7165a6f23366a75654ac20f11e0e4f5c227acaa4c535311

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

Filesize
92KB

MD5
091b83ba4787b670d3c54d6ea6c37d59

SHA1
f3d642654f399fe8e40f0b9c1746eb2744e7e375

SHA256
49d1a0906caecf78a95551d62b154b72408b142638c473ea9dbb970cd9681755

SHA512
79b3d698f1378394a076fccdbd1af6b57e8f0d9db08c83514195f52820fd73cc28ac5c2861ccc7e8216ca2dc4bc9a42603708374014df5d4d0fe7bdb466228a4

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

Filesize
92KB

MD5
245950c48f668cf2fcb3c64778e64089

SHA1
3a5a14c820f58e35a3fc6f5de29669f0840587d8

SHA256
a027cf12f2055635a3020f08e0448b2f0314791260ccd25570426088c5b0e307

SHA512
4fc8448536663b551cc716d78715f06d4ed217fbdf755924f0b30aebbb6212798a61c6638f919d5c14bdb6998d6a12f0ca37281f3c7f484c1821fbfc98d4a24d

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\resources\resource-18

Filesize
3.6MB

MD5
eacf7fae6113ca0dc6577bf4a0b4cf8c

SHA1
a070901fb29267aaa25e1f85f77bfed1b3ef8446

SHA256
f0cbb9bed3f12ea767ee9572aefdea89338643b6b803b180f3c494a83745e83f

SHA512
9ef45a231319f1b86f7fc9a2f15048a3d28bed9e8fcc6007921ad9ad2dae9d9b3c3b0ee15cefbb9d80af8059c4bcb0ed5cd2eba4d4e3b27b29e6146f8eb9e22a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
471B

MD5
b922e9fdf6b5c52c23408584f77e1d74

SHA1
fb5384f9b9dee982b7a073adfb342f877c054a32

SHA256
1849402b6d507e23c861adfd6096e01205d76520a7af99792b02e619de140f24

SHA512
cbca0a8059a4af94ae56b541e3429af86298ffa9e4f3a790ca474a48946fa28a70001b7e945e114cd7087e5bf2c81a6923d931024807fbd6d1a769372248c314

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
400B

MD5
1c0b68410f3d609502332ca9556c37ba

SHA1
454ae0b9b865b4edd765dca18e933b842ae043be

SHA256
2672c2d9a2c65f04a1cef3275dec3fbc620c512b48542e8feb95340dfd527665

SHA512
a9328e115eb6ebbd3354329b7584748448678ebf0670ec3e5b4f986e7ff781905b85351477207a4e1c9e597f7c866d43db1fc027f61507fec96ebc077b5bcda0

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Filesize
12KB

MD5
3c11f277b03d42e365ee3af5023c28fa

SHA1
45cf4465d17fcaae4c00520ab36a1209058079de

SHA256
38da65158493bb39b3016da7d08c258975483a5e675bce5756ac8d1672081e03

SHA512
cc6a278f8ac01cf1ec1292f6b7b1f01f8410f4409b93f07fb2a482893e0ec7b8df9376340770efe33621b04c67e15b0431b9eb8bcdfdd2b9d8586459ea858206

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata

Filesize
14KB

MD5
947f93fe0eed44767626846f28cfde05

SHA1
f6276d2a2b4a9d8a8e23c84019cd3961e9d60e88

SHA256
06a576fc14e995c437b26c0d150b4e84cd745e7cedfd972a84b42b51c842fc9b

SHA512
f97739eb0d22a99b06ef340aefb0d5a5b45b679d28accff3de2565166392c7d2fabaa33f945696f7d456ba2ef323f48e43eb26578f71c8b2e8ed32fb4dc69bc9

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata

Filesize
5.3MB

MD5
c34fbec852686f9cdceb057afab88123

SHA1
1f0dc09dc3ddaee50f820a1d316b0bbbcf0d2b2c

SHA256
03140463d9f2ed2a98d80d9e7210d8d35a6c8db17daa313c8ccddb9a696d3c90

SHA512
a6676c35896339b38729c49d21d8b3ddbc916e02d9e98974d7ccc98acacc1bb4acfdd9072927341985fdf3a3c11da7f4cfbd06a9703d15dc552c8c8170cc3be4

Download Submit