c2678d52ec3ef657ad70f3a6572b1b6e9f6f748f78b1ef574de5de1b0761c9c8

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
23-04-2024 10:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Q. Nguyen EAB Proposal Final 4.12.pdf
Size

339KB
MD5

0a3cf4ea31ab85e8d9fad9954913ef63
SHA1

eba6b3f1eab112833b33546654344ee19fe07090
SHA256

c2678d52ec3ef657ad70f3a6572b1b6e9f6f748f78b1ef574de5de1b0761c9c8
SHA512

09c685fd9624e88e53042ca5e55c8f144e0b795b59209302ea1512bac58ad3438c10531793f95a6a48a31af93d546e8face443c04d172a01ed6f181ae05b30ca
SSDEEP

6144:OsDFSpjrnU6GIQBUIz7yFIJgRfLAStgsbiE1DdSZVmRuM38JFAVAK72LF9NRWwro:TS1LXGzBUIzkI+mY4VmiJFK1UNRW89+z

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

AcroRd32.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

Processes:

AcroRd32.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies registry class 1 IoCs

Processes:

AdobeCollabSync.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\MuiCache AdobeCollabSync.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\MuiCache	AdobeCollabSync.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

Processes:

AcroRd32.exe

pid	process
1916	AcroRd32.exe
1916	AcroRd32.exe
1916	AcroRd32.exe
1916	AcroRd32.exe
1916	AcroRd32.exe
1916	AcroRd32.exe
1916	AcroRd32.exe
1916	AcroRd32.exe
1916	AcroRd32.exe
1916	AcroRd32.exe
1916	AcroRd32.exe
1916	AcroRd32.exe
1916	AcroRd32.exe
1916	AcroRd32.exe
1916	AcroRd32.exe
1916	AcroRd32.exe
1916	AcroRd32.exe
1916	AcroRd32.exe
1916	AcroRd32.exe
1916	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

AcroRd32.exe

pid process

1916 AcroRd32.exe
Suspicious use of SetWindowsHookEx 7 IoCs

Processes:

AcroRd32.exe

pid process

1916 AcroRd32.exe
1916 AcroRd32.exe
1916 AcroRd32.exe
1916 AcroRd32.exe
1916 AcroRd32.exe
1916 AcroRd32.exe
1916 AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

AcroRd32.exeAdobeCollabSync.exeAdobeCollabSync.exeRdrCEF.exe

description	pid	process	target process
PID 1916 wrote to memory of 4424	1916	AcroRd32.exe	AdobeCollabSync.exe
PID 1916 wrote to memory of 4424	1916	AcroRd32.exe	AdobeCollabSync.exe
PID 1916 wrote to memory of 4424	1916	AcroRd32.exe	AdobeCollabSync.exe
PID 4424 wrote to memory of 5004	4424	AdobeCollabSync.exe	AdobeCollabSync.exe
PID 4424 wrote to memory of 5004	4424	AdobeCollabSync.exe	AdobeCollabSync.exe
PID 4424 wrote to memory of 5004	4424	AdobeCollabSync.exe	AdobeCollabSync.exe
PID 5004 wrote to memory of 3456	5004	AdobeCollabSync.exe	FullTrustNotifier.exe
PID 5004 wrote to memory of 3456	5004	AdobeCollabSync.exe	FullTrustNotifier.exe
PID 5004 wrote to memory of 3456	5004	AdobeCollabSync.exe	FullTrustNotifier.exe
PID 1916 wrote to memory of 968	1916	AcroRd32.exe	RdrCEF.exe
PID 1916 wrote to memory of 968	1916	AcroRd32.exe	RdrCEF.exe
PID 1916 wrote to memory of 968	1916	AcroRd32.exe	RdrCEF.exe
PID 968 wrote to memory of 1576	968	RdrCEF.exe	RdrCEF.exe
PID 968 wrote to memory of 1576	968	RdrCEF.exe	RdrCEF.exe
PID 968 wrote to memory of 1576	968	RdrCEF.exe	RdrCEF.exe
PID 968 wrote to memory of 1576	968	RdrCEF.exe	RdrCEF.exe
PID 968 wrote to memory of 1576	968	RdrCEF.exe	RdrCEF.exe
PID 968 wrote to memory of 1576	968	RdrCEF.exe	RdrCEF.exe
PID 968 wrote to memory of 1576	968	RdrCEF.exe	RdrCEF.exe
PID 968 wrote to memory of 1576	968	RdrCEF.exe	RdrCEF.exe
PID 968 wrote to memory of 1576	968	RdrCEF.exe	RdrCEF.exe
PID 968 wrote to memory of 1576	968	RdrCEF.exe	RdrCEF.exe
PID 968 wrote to memory of 1576	968	RdrCEF.exe	RdrCEF.exe
PID 968 wrote to memory of 1576	968	RdrCEF.exe	RdrCEF.exe
PID 968 wrote to memory of 1576	968	RdrCEF.exe	RdrCEF.exe
PID 968 wrote to memory of 1576	968	RdrCEF.exe	RdrCEF.exe
PID 968 wrote to memory of 1576	968	RdrCEF.exe	RdrCEF.exe
PID 968 wrote to memory of 1576	968	RdrCEF.exe	RdrCEF.exe
PID 968 wrote to memory of 1576	968	RdrCEF.exe	RdrCEF.exe
PID 968 wrote to memory of 1576	968	RdrCEF.exe	RdrCEF.exe
PID 968 wrote to memory of 1576	968	RdrCEF.exe	RdrCEF.exe
PID 968 wrote to memory of 1576	968	RdrCEF.exe	RdrCEF.exe
PID 968 wrote to memory of 1576	968	RdrCEF.exe	RdrCEF.exe
PID 968 wrote to memory of 1576	968	RdrCEF.exe	RdrCEF.exe
PID 968 wrote to memory of 1576	968	RdrCEF.exe	RdrCEF.exe
PID 968 wrote to memory of 1576	968	RdrCEF.exe	RdrCEF.exe
PID 968 wrote to memory of 1576	968	RdrCEF.exe	RdrCEF.exe
PID 968 wrote to memory of 1576	968	RdrCEF.exe	RdrCEF.exe
PID 968 wrote to memory of 1576	968	RdrCEF.exe	RdrCEF.exe
PID 968 wrote to memory of 1576	968	RdrCEF.exe	RdrCEF.exe
PID 968 wrote to memory of 1576	968	RdrCEF.exe	RdrCEF.exe
PID 968 wrote to memory of 1576	968	RdrCEF.exe	RdrCEF.exe
PID 968 wrote to memory of 1576	968	RdrCEF.exe	RdrCEF.exe
PID 968 wrote to memory of 1576	968	RdrCEF.exe	RdrCEF.exe
PID 968 wrote to memory of 1576	968	RdrCEF.exe	RdrCEF.exe
PID 968 wrote to memory of 1576	968	RdrCEF.exe	RdrCEF.exe
PID 968 wrote to memory of 1576	968	RdrCEF.exe	RdrCEF.exe
PID 968 wrote to memory of 1576	968	RdrCEF.exe	RdrCEF.exe
PID 968 wrote to memory of 1576	968	RdrCEF.exe	RdrCEF.exe
PID 968 wrote to memory of 1576	968	RdrCEF.exe	RdrCEF.exe
PID 968 wrote to memory of 1576	968	RdrCEF.exe	RdrCEF.exe
PID 968 wrote to memory of 1576	968	RdrCEF.exe	RdrCEF.exe
PID 968 wrote to memory of 1576	968	RdrCEF.exe	RdrCEF.exe
PID 968 wrote to memory of 2152	968	RdrCEF.exe	RdrCEF.exe
PID 968 wrote to memory of 2152	968	RdrCEF.exe	RdrCEF.exe
PID 968 wrote to memory of 2152	968	RdrCEF.exe	RdrCEF.exe
PID 968 wrote to memory of 2152	968	RdrCEF.exe	RdrCEF.exe
PID 968 wrote to memory of 2152	968	RdrCEF.exe	RdrCEF.exe
PID 968 wrote to memory of 2152	968	RdrCEF.exe	RdrCEF.exe
PID 968 wrote to memory of 2152	968	RdrCEF.exe	RdrCEF.exe
PID 968 wrote to memory of 2152	968	RdrCEF.exe	RdrCEF.exe
PID 968 wrote to memory of 2152	968	RdrCEF.exe	RdrCEF.exe
PID 968 wrote to memory of 2152	968	RdrCEF.exe	RdrCEF.exe
PID 968 wrote to memory of 2152	968	RdrCEF.exe	RdrCEF.exe

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Q. Nguyen EAB Proposal Final 4.12.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1916

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" -c
2⤵
- Suspicious use of WriteProcessMemory
PID:4424

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" -c --type=collab-renderer --proc=4424
3⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:5004

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe" GetChannelUri
4⤵
PID:3456

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
2⤵
- Suspicious use of WriteProcessMemory
PID:968

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=D0B805D6303093FD9BEC54438722A5A8 --mojo-platform-channel-handle=1708 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:1576

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=922C92C72D289C255430395B31B2550B --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=922C92C72D289C255430395B31B2550B --renderer-client-id=2 --mojo-platform-channel-handle=1804 --allow-no-sandbox-job /prefetch:1
3⤵
PID:2152

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=45A65ADC5B95CC9D5E5241B7E80AB9C3 --mojo-platform-channel-handle=2184 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:1468

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=8CBC181F50FB50D7A21699CE3FB26A3C --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=8CBC181F50FB50D7A21699CE3FB26A3C --renderer-client-id=5 --mojo-platform-channel-handle=2408 --allow-no-sandbox-job /prefetch:1
3⤵
PID:4388

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=79264A60E6D76DFC41F3003207DFE2B2 --mojo-platform-channel-handle=2676 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:3668

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=0F6E577CF439D7241C313C75BCBC0A3D --mojo-platform-channel-handle=2792 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:3304

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
Filesize
36KB

MD5
b30d3becc8731792523d599d949e63f5

SHA1
19350257e42d7aee17fb3bf139a9d3adb330fad4

SHA256
b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3

SHA512
523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
Filesize
56KB

MD5
752a1f26b18748311b691c7d8fc20633

SHA1
c1f8e83eebc1cc1e9b88c773338eb09ff82ab862

SHA256
111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131

SHA512
a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
Filesize
64KB

MD5
d9a7ecbea8d4ba993bf0a8e36008aa9d

SHA1
33b2b13955c99e9273c92304b9e98822a360a10e

SHA256
040968a343facec72fd0670e9d9983068679b47e2f18489b3d4bbd938a49432d

SHA512
c9706e955b64d7814f91cc2d4f36c1e92960f650d82df438b037a5830861bb822f4ffd6c2730f8a32341030f1ac6a538fd342b39928410622c72ef7f998579d4

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer
Filesize
92KB

MD5
aebe0d2eb7a2077a55e57a955e62406a

SHA1
3f811b8148f12220f4b45699135e6d21c9847d8a

SHA256
87aa4c64348b534771f03919b5bdca09596e89f6e0cca0a992bb3d290ec4155a

SHA512
efa1b082925a4e478fcea74764bbacb91d43da8c01c4b360a34e6f7402af23f91c93b5e91c6266120e144b5300e8dae73a62a7b6d7c4328410128f6a72a7baed

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer
Filesize
92KB

MD5
c1a65f4cb2a66a6cab0d3cac0396bcc4

SHA1
080b12c10d28a8e54c39bd2bd6fc46f606706526

SHA256
abba16274a7aff466f23dcf453154a6a6d6ac4a76636b00bbfc11f1ef28176d3

SHA512
f3ee63119f0e929b2d926f6b944539e05a23de4d0e8d68d7255aaa4327192718ef2891266fc59dff736a21079edd8ec7a26afb819b32ec5c1c3ad27c4e2abeb3

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer
Filesize
92KB

MD5
1e6c7cd4a03f68cd10d0b0c5029194fe

SHA1
adf68849a5a310eb83d13fd07a8fb52ba64cf5c8

SHA256
03fa61062ed100827242dd9f86e8dbf5a305667eca1b0e657ea61ee5d126c1f0

SHA512
a02ed727b342c6317fc5f01f660106acd8ba7c03ae6b4a0cc8f3992762f098700c8f5bb41d29d0110e7be6a901e6c982326aa125633ad5f9bc454d6dc5a471e1

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer
Filesize
92KB

MD5
682e5027524b680bebfd03af58ad8d2a

SHA1
df1a02d2e13de8c22ef50dc5c0ef2cd720045891

SHA256
9d4153135a46516d34b588412dda3114b35422b3010194452246c96ef9707c43

SHA512
af0dd3330fdb45240e34aa4c11acf98ea143347cc69d38c824508ed4451c20d062e13459274e4a6e7abd0cda5730c2f39187562921e8613846d003e38b0022ca

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer
Filesize
92KB

MD5
245950c48f668cf2fcb3c64778e64089

SHA1
3a5a14c820f58e35a3fc6f5de29669f0840587d8

SHA256
a027cf12f2055635a3020f08e0448b2f0314791260ccd25570426088c5b0e307

SHA512
4fc8448536663b551cc716d78715f06d4ed217fbdf755924f0b30aebbb6212798a61c6638f919d5c14bdb6998d6a12f0ca37281f3c7f484c1821fbfc98d4a24d

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\resources\resource-18
Filesize
3.6MB

MD5
eacf7fae6113ca0dc6577bf4a0b4cf8c

SHA1
a070901fb29267aaa25e1f85f77bfed1b3ef8446

SHA256
f0cbb9bed3f12ea767ee9572aefdea89338643b6b803b180f3c494a83745e83f

SHA512
9ef45a231319f1b86f7fc9a2f15048a3d28bed9e8fcc6007921ad9ad2dae9d9b3c3b0ee15cefbb9d80af8059c4bcb0ed5cd2eba4d4e3b27b29e6146f8eb9e22a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
Filesize
471B

MD5
7c59aa5a3676acc80240ccd7f2ab81e1

SHA1
f140c457027a540f0523f27ea8605b3b2c3b6166

SHA256
e995b888629f836748d1bcc46c94ab59b394bd4ad38d2ad03623f874f79dbbdd

SHA512
33bc474f6f9a979dc1df47f506f24059e574246e835416dc3c436233fcede2120665289552360e78ecf876342b92940f2416bb71d2f23ebd5e963003d8384485

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
Filesize
400B

MD5
cfb2461fbd1d30add660263d0906fde3

SHA1
fbfa6bb09242e3f9e457e960b1274997d1c906c6

SHA256
88390f233a0cc1487d29fc630176b7406be29093ca515142a7b5e743eb7ab393

SHA512
76b876f1c4e3fee5be6eaafc216c56e2e5517f542b7fabb7f4e9fc03afc2f85985f45825bcba038b716f1fbfc3b17e161f0f5ca6974482d2dea86cce4e276121

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents
Filesize
12KB

MD5
010bcb50b539f14fcd27d7fd84e16ff7

SHA1
4cb4df48b0ef0533249c43cc5b69286a052d1156

SHA256
0e13c45808f8cfcbce10e5c276811435e420fe20748c2ddaa28ff4b092b5b7d0

SHA512
5a42b662ee8ff2e41d219c6e0ffb253400cba4f784e227fe83972d305749a2a0697e07868cffd57efdbb404efa76ecce6fe762a8363afe702f01d18d308451a7

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata
Filesize
14KB

MD5
947f93fe0eed44767626846f28cfde05

SHA1
f6276d2a2b4a9d8a8e23c84019cd3961e9d60e88

SHA256
06a576fc14e995c437b26c0d150b4e84cd745e7cedfd972a84b42b51c842fc9b

SHA512
f97739eb0d22a99b06ef340aefb0d5a5b45b679d28accff3de2565166392c7d2fabaa33f945696f7d456ba2ef323f48e43eb26578f71c8b2e8ed32fb4dc69bc9

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata
Filesize
5.3MB

MD5
c34fbec852686f9cdceb057afab88123

SHA1
1f0dc09dc3ddaee50f820a1d316b0bbbcf0d2b2c

SHA256
03140463d9f2ed2a98d80d9e7210d8d35a6c8db17daa313c8ccddb9a696d3c90

SHA512
a6676c35896339b38729c49d21d8b3ddbc916e02d9e98974d7ccc98acacc1bb4acfdd9072927341985fdf3a3c11da7f4cfbd06a9703d15dc552c8c8170cc3be4

Download Submit