105839e78efe93dda0ca8f21cc7341d7229539327a24ecb5e8686cdd13b96d75

Analysis

max time kernel
149s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
23-04-2024 10:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

lzh5_20240423_121936316.pdf
Size

175KB
MD5

31ea611140f31ca1a190dcf9117ba36c
SHA1

072a1b730f3a097dea00f99f4490aba12a0cce94
SHA256

105839e78efe93dda0ca8f21cc7341d7229539327a24ecb5e8686cdd13b96d75
SHA512

ae79cbab134bf143a346b62a23e9ba5472ddc5b14200e3f79330ba13296c53318408b814f575fcf11eaa64497a62acbf38315ef2198e0b89c4454f78c0dd0606
SSDEEP

3072:DzWexzc+tNaUW9AFlNmI2VrMau2lU68F6GCwznhYU2JUUmG+pdBBTP7RW0/MLvbz:DCexztat9AFlNmI2VMaPU1gGv02d/FW1

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

AcroRd32.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs
adware spyware

Modify Registry
T1112

Processes:

AcroRd32.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION AcroRd32.exe
Modifies registry class 1 IoCs

Processes:

AdobeCollabSync.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\MuiCache AdobeCollabSync.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\MuiCache	AdobeCollabSync.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

Processes:

AcroRd32.exe

pid	process
952	AcroRd32.exe
952	AcroRd32.exe
952	AcroRd32.exe
952	AcroRd32.exe
952	AcroRd32.exe
952	AcroRd32.exe
952	AcroRd32.exe
952	AcroRd32.exe
952	AcroRd32.exe
952	AcroRd32.exe
952	AcroRd32.exe
952	AcroRd32.exe
952	AcroRd32.exe
952	AcroRd32.exe
952	AcroRd32.exe
952	AcroRd32.exe
952	AcroRd32.exe
952	AcroRd32.exe
952	AcroRd32.exe
952	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

AcroRd32.exe

pid process

952 AcroRd32.exe
Suspicious use of SetWindowsHookEx 8 IoCs

Processes:

AcroRd32.exe

pid process

952 AcroRd32.exe
952 AcroRd32.exe
952 AcroRd32.exe
952 AcroRd32.exe
952 AcroRd32.exe
952 AcroRd32.exe
952 AcroRd32.exe
952 AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

AcroRd32.exeAdobeCollabSync.exeAdobeCollabSync.exeRdrCEF.exe

description	pid	process	target process
PID 952 wrote to memory of 3260	952	AcroRd32.exe	AdobeCollabSync.exe
PID 952 wrote to memory of 3260	952	AcroRd32.exe	AdobeCollabSync.exe
PID 952 wrote to memory of 3260	952	AcroRd32.exe	AdobeCollabSync.exe
PID 3260 wrote to memory of 1492	3260	AdobeCollabSync.exe	AdobeCollabSync.exe
PID 3260 wrote to memory of 1492	3260	AdobeCollabSync.exe	AdobeCollabSync.exe
PID 3260 wrote to memory of 1492	3260	AdobeCollabSync.exe	AdobeCollabSync.exe
PID 1492 wrote to memory of 1924	1492	AdobeCollabSync.exe	FullTrustNotifier.exe
PID 1492 wrote to memory of 1924	1492	AdobeCollabSync.exe	FullTrustNotifier.exe
PID 1492 wrote to memory of 1924	1492	AdobeCollabSync.exe	FullTrustNotifier.exe
PID 952 wrote to memory of 4212	952	AcroRd32.exe	RdrCEF.exe
PID 952 wrote to memory of 4212	952	AcroRd32.exe	RdrCEF.exe
PID 952 wrote to memory of 4212	952	AcroRd32.exe	RdrCEF.exe
PID 4212 wrote to memory of 3980	4212	RdrCEF.exe	RdrCEF.exe
PID 4212 wrote to memory of 3980	4212	RdrCEF.exe	RdrCEF.exe
PID 4212 wrote to memory of 3980	4212	RdrCEF.exe	RdrCEF.exe
PID 4212 wrote to memory of 3980	4212	RdrCEF.exe	RdrCEF.exe
PID 4212 wrote to memory of 3980	4212	RdrCEF.exe	RdrCEF.exe
PID 4212 wrote to memory of 3980	4212	RdrCEF.exe	RdrCEF.exe
PID 4212 wrote to memory of 3980	4212	RdrCEF.exe	RdrCEF.exe
PID 4212 wrote to memory of 3980	4212	RdrCEF.exe	RdrCEF.exe
PID 4212 wrote to memory of 3980	4212	RdrCEF.exe	RdrCEF.exe
PID 4212 wrote to memory of 3980	4212	RdrCEF.exe	RdrCEF.exe
PID 4212 wrote to memory of 3980	4212	RdrCEF.exe	RdrCEF.exe
PID 4212 wrote to memory of 3980	4212	RdrCEF.exe	RdrCEF.exe
PID 4212 wrote to memory of 3980	4212	RdrCEF.exe	RdrCEF.exe
PID 4212 wrote to memory of 3980	4212	RdrCEF.exe	RdrCEF.exe
PID 4212 wrote to memory of 3980	4212	RdrCEF.exe	RdrCEF.exe
PID 4212 wrote to memory of 3980	4212	RdrCEF.exe	RdrCEF.exe
PID 4212 wrote to memory of 3980	4212	RdrCEF.exe	RdrCEF.exe
PID 4212 wrote to memory of 3980	4212	RdrCEF.exe	RdrCEF.exe
PID 4212 wrote to memory of 3980	4212	RdrCEF.exe	RdrCEF.exe
PID 4212 wrote to memory of 3980	4212	RdrCEF.exe	RdrCEF.exe
PID 4212 wrote to memory of 3980	4212	RdrCEF.exe	RdrCEF.exe
PID 4212 wrote to memory of 3980	4212	RdrCEF.exe	RdrCEF.exe
PID 4212 wrote to memory of 3980	4212	RdrCEF.exe	RdrCEF.exe
PID 4212 wrote to memory of 3980	4212	RdrCEF.exe	RdrCEF.exe
PID 4212 wrote to memory of 3980	4212	RdrCEF.exe	RdrCEF.exe
PID 4212 wrote to memory of 3980	4212	RdrCEF.exe	RdrCEF.exe
PID 4212 wrote to memory of 3980	4212	RdrCEF.exe	RdrCEF.exe
PID 4212 wrote to memory of 3980	4212	RdrCEF.exe	RdrCEF.exe
PID 4212 wrote to memory of 3980	4212	RdrCEF.exe	RdrCEF.exe
PID 4212 wrote to memory of 3980	4212	RdrCEF.exe	RdrCEF.exe
PID 4212 wrote to memory of 3980	4212	RdrCEF.exe	RdrCEF.exe
PID 4212 wrote to memory of 3980	4212	RdrCEF.exe	RdrCEF.exe
PID 4212 wrote to memory of 3980	4212	RdrCEF.exe	RdrCEF.exe
PID 4212 wrote to memory of 3980	4212	RdrCEF.exe	RdrCEF.exe
PID 4212 wrote to memory of 3980	4212	RdrCEF.exe	RdrCEF.exe
PID 4212 wrote to memory of 3980	4212	RdrCEF.exe	RdrCEF.exe
PID 4212 wrote to memory of 3980	4212	RdrCEF.exe	RdrCEF.exe
PID 4212 wrote to memory of 3980	4212	RdrCEF.exe	RdrCEF.exe
PID 4212 wrote to memory of 3980	4212	RdrCEF.exe	RdrCEF.exe
PID 4212 wrote to memory of 3980	4212	RdrCEF.exe	RdrCEF.exe
PID 4212 wrote to memory of 3980	4212	RdrCEF.exe	RdrCEF.exe
PID 4212 wrote to memory of 3168	4212	RdrCEF.exe	RdrCEF.exe
PID 4212 wrote to memory of 3168	4212	RdrCEF.exe	RdrCEF.exe
PID 4212 wrote to memory of 3168	4212	RdrCEF.exe	RdrCEF.exe
PID 4212 wrote to memory of 3168	4212	RdrCEF.exe	RdrCEF.exe
PID 4212 wrote to memory of 3168	4212	RdrCEF.exe	RdrCEF.exe
PID 4212 wrote to memory of 3168	4212	RdrCEF.exe	RdrCEF.exe
PID 4212 wrote to memory of 3168	4212	RdrCEF.exe	RdrCEF.exe
PID 4212 wrote to memory of 3168	4212	RdrCEF.exe	RdrCEF.exe
PID 4212 wrote to memory of 3168	4212	RdrCEF.exe	RdrCEF.exe
PID 4212 wrote to memory of 3168	4212	RdrCEF.exe	RdrCEF.exe
PID 4212 wrote to memory of 3168	4212	RdrCEF.exe	RdrCEF.exe

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\lzh5_20240423_121936316.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:952

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" -c
2⤵
- Suspicious use of WriteProcessMemory
PID:3260

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" -c --type=collab-renderer --proc=3260
3⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:1492

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe" GetChannelUri
4⤵
PID:1924

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
2⤵
- Suspicious use of WriteProcessMemory
PID:4212

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=924E9F5C3A25D334F49AAC037776A2B0 --mojo-platform-channel-handle=1724 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:3980

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=F2334DE4C1FEDE27BA2C43ACA60BAB48 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=F2334DE4C1FEDE27BA2C43ACA60BAB48 --renderer-client-id=2 --mojo-platform-channel-handle=1736 --allow-no-sandbox-job /prefetch:1
3⤵
PID:3168

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=A710A8897F5677372B8BDB8DC3BEAF9B --mojo-platform-channel-handle=2296 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:3656

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=5FEF354F10C1BA5B8CD5414148597E39 --mojo-platform-channel-handle=1924 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:2192

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=2D670A8131FB48484C4CF8749EC70BB5 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=2D670A8131FB48484C4CF8749EC70BB5 --renderer-client-id=6 --mojo-platform-channel-handle=1984 --allow-no-sandbox-job /prefetch:1
3⤵
PID:4500

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=54012D6A16797F864C31B177C70D20F0 --mojo-platform-channel-handle=2680 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:2888

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
Filesize
56KB

MD5
752a1f26b18748311b691c7d8fc20633

SHA1
c1f8e83eebc1cc1e9b88c773338eb09ff82ab862

SHA256
111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131

SHA512
a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
Filesize
64KB

MD5
fb77e1185d672c0a373af45d4c520159

SHA1
f68e618abbb4b1c3afef6a86f41c82f717c8fe7b

SHA256
2a7a787e489af9ccf466c8e41d16209cdc48c8f00e375bcff8fbd9f9ce250b08

SHA512
a708bef434daadaf31a6565cd35d1106e5dff506f70286dc94554c4074a4f78f101b5f7b3f3778badc6abbb7dfbce0338bca92911ed19d2e5a86b30a546425b3

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer
Filesize
92KB

MD5
aebe0d2eb7a2077a55e57a955e62406a

SHA1
3f811b8148f12220f4b45699135e6d21c9847d8a

SHA256
87aa4c64348b534771f03919b5bdca09596e89f6e0cca0a992bb3d290ec4155a

SHA512
efa1b082925a4e478fcea74764bbacb91d43da8c01c4b360a34e6f7402af23f91c93b5e91c6266120e144b5300e8dae73a62a7b6d7c4328410128f6a72a7baed

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer
Filesize
92KB

MD5
94f94fa7dee642021414a1453b51fb4a

SHA1
f2ca365b037be8bab4da96a745633fb3a4be8ba7

SHA256
667d763bff589d5e90a76949b35c755a649c0da0876aa3897b5b53de1fe7bcea

SHA512
8c9462524bbf85a45320ad9b50b29ed90c0344b7027b04a7d50a82f458292649156a17516521812b78bfe7240e49428ad64ceadd085c72f8eb3d90e859a6bee8

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer
Filesize
92KB

MD5
0a04ea9bfa733224a0bbf0bfce801b93

SHA1
4cf39ef1d6a5ee7dd156461f4d9b2b3413c6aa01

SHA256
ed8449aeff573803877ad527d5e5d2ef3440465f51fadc32da4f1aac6d53640c

SHA512
848c6ea2c584b67a0d3392efc786b7ee748c32ba0246da8a931724edf670a15631789cc44c5e945fe36fd193707a7db6b8a3905d66aefd9f3e256f9f5525a078

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer
Filesize
92KB

MD5
245950c48f668cf2fcb3c64778e64089

SHA1
3a5a14c820f58e35a3fc6f5de29669f0840587d8

SHA256
a027cf12f2055635a3020f08e0448b2f0314791260ccd25570426088c5b0e307

SHA512
4fc8448536663b551cc716d78715f06d4ed217fbdf755924f0b30aebbb6212798a61c6638f919d5c14bdb6998d6a12f0ca37281f3c7f484c1821fbfc98d4a24d

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\resources\resource-18
Filesize
3.6MB

MD5
eacf7fae6113ca0dc6577bf4a0b4cf8c

SHA1
a070901fb29267aaa25e1f85f77bfed1b3ef8446

SHA256
f0cbb9bed3f12ea767ee9572aefdea89338643b6b803b180f3c494a83745e83f

SHA512
9ef45a231319f1b86f7fc9a2f15048a3d28bed9e8fcc6007921ad9ad2dae9d9b3c3b0ee15cefbb9d80af8059c4bcb0ed5cd2eba4d4e3b27b29e6146f8eb9e22a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
Filesize
471B

MD5
7c59aa5a3676acc80240ccd7f2ab81e1

SHA1
f140c457027a540f0523f27ea8605b3b2c3b6166

SHA256
e995b888629f836748d1bcc46c94ab59b394bd4ad38d2ad03623f874f79dbbdd

SHA512
33bc474f6f9a979dc1df47f506f24059e574246e835416dc3c436233fcede2120665289552360e78ecf876342b92940f2416bb71d2f23ebd5e963003d8384485

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
Filesize
400B

MD5
ef3a171739b6a729bb186fad765935cc

SHA1
37a921ff8f075bbe66f0d31dcdb64d70c228e6e4

SHA256
27c407d80e6450eaaeb42c9207df4703950a3f6c22e725cf552ac7463a0efe48

SHA512
83f6e305178fffbbaeca5e252cd10092423747cfeccc7bf50a4a223e6419ff2c9e5293ddb66bfc373c5900c1df735ef68f76f5cbf138fdafb5342e80417f6d80

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents
Filesize
12KB

MD5
ef818f6e5aecbd9e48d9f41161928b7e

SHA1
a65983d7ad1ffe67e2a440cd18ec935649cb5f31

SHA256
0afa5440870a20451d9c0ed204b32559c9560cb45fddcb421c63f6beebac0909

SHA512
ddbbb8a6df9f10c7d4bdbd10048b22191fea53dc1de62a36bcad09366837424ca7c9286c1caee2bbd8e8efd7d5e85a3fc7f268e7a91ae40d77d39474aa833731

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata
Filesize
14KB

MD5
947f93fe0eed44767626846f28cfde05

SHA1
f6276d2a2b4a9d8a8e23c84019cd3961e9d60e88

SHA256
06a576fc14e995c437b26c0d150b4e84cd745e7cedfd972a84b42b51c842fc9b

SHA512
f97739eb0d22a99b06ef340aefb0d5a5b45b679d28accff3de2565166392c7d2fabaa33f945696f7d456ba2ef323f48e43eb26578f71c8b2e8ed32fb4dc69bc9

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata
Filesize
5.3MB

MD5
c34fbec852686f9cdceb057afab88123

SHA1
1f0dc09dc3ddaee50f820a1d316b0bbbcf0d2b2c

SHA256
03140463d9f2ed2a98d80d9e7210d8d35a6c8db17daa313c8ccddb9a696d3c90

SHA512
a6676c35896339b38729c49d21d8b3ddbc916e02d9e98974d7ccc98acacc1bb4acfdd9072927341985fdf3a3c11da7f4cfbd06a9703d15dc552c8c8170cc3be4

Download Submit