50909eb53ebdac7111e739ed07ad4ee34f27e3d8612844e824ead03bc50618b6

Analysis

max time kernel
149s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
14/05/2024, 13:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

B6AA73D7169B4A939481A0B291668264.pdf
Size

196KB
MD5

f091596d8b0f1c6670acdeb79e16bb1e
SHA1

ddc70b5cdc8cf84578c878d33cc902e066d10365
SHA256

e5127cb2538338eac90a7e52a22ba3d6d336667ebb1439a8958412ca71fc60c4
SHA512

de197e8a2e79d40f419ca925c6aca6d4bcc4ef19603d5e7678a0f68e4bd7efb6be6e0f71b8f83b7e6931392b5a1bb99a982e30e10b07717d1b5074b94b0ac707
SSDEEP

3072:Z0kLpItIeWHrNPVuISF2u4AOXUK9IxUsrEZP1T/cKZumMP1eGEm9f:nNPVuISInfYgP1T0KZumMP1ejm9f

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\MuiCache	AdobeCollabSync.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
5048	AcroRd32.exe
5048	AcroRd32.exe
5048	AcroRd32.exe
5048	AcroRd32.exe
5048	AcroRd32.exe
5048	AcroRd32.exe
5048	AcroRd32.exe
5048	AcroRd32.exe
5048	AcroRd32.exe
5048	AcroRd32.exe
5048	AcroRd32.exe
5048	AcroRd32.exe
5048	AcroRd32.exe
5048	AcroRd32.exe
5048	AcroRd32.exe
5048	AcroRd32.exe
5048	AcroRd32.exe
5048	AcroRd32.exe
5048	AcroRd32.exe
5048	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
5048	AcroRd32.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
5048	AcroRd32.exe
5048	AcroRd32.exe
5048	AcroRd32.exe
5048	AcroRd32.exe
5048	AcroRd32.exe
5048	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5048 wrote to memory of 396	5048	AcroRd32.exe	77
PID 5048 wrote to memory of 396	5048	AcroRd32.exe	77
PID 5048 wrote to memory of 396	5048	AcroRd32.exe	77
PID 396 wrote to memory of 3820	396	AdobeCollabSync.exe	78
PID 396 wrote to memory of 3820	396	AdobeCollabSync.exe	78
PID 396 wrote to memory of 3820	396	AdobeCollabSync.exe	78
PID 3820 wrote to memory of 4692	3820	AdobeCollabSync.exe	79
PID 3820 wrote to memory of 4692	3820	AdobeCollabSync.exe	79
PID 3820 wrote to memory of 4692	3820	AdobeCollabSync.exe	79
PID 5048 wrote to memory of 4956	5048	AcroRd32.exe	81
PID 5048 wrote to memory of 4956	5048	AcroRd32.exe	81
PID 5048 wrote to memory of 4956	5048	AcroRd32.exe	81
PID 4956 wrote to memory of 1244	4956	RdrCEF.exe	82
PID 4956 wrote to memory of 1244	4956	RdrCEF.exe	82
PID 4956 wrote to memory of 1244	4956	RdrCEF.exe	82
PID 4956 wrote to memory of 1244	4956	RdrCEF.exe	82
PID 4956 wrote to memory of 1244	4956	RdrCEF.exe	82
PID 4956 wrote to memory of 1244	4956	RdrCEF.exe	82
PID 4956 wrote to memory of 1244	4956	RdrCEF.exe	82
PID 4956 wrote to memory of 1244	4956	RdrCEF.exe	82
PID 4956 wrote to memory of 1244	4956	RdrCEF.exe	82
PID 4956 wrote to memory of 1244	4956	RdrCEF.exe	82
PID 4956 wrote to memory of 1244	4956	RdrCEF.exe	82
PID 4956 wrote to memory of 1244	4956	RdrCEF.exe	82
PID 4956 wrote to memory of 1244	4956	RdrCEF.exe	82
PID 4956 wrote to memory of 1244	4956	RdrCEF.exe	82
PID 4956 wrote to memory of 1244	4956	RdrCEF.exe	82
PID 4956 wrote to memory of 1244	4956	RdrCEF.exe	82
PID 4956 wrote to memory of 1244	4956	RdrCEF.exe	82
PID 4956 wrote to memory of 1244	4956	RdrCEF.exe	82
PID 4956 wrote to memory of 1244	4956	RdrCEF.exe	82
PID 4956 wrote to memory of 1244	4956	RdrCEF.exe	82
PID 4956 wrote to memory of 1244	4956	RdrCEF.exe	82
PID 4956 wrote to memory of 1244	4956	RdrCEF.exe	82
PID 4956 wrote to memory of 1244	4956	RdrCEF.exe	82
PID 4956 wrote to memory of 1244	4956	RdrCEF.exe	82
PID 4956 wrote to memory of 1244	4956	RdrCEF.exe	82
PID 4956 wrote to memory of 1244	4956	RdrCEF.exe	82
PID 4956 wrote to memory of 1244	4956	RdrCEF.exe	82
PID 4956 wrote to memory of 1244	4956	RdrCEF.exe	82
PID 4956 wrote to memory of 1244	4956	RdrCEF.exe	82
PID 4956 wrote to memory of 1244	4956	RdrCEF.exe	82
PID 4956 wrote to memory of 1244	4956	RdrCEF.exe	82
PID 4956 wrote to memory of 1244	4956	RdrCEF.exe	82
PID 4956 wrote to memory of 1244	4956	RdrCEF.exe	82
PID 4956 wrote to memory of 1244	4956	RdrCEF.exe	82
PID 4956 wrote to memory of 1244	4956	RdrCEF.exe	82
PID 4956 wrote to memory of 1244	4956	RdrCEF.exe	82
PID 4956 wrote to memory of 1244	4956	RdrCEF.exe	82
PID 4956 wrote to memory of 1244	4956	RdrCEF.exe	82
PID 4956 wrote to memory of 1244	4956	RdrCEF.exe	82
PID 4956 wrote to memory of 1244	4956	RdrCEF.exe	82
PID 4956 wrote to memory of 1244	4956	RdrCEF.exe	82
PID 4956 wrote to memory of 2976	4956	RdrCEF.exe	83
PID 4956 wrote to memory of 2976	4956	RdrCEF.exe	83
PID 4956 wrote to memory of 2976	4956	RdrCEF.exe	83
PID 4956 wrote to memory of 2976	4956	RdrCEF.exe	83
PID 4956 wrote to memory of 2976	4956	RdrCEF.exe	83
PID 4956 wrote to memory of 2976	4956	RdrCEF.exe	83
PID 4956 wrote to memory of 2976	4956	RdrCEF.exe	83
PID 4956 wrote to memory of 2976	4956	RdrCEF.exe	83
PID 4956 wrote to memory of 2976	4956	RdrCEF.exe	83
PID 4956 wrote to memory of 2976	4956	RdrCEF.exe	83
PID 4956 wrote to memory of 2976	4956	RdrCEF.exe	83

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\B6AA73D7169B4A939481A0B291668264.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:5048
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" -c
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:396
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" -c --type=collab-renderer --proc=396
    3⤵
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:3820
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe" GetChannelUri
      4⤵
      PID:4692
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4956
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=FE62EEEFD8757640E238363666CB4E64 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1244
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=C12B66A984959CF7EF0D58B8DACF73B1 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=C12B66A984959CF7EF0D58B8DACF73B1 --renderer-client-id=2 --mojo-platform-channel-handle=1772 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:2976
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=5B07E63EEC76E9826309D6D2B00B4984 --mojo-platform-channel-handle=2332 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2876
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=2261AEB538DACE967A9C7E340E5361EE --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=2261AEB538DACE967A9C7E340E5361EE --renderer-client-id=5 --mojo-platform-channel-handle=1968 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:5040
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=6C2AD45E94A3B0172FBEC9F3907F634F --mojo-platform-channel-handle=2688 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2296
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=DB52D6D4040F31991AC9515600285F39 --mojo-platform-channel-handle=2352 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:5008

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1952

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
36KB

MD5
b30d3becc8731792523d599d949e63f5

SHA1
19350257e42d7aee17fb3bf139a9d3adb330fad4

SHA256
b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3

SHA512
523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
56KB

MD5
752a1f26b18748311b691c7d8fc20633

SHA1
c1f8e83eebc1cc1e9b88c773338eb09ff82ab862

SHA256
111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131

SHA512
a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
086764723a8da9e83a74736a61bf28e6

SHA1
4a61d4d8eace6a913f9e9d23e23b914b42b18530

SHA256
1e10abfecb73f1108d824017b32a965337f148a5dc7341345327445fce5c925c

SHA512
bab9c5bbefd703cbbb6df65297cab1f4fbc39e6f59acbba1fe84866e37ddfb43d716b71ec1ccc34c1f53639aaca4a60783b964fd8cdfcbf1f23c4ad99136889f

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

Filesize
92KB

MD5
aebe0d2eb7a2077a55e57a955e62406a

SHA1
3f811b8148f12220f4b45699135e6d21c9847d8a

SHA256
87aa4c64348b534771f03919b5bdca09596e89f6e0cca0a992bb3d290ec4155a

SHA512
efa1b082925a4e478fcea74764bbacb91d43da8c01c4b360a34e6f7402af23f91c93b5e91c6266120e144b5300e8dae73a62a7b6d7c4328410128f6a72a7baed

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

Filesize
92KB

MD5
a33c3e697f596301f3fc5f094a6a6d66

SHA1
46b3b8c7a4cd0412c7506cab149b30696f7f1aac

SHA256
7ad12da7be24a78faa7ec6a4819c1325399aae029c9d434861b6cd682b18f944

SHA512
8237401944b2101279aaba2aaf5fdda12bf3b2df1bb88d09483a615c57a62462136b2e4c046425a1611b75f5ce75e42e8b0863fb24435e713572685c795d8b31

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

Filesize
92KB

MD5
d2fd1a45c585f8f54c702087d599308a

SHA1
f313800aea51a074de70a6a6816dbdff94401acf

SHA256
8084cb1e8d5bdcba99fb1eff9a1430fca7de7a2946cd9fd762504de8fb5b80d8

SHA512
ea6384b7c0cc16d85bf7818877a4dcf9eed5fa858cdff2a2e34849756f034835379ccb7b4ae60d6ea587a3f6a7254838c7f82cfe4c3ebf6af25ebb074b20d300

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

Filesize
92KB

MD5
869e1824f9d2571763abbcbdb1b31a16

SHA1
7744128f56b81457793f6a3633b278d167d8b277

SHA256
eeaa11b477c16e49d50f79db38009dc631de94e7efa4ef8f5dd2d00de919cc49

SHA512
3058b17a3d3fac528174bd71d054f83d0ca06f4d457fb0303c3d01c0851bd8b92911b1250b2c307cf7dc984fd126e5aed3f765319fb4762762a1f7fc71fde956

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

Filesize
92KB

MD5
245950c48f668cf2fcb3c64778e64089

SHA1
3a5a14c820f58e35a3fc6f5de29669f0840587d8

SHA256
a027cf12f2055635a3020f08e0448b2f0314791260ccd25570426088c5b0e307

SHA512
4fc8448536663b551cc716d78715f06d4ed217fbdf755924f0b30aebbb6212798a61c6638f919d5c14bdb6998d6a12f0ca37281f3c7f484c1821fbfc98d4a24d

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\resources\resource-18

Filesize
3.6MB

MD5
eacf7fae6113ca0dc6577bf4a0b4cf8c

SHA1
a070901fb29267aaa25e1f85f77bfed1b3ef8446

SHA256
f0cbb9bed3f12ea767ee9572aefdea89338643b6b803b180f3c494a83745e83f

SHA512
9ef45a231319f1b86f7fc9a2f15048a3d28bed9e8fcc6007921ad9ad2dae9d9b3c3b0ee15cefbb9d80af8059c4bcb0ed5cd2eba4d4e3b27b29e6146f8eb9e22a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

Filesize
4KB

MD5
1bfe591a4fe3d91b03cdf26eaacd8f89

SHA1
719c37c320f518ac168c86723724891950911cea

SHA256
9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8

SHA512
02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
471B

MD5
db1cd4b0b20e94294de2b456e4f3e7eb

SHA1
97a14cd9770d923c4e8a53a82f5f98855975f754

SHA256
fbb2e279e9e6c7efe49a68d099df81afe23be65d8df5a27c2cf5bbdf68546e58

SHA512
b914ddd8e5753bdf2482e6822222ed7944c661b0d2c98ada2bdb8c1f2e757b61d25407d0700d52a8ef7d6982a27523c2e25ed5038d9f0906c1d0ad05e34e00c2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

Filesize
338B

MD5
91a94b2a19c169cc135bc36a3a68f5b2

SHA1
5f956574edaba79de9fb41d18db12843eb45d953

SHA256
ae4345db92cff98597027c6f0af71704cf3cd78c6abf602890c0944e0c624991

SHA512
abeaf58ba971ac093da3260c0458c2becc1936e63d59bef17be9d4cde23e88974661083c5f308df5665fe64cb79edd2feaeabe66e6fc8986be6d721728c75554

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
400B

MD5
b46b4c80f135bc77d45abb00d8bfb31a

SHA1
35d67f9f50fe5adc8a05fbd5ea6f9793100c221d

SHA256
d615687d238dc21f5ead746676a88b62e3ea4ed91979f9caa7a39fb0639c9a5d

SHA512
2e381441bffcb5b8c5e30a0eafb98d58498426981577733c966374abe40ce5fa800d89788cb69d04623a47143168f3c732477c8c1a1b6660856ebfc7e8cb721e

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Filesize
12KB

MD5
58040963653a6df840afb417da6b1d06

SHA1
a017e9ce77cb2fc596a3cd3392e66fb2cfe29de9

SHA256
87075347a4efb6779e85bfc5bbc2a978a6b0dbb600d839d4f04c306a30313ac7

SHA512
94dd05b81c2f77874a687e5f09f4014ff88ead301c06413a73d888dc997758c88889958d696b483d767e51c0de6edc1e355005beaff63cf0bfef1b553aeeab5e

Download Submit