00dce3008ceeb137ec3a1a75582d93418d15a960d822d5395cb0eef659b24495

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
13-06-2024 13:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

UA12115062.pdf
Size

90KB
MD5

cfe2e3ed68e7727cc43a3c5626b02b23
SHA1

35f47cce4c2dd8ca2025d590e20c3aef2d68bc8c
SHA256

00dce3008ceeb137ec3a1a75582d93418d15a960d822d5395cb0eef659b24495
SHA512

4d79665e87ca9896616135feb00530af83df1565be661f792d976866bba07c878ef2ed361082ee24f7f489fd110e45873f63388d3763cb7066cd2c9ff1e4f045
SSDEEP

1536:4IN2cPFGFecGEEzcAPPooYpaoNH3lrdYL:7mEz1PwUoNXML

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

AcroRd32.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

Processes:

AcroRd32.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies registry class 1 IoCs

Processes:

AdobeCollabSync.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\MuiCache AdobeCollabSync.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\MuiCache	AdobeCollabSync.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

Processes:

AcroRd32.exe

pid	process
3348	AcroRd32.exe
3348	AcroRd32.exe
3348	AcroRd32.exe
3348	AcroRd32.exe
3348	AcroRd32.exe
3348	AcroRd32.exe
3348	AcroRd32.exe
3348	AcroRd32.exe
3348	AcroRd32.exe
3348	AcroRd32.exe
3348	AcroRd32.exe
3348	AcroRd32.exe
3348	AcroRd32.exe
3348	AcroRd32.exe
3348	AcroRd32.exe
3348	AcroRd32.exe
3348	AcroRd32.exe
3348	AcroRd32.exe
3348	AcroRd32.exe
3348	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

AcroRd32.exe

pid process

3348 AcroRd32.exe
Suspicious use of SetWindowsHookEx 7 IoCs

Processes:

AcroRd32.exe

pid process

3348 AcroRd32.exe
3348 AcroRd32.exe
3348 AcroRd32.exe
3348 AcroRd32.exe
3348 AcroRd32.exe
3348 AcroRd32.exe
3348 AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

AcroRd32.exeAdobeCollabSync.exeAdobeCollabSync.exeRdrCEF.exe

description	pid	process	target process
PID 3348 wrote to memory of 3112	3348	AcroRd32.exe	AdobeCollabSync.exe
PID 3348 wrote to memory of 3112	3348	AcroRd32.exe	AdobeCollabSync.exe
PID 3348 wrote to memory of 3112	3348	AcroRd32.exe	AdobeCollabSync.exe
PID 3112 wrote to memory of 4644	3112	AdobeCollabSync.exe	AdobeCollabSync.exe
PID 3112 wrote to memory of 4644	3112	AdobeCollabSync.exe	AdobeCollabSync.exe
PID 3112 wrote to memory of 4644	3112	AdobeCollabSync.exe	AdobeCollabSync.exe
PID 4644 wrote to memory of 1940	4644	AdobeCollabSync.exe	FullTrustNotifier.exe
PID 4644 wrote to memory of 1940	4644	AdobeCollabSync.exe	FullTrustNotifier.exe
PID 4644 wrote to memory of 1940	4644	AdobeCollabSync.exe	FullTrustNotifier.exe
PID 3348 wrote to memory of 1756	3348	AcroRd32.exe	RdrCEF.exe
PID 3348 wrote to memory of 1756	3348	AcroRd32.exe	RdrCEF.exe
PID 3348 wrote to memory of 1756	3348	AcroRd32.exe	RdrCEF.exe
PID 1756 wrote to memory of 3024	1756	RdrCEF.exe	RdrCEF.exe
PID 1756 wrote to memory of 3024	1756	RdrCEF.exe	RdrCEF.exe
PID 1756 wrote to memory of 3024	1756	RdrCEF.exe	RdrCEF.exe
PID 1756 wrote to memory of 3024	1756	RdrCEF.exe	RdrCEF.exe
PID 1756 wrote to memory of 3024	1756	RdrCEF.exe	RdrCEF.exe
PID 1756 wrote to memory of 3024	1756	RdrCEF.exe	RdrCEF.exe
PID 1756 wrote to memory of 3024	1756	RdrCEF.exe	RdrCEF.exe
PID 1756 wrote to memory of 3024	1756	RdrCEF.exe	RdrCEF.exe
PID 1756 wrote to memory of 3024	1756	RdrCEF.exe	RdrCEF.exe
PID 1756 wrote to memory of 3024	1756	RdrCEF.exe	RdrCEF.exe
PID 1756 wrote to memory of 3024	1756	RdrCEF.exe	RdrCEF.exe
PID 1756 wrote to memory of 3024	1756	RdrCEF.exe	RdrCEF.exe
PID 1756 wrote to memory of 3024	1756	RdrCEF.exe	RdrCEF.exe
PID 1756 wrote to memory of 3024	1756	RdrCEF.exe	RdrCEF.exe
PID 1756 wrote to memory of 3024	1756	RdrCEF.exe	RdrCEF.exe
PID 1756 wrote to memory of 3024	1756	RdrCEF.exe	RdrCEF.exe
PID 1756 wrote to memory of 3024	1756	RdrCEF.exe	RdrCEF.exe
PID 1756 wrote to memory of 3024	1756	RdrCEF.exe	RdrCEF.exe
PID 1756 wrote to memory of 3024	1756	RdrCEF.exe	RdrCEF.exe
PID 1756 wrote to memory of 3024	1756	RdrCEF.exe	RdrCEF.exe
PID 1756 wrote to memory of 3024	1756	RdrCEF.exe	RdrCEF.exe
PID 1756 wrote to memory of 3024	1756	RdrCEF.exe	RdrCEF.exe
PID 1756 wrote to memory of 3024	1756	RdrCEF.exe	RdrCEF.exe
PID 1756 wrote to memory of 3024	1756	RdrCEF.exe	RdrCEF.exe
PID 1756 wrote to memory of 3024	1756	RdrCEF.exe	RdrCEF.exe
PID 1756 wrote to memory of 3024	1756	RdrCEF.exe	RdrCEF.exe
PID 1756 wrote to memory of 3024	1756	RdrCEF.exe	RdrCEF.exe
PID 1756 wrote to memory of 3024	1756	RdrCEF.exe	RdrCEF.exe
PID 1756 wrote to memory of 3024	1756	RdrCEF.exe	RdrCEF.exe
PID 1756 wrote to memory of 3024	1756	RdrCEF.exe	RdrCEF.exe
PID 1756 wrote to memory of 3024	1756	RdrCEF.exe	RdrCEF.exe
PID 1756 wrote to memory of 3024	1756	RdrCEF.exe	RdrCEF.exe
PID 1756 wrote to memory of 3024	1756	RdrCEF.exe	RdrCEF.exe
PID 1756 wrote to memory of 3024	1756	RdrCEF.exe	RdrCEF.exe
PID 1756 wrote to memory of 3024	1756	RdrCEF.exe	RdrCEF.exe
PID 1756 wrote to memory of 3024	1756	RdrCEF.exe	RdrCEF.exe
PID 1756 wrote to memory of 3024	1756	RdrCEF.exe	RdrCEF.exe
PID 1756 wrote to memory of 3024	1756	RdrCEF.exe	RdrCEF.exe
PID 1756 wrote to memory of 3024	1756	RdrCEF.exe	RdrCEF.exe
PID 1756 wrote to memory of 3024	1756	RdrCEF.exe	RdrCEF.exe
PID 1756 wrote to memory of 3024	1756	RdrCEF.exe	RdrCEF.exe
PID 1756 wrote to memory of 3772	1756	RdrCEF.exe	RdrCEF.exe
PID 1756 wrote to memory of 3772	1756	RdrCEF.exe	RdrCEF.exe
PID 1756 wrote to memory of 3772	1756	RdrCEF.exe	RdrCEF.exe
PID 1756 wrote to memory of 3772	1756	RdrCEF.exe	RdrCEF.exe
PID 1756 wrote to memory of 3772	1756	RdrCEF.exe	RdrCEF.exe
PID 1756 wrote to memory of 3772	1756	RdrCEF.exe	RdrCEF.exe
PID 1756 wrote to memory of 3772	1756	RdrCEF.exe	RdrCEF.exe
PID 1756 wrote to memory of 3772	1756	RdrCEF.exe	RdrCEF.exe
PID 1756 wrote to memory of 3772	1756	RdrCEF.exe	RdrCEF.exe
PID 1756 wrote to memory of 3772	1756	RdrCEF.exe	RdrCEF.exe
PID 1756 wrote to memory of 3772	1756	RdrCEF.exe	RdrCEF.exe

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\UA12115062.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3348

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" -c
2⤵
- Suspicious use of WriteProcessMemory
PID:3112

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" -c --type=collab-renderer --proc=3112
3⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:4644

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe" GetChannelUri
4⤵
PID:1940

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
2⤵
- Suspicious use of WriteProcessMemory
PID:1756

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=1C2E5AF76E548556DD06F6DF01C70053 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:3024

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=F9359B8ED81073DAB7BFA28FB55D305B --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=F9359B8ED81073DAB7BFA28FB55D305B --renderer-client-id=2 --mojo-platform-channel-handle=1732 --allow-no-sandbox-job /prefetch:1
3⤵
PID:3772

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=D8DF56F1E8E64C94A7FF7BA170FFBB34 --mojo-platform-channel-handle=2324 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:4608

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=9EFBE3051F39D064A4CD8D1F045C8E4A --mojo-platform-channel-handle=1820 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:5080

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=E21ACE821B8E7B330F2B1CC06D98E9B5 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=E21ACE821B8E7B330F2B1CC06D98E9B5 --renderer-client-id=6 --mojo-platform-channel-handle=2312 --allow-no-sandbox-job /prefetch:1
3⤵
PID:628

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=B05F50909293A5AEC22FC2CE191DFB20 --mojo-platform-channel-handle=2656 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:4060

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1968

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
Filesize
36KB

MD5
b30d3becc8731792523d599d949e63f5

SHA1
19350257e42d7aee17fb3bf139a9d3adb330fad4

SHA256
b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3

SHA512
523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
Filesize
56KB

MD5
752a1f26b18748311b691c7d8fc20633

SHA1
c1f8e83eebc1cc1e9b88c773338eb09ff82ab862

SHA256
111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131

SHA512
a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
Filesize
64KB

MD5
949ded8a33aa2b3cffe931b33700543e

SHA1
e5d7282ae739d1d23e31466e9a2fe0a95fe613b4

SHA256
d304c417e3a234ed2e77649cea02cf7077ca5df6bd7e7b1cf2ef0ceb06fe3aaf

SHA512
f7a444f3b385e9d66c004a72ad307830350fac03358829499cd9f9c44e4f899d85c32ee08a038f183ae45993435f99eab191713927bad5c58097bd875d3e0f2d

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer
Filesize
92KB

MD5
aebe0d2eb7a2077a55e57a955e62406a

SHA1
3f811b8148f12220f4b45699135e6d21c9847d8a

SHA256
87aa4c64348b534771f03919b5bdca09596e89f6e0cca0a992bb3d290ec4155a

SHA512
efa1b082925a4e478fcea74764bbacb91d43da8c01c4b360a34e6f7402af23f91c93b5e91c6266120e144b5300e8dae73a62a7b6d7c4328410128f6a72a7baed

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer
Filesize
92KB

MD5
c1f98dae66700168140a22df9bdedf77

SHA1
c385071d11392e389afc2372ab86751dcbbecaaa

SHA256
f00ba223a81437d3275e8e9675f9527e7737154306b82fa8dc5c24baa9a1af42

SHA512
2361bcd6dbdce5a3132cc8d2991bb33cf35eb992ee61bccb67b86ebd47ca4664d377de1473398e5fc5f9288a2b3de484201e4b8a8c8b210a6d184352d637d8f6

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer
Filesize
92KB

MD5
83ceec76aa8f097c060e587ed2c8fdff

SHA1
e0af9d9a91031cc5cac823c7eae9609073e122bd

SHA256
62674e14e1ae94d4b913d9e6a8c42d8e2e205eb6863ed871df01f00850f4eb71

SHA512
b4701ae29fc8396ba369bd494d6524031a8e19eacc33aa599a3a43ac23223d8ebb10890265daf9ec30cefd386a49baaa1b3b007998f408758139e8f2517674c1

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer
Filesize
92KB

MD5
245950c48f668cf2fcb3c64778e64089

SHA1
3a5a14c820f58e35a3fc6f5de29669f0840587d8

SHA256
a027cf12f2055635a3020f08e0448b2f0314791260ccd25570426088c5b0e307

SHA512
4fc8448536663b551cc716d78715f06d4ed217fbdf755924f0b30aebbb6212798a61c6638f919d5c14bdb6998d6a12f0ca37281f3c7f484c1821fbfc98d4a24d

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\resources\resource-18
Filesize
3.6MB

MD5
c1ebac56e352150ed68b01765ea1657c

SHA1
5369d26caa35c5dc97510bfade8cd7cc139a86bf

SHA256
5ac725bfa8068805c4d2793f2dc37e4e148229200f6b208c2d0cad4e4d273d8f

SHA512
6cd27f43d54ab7e9c0a851ed7d6a25951e8523764f5eb87389c4ec85b710295f9e6fcd96b54ec46b0640c2f034147aac79950b46d433f664bcd2881250c6459d

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents
Filesize
12KB

MD5
07617ddf8d06cde62131cda54a53270a

SHA1
b1cca2581bee564ca1382530cfb1a6fe3e8bd36f

SHA256
950fcf09e920ae4e4777613370430f82e79960131533a3eb8616a33941fccc85

SHA512
4cc621f91ffe06c48eb316a03fec60a72b1955b123db23e821ae21b1077e329dcd01bc0d9ec6cdee2d1e1cd5ef4e1a3688d1d37c90008b0e998a97fdb80fb66a

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata
Filesize
14KB

MD5
947f93fe0eed44767626846f28cfde05

SHA1
f6276d2a2b4a9d8a8e23c84019cd3961e9d60e88

SHA256
06a576fc14e995c437b26c0d150b4e84cd745e7cedfd972a84b42b51c842fc9b

SHA512
f97739eb0d22a99b06ef340aefb0d5a5b45b679d28accff3de2565166392c7d2fabaa33f945696f7d456ba2ef323f48e43eb26578f71c8b2e8ed32fb4dc69bc9

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata
Filesize
5.4MB

MD5
df40d5c7936e1fea52dc0ced51f139c2

SHA1
7e74cb001615dbf1350351601b36d30b80eb9921

SHA256
b265fc6d4aa1b6f78bdb01c7b299e7fadcf051bfe8be52ebc75dd4daaeb9df5d

SHA512
efe8694f373ac16dc870c8205beb9e25cce032953911f66315899e1134d30ca477f2b283ec67f11ea724c10da6189136ef79469df376db75145e2bcee333cc1f

Download Submit