6d987248a7df4508f0ff217c82a09e8a059c212fee2b5ade4819fc3092432f33

Analysis

max time kernel
141s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
24-06-2024 07:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7BIC.pdf
Size

1.3MB
MD5

5c66f5396a267e08472c8943e1f96a46
SHA1

9c82293caec4259d0b91b8e91bf11f9a68cd0ecd
SHA256

6d987248a7df4508f0ff217c82a09e8a059c212fee2b5ade4819fc3092432f33
SHA512

9a5016a247c62308a0ecf4d19be7dd858f27418af23e3df05a1d8b0405dab3e6708d33fa93042beb8eba7126efdefb9bc8e4a0b47a2dadd557cf25f4d716d039
SSDEEP

24576:snHqAunsVTPFTymnZLVcgmNe+oa6+nkHUw2bGWjYy9DU1QQEVyGaC:wHqbs15ymZLagmN0F05tBUPEVyGZ

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\MuiCache	AdobeCollabSync.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
4712	AcroRd32.exe
4712	AcroRd32.exe
4712	AcroRd32.exe
4712	AcroRd32.exe
4712	AcroRd32.exe
4712	AcroRd32.exe
4712	AcroRd32.exe
4712	AcroRd32.exe
4712	AcroRd32.exe
4712	AcroRd32.exe
4712	AcroRd32.exe
4712	AcroRd32.exe
4712	AcroRd32.exe
4712	AcroRd32.exe
4712	AcroRd32.exe
4712	AcroRd32.exe
4712	AcroRd32.exe
4712	AcroRd32.exe
4712	AcroRd32.exe
4712	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4712	AcroRd32.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
4712	AcroRd32.exe
4712	AcroRd32.exe
4712	AcroRd32.exe
4712	AcroRd32.exe
4712	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4712 wrote to memory of 3368	4712	AcroRd32.exe	80
PID 4712 wrote to memory of 3368	4712	AcroRd32.exe	80
PID 4712 wrote to memory of 3368	4712	AcroRd32.exe	80
PID 3368 wrote to memory of 1372	3368	AdobeCollabSync.exe	81
PID 3368 wrote to memory of 1372	3368	AdobeCollabSync.exe	81
PID 3368 wrote to memory of 1372	3368	AdobeCollabSync.exe	81
PID 1372 wrote to memory of 4348	1372	AdobeCollabSync.exe	86
PID 1372 wrote to memory of 4348	1372	AdobeCollabSync.exe	86
PID 1372 wrote to memory of 4348	1372	AdobeCollabSync.exe	86
PID 4712 wrote to memory of 4656	4712	AcroRd32.exe	90
PID 4712 wrote to memory of 4656	4712	AcroRd32.exe	90
PID 4712 wrote to memory of 4656	4712	AcroRd32.exe	90
PID 4656 wrote to memory of 4532	4656	RdrCEF.exe	91
PID 4656 wrote to memory of 4532	4656	RdrCEF.exe	91
PID 4656 wrote to memory of 4532	4656	RdrCEF.exe	91
PID 4656 wrote to memory of 4532	4656	RdrCEF.exe	91
PID 4656 wrote to memory of 4532	4656	RdrCEF.exe	91
PID 4656 wrote to memory of 4532	4656	RdrCEF.exe	91
PID 4656 wrote to memory of 4532	4656	RdrCEF.exe	91
PID 4656 wrote to memory of 4532	4656	RdrCEF.exe	91
PID 4656 wrote to memory of 4532	4656	RdrCEF.exe	91
PID 4656 wrote to memory of 4532	4656	RdrCEF.exe	91
PID 4656 wrote to memory of 4532	4656	RdrCEF.exe	91
PID 4656 wrote to memory of 4532	4656	RdrCEF.exe	91
PID 4656 wrote to memory of 4532	4656	RdrCEF.exe	91
PID 4656 wrote to memory of 4532	4656	RdrCEF.exe	91
PID 4656 wrote to memory of 4532	4656	RdrCEF.exe	91
PID 4656 wrote to memory of 4532	4656	RdrCEF.exe	91
PID 4656 wrote to memory of 4532	4656	RdrCEF.exe	91
PID 4656 wrote to memory of 4532	4656	RdrCEF.exe	91
PID 4656 wrote to memory of 4532	4656	RdrCEF.exe	91
PID 4656 wrote to memory of 4532	4656	RdrCEF.exe	91
PID 4656 wrote to memory of 4532	4656	RdrCEF.exe	91
PID 4656 wrote to memory of 4532	4656	RdrCEF.exe	91
PID 4656 wrote to memory of 4532	4656	RdrCEF.exe	91
PID 4656 wrote to memory of 4532	4656	RdrCEF.exe	91
PID 4656 wrote to memory of 4532	4656	RdrCEF.exe	91
PID 4656 wrote to memory of 4532	4656	RdrCEF.exe	91
PID 4656 wrote to memory of 4532	4656	RdrCEF.exe	91
PID 4656 wrote to memory of 4532	4656	RdrCEF.exe	91
PID 4656 wrote to memory of 4532	4656	RdrCEF.exe	91
PID 4656 wrote to memory of 4532	4656	RdrCEF.exe	91
PID 4656 wrote to memory of 4532	4656	RdrCEF.exe	91
PID 4656 wrote to memory of 4532	4656	RdrCEF.exe	91
PID 4656 wrote to memory of 4532	4656	RdrCEF.exe	91
PID 4656 wrote to memory of 4532	4656	RdrCEF.exe	91
PID 4656 wrote to memory of 4532	4656	RdrCEF.exe	91
PID 4656 wrote to memory of 4532	4656	RdrCEF.exe	91
PID 4656 wrote to memory of 4532	4656	RdrCEF.exe	91
PID 4656 wrote to memory of 4532	4656	RdrCEF.exe	91
PID 4656 wrote to memory of 4532	4656	RdrCEF.exe	91
PID 4656 wrote to memory of 4532	4656	RdrCEF.exe	91
PID 4656 wrote to memory of 4532	4656	RdrCEF.exe	91
PID 4656 wrote to memory of 4860	4656	RdrCEF.exe	92
PID 4656 wrote to memory of 4860	4656	RdrCEF.exe	92
PID 4656 wrote to memory of 4860	4656	RdrCEF.exe	92
PID 4656 wrote to memory of 4860	4656	RdrCEF.exe	92
PID 4656 wrote to memory of 4860	4656	RdrCEF.exe	92
PID 4656 wrote to memory of 4860	4656	RdrCEF.exe	92
PID 4656 wrote to memory of 4860	4656	RdrCEF.exe	92
PID 4656 wrote to memory of 4860	4656	RdrCEF.exe	92
PID 4656 wrote to memory of 4860	4656	RdrCEF.exe	92
PID 4656 wrote to memory of 4860	4656	RdrCEF.exe	92
PID 4656 wrote to memory of 4860	4656	RdrCEF.exe	92

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\7BIC.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4712
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" -c
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3368
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" -c --type=collab-renderer --proc=3368
    3⤵
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:1372
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe" GetChannelUri
      4⤵
      PID:4348
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4656
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=EB219F7F1BBB777F52A49A586084A853 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4532
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=0CFD96B7B10C54AC65F4299B480F29D9 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=0CFD96B7B10C54AC65F4299B480F29D9 --renderer-client-id=2 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:4860
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=802E913D515A2469DBE6CA9706D9D107 --mojo-platform-channel-handle=2312 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2912
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=3B6289411196CD5AF1A253C3A61563E1 --mojo-platform-channel-handle=1952 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3520
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=66332280938729BD2AE0AF15851AC80D --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=66332280938729BD2AE0AF15851AC80D --renderer-client-id=6 --mojo-platform-channel-handle=1932 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:2512
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=2684F4FCCB59688B8621D4B034AB1AFD --mojo-platform-channel-handle=1700 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1084

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4388

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
f2cef547bff1f640e0fcb264edcd414d

SHA1
45c2e4d2ace07dc4158e760199415c6e6f2248fd

SHA256
a1619af5523243589e439d51c689e533efa6ddf640a8569894201827b7e05ab1

SHA512
83306897b178aa77fec7aa88140f1cd7b39d9539efe5e4caa726ea033b0a785066d7b353f1b3188de815db126341b1f7ed6f5d2b0aa7187b364d3e794d95cb8c

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
431082e643fccf6858d803a4533e3988

SHA1
77549fe92a9b4a4bcd2c47399da4f668260e9f44

SHA256
107bd835c69ee4c9269f3b7a27a7e914f9ea7770b22d51e1f33a69874a11355a

SHA512
3c6d92668c500fa5dfa2c70d6e687067c84fca47d3f824311f6b6880bac8285318e5b89c7a4639b1a7a71e0ba847faaa58ef5224ecf9bca82b1b1058307a23a3

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\DesktopNotification\NotificationsDB\notificationsDB

Filesize
24KB

MD5
4fe2b64a2631d0d6eb30b8f42b49bcf5

SHA1
10c931554e79c2f4280a65ef2ad57ff61a2429ec

SHA256
4901703febb24c665059d25ae6d0769c55051bcdc1b7a72b600252d4c3b0eca0

SHA512
8ad48178aa8d835e0c2028688e41f575e50e21b6b4b59161d08984c300911fda1a4614738bfa5557c3f2d254373a61497b491cbc7fb163afea2dbe08fcb67004

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

Filesize
92KB

MD5
245950c48f668cf2fcb3c64778e64089

SHA1
3a5a14c820f58e35a3fc6f5de29669f0840587d8

SHA256
a027cf12f2055635a3020f08e0448b2f0314791260ccd25570426088c5b0e307

SHA512
4fc8448536663b551cc716d78715f06d4ed217fbdf755924f0b30aebbb6212798a61c6638f919d5c14bdb6998d6a12f0ca37281f3c7f484c1821fbfc98d4a24d

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

Filesize
92KB

MD5
aebe0d2eb7a2077a55e57a955e62406a

SHA1
3f811b8148f12220f4b45699135e6d21c9847d8a

SHA256
87aa4c64348b534771f03919b5bdca09596e89f6e0cca0a992bb3d290ec4155a

SHA512
efa1b082925a4e478fcea74764bbacb91d43da8c01c4b360a34e6f7402af23f91c93b5e91c6266120e144b5300e8dae73a62a7b6d7c4328410128f6a72a7baed

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

Filesize
92KB

MD5
a014aa7ba9250ac348ceccbe0b1223ee

SHA1
1f3e1a14db85c53be0451a5271d567e9d86ad81e

SHA256
cec32462f69eb55d4991ba7bf5157773066c1787b0d426c1d9f03c57c564567b

SHA512
dd9d7f1b969caffad507f94680214b04ace609bbe2c6032176c8a1a387b77913f21b7c75c93ccb2c5e35c078a06d5b97bc6b7a36897eabcf80cd3159425f2f60

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

Filesize
92KB

MD5
bfbf639e52291d23f1d6f9851eae9c05

SHA1
1a66ec9afcf39335591bf54695b9774240363ef8

SHA256
49aa4cdfd473108b087a0c8fd7253f572015fc7a26300016e3835d573039e952

SHA512
b96395b9d59c284ce0f84f7eb2825c0168548bc2b97b78bc5ea0a786da226dc428f4544084ca7fe24946557e7e10bf263871486a452efa16e778d66c7ef2da64

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\resources\resource-18

Filesize
3.6MB

MD5
c1ebac56e352150ed68b01765ea1657c

SHA1
5369d26caa35c5dc97510bfade8cd7cc139a86bf

SHA256
5ac725bfa8068805c4d2793f2dc37e4e148229200f6b208c2d0cad4e4d273d8f

SHA512
6cd27f43d54ab7e9c0a851ed7d6a25951e8523764f5eb87389c4ec85b710295f9e6fcd96b54ec46b0640c2f034147aac79950b46d433f664bcd2881250c6459d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
471B

MD5
ec4fa7be84bb58ef87b45e63b00f1290

SHA1
d707a3664414758e3100f452cb65ac038a7cea5b

SHA256
02b731a26861146253b994240eecde993653fe38f2dde0efcfe1cc3d70e62098

SHA512
c20d6febec72da54620fad82d7a4fb5d7ace8c179664ce24238f2ccbf56517b6d754956e309b65d3fa0e04945a5e974f01b3fc138b3ca87b18f132fc3d6f62a5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
400B

MD5
060ddd5e5ef71220bae9d762adabe77e

SHA1
e6163a010ffd733631d3d716be1670862c7091b2

SHA256
0957c9955b8675c6b992d2c23ca59e5a1508d72f71e00eea3246fa217b8ce364

SHA512
169378dfe095e3eeb6651929777720398b8b8f4541de5c4532e06e1481f313e3d058d4ba0c06ecb1e36f03d7bf4c91ce31adb8111875b98d51415ee8a4b9b328

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Filesize
12KB

MD5
30957ce64e3dc3221609b534563b3454

SHA1
eac9e3d06b4d0122ff163f4e17a858fa9e8d21f8

SHA256
f63af24a7638ff4d6046bb171bc612b3d882fc9d0224b47b6591db1164cdf52d

SHA512
589037e37f9b2851fb5ae73ce8e77dd5cf828649871560166fa820dc1fcb165217b846715eda22a0c7e62ea6795bb4a40206a0a86da1f2fbe64ec4d3b2dd39cc

Download Submit