d57235a53730049f734ccd88528bfdc2b99bb862deaff108932d0b2d2b0cdb5b

Analysis

max time kernel
150s
max time network
132s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
05/07/2024, 14:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

BILL_EMAIL_211906_12491694_0.pdf
Size

290KB
MD5

391f7a444eae23fd3c458f78479bc5bd
SHA1

aaaa07872c1610018a1cd1f70e7f1988ea66b7cf
SHA256

d57235a53730049f734ccd88528bfdc2b99bb862deaff108932d0b2d2b0cdb5b
SHA512

67d767430503667c71d335cd2413e0f23a5d9fd990b7ef18816f1217062c7cc49f1b74677dee55c545fefdb89f5dfcae16d0d431f9832ab949a0f6e7f9056ed7
SSDEEP

6144:3yMP2LqMC4gKUpSudhdioKVhp5QXD8oM8FE9y9fpKLr:rwhgx5dhwoIZQXjM6E9OfpOr

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-661257284-3186977026-4220467887-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-661257284-3186977026-4220467887-1000_Classes\Local Settings\MuiCache	AdobeCollabSync.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
1428	AcroRd32.exe
1428	AcroRd32.exe
1428	AcroRd32.exe
1428	AcroRd32.exe
1428	AcroRd32.exe
1428	AcroRd32.exe
1428	AcroRd32.exe
1428	AcroRd32.exe
1428	AcroRd32.exe
1428	AcroRd32.exe
1428	AcroRd32.exe
1428	AcroRd32.exe
1428	AcroRd32.exe
1428	AcroRd32.exe
1428	AcroRd32.exe
1428	AcroRd32.exe
1428	AcroRd32.exe
1428	AcroRd32.exe
1428	AcroRd32.exe
1428	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1428	AcroRd32.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
1428	AcroRd32.exe
1428	AcroRd32.exe
1428	AcroRd32.exe
1428	AcroRd32.exe
1428	AcroRd32.exe
1428	AcroRd32.exe
1428	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1428 wrote to memory of 4932	1428	AcroRd32.exe	92
PID 1428 wrote to memory of 4932	1428	AcroRd32.exe	92
PID 1428 wrote to memory of 4932	1428	AcroRd32.exe	92
PID 4932 wrote to memory of 4072	4932	AdobeCollabSync.exe	93
PID 4932 wrote to memory of 4072	4932	AdobeCollabSync.exe	93
PID 4932 wrote to memory of 4072	4932	AdobeCollabSync.exe	93
PID 4072 wrote to memory of 4080	4072	AdobeCollabSync.exe	95
PID 4072 wrote to memory of 4080	4072	AdobeCollabSync.exe	95
PID 4072 wrote to memory of 4080	4072	AdobeCollabSync.exe	95
PID 1428 wrote to memory of 2904	1428	AcroRd32.exe	96
PID 1428 wrote to memory of 2904	1428	AcroRd32.exe	96
PID 1428 wrote to memory of 2904	1428	AcroRd32.exe	96
PID 2904 wrote to memory of 3808	2904	RdrCEF.exe	97
PID 2904 wrote to memory of 3808	2904	RdrCEF.exe	97
PID 2904 wrote to memory of 3808	2904	RdrCEF.exe	97
PID 2904 wrote to memory of 3808	2904	RdrCEF.exe	97
PID 2904 wrote to memory of 3808	2904	RdrCEF.exe	97
PID 2904 wrote to memory of 3808	2904	RdrCEF.exe	97
PID 2904 wrote to memory of 3808	2904	RdrCEF.exe	97
PID 2904 wrote to memory of 3808	2904	RdrCEF.exe	97
PID 2904 wrote to memory of 3808	2904	RdrCEF.exe	97
PID 2904 wrote to memory of 3808	2904	RdrCEF.exe	97
PID 2904 wrote to memory of 3808	2904	RdrCEF.exe	97
PID 2904 wrote to memory of 3808	2904	RdrCEF.exe	97
PID 2904 wrote to memory of 3808	2904	RdrCEF.exe	97
PID 2904 wrote to memory of 3808	2904	RdrCEF.exe	97
PID 2904 wrote to memory of 3808	2904	RdrCEF.exe	97
PID 2904 wrote to memory of 3808	2904	RdrCEF.exe	97
PID 2904 wrote to memory of 3808	2904	RdrCEF.exe	97
PID 2904 wrote to memory of 3808	2904	RdrCEF.exe	97
PID 2904 wrote to memory of 3808	2904	RdrCEF.exe	97
PID 2904 wrote to memory of 3808	2904	RdrCEF.exe	97
PID 2904 wrote to memory of 3808	2904	RdrCEF.exe	97
PID 2904 wrote to memory of 3808	2904	RdrCEF.exe	97
PID 2904 wrote to memory of 3808	2904	RdrCEF.exe	97
PID 2904 wrote to memory of 3808	2904	RdrCEF.exe	97
PID 2904 wrote to memory of 3808	2904	RdrCEF.exe	97
PID 2904 wrote to memory of 3808	2904	RdrCEF.exe	97
PID 2904 wrote to memory of 3808	2904	RdrCEF.exe	97
PID 2904 wrote to memory of 3808	2904	RdrCEF.exe	97
PID 2904 wrote to memory of 3808	2904	RdrCEF.exe	97
PID 2904 wrote to memory of 3808	2904	RdrCEF.exe	97
PID 2904 wrote to memory of 3808	2904	RdrCEF.exe	97
PID 2904 wrote to memory of 3808	2904	RdrCEF.exe	97
PID 2904 wrote to memory of 3808	2904	RdrCEF.exe	97
PID 2904 wrote to memory of 3808	2904	RdrCEF.exe	97
PID 2904 wrote to memory of 3808	2904	RdrCEF.exe	97
PID 2904 wrote to memory of 3808	2904	RdrCEF.exe	97
PID 2904 wrote to memory of 3808	2904	RdrCEF.exe	97
PID 2904 wrote to memory of 3808	2904	RdrCEF.exe	97
PID 2904 wrote to memory of 3808	2904	RdrCEF.exe	97
PID 2904 wrote to memory of 3808	2904	RdrCEF.exe	97
PID 2904 wrote to memory of 3808	2904	RdrCEF.exe	97
PID 2904 wrote to memory of 3808	2904	RdrCEF.exe	97
PID 2904 wrote to memory of 3808	2904	RdrCEF.exe	97
PID 2904 wrote to memory of 4076	2904	RdrCEF.exe	98
PID 2904 wrote to memory of 4076	2904	RdrCEF.exe	98
PID 2904 wrote to memory of 4076	2904	RdrCEF.exe	98
PID 2904 wrote to memory of 4076	2904	RdrCEF.exe	98
PID 2904 wrote to memory of 4076	2904	RdrCEF.exe	98
PID 2904 wrote to memory of 4076	2904	RdrCEF.exe	98
PID 2904 wrote to memory of 4076	2904	RdrCEF.exe	98
PID 2904 wrote to memory of 4076	2904	RdrCEF.exe	98
PID 2904 wrote to memory of 4076	2904	RdrCEF.exe	98

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\BILL_EMAIL_211906_12491694_0.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1428
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" -c
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4932
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" -c --type=collab-renderer --proc=4932
    3⤵
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:4072
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe" GetChannelUri
      4⤵
      PID:4080
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2904
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=940D1B224F4BB52AB93879E194ACE9CC --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=940D1B224F4BB52AB93879E194ACE9CC --renderer-client-id=2 --mojo-platform-channel-handle=1712 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:3808
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=3B91B0945DE954404A5C2A30F440FFD2 --mojo-platform-channel-handle=1720 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4076
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=ED27D4040EDAD58D895F6903E6DD7A07 --mojo-platform-channel-handle=2304 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4528
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=1773E0B0A24E359AAB2105277F46804B --mojo-platform-channel-handle=1820 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4188
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=4253EA8C93BE9C746676C31671B85414 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=4253EA8C93BE9C746676C31671B85414 --renderer-client-id=6 --mojo-platform-channel-handle=1720 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:1408
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=FF2F0042277E6F201157469C22C8F9F7 --mojo-platform-channel-handle=2640 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3100

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=2460,i,7545522914305657361,9950105517201397946,262144 --variations-seed-version --mojo-platform-channel-handle=4292 /prefetch:8
1⤵
PID:1212

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
36KB

MD5
b30d3becc8731792523d599d949e63f5

SHA1
19350257e42d7aee17fb3bf139a9d3adb330fad4

SHA256
b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3

SHA512
523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
56KB

MD5
752a1f26b18748311b691c7d8fc20633

SHA1
c1f8e83eebc1cc1e9b88c773338eb09ff82ab862

SHA256
111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131

SHA512
a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
727a5db9143f33fdc77816293504db7c

SHA1
89c787eded70cb8ffdc4681a9c59d73849060986

SHA256
564231ca0e171dd7f992216ac8f7719804ff2a27c5a6ab969d7542b4d8b6f3eb

SHA512
d72917c335a9004460401c1caae0a8f54d664cdbf56c407bc193eede5754ab3bde937c7b5b623815e0d30eefe6fbb87ae9cdbe0cb5b348a836f44e636db27d91

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

Filesize
92KB

MD5
aebe0d2eb7a2077a55e57a955e62406a

SHA1
3f811b8148f12220f4b45699135e6d21c9847d8a

SHA256
87aa4c64348b534771f03919b5bdca09596e89f6e0cca0a992bb3d290ec4155a

SHA512
efa1b082925a4e478fcea74764bbacb91d43da8c01c4b360a34e6f7402af23f91c93b5e91c6266120e144b5300e8dae73a62a7b6d7c4328410128f6a72a7baed

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

Filesize
92KB

MD5
ff0e5cb8c264cbe44319f8dc62ef9b8f

SHA1
e6c121844a1077cd3f66968f1c3299388f06ab3e

SHA256
a19a3f4263d4de9420c3fd0c443238c22f1e07b603b4131be89f58f701c3be59

SHA512
edc03e2328131cfe029c8b7c5fe36d66c90d934cc5eed1f49f532c7b59ce009ef5a8c798bf94c37e74325f32edbb60519d3a82d67206dd1a6261b5c520892997

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

Filesize
92KB

MD5
89cbf655bbfa81a360b972a4c1e1a38f

SHA1
33197276a4abeabf2c71c8c839bfd2b96f0f2be6

SHA256
7c017211e6c16bdb277e7f0437a9c81fa113c02dc8f15bac929b9784a8786192

SHA512
65cfbb12409b4937649b1e802218a96c33f57862eaac6574ebc30bf31f146e8f1b2969364504dfa1217958bd1bff48119bdc40372873ed3452d1417826e8f13b

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

Filesize
92KB

MD5
badad593339c64ca072893057cc364b8

SHA1
dcead5f95d0debfe29d83a26b49574bf04b4ff29

SHA256
2b9a522ab7b4eb28677ec7be19900d9338039d986ea94e29ee534806692c5883

SHA512
1b72d5947728db40f9e6b74abdae1a971a4d17db69019d57fd817eb762b46fb5be728236aa74f97572212221c1dfed68df871cd1f55bf2e1e98d688b53d43757

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

Filesize
92KB

MD5
245950c48f668cf2fcb3c64778e64089

SHA1
3a5a14c820f58e35a3fc6f5de29669f0840587d8

SHA256
a027cf12f2055635a3020f08e0448b2f0314791260ccd25570426088c5b0e307

SHA512
4fc8448536663b551cc716d78715f06d4ed217fbdf755924f0b30aebbb6212798a61c6638f919d5c14bdb6998d6a12f0ca37281f3c7f484c1821fbfc98d4a24d

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\resources\resource-18

Filesize
3.6MB

MD5
c1ebac56e352150ed68b01765ea1657c

SHA1
5369d26caa35c5dc97510bfade8cd7cc139a86bf

SHA256
5ac725bfa8068805c4d2793f2dc37e4e148229200f6b208c2d0cad4e4d273d8f

SHA512
6cd27f43d54ab7e9c0a851ed7d6a25951e8523764f5eb87389c4ec85b710295f9e6fcd96b54ec46b0640c2f034147aac79950b46d433f664bcd2881250c6459d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
471B

MD5
96f31d34edacef107fce3a7136a7afd0

SHA1
1f1b5a6b5d4d9102be55847819c675ddec56d2fa

SHA256
38c249d4e6d1859c00bf2c7ff59e4540cafe6e240ee3d06a47a38afa85837acd

SHA512
d97873397372d50c227c4f5c9bafc58f25ff086c824d2b4abcef2da776a43ed75649bbe81fc49d075749f2721958f1f17cdc50746b99cd08505bb1c98ae945a9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
400B

MD5
f6519690f00e1aadf5e4b482e081da3a

SHA1
0c9ad1df4ac1e4750869e3483b2b606a39014814

SHA256
948b07feb68f8e2b3dd5d14ae1daf811c544988993480141c15d9347224fbe7f

SHA512
b18f580bfb98d1e76a14fcb6e940933d2a94709b306aaa921f2f6da0a78a769731ffcfaddc3fce3779e6cca9cc2544a5975250fed020403f218dead29051a295

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Filesize
12KB

MD5
8a958d3ccd5d1de65372125513fa49ac

SHA1
e83eb5b8c31892cbca0715f00c89d70fba108850

SHA256
b2a46b0d3c806bb8dd5944ce10bbc6d7f9c8658b095278b69d762898fd93b1af

SHA512
698a940a756695df440157a56d1fc12695b5de6f5a71e1804574e6b1c0786b131729c93a2100f0f42a6d6434a23ca33e6763c082d3952be94bc30a8678890839

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata

Filesize
14KB

MD5
947f93fe0eed44767626846f28cfde05

SHA1
f6276d2a2b4a9d8a8e23c84019cd3961e9d60e88

SHA256
06a576fc14e995c437b26c0d150b4e84cd745e7cedfd972a84b42b51c842fc9b

SHA512
f97739eb0d22a99b06ef340aefb0d5a5b45b679d28accff3de2565166392c7d2fabaa33f945696f7d456ba2ef323f48e43eb26578f71c8b2e8ed32fb4dc69bc9

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata

Filesize
5.4MB

MD5
df40d5c7936e1fea52dc0ced51f139c2

SHA1
7e74cb001615dbf1350351601b36d30b80eb9921

SHA256
b265fc6d4aa1b6f78bdb01c7b299e7fadcf051bfe8be52ebc75dd4daaeb9df5d

SHA512
efe8694f373ac16dc870c8205beb9e25cce032953911f66315899e1134d30ca477f2b283ec67f11ea724c10da6189136ef79469df376db75145e2bcee333cc1f

Download Submit