95e0416424dea94f38d8a7e06903875e5d99472412fd5f93e629aaf0553de80e

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
21/08/2024, 05:49

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

7BIC.pdf
Size

1.6MB
MD5

f295aba287f5eaec2d0170f0a602661b
SHA1

7c838786f78732ded439310aa107171fdce82d77
SHA256

95e0416424dea94f38d8a7e06903875e5d99472412fd5f93e629aaf0553de80e
SHA512

9cf916f841a786b930c0cb561a9dfd6106c459758c264bd9f8c21f4d0bb9eadd3aeec2932ad0cd6c83dbcf01a9194f43586bdc91aebbcdc6602665a589d06298
SSDEEP

49152:jzKHqbUGnRj0omsVQt/LEtD6QulPUcSHFtBUzGo4:SHq4g6Yq5Qul8f/BpB

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 11 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FullTrustNotifier.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AdobeCollabSync.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AdobeCollabSync.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings\MuiCache	AdobeCollabSync.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
4616	AcroRd32.exe
4616	AcroRd32.exe
4616	AcroRd32.exe
4616	AcroRd32.exe
4616	AcroRd32.exe
4616	AcroRd32.exe
4616	AcroRd32.exe
4616	AcroRd32.exe
4616	AcroRd32.exe
4616	AcroRd32.exe
4616	AcroRd32.exe
4616	AcroRd32.exe
4616	AcroRd32.exe
4616	AcroRd32.exe
4616	AcroRd32.exe
4616	AcroRd32.exe
4616	AcroRd32.exe
4616	AcroRd32.exe
4616	AcroRd32.exe
4616	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4616	AcroRd32.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
4616	AcroRd32.exe
4616	AcroRd32.exe
4616	AcroRd32.exe
4616	AcroRd32.exe
4616	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4616 wrote to memory of 752	4616	AcroRd32.exe	88
PID 4616 wrote to memory of 752	4616	AcroRd32.exe	88
PID 4616 wrote to memory of 752	4616	AcroRd32.exe	88
PID 752 wrote to memory of 2340	752	AdobeCollabSync.exe	90
PID 752 wrote to memory of 2340	752	AdobeCollabSync.exe	90
PID 752 wrote to memory of 2340	752	AdobeCollabSync.exe	90
PID 4616 wrote to memory of 632	4616	AcroRd32.exe	91
PID 4616 wrote to memory of 632	4616	AcroRd32.exe	91
PID 4616 wrote to memory of 632	4616	AcroRd32.exe	91
PID 632 wrote to memory of 3584	632	RdrCEF.exe	92
PID 632 wrote to memory of 3584	632	RdrCEF.exe	92
PID 632 wrote to memory of 3584	632	RdrCEF.exe	92
PID 632 wrote to memory of 3584	632	RdrCEF.exe	92
PID 632 wrote to memory of 3584	632	RdrCEF.exe	92
PID 632 wrote to memory of 3584	632	RdrCEF.exe	92
PID 632 wrote to memory of 3584	632	RdrCEF.exe	92
PID 632 wrote to memory of 3584	632	RdrCEF.exe	92
PID 632 wrote to memory of 3584	632	RdrCEF.exe	92
PID 632 wrote to memory of 3584	632	RdrCEF.exe	92
PID 632 wrote to memory of 3584	632	RdrCEF.exe	92
PID 632 wrote to memory of 3584	632	RdrCEF.exe	92
PID 632 wrote to memory of 3584	632	RdrCEF.exe	92
PID 632 wrote to memory of 3584	632	RdrCEF.exe	92
PID 632 wrote to memory of 3584	632	RdrCEF.exe	92
PID 632 wrote to memory of 3584	632	RdrCEF.exe	92
PID 632 wrote to memory of 3584	632	RdrCEF.exe	92
PID 632 wrote to memory of 3584	632	RdrCEF.exe	92
PID 632 wrote to memory of 3584	632	RdrCEF.exe	92
PID 632 wrote to memory of 3584	632	RdrCEF.exe	92
PID 632 wrote to memory of 3584	632	RdrCEF.exe	92
PID 632 wrote to memory of 3584	632	RdrCEF.exe	92
PID 632 wrote to memory of 3584	632	RdrCEF.exe	92
PID 632 wrote to memory of 3584	632	RdrCEF.exe	92
PID 632 wrote to memory of 3584	632	RdrCEF.exe	92
PID 632 wrote to memory of 3584	632	RdrCEF.exe	92
PID 632 wrote to memory of 3584	632	RdrCEF.exe	92
PID 632 wrote to memory of 3584	632	RdrCEF.exe	92
PID 632 wrote to memory of 3584	632	RdrCEF.exe	92
PID 632 wrote to memory of 3584	632	RdrCEF.exe	92
PID 632 wrote to memory of 3584	632	RdrCEF.exe	92
PID 632 wrote to memory of 3584	632	RdrCEF.exe	92
PID 632 wrote to memory of 3584	632	RdrCEF.exe	92
PID 632 wrote to memory of 3584	632	RdrCEF.exe	92
PID 632 wrote to memory of 3584	632	RdrCEF.exe	92
PID 632 wrote to memory of 3584	632	RdrCEF.exe	92
PID 632 wrote to memory of 3584	632	RdrCEF.exe	92
PID 632 wrote to memory of 3584	632	RdrCEF.exe	92
PID 632 wrote to memory of 3584	632	RdrCEF.exe	92
PID 632 wrote to memory of 3584	632	RdrCEF.exe	92
PID 632 wrote to memory of 3584	632	RdrCEF.exe	92
PID 632 wrote to memory of 4644	632	RdrCEF.exe	93
PID 632 wrote to memory of 4644	632	RdrCEF.exe	93
PID 632 wrote to memory of 4644	632	RdrCEF.exe	93
PID 632 wrote to memory of 4644	632	RdrCEF.exe	93
PID 632 wrote to memory of 4644	632	RdrCEF.exe	93
PID 632 wrote to memory of 4644	632	RdrCEF.exe	93
PID 632 wrote to memory of 4644	632	RdrCEF.exe	93
PID 632 wrote to memory of 4644	632	RdrCEF.exe	93
PID 632 wrote to memory of 4644	632	RdrCEF.exe	93
PID 632 wrote to memory of 4644	632	RdrCEF.exe	93
PID 632 wrote to memory of 4644	632	RdrCEF.exe	93
PID 632 wrote to memory of 4644	632	RdrCEF.exe	93
PID 632 wrote to memory of 4644	632	RdrCEF.exe	93
PID 632 wrote to memory of 4644	632	RdrCEF.exe	93

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\7BIC.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4616
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" -c
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:752
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" -c --type=collab-renderer --proc=752
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    PID:2340
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe" GetChannelUri
      4⤵
      System Location Discovery: System Language Discovery
      PID:4624
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:632
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=C2291FD9FD32C753D26ECB6BD971DA5E --mojo-platform-channel-handle=1740 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3584
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=597D166A241E86EEFADA10E0BE78E080 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=597D166A241E86EEFADA10E0BE78E080 --renderer-client-id=2 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job /prefetch:1
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4644
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=47BB94378E283515C98386E8BF1B1AFE --mojo-platform-channel-handle=2328 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5084
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=F8E9BEBC870BC311D26CB91F9DEFD213 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=F8E9BEBC870BC311D26CB91F9DEFD213 --renderer-client-id=5 --mojo-platform-channel-handle=2516 --allow-no-sandbox-job /prefetch:1
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4444
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=F4A7C6A1E9941615D65C04E1E4113FCC --mojo-platform-channel-handle=2328 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1832
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=38FF6CDE32A9E8AC0D23BBB01BC35525 --mojo-platform-channel-handle=1756 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1448

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:544

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
36KB

MD5
b30d3becc8731792523d599d949e63f5

SHA1
19350257e42d7aee17fb3bf139a9d3adb330fad4

SHA256
b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3

SHA512
523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
56KB

MD5
752a1f26b18748311b691c7d8fc20633

SHA1
c1f8e83eebc1cc1e9b88c773338eb09ff82ab862

SHA256
111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131

SHA512
a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
d27084d4bddf67fae07b5f303485ab83

SHA1
52e763b20fcc4596764f0af33d7444b1854a22d4

SHA256
c9203569628274feb32add3fc816a615040a8244f5db739faa6b6540d8745c26

SHA512
db56b1ef1ac7071781b8e3cce75ef506f56e5d654f53da6ac368820f4d94321fe445938c6aab52deda287a08b360ec6370aca0d1f07cbc80d14db8203fe3ee77

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

Filesize
92KB

MD5
aebe0d2eb7a2077a55e57a955e62406a

SHA1
3f811b8148f12220f4b45699135e6d21c9847d8a

SHA256
87aa4c64348b534771f03919b5bdca09596e89f6e0cca0a992bb3d290ec4155a

SHA512
efa1b082925a4e478fcea74764bbacb91d43da8c01c4b360a34e6f7402af23f91c93b5e91c6266120e144b5300e8dae73a62a7b6d7c4328410128f6a72a7baed

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

Filesize
92KB

MD5
4b6d82857c1cad93ea4a276e5aecaaa0

SHA1
2b2a66e3602f37c3a22fbc78eb1f5c7f1f1752dc

SHA256
e7d6ea9c591f537eea53299ba6b9e2479b7ed04c9dcd690824aa398b05fc371c

SHA512
f3e839f5bae62fbbbff472fef7de61c908c0d52417f3de656968ef25cffe2a3f95b734e96538cfbd48df515aaba8c1defd5277d5dee463ceb172880a01e163a0

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

Filesize
92KB

MD5
97470358fbb7c7c54f6241e86172a2eb

SHA1
925d23fa45b905c25a76755d3304456c35116291

SHA256
e29d655ae8d73b5197aa281095bd18029be6952391c513eedd4a1d1c39b32ebe

SHA512
6c0a58a1b46c90a5bb90b170ce64e29345bde1aa95f59c6110e2c6d65d5078cf8f0ccc916d335b30d9cce0b5800cfb70fa300a690bbc4d73d5d7d566f01ffb69

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

Filesize
92KB

MD5
245950c48f668cf2fcb3c64778e64089

SHA1
3a5a14c820f58e35a3fc6f5de29669f0840587d8

SHA256
a027cf12f2055635a3020f08e0448b2f0314791260ccd25570426088c5b0e307

SHA512
4fc8448536663b551cc716d78715f06d4ed217fbdf755924f0b30aebbb6212798a61c6638f919d5c14bdb6998d6a12f0ca37281f3c7f484c1821fbfc98d4a24d

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\resources\resource-18

Filesize
3.6MB

MD5
4761e9e5022ad59232d3ff1d6365fc28

SHA1
2fbb4de0513928aaf315dba85359cc2e475f90d3

SHA256
52089e103b099774a479dc435d5902b82c85a458522d9ea52657c3011405c58c

SHA512
3cc9497e99bf308b2f90ba2d45bb36f8b765fc184d457d06f63fcf0f4d74fc55d4a450878d1ca713fa6f9b70850e96c6b5fd3af9e84e3dde7e597f520b0d5f90

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
471B

MD5
faecfd834ece5a7fd099821afd0bf64b

SHA1
d4a1a0212724b99c02cb6816e2859ae41163169a

SHA256
944d8f4d34c7fcdbeabd742c5ace8dd12373d5d7732344d43223701baffef06f

SHA512
f8e3d483197b380de6d59dd58296cdbd6251daf6df8a4164f6b229a0c88984fe09bee7cdb8914c01acf9982ddbc82469d04cb8695b1cf68fe4ac7f44e7652355

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
400B

MD5
d12b8944f2fd41cf44103eb3aea4be2d

SHA1
9d7b452b386cf08a70d17a4bb4db2d68b3a18918

SHA256
acea9499f0d92784fdbbfdbc6dbcfbbc0e22d4b58ac2543bcbf5cc776faa7901

SHA512
82536419f026208f629942b17f30d206209f2fac4d909cb0d8321f9be101116e0cd3630f2b57c0635497a46991c7775a31aaeecb9b416410fe6eb18d4dbebbe4

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Filesize
12KB

MD5
fd3291347d2646a51aa76aab38394e84

SHA1
db369e71d0a002f3c9b0c972cc9fd224b2c08def

SHA256
c0b3c9b42f8c1fd47f7f54b0fd3c84ab28135b24b3e1fa5a8ee8516fbad24142

SHA512
36d5941c2dba84bf924ad4b1904bf925fcbbdab397456b0633275023c70c8c10f061cc4088e9b541b8c9c0f9d55fb3921aa58d114c4bc92f36c9279e91662a1f

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Filesize
12KB

MD5
564dd888181bdeb2b7c45760845aba1b

SHA1
57033464a335e0c3ec8ae8f2f00ac9b6084329c1

SHA256
00c531cdc4aa0f22ef3a8d488846d71223bc11b21e2de720b1048a5290bce52f

SHA512
091a7df4f21240b3f891530449fc9e96ee2ae7c7b00faed6d00e208fccfb097952f1f4baf857936cd379a4a5c5597727d139e82c599e0549c1af27711039b156

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata

Filesize
5.4MB

MD5
a1704864c4cf60bee94efcf0bc41820d

SHA1
397b15d6f4e34164f08ee1fb560b32bf02e57181

SHA256
7a969b1616fe584ef8c6fa03258b43e43785001bb2e2effc86848ffa2aae7d06

SHA512
bd96aa47c4d2d83af91cff0a838979729ac93913ca16132ebd5e795292daca28a298407e9fe439b365878c12ef13c64e6257caf5efbb8fe84010bd626eccc2cc

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata

Filesize
14KB

MD5
947f93fe0eed44767626846f28cfde05

SHA1
f6276d2a2b4a9d8a8e23c84019cd3961e9d60e88

SHA256
06a576fc14e995c437b26c0d150b4e84cd745e7cedfd972a84b42b51c842fc9b

SHA512
f97739eb0d22a99b06ef340aefb0d5a5b45b679d28accff3de2565166392c7d2fabaa33f945696f7d456ba2ef323f48e43eb26578f71c8b2e8ed32fb4dc69bc9

Download Submit