190bbddc5c7af9956401ad39caad61f2573da3dfcaa2dd2ed4c3923b9c12cc20

Analysis

max time kernel
149s
max time network
51s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
30-06-2024 20:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

190bbddc5c7af9956401ad39caad61f2573da3dfcaa2dd2ed4c3923b9c12cc20_NeikiAnalytics.pdf
Size

190KB
MD5

786f793524a9fb0c503bfe0eccef94c0
SHA1

925241a38e59471cc9522294261d422f411d0e95
SHA256

190bbddc5c7af9956401ad39caad61f2573da3dfcaa2dd2ed4c3923b9c12cc20
SHA512

1d339195266e4b6233a1298321e1b8069639766a2a014bab92a9a739aea0979e9e0864a82c5283e38c442661641de67d3758e395b5a8a1d145d72791a00dc5a1
SSDEEP

3072:pRhM/463x2yYss7UAldWzRvLZuFr8gtKMJvJSC/uNbePru2m8IagI/OD:e/4KPYtgvDEikB/R7PvHGD

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

AcroRd32.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs
adware spyware

Modify Registry
T1112

Processes:

AcroRd32.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION AcroRd32.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

Processes:

AcroRd32.exe

pid	process
2504	AcroRd32.exe
2504	AcroRd32.exe
2504	AcroRd32.exe
2504	AcroRd32.exe
2504	AcroRd32.exe
2504	AcroRd32.exe
2504	AcroRd32.exe
2504	AcroRd32.exe
2504	AcroRd32.exe
2504	AcroRd32.exe
2504	AcroRd32.exe
2504	AcroRd32.exe
2504	AcroRd32.exe
2504	AcroRd32.exe
2504	AcroRd32.exe
2504	AcroRd32.exe
2504	AcroRd32.exe
2504	AcroRd32.exe
2504	AcroRd32.exe
2504	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

AcroRd32.exe

pid process

2504 AcroRd32.exe
Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

AcroRd32.exe

pid process

2504 AcroRd32.exe
2504 AcroRd32.exe
2504 AcroRd32.exe
2504 AcroRd32.exe
2504 AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

AcroRd32.exeAdobeCollabSync.exeRdrCEF.exe

description	pid	process	target process
PID 2504 wrote to memory of 3760	2504	AcroRd32.exe	AdobeCollabSync.exe
PID 2504 wrote to memory of 3760	2504	AcroRd32.exe	AdobeCollabSync.exe
PID 2504 wrote to memory of 3760	2504	AcroRd32.exe	AdobeCollabSync.exe
PID 3760 wrote to memory of 4488	3760	AdobeCollabSync.exe	AdobeCollabSync.exe
PID 3760 wrote to memory of 4488	3760	AdobeCollabSync.exe	AdobeCollabSync.exe
PID 3760 wrote to memory of 4488	3760	AdobeCollabSync.exe	AdobeCollabSync.exe
PID 2504 wrote to memory of 3800	2504	AcroRd32.exe	RdrCEF.exe
PID 2504 wrote to memory of 3800	2504	AcroRd32.exe	RdrCEF.exe
PID 2504 wrote to memory of 3800	2504	AcroRd32.exe	RdrCEF.exe
PID 3800 wrote to memory of 1652	3800	RdrCEF.exe	RdrCEF.exe
PID 3800 wrote to memory of 1652	3800	RdrCEF.exe	RdrCEF.exe
PID 3800 wrote to memory of 1652	3800	RdrCEF.exe	RdrCEF.exe
PID 3800 wrote to memory of 1652	3800	RdrCEF.exe	RdrCEF.exe
PID 3800 wrote to memory of 1652	3800	RdrCEF.exe	RdrCEF.exe
PID 3800 wrote to memory of 1652	3800	RdrCEF.exe	RdrCEF.exe
PID 3800 wrote to memory of 1652	3800	RdrCEF.exe	RdrCEF.exe
PID 3800 wrote to memory of 1652	3800	RdrCEF.exe	RdrCEF.exe
PID 3800 wrote to memory of 1652	3800	RdrCEF.exe	RdrCEF.exe
PID 3800 wrote to memory of 1652	3800	RdrCEF.exe	RdrCEF.exe
PID 3800 wrote to memory of 1652	3800	RdrCEF.exe	RdrCEF.exe
PID 3800 wrote to memory of 1652	3800	RdrCEF.exe	RdrCEF.exe
PID 3800 wrote to memory of 1652	3800	RdrCEF.exe	RdrCEF.exe
PID 3800 wrote to memory of 1652	3800	RdrCEF.exe	RdrCEF.exe
PID 3800 wrote to memory of 1652	3800	RdrCEF.exe	RdrCEF.exe
PID 3800 wrote to memory of 1652	3800	RdrCEF.exe	RdrCEF.exe
PID 3800 wrote to memory of 1652	3800	RdrCEF.exe	RdrCEF.exe
PID 3800 wrote to memory of 1652	3800	RdrCEF.exe	RdrCEF.exe
PID 3800 wrote to memory of 1652	3800	RdrCEF.exe	RdrCEF.exe
PID 3800 wrote to memory of 1652	3800	RdrCEF.exe	RdrCEF.exe
PID 3800 wrote to memory of 1652	3800	RdrCEF.exe	RdrCEF.exe
PID 3800 wrote to memory of 1652	3800	RdrCEF.exe	RdrCEF.exe
PID 3800 wrote to memory of 1652	3800	RdrCEF.exe	RdrCEF.exe
PID 3800 wrote to memory of 1652	3800	RdrCEF.exe	RdrCEF.exe
PID 3800 wrote to memory of 1652	3800	RdrCEF.exe	RdrCEF.exe
PID 3800 wrote to memory of 1652	3800	RdrCEF.exe	RdrCEF.exe
PID 3800 wrote to memory of 1652	3800	RdrCEF.exe	RdrCEF.exe
PID 3800 wrote to memory of 1652	3800	RdrCEF.exe	RdrCEF.exe
PID 3800 wrote to memory of 1652	3800	RdrCEF.exe	RdrCEF.exe
PID 3800 wrote to memory of 1652	3800	RdrCEF.exe	RdrCEF.exe
PID 3800 wrote to memory of 1652	3800	RdrCEF.exe	RdrCEF.exe
PID 3800 wrote to memory of 1652	3800	RdrCEF.exe	RdrCEF.exe
PID 3800 wrote to memory of 1652	3800	RdrCEF.exe	RdrCEF.exe
PID 3800 wrote to memory of 1652	3800	RdrCEF.exe	RdrCEF.exe
PID 3800 wrote to memory of 1652	3800	RdrCEF.exe	RdrCEF.exe
PID 3800 wrote to memory of 1652	3800	RdrCEF.exe	RdrCEF.exe
PID 3800 wrote to memory of 1652	3800	RdrCEF.exe	RdrCEF.exe
PID 3800 wrote to memory of 1652	3800	RdrCEF.exe	RdrCEF.exe
PID 3800 wrote to memory of 1652	3800	RdrCEF.exe	RdrCEF.exe
PID 3800 wrote to memory of 1652	3800	RdrCEF.exe	RdrCEF.exe
PID 3800 wrote to memory of 1652	3800	RdrCEF.exe	RdrCEF.exe
PID 3800 wrote to memory of 1652	3800	RdrCEF.exe	RdrCEF.exe
PID 3800 wrote to memory of 1652	3800	RdrCEF.exe	RdrCEF.exe
PID 3800 wrote to memory of 1748	3800	RdrCEF.exe	RdrCEF.exe
PID 3800 wrote to memory of 1748	3800	RdrCEF.exe	RdrCEF.exe
PID 3800 wrote to memory of 1748	3800	RdrCEF.exe	RdrCEF.exe
PID 3800 wrote to memory of 1748	3800	RdrCEF.exe	RdrCEF.exe
PID 3800 wrote to memory of 1748	3800	RdrCEF.exe	RdrCEF.exe
PID 3800 wrote to memory of 1748	3800	RdrCEF.exe	RdrCEF.exe
PID 3800 wrote to memory of 1748	3800	RdrCEF.exe	RdrCEF.exe
PID 3800 wrote to memory of 1748	3800	RdrCEF.exe	RdrCEF.exe
PID 3800 wrote to memory of 1748	3800	RdrCEF.exe	RdrCEF.exe
PID 3800 wrote to memory of 1748	3800	RdrCEF.exe	RdrCEF.exe
PID 3800 wrote to memory of 1748	3800	RdrCEF.exe	RdrCEF.exe
PID 3800 wrote to memory of 1748	3800	RdrCEF.exe	RdrCEF.exe

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\190bbddc5c7af9956401ad39caad61f2573da3dfcaa2dd2ed4c3923b9c12cc20_NeikiAnalytics.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2504

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" -c
2⤵
- Suspicious use of WriteProcessMemory
PID:3760

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" -c --type=collab-renderer --proc=3760
3⤵
PID:4488

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe" GetChannelUri
4⤵
PID:1124

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
2⤵
- Suspicious use of WriteProcessMemory
PID:3800

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=9D73F2AB90EB74AC905BE5B7B80E5A70 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=9D73F2AB90EB74AC905BE5B7B80E5A70 --renderer-client-id=2 --mojo-platform-channel-handle=1724 --allow-no-sandbox-job /prefetch:1
3⤵
PID:1652

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=7CE678DBDF01F6EB0F65AD2A60EDC889 --mojo-platform-channel-handle=1776 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:1748

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=62B62C6DE69A00C6A382469EB59BD77E --mojo-platform-channel-handle=2316 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:4444

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=3B93EB9F5BA712BB91270B5A86D84F11 --mojo-platform-channel-handle=2096 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:1404

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=C5D104EFB3D96F13A971B35EC8DD1278 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=C5D104EFB3D96F13A971B35EC8DD1278 --renderer-client-id=6 --mojo-platform-channel-handle=1712 --allow-no-sandbox-job /prefetch:1
3⤵
PID:1180

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=502BB7C29981B727BA5980E6D6DF1D38 --mojo-platform-channel-handle=2684 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:1536

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1136

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
Filesize
56KB

MD5
c26ed30e7d5ab440480838636efc41db

SHA1
c66e0d00b56abebfb60d2fcc5cf85ad31a0d6591

SHA256
6a3c5c4a8e57f77ecc22078fbf603ecc31fb82d429bd87b7b4b9261447092aef

SHA512
96cdb78bca3e01d4513c31661987e5646e6a8ff24708918aa0d66dfa3ca5d98af4862c9f38c4f41f933c345d2d3adfb1d34d1430b33f45f916f41a9872a030df

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
Filesize
56KB

MD5
752a1f26b18748311b691c7d8fc20633

SHA1
c1f8e83eebc1cc1e9b88c773338eb09ff82ab862

SHA256
111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131

SHA512
a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer
Filesize
92KB

MD5
245950c48f668cf2fcb3c64778e64089

SHA1
3a5a14c820f58e35a3fc6f5de29669f0840587d8

SHA256
a027cf12f2055635a3020f08e0448b2f0314791260ccd25570426088c5b0e307

SHA512
4fc8448536663b551cc716d78715f06d4ed217fbdf755924f0b30aebbb6212798a61c6638f919d5c14bdb6998d6a12f0ca37281f3c7f484c1821fbfc98d4a24d

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer
Filesize
92KB

MD5
05d7a16735d48684ab841e063328a0ff

SHA1
c97b98d02f895b1b25b54d10f67ba7aff3498de1

SHA256
a1e967cfbc954caed5b1a9f99172522b13fd1d1ac28344cd1044fc6fbf789700

SHA512
47bf42ba4f591332e9af1ea6e1ae26557f9a8c72200d0e14b7a943e00e9cc1c0850030ae80641729f6ec47ea0e89d3698c3004add0d71c75ef5da545d2139787

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer
Filesize
92KB

MD5
71c4e03f23c1ed5cea19d07190307f65

SHA1
665613efd607894a0dd59945019154c3f8a6bb14

SHA256
0de67b49c4d04fd9d5c9f58e9260b92e4d5e764c7f6becaec07e25ee0f161178

SHA512
a8f6ce8f0235c85ada6d39868669ba41b9d557cd60a17b611dbda382782aad2afec7f8712918f1986e5e980c119e4bec4eb27a87dd44cf638ca10a0e1e3917df

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer
Filesize
92KB

MD5
7dc84179683622a3bfb186fc4fdfba85

SHA1
dd2f770a2b202971b263e19a8e1e96f16ac9d564

SHA256
4633462f47d135a42278c0d868dacc7d0e3e6d545bbd1012262f6c21e1e636db

SHA512
972ca1f7754e9af5506e91884db5606ee0d789541512ecde41afdd663f9498ee79f8e65858a5b15918edb8dcdba83ca57e5f34ca64384a6d5c6b802ba10319c1

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer
Filesize
92KB

MD5
ad3235c058424c06ebdd5f062a5b4907

SHA1
e8a90526cdd35ebd64daf7b4ec784248d6f56d6a

SHA256
cc0cf054ea8f4eb6ab8178ab5b15a71adf941e1695f5ea2debc19895444a09c7

SHA512
8d3f41df15fae1b5d41ad9908c0b1d0e7b01cdcd76a031d263ed5f213faca635b3b5aa3d0109f769959d7f692ddf725206578889a8faec0f86356b988760c2d6

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer
Filesize
92KB

MD5
0563c105eaa44c4aec7d41fa89f8e344

SHA1
f8696fb7737b216a39da929beeb7019863f0c6c6

SHA256
af9ab9a3b2f9dbea7a80884bc00588a38909f76cf9488b9f82443f345d421c7e

SHA512
58c0eede4b8a1b73fcee8d1121c05dad4eaf4d6c9959425e34d6f005fbf79d3773048d6f1e0c67fb31e01ebce18f2bf73d146bced48ed3f53f722006e567df3a

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer
Filesize
92KB

MD5
aebe0d2eb7a2077a55e57a955e62406a

SHA1
3f811b8148f12220f4b45699135e6d21c9847d8a

SHA256
87aa4c64348b534771f03919b5bdca09596e89f6e0cca0a992bb3d290ec4155a

SHA512
efa1b082925a4e478fcea74764bbacb91d43da8c01c4b360a34e6f7402af23f91c93b5e91c6266120e144b5300e8dae73a62a7b6d7c4328410128f6a72a7baed

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer
Filesize
92KB

MD5
71023b2123772faa60fea08a4108e5a2

SHA1
c589c6d9169376f7d52b1a022bab4fe5e2dfb412

SHA256
2f4ac163265ff655e24fdf4b1c0faf06e1642ec87658e7608b2f0fc98eb39749

SHA512
0dbf5c0f4a31e8c787025219fbaedecf7cdc7c216d0525e80606088814ed460f44c35ffa12e46667360289fe7a5f524085da9bb1fec0bdddbea1b77a32e3257d

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents
Filesize
12KB

MD5
7e9597db1e7b4f3d5beff05d6a8316c2

SHA1
8fb306fe065f9ced09167ead66c027c782989b06

SHA256
a537e760e32daa6ecdc9c8ad35a8b14d1a61d44aa2a667589f72eb841b547849

SHA512
89eec1dd63bf406331a680e31f684d53af63ec2bd7b90501b5ec1154e845bcbcc3346abe88ccd1999e0b5df1e7743013defd85d136291ec629c596135197376d

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents
Filesize
12KB

MD5
edab5a2ef16d978745bd724b8405853e

SHA1
24c947997a18eab3b5a993153912471149d5a8a1

SHA256
6b4e27bf2aea42aad5f06da635f33c712e707f9440da0129b6505e35326025bf

SHA512
1e28937783a4ed6b02841c944f22ae99488247d15d3496bce84ea4506d7fd08adbbc555447cbe9fd0151261aa634774a8076488d699c61ed839753c767027cb5

Download Submit