Windows Analysis Report
End of Year Accounting for The Estate of Janet Delesanti-2.pdf

ID:	1580454
Product:	CloudBasic
Start time:	16:07:51
Start date:	24.12.2024
Sample:	End of Year Accounting for The Estate of Janet Delesanti-2.pdf
Cookbook:	defaultwindowspdfcookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	c37012ba15a5dd1c1ae109d07c4e6417
SHA1:	752014043e65f3bc49704cdae2a9e26a0a6fa82a
SHA256:	7a4fc14999cc545e5fc14502b74ee87e3d50b33c531eef64c6c531952f6f8394
Filetype:	Adobe Portable Document Format (5005/1) 100.00%

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG	ASCII text	DAFCD85CB76CBB4E9C307BC2D4A02429	ED6E932293C3C5E77FE98A969B3723FF2240071A	0B5DF09BAA1D6ECDB6AD4A78D400075A2963AC713C7E6490EBC0591BB1668F3A
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)	ASCII text	DAFCD85CB76CBB4E9C307BC2D4A02429	ED6E932293C3C5E77FE98A969B3723FF2240071A	0B5DF09BAA1D6ECDB6AD4A78D400075A2963AC713C7E6490EBC0591BB1668F3A
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG	ASCII text	7E2939CD87B14FA650FB277592D42DEF	4F4350655CC968538C1EF289C78B62FB4D83CE7D	91E9BDB22328B44063D223AEB5C02D810B399D7964A0462F20DC396D522A4CC8
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)	ASCII text	7E2939CD87B14FA650FB277592D42DEF	4F4350655CC968538C1EF289C78B62FB4D83CE7D	91E9BDB22328B44063D223AEB5C02D810B399D7964A0462F20DC396D522A4CC8
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)	JSON data	B7761633048D74E3C02F61AD04E00147	72A2D446DF757BAEA2C7A58C050925976E4C9372	1A468796D744FCA806D1F828C07E0064AB6A1FA0E31DA3A403F12B9B89868B67
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF6b4127.TMP (copy)	JSON data	B7761633048D74E3C02F61AD04E00147	72A2D446DF757BAEA2C7A58C050925976E4C9372	1A468796D744FCA806D1F828C07E0064AB6A1FA0E31DA3A403F12B9B89868B67
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\a1dbb0a3-3c1f-4f51-b02f-517ea9075ddc.tmp	JSON data	B7761633048D74E3C02F61AD04E00147	72A2D446DF757BAEA2C7A58C050925976E4C9372	1A468796D744FCA806D1F828C07E0064AB6A1FA0E31DA3A403F12B9B89868B67
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\a492d5f3-9319-408c-9a52-3f2f2fb2ea2c.tmp	JSON data	30910931572FC31B8DF65B60394547CB	E21DDD1F154FB46B6E287F7D94CB6E6945759235	64C55CFD18B897728FF9BBD6DBFF05FE207E8D70066C4951EA9B06A0FE4D19CC
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log	data	BE17FC2E099FF0305D74C0E36F0A1CB8	E526DC1417BD279FDD9D70D157225FA349E761A3	543B0863BB6EF6D8C7B01E0C033DE2F936D2BCEB6F00EEDB734AE3630FB302F3
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG	ASCII text	4F297275D690EB1ACEF820DEFB0525CE	C8591786C1EEF7DBBFD0FB73EAF14804004770B2	84143225F971719FBB8283A18295CFC69B627F2A380B825B0A5135CEABC4B9A6
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)	ASCII text	4F297275D690EB1ACEF820DEFB0525CE	C8591786C1EEF7DBBFD0FB73EAF14804004770B2	84143225F971719FBB8283A18295CFC69B627F2A380B825B0A5135CEABC4B9A6
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\Eureka\AcroCoreSync\Adobe\CoreSync\EntitySync\80307f885d209ff3421f3adf000d6b1e.db	SQLite 3.x database, last written using SQLite version 3040000, writer version 2, read version 2, file counter 1, database pages 1, cookie 0, schema 0, unknown 0 encoding, version-valid-for 1	863BB379B267B2404CB64A3BC9B4A650	139EDCE2C64569B81175543D1DE743EF474F4432	F7C1BC02F430EBD015E45159D9FD9E18643C4CDCCBB7E7733A248C8393CAA88C
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\Eureka\AcroCoreSync\Adobe\CoreSync\EntitySync\80307f885d209ff3421f3adf000d6b1e.db-journal	SQLite Rollback Journal	3D4A30F0A881956A6F94F2A37AE74B66	C1F6B49CD4157826A013857F1B14DF34453735FE	FE8AF06BB14D0125F0C231FAF04BCF21FA90F20F2C937A31258197F07A227B90
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\Eureka\AcroCoreSync\Adobe\CoreSync\EntitySync\80307f885d209ff3421f3adf000d6b1e.db-shm	data	76F31C527C5E9A16BE2727E63E433A8B	A10605A9908BAE3346389191B1F0FBCDB252A47C	A8299F1B834F1C6F4FEAB8F341B2AAC4D0BC226CF8BFD524736C3DCA4AA42AAA
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\Eureka\AcroCoreSync\Adobe\CoreSync\EntitySync\80307f885d209ff3421f3adf000d6b1e.db-wal	SQLite Write-Ahead Log, version 3007000	B5418C2AA503648BBF315BEDD3F78195	57A813DCEFF6BCB90F486831ED50142C1A0B1550	E79B710F42E143970EB8B52AFE967C96118179D57B0EBCDC2F5BE3DF7918EF34
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\Eureka\AcroCoreSync\CreativeCloud\CoreSync\EntitySync-2024-12-24.log	ASCII text, with CRLF line terminators	9247F9EA28C5ACE6828F87F573C4B5C6	B4BAC8ECBD6F937C2033DB62C0641699DF6DDF43	ED8B8DC559EB4ACC6CA5B9A7FA3F48D1362D86D09D563883DD22C00A7043711E
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\RFL\LocalMapping\RFLDB230	SQLite 3.x database, last written using SQLite version 3040000, file counter 1, database pages 8, cookie 0x3, schema 4, UTF-8, version-valid-for 1	F391306DD8BAA3198B26D3C80A906E19	6CD1B24D186F1CC68BF9097177DA5676C4A56422	62604481C477AF3F8813122011B9CEC6DDEE9A3992F3FAFE236E3E92FC62E680
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\RFL\LocalMapping\RFLDB230-journal	SQLite Rollback Journal	13D034AD958B81773C4F6A7CF0976A79	98BBD99B85A11E936047F8674B732CBFBEC8883E	011BC1454585C730676E2E77D31325D19A4C5B143C681C4E31463F33B58805CB
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241224150903Z-555.bmp	PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54	9C04696C6A6B44949F27D94D383A0E93	93C767BAE59E2F194403BEE55ECAF3169F0B2113	D17EAB518EB992E1146EC161E9BE1A9CEC7591B335DB9DB09C38CB4391E0B172
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages	SQLite 3.x database, last written using SQLite version 3040000, file counter 15, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 15	4E82216489395997F6AE0865CFFA56A7	2906FA84105B4812E261CD629E0CB7C128FB950F	91E28A456CA81D31550CE6FF12997FD41C7B78D7F90E70EC366CC99E80A6287F
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal	SQLite Rollback Journal	BECCA20878BDD7769732924B5F25E760	1ACA09C23EB396594D2384807F96C5BD6DC297D5	DE1B5247EB7015869C57C7EEF14E26AD97DE6BC00F884454C80EC75994481669
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer	SQLite 3.x database, last written using SQLite version 3040000, file counter 1, database pages 23, cookie 0x11, schema 4, UTF-8, version-valid-for 1	DCD066A1C8CA38D94ACA4E5DF6CA20BF	0C670E7CB31FE1CFD952082C3629AD8861BFD799	E484D26709945669E18A3D0A7F95E3EA943D4170736EDD8FEDFE3F69A7B8D25E
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer-journal	SQLite Rollback Journal	3A72593B5A966199067CAEABADB43857	62B42F82FC43F2F9EEAF7FD65C067412235C1563	AAAB73FA76CEA62FBD9EB07AF7AD905ABF36E9486992D247ED7A69A31A8FEAC2
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D	Certificate, Version=3	0CD2F9E0DA1773E9ED864DA5E370E74E	CABD2A79A1076A31F21D253635CB039D4329A5E8	96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D	data	9A03CEF2EFE6026127D83825057C5170	994AD0F58DCC48381F4DD8B551C4366F17462C14	5AB41BCEA86B91BA19DC2AB6D509E69839B44C58DFE7DAB2D00E525533FF1E47
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt23.lst (copy)	PostScript document text	8BA9D8BEBA42C23A5DB405994B54903F	FC1B1646EC8A7015F492AA17ADF9712B54858361	862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.5744	PostScript document text	8BA9D8BEBA42C23A5DB405994B54903F	FC1B1646EC8A7015F492AA17ADF9712B54858361	862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)	PostScript document text	8BA9D8BEBA42C23A5DB405994B54903F	FC1B1646EC8A7015F492AA17ADF9712B54858361	862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt23.lst (copy)	PostScript document text	B60EE534029885BD6DECA42D1263BDC0	4E801BA6CA503BDAE7E54B7DB65BE641F7C23375	B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AdobeFnt23.lst.5744	PostScript document text	B60EE534029885BD6DECA42D1263BDC0	4E801BA6CA503BDAE7E54B7DB65BE641F7C23375	B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID	JSON data	304521DEFB65E54DF9ADAF63386DF897	13142D19D9A3B44B200B12B68CC22F1BD3D6D758	19A3E7B0ECE3D5A9ECBB62895C53CF4F7268610635E3681A6DF4BD2B6FA03197
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface	JSON data	432773997EC3227726FBEC05FAF4F5B4	0D473AE486AF19D34BFEEF660610489CF1338BE9	048B9056410624DE4738BDEA7331778ADFEB1803EE922C642161FBEEDD79C804
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface	JSON data	BD6D3229B50E7B2A146CB687B4D099EB	7D84BEDFFFAE611D0B013340C4C4F654DDAA6451	1203D47BACE073F66E8FBB85F3B29009E5CB00415FD5401D315C944DCA31D9AF
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD	JSON data	1309A02692E49A7637DE7D38639D7B04	9DE39BBE6753C4A91BEAD7F2F3C452F9A5BA63FF	3AD69E6B6AD3D759CA55DBE9DE62F23CBF8987192784ABD1B5E3DC72F37E9CD7
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner	JSON data	7D1133E5031F70BCBB869D1BFB705C72	4CFF4E7C5930B21957140320631C904894B238DE	46F64B6B98940A709CE5C95B6C1382F9F2D37C424883C742E5B5B32DC95F660C
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner	JSON data	D1F60DA1BCD9D565168CA7FD49181494	AFB1DD7E30BDC1534DAC61EE0117B5FAAF2445C1	1996026EDCA171BA10FBC7F7A688CED8AC2692AA6F72D615937A1F5E4FE22503
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention	JSON data	C3ADE936FB1A340139E1B3AF9F0F96EE	A4E26EF0124D1D48F1D439B459ED5FBD3F694381	87E8AF5C0FD385A7A1445F06E6F5B9C9372D3806994CAC42041EF7F233598D6C
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner	JSON data	506C6088BF99E780A66F2BA9FE790AE4	BE73AEAB879A80D81CC1751516A393AC106D94F6	CDE657C047CFF885EE425B4CDD8CD254C3DE5381EA997A710328E3924C3D8AC3
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner	JSON data	A13B5FF22CC5A876ED2C18F66C29E7C7	8B807B21E5D9B008A699F34842DEB5EFECC33823	C0D2771BFE37FA664C90140CFBD64EB34CA24744D220F3B608A75AFC23ADC094
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner	JSON data	52C1C5B6CE9D560A4F32F0D0DF6A7E25	8DD8C437F2320A1E5C4D87B98768CCEB62CC77A8	A7F76DCFC461D06B827D62F6AD35CB7339E7ED2301A7CBD2EDEF4E7E9FB0BF0E
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner	JSON data	01CD0FED3F2ACA2E15AD9C17FD1EEE45	8BF8D3E80EB5BD898590B48DBB71B6B6D9D0C9E5	AC9363E2A6653EAC0EE4AB12BC032D096B5506580CAC4C3D242A13439202B85C
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner	JSON data	AD95CD383771ADDD5C0E425A030D6611	8A37CC254E8563E59E2C28E86BB99A52AFDC5B8A	DEA25368DF926F2748456AE7BA151084E39127E6B35315F5F11847638DE4BDAE
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention	JSON data	E9EDB2B287EB4A58064A385A35EAF14C	CA5DA69C6AAD386B12D79DD90C2CB70DC3B93583	8FBD6D72C4FC1D2E7AC50C5FF84EF6536D0B2D49047ED22D01F6E3C34A834B83
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner	JSON data	31BFB0B509FC854CDD7D9CAE56883B68	D2353550A4AEEA5C5AF67F3EDAC857749A831567	F7E01692402123705F6FE2A1B5B18F39A83BB167D42D2C889F83F220AD47F7B7
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards	JSON data	BD489E33DEEE2709BBB32FC2F72E69CC	71FF739190CFFF3443BECE91E1487CA1CE57D058	CF738A8486A40639086BBCF1EB9A9F7931B6EF0DE089D1CDF587959950EE0F4A
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020	JSON data	C8F8142641298C2CF08A47CDCC41EA17	373AD612B05C610A75A4D28FCDEA26EF4816FC77	ECAF618059324E2ABCEF864514F2F495F92A994F82947F6632AC413127F38B54
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING	data	DC84B0D741E5BEAE8070013ADDCC8C28	802F4A6A20CBF157AAF6C4E07E4301578D5936A2	81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json	JSON data	CE34D4AFFB65EB9AEF5F577BDA8BD078	3D851029054550100785CF36D0751099E143196D	10B58C11361E945ACD0DD2A5D2473247F17CCE9057A0E3341476D002633B41F9
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents	SQLite 3.x database, last written using SQLite version 3040000, file counter 29, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 29	E92BA233CA5CB9C70D62B2C2D780E963	928162A3C413403328A613D0EE88DBE86DE04A53	92AC55E6A1B217C221C7DA0E32F0E06FC0B432CD9D102B1232741E0EFC1EC1A1
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal	SQLite Rollback Journal	F1D2AF870813C6801D3B862D51D573B2	913B89C81A9AEC5FFE12A93ED5A636F1FA3EE249	12706CA85DE1179805B9EADBDC9F6EE0061606A235063859E8E3C255C3F0FEE4
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache64.bin	data	A8544451BBDC80416AB1FC9DA67392C3	F4CD1C0CBCF0BF825BD08576033CEDF47C99BAF0	B45258C1B396B247264836345F29EFCA94BA93E7A9C4433245A9672CBFB9A410
C:\Users\user\AppData\Local\Temp\MSIabe99.LOG	Unicode text, UTF-16, little-endian text, with CRLF line terminators	BAD9250AF9FC8784035D17072AE13FD8	020C0D610F4375BEB740DF978F4444824F314284	EE146E06F28A6B4DFBA3945718878DFBFFFD4FF59F05703305B8124E90B1EFDB
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-12-24 10-09-00-538.log	ASCII text, with very long lines (393)	8947C10F5AB6CFFFAE64BCA79B5A0BE3	70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778	4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log	ASCII text, with very long lines (393), with CRLF line terminators	B0ACB553841B9C5788BD5F4874E66955	2FD682446F38EF5D15DE6B2AEABF62ECE7D4ACC7	1D8CD267F3846304BB883DCE43C8114D23E40E4A52878B167E29867CC4C42016
C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt	ASCII text, with CRLF line terminators	ACE26341E3CAB4FC883A0B7666F688AC	A5D23070A20CF54BA488AD398767050CB85FA702	A4FE29CFEFE41412524B224BA4F534DDBDE8A6A384DF86C104931C9323C5E81D
C:\Users\user\AppData\Local\Temp\acrocef_low\40a3e4bb-0299-4d18-a1ca-dda1d161d51c.tmp	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538	3A49135134665364308390AC398006F1	28EF4CE5690BF8A9E048AF7D30688120DAC6F126	D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
C:\Users\user\AppData\Local\Temp\acrocef_low\c989032e-e035-4212-8d55-689592bdd81e.tmp	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142	EC8D4FAB55F24C0E344D263724846C4A	5444D90F86D68A23AF7FB5434DEAE740D57D0312	E489C11D38BFF8F1F51351BAEBEE9F723A5C036DA0B0CB9C82306251017054EE
C:\Users\user\AppData\Local\Temp\acrocef_low\e7fa39ca-df79-4df8-8d51-50dea4d63ed8.tmp	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022	5C48B0AD2FEF800949466AE872E1F1E2	337D617AE142815EDDACB48484628C1F16692A2F	F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
C:\Users\user\AppData\Local\Temp\acrocef_low\eec36a48-6e70-4061-8678-51a61da4cb5d.tmp	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081	8B9FA2EC5118087D19CFDB20DA7C4C26	E32D6A1829B18717EF1455B73E88D36E0410EF93	4782624EA3A4B3C6EB782689208148B636365AA8E5DAF00814FA9AB722259CBD
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobSettings	ASCII text	DD4A3BD8B9FF61628346391EA9987E1D	474076C122CACAAF112469FC62976BB69187AA2B	7C22C759CA704106556BBC4FC10B7F53404CA1F8B40F01038D3F7C4B8183F486

Software Vulnerabilities

Source: global traffic	DNS query: name: x1.i.lencr.org
Source: global traffic	DNS query: name: x1.i.lencr.org

Networking

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

DNS traffic detected: DNS query: x1.i.lencr.org

Source: 2D85F72862B55C4EADD9E66E06947F3D0.13.dr	String found in binary or memory: http://x1.i.lencr.org/
Source: FullTrustNotifier.exe, 00000011.00000002.1839809985.000000000070E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppt
Source: FullTrustNotifier.exe, 00000011.00000002.1839809985.000000000070E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://android.notify.windows.com/iOS
Source: FullTrustNotifier.exe, 00000011.00000002.1839809985.000000000070E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://android.notify.windows.com/iOSh
Source: AdobeCollabSync.exe, 00000002.00000003.2384351002.000001FA64E21000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2406758876.000001FA64E21000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2364072344.000001FA64E21000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://comments.adobe.
Source: AdobeCollabSync.exe, 00000002.00000003.2425120581.000001FA64E1E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://comments.adobe.i6g
Source: AdobeCollabSync.exe, 00000002.00000002.2984436746.000001FA62E9E000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2548719898.000001FA62E9E000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2659686406.000001FA62E9E000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2638977118.000001FA62E9E000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2468253149.000001FA62E9E000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2488188232.000001FA62E9E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://comments.adobe.io
Source: AdobeCollabSync.exe, 00000002.00000003.2384351002.000001FA64E21000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2406758876.000001FA64E21000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2364072344.000001FA64E21000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://comments.adobe.io/schemas
Source: AdobeCollabSync.exe, 00000002.00000002.2985082654.000001FA64B70000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://comments.adobe.io/schemas/bulk_entity_v1.json
Source: AdobeCollabSync.exe, 00000002.00000003.2384351002.000001FA64E21000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2425120581.000001FA64E21000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2406758876.000001FA64E21000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2364072344.000001FA64E21000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://comments.adobe.io/schemas/entit
Source: AdobeCollabSync.exe, 00000002.00000003.2844732001.000001FA64E26000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://comments.adobe.io/schemas/entity_v1.json
Source: AdobeCollabSync.exe, 00000002.00000002.2985082654.000001FA64BAD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://comments.adobe.io/schemasJ
Source: AdobeCollabSync.exe, 00000002.00000003.2844732001.000001FA64E26000.00000004.00000020.00020000.00000000.sdmp, EntitySync-2024-12-24.log.2.dr	String found in binary or memory: https://comments.adobe.io/sync/
Source: AdobeCollabSync.exe, 00000002.00000002.2985082654.000001FA64B70000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://comments.adobe.io/sync/-
Source: AdobeCollabSync.exe, 00000002.00000003.2425120581.000001FA64E1E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://comments.adobe.io/sync/0g
Source: AdobeCollabSync.exe, 00000002.00000002.2985082654.000001FA64B70000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://comments.adobe.io/sync/409:
Source: AdobeCollabSync.exe, 00000002.00000002.2985082654.000001FA64B70000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://comments.adobe.io/sync/424:
Source: AdobeCollabSync.exe, 00000002.00000002.2985082654.000001FA64B70000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://comments.adobe.io/sync/:
Source: AdobeCollabSync.exe, 00000002.00000002.2985082654.000001FA64B70000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://comments.adobe.io/sync/D
Source: AdobeCollabSync.exe, 00000002.00000003.2888896569.000001FA64E21000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://comments.adobe.io/sync/I
Source: AdobeCollabSync.exe, 00000002.00000003.2743286864.000001FA64E21000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2949929125.000001FA64E21000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2814364832.000001FA64E21000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2732982031.000001FA64E21000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2384351002.000001FA64E21000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2844751837.000001FA64E21000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2763829396.000001FA64E21000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2332149796.000001FA64E21000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2488134486.000001FA64E21000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2342363280.000001FA64E21000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2425120581.000001FA64E21000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2498768510.000001FA64E21000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2680032184.000001FA64E21000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2312161200.000001FA64E21000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2659643421.000001FA64E21000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2939674743.000001FA64E21000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2322174010.000001FA64E21000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2824571433.000001FA64E21000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2618343066.000001FA64E21000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000002.2985777670.000001FA64E21000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2406758876.000001FA64E21000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://comments.adobe.io/sync/J
Source: AdobeCollabSync.exe, 00000002.00000003.2425120581.000001FA64E1E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://comments.adobe.io/sync/Mg
Source: AdobeCollabSync.exe, 00000002.00000003.2425120581.000001FA64E1E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://comments.adobe.io/sync/Xg
Source: AdobeCollabSync.exe, 00000002.00000002.2985082654.000001FA64B70000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://comments.adobe.io/sync/l
Source: AdobeCollabSync.exe, 00000002.00000002.2985082654.000001FA64B70000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://comments.adobe.io/sync/r
Source: AdobeCollabSync.exe, 00000002.00000003.2548719898.000001FA62EF1000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2468253149.000001FA62EF1000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2638977118.000001FA62EF1000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2659686406.000001FA62EF1000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2488188232.000001FA62EF1000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000002.2984436746.000001FA62EF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://comments.adobe.io/sync/resp
Source: AdobeCollabSync.exe, 00000002.00000003.2425120581.000001FA64E1E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://comments.adobe.io/sync/rg
Source: AdobeCollabSync.exe, 00000002.00000002.2985082654.000001FA64B70000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://comments.adobe.io/sync/y
Source: AdobeCollabSync.exe, 00000002.00000002.2985082654.000001FA64B70000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://comments.adobe.io/sync/~
Source: AdobeCollabSync.exe, 00000002.00000003.2425120581.000001FA64E1E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://comments.adobe.io/sync/~g
Source: AdobeCollabSync.exe, 00000002.00000002.2984436746.000001FA62E9E000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2548719898.000001FA62E9E000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2659686406.000001FA62E9E000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2638977118.000001FA62E9E000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2468253149.000001FA62E9E000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2488188232.000001FA62E9E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://comments.adobe.io54f9b82af8
Source: AdobeCollabSync.exe, 00000002.00000002.2984436746.000001FA62E9E000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2548719898.000001FA62E9E000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2659686406.000001FA62E9E000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2638977118.000001FA62E9E000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2468253149.000001FA62E9E000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2488188232.000001FA62E9E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://comments.adobe.ioL0
Source: AdobeCollabSync.exe, 00000002.00000002.2984436746.000001FA62E9E000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2548719898.000001FA62E9E000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2659686406.000001FA62E9E000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2638977118.000001FA62E9E000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2468253149.000001FA62E9E000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2488188232.000001FA62E9E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://comments.adobe.ioureka
Source: AdobeCollabSync.exe, 00000002.00000003.2384351002.000001FA64E21000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2406758876.000001FA64E21000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2364072344.000001FA64E21000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://comments.adobe.r
Source: AdobeCollabSync.exe, 00000002.00000003.2384351002.000001FA64E21000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2364072344.000001FA64E21000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://comments.hZ
Source: AdobeCollabSync.exe, 00000001.00000002.2983671169.00000146ED49F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com
Source: AdobeCollabSync.exe, 00000002.00000002.2985082654.000001FA64B70000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://reviews.adobe.io
Source: AdobeCollabSync.exe, 00000002.00000002.2985082654.000001FA64B70000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://reviews.adobe.io100928.409:
Source: FullTrustNotifier.exe, 00000011.00000002.1839809985.000000000070E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wns.windows.com/1

System Summary

Source: classification engine

Classification label: clean1.winPDF@40/60@2/0

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-12-24 10-09-00-538.log

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: AdobeCollabSync.exe, 00000002.00000002.2985082654.000001FA64B1A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS resource_revisions ( revision_id TEXT PRIMARY KEY NOT NULL, rel_to_content_item TEXT NOT NULL, resource_type TEXT NOT NULL, media_type TEXT NOT NULL, locator TEXT NOT NULL, committed INTEGER NOT NULL, hashType TEXT DEFAULT NULL, hash TEXT DEFAULT NULL, storageSize INTEGER DEFAULT 0, width INTEGER DEFAULT 0, height INTEGER DEFAULT 0);nu
Source: AdobeCollabSync.exe, 00000002.00000002.2985082654.000001FA64B1A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS content_item_revisions( content_item_revision_id TEXT PRIMARY KEY NOT NULL, cloud_etag TEXT DEFAULT NULL, cloud_version_id TEXT DEFAULT NULL, updated TIMESTAMP DEFAULT NULL, acl TEXT DEFAULT NULL, local_etag TEXT DEFAULT NULL, local_version_id TEXT DEFAULT NULL, request_id TEXT DEFAULT NULL, content_name TEXT DEFAULT NULL);_XG
Source: AdobeCollabSync.exe, 00000002.00000002.2985082654.000001FA64B1A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS resource_revisions ( revision_id TEXT PRIMARY KEY NOT NULL, rel_to_content_item TEXT NOT NULL, resource_type TEXT NOT NULL, media_type TEXT NOT NULL, locator TEXT NOT NULL, committed INTEGER NOT NULL, hashType TEXT DEFAULT NULL, hash TEXT DEFAULT NULL, storageSize INTEGER DEFAULT 0, width INTEGER DEFAULT 0, height INTEGER DEFAULT 0);
Source: AdobeCollabSync.exe, 00000002.00000002.2985082654.000001FA64B1A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS content_item_revisions( content_item_revision_id TEXT PRIMARY KEY NOT NULL, cloud_etag TEXT DEFAULT NULL, cloud_version_id TEXT DEFAULT NULL, updated TIMESTAMP DEFAULT NULL, acl TEXT DEFAULT NULL, local_etag TEXT DEFAULT NULL, local_version_id TEXT DEFAULT NULL, request_id TEXT DEFAULT NULL, content_name TEXT DEFAULT NULL);
Source: AdobeCollabSync.exe, 00000002.00000002.2985082654.000001FA64BC5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SELECT pending_request_id, request_type, content_item_id, context, pending_request_created, request_status, message, status_code, device_mapping_id FROM pending_requests;

Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\End of Year Accounting for The Estate of Janet Delesanti-2.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=2084
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=7240
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=7340
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=7440
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=7540
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=7652
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2100 --field-trial-handle=1564,i,18128779800940889394,7499666708693846813,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe" GetChannelUri
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c			Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c			Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c			Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c			Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c			Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c			Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215			Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=2084			Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe" GetChannelUri			Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=7240			Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=7340			Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=7440
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=7540
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=7652
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2100 --field-trial-handle=1564,i,18128779800940889394,7499666708693846813,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe	Section loaded: apphelp.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe	Section loaded: vccorlib140.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe	Section loaded: msvcp140.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe	Section loaded: vcruntime140.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe	Section loaded: vcruntime140.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe	Section loaded: msvcp140.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe	Section loaded: appcontracts.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe	Section loaded: wintypes.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe	Section loaded: cdprt.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe	Section loaded: cdp.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe	Section loaded: windows.storage.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe	Section loaded: wldp.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe	Section loaded: umpdc.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe	Section loaded: propsys.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe	Section loaded: dsreg.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe	Section loaded: msvcp110_win.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe	Section loaded: cryptsp.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe	Section loaded: onecoreuapcommonproxystub.dll

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: End of Year Accounting for The Estate of Janet Delesanti-2.pdf

Static file information: File size 13329417 > 6291456

Source: End of Year Accounting for The Estate of Janet Delesanti-2.pdf	Initial sample: PDF keyword /JS count = 0
Source: End of Year Accounting for The Estate of Janet Delesanti-2.pdf	Initial sample: PDF keyword /JavaScript count = 0

Source: End of Year Accounting for The Estate of Janet Delesanti-2.pdf

Initial sample: PDF keyword /Page count = 114

Source: End of Year Accounting for The Estate of Janet Delesanti-2.pdf

Initial sample: PDF keyword stream count = 1846

Source: End of Year Accounting for The Estate of Janet Delesanti-2.pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: End of Year Accounting for The Estate of Janet Delesanti-2.pdf

Initial sample: PDF keyword /ObjStm count = 12

Source: End of Year Accounting for The Estate of Janet Delesanti-2.pdf

Initial sample: PDF keyword endobj count = 1963

Source: End of Year Accounting for The Estate of Janet Delesanti-2.pdf

Initial sample: PDF keyword endstream count = 1846

Source: End of Year Accounting for The Estate of Janet Delesanti-2.pdf

Initial sample: PDF keyword obj count = 1963

Hooking and other Techniques for Hiding and Protection

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe

Thread delayed: delay time: 86400000

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Thread delayed: delay time: 30000			Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Thread delayed: delay time: 86400000			Jump to behavior

Source: AdobeCollabSync.exe, 00000005.00000002.1751624433.000001A36F497000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll\\'
Source: AdobeCollabSync.exe, 00000004.00000002.1730628920.0000015A7BD08000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllJJ!^P
Source: AdobeCollabSync.exe, 0000000A.00000002.1790691388.000001E647398000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll.I
Source: End of Year Accounting for The Estate of Janet Delesanti-2.pdf	Binary or memory string: qc4wqEmu
Source: AdobeCollabSync.exe, 00000001.00000002.2983671169.00000146ED3BC000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000002.2984436746.000001FA62E29000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000003.00000003.1731449741.000001BE74BAA000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000003.00000002.1731834384.000001BE74BAB000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000007.00000002.1772480927.000002B606E07000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000008.00000002.1771192321.000002DACA688000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000009.00000002.1791746607.000001B429477000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 0000000C.00000002.1811031723.00000274C0F49000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: AdobeCollabSync.exe, 00000006.00000002.1750621125.0000021F98F38000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll{{
Source: AdobeCollabSync.exe, 0000000B.00000002.1812150926.000001A1F2218000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllbb

Language, Device and Operating System Detection

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior